Edit tour

Windows Analysis Report
https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com

Overview

General Information

Sample URL:	https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com
Analysis ID:	1670986
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Detected suspicious crossdomain redirect

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,5111458036098780711,7479014456531485044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Suricata Signatures

ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-22T13:28:05.923797+0200	2024228	2	Possible Social Engineering Attempted	67.205.58.99	443	192.168.2.4	49736	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://libelulaspedasi.com/parcels/

Joe Sandbox AI: Score: 7 Reasons: The brand 'Fastway' is known and typically associated with logistics and courier services., The URL 'libelulaspedasi.com' does not match the legitimate domain name for Fastway, which is 'fastway.com'., The URL does not contain any recognizable elements related to the Fastway brand., The domain 'libelulaspedasi.com' appears unrelated to the Fastway brand and could be a phishing attempt., The input field 'Enter the code' is generic and could be used to capture sensitive information under false pretenses. DOM: 0.0.pages.csv

Source: unknown	HTTPS traffic detected: 192.178.49.164:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 41.74.196.103:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 41.74.196.103:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: viajayapanama.com to https://libelulaspedasi.com/parcels/

Source: Network traffic

Suricata IDS: 2024228 - Severity 2 - ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017 : 67.205.58.99:443 -> 192.168.2.4:49736

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com HTTP/1.1Host: url.za.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/BUS351laoVh7OhcLTI_PJsxT4ahuyZ6Wxt4wbmZKYpBeals43KDEoPQ5tzQJewRKKw1_bA-L71pBzJ-XRhrIpoFwGIA0x92DNzwa75cddNZh9f37Q7V_VrvWZPfsQ3V1fyussIKnt_X_Ah28RlTL7lLwzNnRkQLWghs_BxHNKTMKOLKj3Q9HRrXRz7oG0k686iMObWN9yzIeYONdPbRhdgKrCvRPnYnxcyVJ6UYRozyTIIyBB00qDCq-7FA8ts8y2So-Wgcgn27PrOXIC7fNifAYHKmeXW5DhX-mwpN-rg_ILHjT06decu5hgaLluPEeNCyyrj9qamE2p-CZrdOiu6SZ3f1BmMgR0uZN6iN3OHC4mS6rA1N0qq8_ciVrGdBvwHdvq5w6c_wPwUxCG7VZ97Ot2dH74UN-UV6pVpD4sZ-C03Jd0sb08LpRrne_aVTNxgOCNBEexkCE4mXKm2I8hEtqq6ACMWJzkcYJXHeAJ3Rn-IXIt8hGi-HC1jENEWx_zt0lLlsVI4vvaqmArHf2VCwLejTOGkshLt9UCPrvbGXmG-tSKooNz1siqokPbRoncjwrczKysgtLxc3yDxMik4IEYfJ1dh_jm8-LiSR5apXlB2-9-OZ5H_KT6SpokE5hgVOcceET8JkRvmqTw2MWPG5BJF7ZvxPfohDOopcZ_8qcI0xTn-9ZRcX6eQ6Mx9sxL0gHJezgVSzZ5x4k1xP8zvtoiK8oGJc6yMBVJWetk1b1s3C9_suXJftb8Vk3Cg6RB-ZW5DfkPJ3JXqu5kmKmTUAC42B_OCIEoGRDX_LsqwX71tge7jytknFKnAwdkwUhWkrX95cQNrqSCQgQ3-y6CrFW_V8bKXeOz7WuWVGS4_PtQGrd9NFtbQDRDvINB_0fu7ete8-tUDRzr7T2sFBAhF2pjKuc2ecneyDgtlfjCIn_7aLEHD1RtfToNQCf_nhCR1uE8vNQlPqTORgoaChi83xpwO0bIWdyke_6c3urjTkwbHm42mVRmdC0m4hYSK6l2nUsIiL9H1INgTDeC-3pvnIaXY6bdpplhojdjl-_mpOOEiOZphXFAFZgqHSHvm_QUo1d7lt2Zdt6h4YV_uLgwh_mECJJuZwwsfJD9aVCRDuAmwthQ528BtHGpQa5I_zBOZLJ_1qxqZgOERaTc3PGVNI0ePFd_QHT6KmqUhUpLEchGywfc7bqEh71i8WsakQPR-97ZGojjyywwXuip0qV0LSnQuFa_KjZKMb7hA_7hMn11sb7mbkNHLl7FJ3AW1PIJYCWBH_JNQ0uZBRHb_xelU-nj_2eiyV5kJZk8rdRhkIPSvhldUA_8uWagCb4TN_veDuLiejhrvZHRagaYXcWMBXH_3Hxk5yvm9svQr_KIb7eRB35SnkhK_3D8OD7Y0atqKCL64gXE0MlEMgVtYocGf-vHqcnp220rJ3r_So567fiyNv0lQCjcZxyPsAIhWZxSBFLWvUH3-dyCAsPaptVfipYRuMBVgeqb57I1OYEy2MM0UR0RecJhaAiT2BjN5lHOa-luTT9Va1gNYg7J21LjHQcdg9r9QPEjUOC8P5QeumRIhFLwUJ0rSTHEZtb7Zir_MWVU3n6dO9Xd3yY4kGB_VUBjNYVBUciR_qSzh6bCY6Z9C4HIBeztd8qS6ds8MXy HTTP/1.1Host: url.za.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cels/ HTTP/1.1Host: viajayapanama.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/ HTTP/1.1Host: libelulaspedasi.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/style/style.css HTTP/1.1Host: libelulaspedasi.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://libelulaspedasi.com/parcels/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/mini.png HTTP/1.1Host: libelulaspedasi.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://libelulaspedasi.com/parcels/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/s.css HTTP/1.1Host: libelulaspedasi.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://libelulaspedasi.com/parcels/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/s.js HTTP/1.1Host: libelulaspedasi.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://libelulaspedasi.com/parcels/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/icon/zaml.png HTTP/1.1Host: libelulaspedasi.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://libelulaspedasi.com/parcels/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/mini.png HTTP/1.1Host: libelulaspedasi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/making/files/fav.ico HTTP/1.1Host: libelulaspedasi.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://libelulaspedasi.com/parcels/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /parcels/icon/zaml.png HTTP/1.1Host: libelulaspedasi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: url.za.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: viajayapanama.com
Source: global traffic	DNS traffic detected: DNS query: libelulaspedasi.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 11:28:09 GMTServer: ApachePragma: no-cacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0, no-store, privateLink: <https://libelulaspedasi.com/wp-json/>; rel="https://api.w.org/"Set-Cookie: WP_SESSION_COOKIE=a8164f9c9569128289503b0609aaaabb%7C%7C1745323091%7C%7C1745322731; expires=Tue, 22 Apr 2025 11:58:11 GMT; Max-Age=1800; path=/Set-Cookie: PHPSESSID=5e4fbc20fb4478800f0237964011dae6; path=/Upgrade: h2Connection: Upgrade, closeVary: User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 192.178.49.164:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 41.74.196.103:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 41.74.196.103:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.205.58.99:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@22/16@10/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,5111458036098780711,7479014456531485044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,5111458036098780711,7479014456531485044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://libelulaspedasi.com/parcels/making/files/fav.ico	0%	Avira URL Cloud	safe
https://libelulaspedasi.com/parcels/style/style.css	0%	Avira URL Cloud	safe
https://libelulaspedasi.com/parcels/s.js	0%	Avira URL Cloud	safe
https://viajayapanama.com/cels/	0%	Avira URL Cloud	safe
https://libelulaspedasi.com/parcels/s.css	0%	Avira URL Cloud	safe
https://libelulaspedasi.com/parcels/mini.png	0%	Avira URL Cloud	safe
https://libelulaspedasi.com/parcels/icon/zaml.png	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
viajayapanama.com	67.205.58.99	true	false	unknown
www.google.com	192.178.49.164	true	false	high
libelulaspedasi.com	67.205.58.99	true	true	unknown
url.za.m.mimecastprotect.com	41.74.196.103	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://libelulaspedasi.com/parcels/icon/zaml.png	true	Avira URL Cloud: safe	unknown
https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com	false		high
https://libelulaspedasi.com/parcels/mini.png	true	Avira URL Cloud: safe	unknown
https://libelulaspedasi.com/parcels/s.css	true	Avira URL Cloud: safe	unknown
https://libelulaspedasi.com/parcels/making/files/fav.ico	true	Avira URL Cloud: safe	unknown
https://libelulaspedasi.com/parcels/	true		unknown
https://viajayapanama.com/cels/	false	Avira URL Cloud: safe	unknown
https://libelulaspedasi.com/parcels/style/style.css	true	Avira URL Cloud: safe	unknown
https://libelulaspedasi.com/parcels/s.js	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.49.164	www.google.com	United States	15169	GOOGLEUS	false
67.205.58.99	viajayapanama.com	United States	26347	DREAMHOST-ASUS	true
41.74.196.103	url.za.m.mimecastprotect.com	South Africa	37235	MimecastSAZA	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1670986
Start date and time:	2025-04-22 13:26:42 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@22/16@10/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.238, 142.250.68.227, 142.251.2.84, 142.250.69.14, 72.247.234.254, 199.232.214.172, 142.250.68.234, 192.178.49.202, 192.178.49.170, 142.250.69.10, 192.178.49.195, 142.250.69.3, 184.29.183.29, 131.253.33.254, 20.109.210.53
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 630, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	448734
Entropy (8bit):	7.993151802904182
Encrypted:	true
SSDEEP:	12288:IMgwM9GER8qiQNbRF/2Azcmmi4zX8W3pL2m3Ts:IMUGPqiQdRFKmm9/L3Ts
MD5:	D46137FAEEBBCD7D6CD072A3F13AFA9B
SHA1:	844C802308CC69796EA33A1FFACC45DBB9FDCEC1
SHA-256:	D2916D025A4743E8074D72228913C30ED055E6AA529B0A9DCA5C8ABAEB43E073
SHA-512:	69D3DAB945569E14B4D36FA532A38BEFE15F659AE452641D5B4D63120A72FC9DA3232F90DC5EB43370405636B2D73F96D5E94B3BFCBDE40456CEFFB511C1BFD6
Malicious:	false
Reputation:	low
URL:	https://libelulaspedasi.com/parcels/icon/zaml.png
Preview:	.PNG........IHDR.......v......"......pHYs...\...\.<7......tEXtTitle.PDF CreatorA^.(....tEXtAuthor.PDF Tools AG..w0...-zTXtDescription.....())...///.+HI.-...).K....n...,.....IDATx..k.$.q%.{#2....=O<Hb.7.&.$3.$...~.>....$..vE.\....`....... ...`..........7"###....g.`...dUE.;...~....................B...V....>w.`;...d.`h`...$V5)..^...i.$.4..6..b....`.ff .".. .......%....DDD...=N_.......Z...EwA..1o<........f......DD.h... "...ff........B.1.2Df._!bQL...j. ".!"..u.SU...M....D`.>Q ..rug......+.W.HD~HEQ..C.Dd..1shW..'fF.y+..DUQ.4Y.T!.R1.4C..6@DP33U5$33Q. ..FDF." ...!.qbV3CJD..P.L@@......]..XU.$?'..D.oK.....1..C " ..TL...n>Z,.?[>{Z=zZ...........}O.6HD`F..n...8.z.}iT....W,...7./..R............6..}.....k..y[.%...q...36..W......j/2..).@..................E0..}...-t.......wT7/......U.z.OL....p;............i;...a{.P.....6.@.....[$....j.H....G.#U.@./L..H\|....KS..!D.=8.........\|......M&..t.c.c..l..<....}%..u..._M..,.......AU/c1A......'.\|.........\|......b.`@.TU.(...c...

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1652
Entropy (8bit):	4.809094209691983
Encrypted:	false
SSDEEP:	24:i5ANGyAn+IXT/GDtmnYcywFjSSitNwSSGqvOylfvc0i7gTFY87F9SwVGFe:i5l3n+egTJAvZUITFLvqFe
MD5:	74885197BC26EA27D82181FA636701B2
SHA1:	D92C6774815EFE26F928AAE7C0BCFEA03B63D2B7
SHA-256:	D3824244ECDE99DC005F7976B5B3859D652850191C85DD267AA49AC64BA22B76
SHA-512:	021BFEEA7AB72B8079C17D23469359E384DEBA7AE723495F748CD29F47C87BDAC8CAD516912E62B56CA56DBE3BD75D6D99C52198B53BD8AA346EAFF1B162F34E
Malicious:	false
Reputation:	low
URL:	https://libelulaspedasi.com/parcels/style/style.css
Preview:	body{. background-image: url(../icon/ff.png);. background-position: center;. background-repeat: no-repeat;. background-size: cover;.}.#content{. margin: auto;. /* background-color: aqua; /. / width: 35%; */. margin-top: 35px;.}..div1 , .div2{. width: 314px;. display: grid;. margin: auto;. margin-bottom: 20px;.}..div1{. margin-bottom: 30px;.}..DIVtop {. background-color: #f5f5fa;. border-radius: 33px 33px 33px 33px;. width: 100%;. margin: auto;.}..titleCSS{. width: 96px;. height: 32px;. margin: auto;. margin-bottom: 35px;.}..imgLOGO{. width: 126px;. height: 130px;. margin: auto;. margin-bottom: 50px;.}..HEAD{. color: #fff;. text-align: center;. font-family: sans-serif;. font-size: 24px;.}..deliver{. font-size: 16px;. font-weight: 500;. color: #004890;. margin-top: 0px;. margin-bottom: 9px;. font-weight: bold;..}..Where{. margin-top: 18px;. font-weight: 400;. font-size: 14p

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.0836169753972325
Encrypted:	false
SSDEEP:	3:hjTuqY:9XY
MD5:	797D65A8FA1F40AB860CD38A5EB00E30
SHA1:	2011FCB7110EB824E51F6524A70C3E9D8B199CCA
SHA-256:	9B09C822CE131A2431726FDDB6279EB5691E860A500D0A939AA7D2F6117C254F
SHA-512:	5545F14F480587BFFE668E2C03BCFCB5EE760BB22257020417296784518DDE70C53BCCB88C52898B21C596BE206B5908778FD5E21B48E200E82A115DB37E3F3D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCZjU6rm7HCQVEgUNssIN0xIFDWMMcpkh86M98DuZd00=?alt=proto
Preview:	ChIKBw2ywg3TGgAKBw1jDHKZGgA=

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 630, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	448734
Entropy (8bit):	7.993151802904182
Encrypted:	true
SSDEEP:	12288:IMgwM9GER8qiQNbRF/2Azcmmi4zX8W3pL2m3Ts:IMUGPqiQdRFKmm9/L3Ts
MD5:	D46137FAEEBBCD7D6CD072A3F13AFA9B
SHA1:	844C802308CC69796EA33A1FFACC45DBB9FDCEC1
SHA-256:	D2916D025A4743E8074D72228913C30ED055E6AA529B0A9DCA5C8ABAEB43E073
SHA-512:	69D3DAB945569E14B4D36FA532A38BEFE15F659AE452641D5B4D63120A72FC9DA3232F90DC5EB43370405636B2D73F96D5E94B3BFCBDE40456CEFFB511C1BFD6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......v......"......pHYs...\...\.<7......tEXtTitle.PDF CreatorA^.(....tEXtAuthor.PDF Tools AG..w0...-zTXtDescription.....())...///.+HI.-...).K....n...,.....IDATx..k.$.q%.{#2....=O<Hb.7.&.$3.$...~.>....$..vE.\....`....... ...`..........7"###....g.`...dUE.;...~....................B...V....>w.`;...d.`h`...$V5)..^...i.$.4..6..b....`.ff .".. .......%....DDD...=N_.......Z...EwA..1o<........f......DD.h... "...ff........B.1.2Df._!bQL...j. ".!"..u.SU...M....D`.>Q ..rug......+.W.HD~HEQ..C.Dd..1shW..'fF.y+..DUQ.4Y.T!.R1.4C..6@DP33U5$33Q. ..FDF." ...!.qbV3CJD..P.L@@......]..XU.$?'..D.oK.....1..C " ..TL...n>Z,.?[>{Z=zZ...........}O.6HD`F..n...8.z.}iT....W,...7./..R............6..}.....k..y[.%...q...36..W......j/2..).@..................E0..}...-t.......wT7/......U.z.OL....p;............i;...a{.P.....6.@.....[$....j.H....G.#U.@./L..H\|....KS..!D.=8.........\|......M&..t.c.c..l..<....}%..u..._M..,.......AU/c1A......'.\|.........\|......b.`@.TU.(...c...

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2815 x 884, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	71289
Entropy (8bit):	7.203525074428548
Encrypted:	false
SSDEEP:	1536:zxaFuV2UD8VvrWj/BIgk08zO5WY+Snl7/qWYi4:12ZE/ZdDYi4
MD5:	9F4635572E3538133F4AE3F64E21DCCB
SHA1:	514F84EBC6FD8EEFB4569557E00F1DF30FBD19CA
SHA-256:	E01C4A403536573583CE6F78405CE66AB7DEDD10B2085AFF36688AD3E1457ED3
SHA-512:	AD14FEB699C2854E83C2A9E4233D6B8E32BDC6B0CA8DD8DC28F7A240DA7CE8D5694899CC40436B0C75344FEF3765B12292D274DAD674CD1A39C6A28268FFFF4D
Malicious:	false
Reputation:	low
URL:	https://libelulaspedasi.com/parcels/mini.png
Preview:	.PNG........IHDR.......t.......V.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2815 x 884, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	71289
Entropy (8bit):	7.203525074428548
Encrypted:	false
SSDEEP:	1536:zxaFuV2UD8VvrWj/BIgk08zO5WY+Snl7/qWYi4:12ZE/ZdDYi4
MD5:	9F4635572E3538133F4AE3F64E21DCCB
SHA1:	514F84EBC6FD8EEFB4569557E00F1DF30FBD19CA
SHA-256:	E01C4A403536573583CE6F78405CE66AB7DEDD10B2085AFF36688AD3E1457ED3
SHA-512:	AD14FEB699C2854E83C2A9E4233D6B8E32BDC6B0CA8DD8DC28F7A240DA7CE8D5694899CC40436B0C75344FEF3765B12292D274DAD674CD1A39C6A28268FFFF4D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......t.......V.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	584
Entropy (8bit):	4.82103779018435
Encrypted:	false
SSDEEP:	12:APkAEhvYH9/bi1GpLGeGwrW7tM2DRRt8iSAQUsODRRNsCODRRtRnlyfrytR:wtEhAH9VpKxmORRt8/bWRRNnWRRtRnll
MD5:	2FDCE1967FE46FD9DE737B3E42FD23C6
SHA1:	EF3334CEBCDF0F9F40242EE06F6E23A50A4D61D4
SHA-256:	44C2139BCE95E335D08AFB8066959B4B0D149DE9B899B14979B8C7748A973506
SHA-512:	327F7D872AADFF8DEC02BC9703605434AE75D3D62F7895AD7808BE798AE9648BE8ED3FE656BFC31DBD397C9692CDF4C759ACE956F0F9B1FCA05AAB9B9520BAD1
Malicious:	false
Reputation:	low
URL:	https://libelulaspedasi.com/parcels/s.js
Preview:	function ChangeCaptcha() {. var chars = "0123456789";. var string_length = 4;. var ChangeCaptcha = '';. for (var i=0; i<string_length; i++) {. var rnum = Math.floor(Math.random() * chars.length);. ChangeCaptcha += chars.substring(rnum,rnum+1);. }. . document.getElementById('randomfield').value = ChangeCaptcha;.}..function check() {. if(document.getElementById('CaptchaEnter').value == document.getElementById('randomfield').value ) {. . window.open('./6563738/','_self');. . }. else {. alert('Try again');. }.}.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	794
Entropy (8bit):	4.5528828070491665
Encrypted:	false
SSDEEP:	12:5HV7zB+wOSnXjH1/R/riB52+wA9OSnXGO1/R/riBBxq+wA6SnX4/k84Shss:n3OSnTSB578Sn21BBxv6SnVSWs
MD5:	FC0733C3E041CD231BA842634E7F1418
SHA1:	5A129402E5883193F3F67289221976DD7CB9D6BD
SHA-256:	68788029742AD4B856DE7B9B7A8E7E82C9AEB95AEC67D28C5B2E5D6F094662FC
SHA-512:	6720978D128D6DD3A43C351C9E162C95EDA92A85E0F98FC0DB7034871A12C46B2B6806D3A3AE606293E4AE8520F35BE530450CF788062AC01D82982EEFCEF1CE
Malicious:	false
Reputation:	low
URL:	https://libelulaspedasi.com/parcels/s.css
Preview:	#randomfield { . -webkit-touch-callout: none;. -webkit-user-select: none;. -khtml-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. . width: 170px;. color: black;. border-color: black;. text-align: center;. font-size: 40px;. border:1;. box-shadow:0 0 15px 4px rgba(0,0,0,0.06);. .}.#CaptchaEnter { . . width: 170px;. height: 30px;. color: black;. border-color: black;. text-align: center;. font-size: 20px;. border:1;. box-shadow:0 0 15px 4px rgba(0,0,0,0.06);. .}..#CaptchaEnter2 { . . width: 170px;. height: 25px;. color: black;. border-color: black;. text-align: center;. font-size: 14px;. border:1;. background-color:#000000;. color: #ffffff;.}..

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (358)
Category:	downloaded
Size (bytes):	3661
Entropy (8bit):	5.455772998092198
Encrypted:	false
SSDEEP:	48:fMpwYzAV4Lus5VfzM2Vc5ctp/QXjO1RuH2T/2t1+F828ky1s1A+4la2TTh3rfXzl:fhdV4bVb3KXqKH4Mtla2NfWTxLq
MD5:	58385FD5289A7C81A45505559ADE48C2
SHA1:	50A92A8FD02AFE8F1FD4B33398F707490822B03C
SHA-256:	E4C21E4E05F72D6966B81B73DC745CDA44B209B1BC915290CA61A9B651B2A5BB
SHA-512:	7303FF9D669502A0D7C849D78E05093941E044E06F6C993681E79EA664E33C205D267F3E02C718B2C2DADFA3586E6967DAADF1983F548FAD51099928500DA894
Malicious:	false
Reputation:	low
URL:	https://libelulaspedasi.com/parcels/
Preview:	<!DOCTYPE html>.<html>.<head>..<meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <link rel="shortcut icon" href="./making/files/fav.ico" type="image/X-icon">. <link type="text/css" rel="stylesheet" href="style/style.css" />.. <title>Just a moment&period;&period;&period;</title>..<meta name="viewport" content="width=device-width,initial-scale=1">.</head>.<style>..content {. max-width: 500px;. margin: auto;.}.</style>.<body style="background-image: url('icon/zaml.png'); background-repeat: no-repeat;. background-size: cover; background-attachment: fixed;">..<div class="content">..<div id="wrapper" class="type-">...<div id="content">. <style type="text/css">. h1 {font-size: 1.5em; color: #000; text-align: center;}. p {font-size: 1e

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-04-22T13:28:05.923797+0200	2024228	ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017	2	67.205.58.99	443	192.168.2.4	49736	TCP

Network Port Distribution

Total Packets: 281
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2025 13:27:32.502993107 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 22, 2025 13:27:40.270184994 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:27:40.612126112 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:27:41.315757990 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:27:42.112134933 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 22, 2025 13:27:42.518359900 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:27:44.816684961 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:44.816730022 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:44.816868067 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:44.817063093 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:44.817081928 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:44.924159050 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:27:45.135466099 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:45.135556936 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:45.136926889 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:45.136939049 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:45.137178898 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:45.189755917 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:46.368490934 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:46.368541956 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:46.368607998 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:46.368885994 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:46.368895054 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:46.368957996 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:46.369052887 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:46.369066954 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:46.369205952 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:46.369218111 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.254055977 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.254138947 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:47.254868984 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.254930019 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:47.255847931 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:47.255857944 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.256113052 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.257584095 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:47.257587910 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.257760048 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:47.257822037 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:47.304167032 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:47.304277897 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:48.816694975 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:48.816776991 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:48.816791058 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:48.816859007 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:48.820399046 CEST	49724	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:48.820415020 CEST	443	49724	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:48.821825027 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:27:48.821885109 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:27:48.974459887 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:27:49.285995007 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:27:49.731142044 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:27:49.896755934 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:27:51.098728895 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:27:52.576031923 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 22, 2025 13:27:52.715934992 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 22, 2025 13:27:53.506581068 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:27:55.142034054 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:55.142091990 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:55.142153025 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:55.570269108 CEST	49721	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:27:55.570306063 CEST	443	49721	192.178.49.164	192.168.2.4
Apr 22, 2025 13:27:58.315952063 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:27:59.334717035 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 13:28:01.258941889 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:28:01.259386063 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:28:01.259458065 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:28:01.272212029 CEST	49723	443	192.168.2.4	41.74.196.103
Apr 22, 2025 13:28:01.272234917 CEST	443	49723	41.74.196.103	192.168.2.4
Apr 22, 2025 13:28:01.529687881 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.529726028 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.529795885 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.530105114 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.530157089 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.530206919 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.530404091 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.530419111 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.530538082 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.530553102 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.927753925 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.927830935 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.931478977 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.931564093 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.932785034 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.932799101 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.933090925 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.933842897 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.933860064 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.934004068 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.934082031 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:01.974500895 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:01.980282068 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:04.840457916 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:04.842385054 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:04.842439890 CEST	443	49735	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:04.842529058 CEST	49735	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.137172937 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.137248993 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.137360096 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.137515068 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.137536049 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.535526037 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.535629988 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.536798954 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.536813974 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.537055016 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.537318945 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.584270000 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.923106909 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.923141956 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.923190117 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.923223972 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.923270941 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.923616886 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.923664093 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.923705101 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.965769053 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.965804100 CEST	443	49736	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.965837002 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.965882063 CEST	49736	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.991480112 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.991528034 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.991584063 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.991739988 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.991755962 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.992213011 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.992269039 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.992321968 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.992494106 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.992502928 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.993014097 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.993046045 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.993102074 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.993199110 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.993211985 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.993823051 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.993833065 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:05.993889093 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.993988991 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:05.993993998 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387167931 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387398005 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387600899 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.387624979 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387774944 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387860060 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.387892008 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387921095 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387924910 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.387932062 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.387981892 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.387986898 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.388088942 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.388098001 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.388179064 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.388204098 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.388279915 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.388283968 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.388354063 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.388360023 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.774816036 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.774882078 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.775244951 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.775302887 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.775986910 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.776007891 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.776067019 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.776076078 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.776093960 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.776401043 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.776448011 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.776489019 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.776540995 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.776674986 CEST	49740	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.776688099 CEST	443	49740	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.778820038 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.778824091 CEST	443	49739	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.778846979 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.778879881 CEST	49739	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.779277086 CEST	49738	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.779294968 CEST	443	49738	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.794917107 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.794940948 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.795062065 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.795286894 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.795299053 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.817748070 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.967159986 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967173100 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967205048 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967232943 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967232943 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.967256069 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967288971 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.967295885 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967331886 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.967514038 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967536926 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967572927 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.967580080 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:06.967612028 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:06.967628002 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162167072 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162189960 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162262917 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162276030 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162322044 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162503958 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162520885 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162570953 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162578106 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162616014 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162623882 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162640095 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162646055 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162678003 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162698984 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.162709951 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.162749052 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.174649954 CEST	49737	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.174669027 CEST	443	49737	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.186359882 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.189176083 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.189208984 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.189629078 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.189640045 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.348495007 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.348546982 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.348618984 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.348822117 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.348843098 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.573573112 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.627249956 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.738854885 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.739012003 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.747658014 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.747665882 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.747939110 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.748275042 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.767118931 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767129898 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767211914 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767241001 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.767261028 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767282009 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767297029 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767306089 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767317057 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.767328024 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767342091 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767363071 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.767374039 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.767400980 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.792280912 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.818594933 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.924053907 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 13:28:07.960452080 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.960479975 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.960556984 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.960583925 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.960597992 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.960642099 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.960674047 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.960681915 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:07.960705042 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:07.960736036 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.004437923 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.004457951 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.004512072 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.004534960 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.004556894 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.004580975 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.128211975 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.154598951 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.154622078 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.154692888 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.154717922 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.154778004 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.155102015 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155118942 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155170918 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.155177116 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155220032 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.155415058 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155431032 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155483961 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.155488968 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155546904 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.155704021 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155719995 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155776024 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.155783892 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.155842066 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.156347990 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.156364918 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.156428099 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.156435013 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.156476974 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.174571991 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.198987007 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.199004889 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.199285030 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.199332952 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.199974060 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.200002909 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.254005909 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.320965052 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.320976973 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321010113 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321037054 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321041107 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.321058989 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321089029 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.321108103 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321113110 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.321120977 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321136951 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321166992 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.321173906 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.321192026 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.321821928 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.350295067 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.350317001 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.350387096 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.350411892 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.350455046 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.351488113 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.351519108 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.351561069 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.351567984 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.351608992 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.351630926 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.352549076 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.352564096 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.352636099 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.352663040 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.352730989 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.352833986 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.352859020 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.352914095 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.352919102 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.352930069 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353148937 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353168964 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353192091 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353198051 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353226900 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353266954 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353363037 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353384018 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353425980 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353431940 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353451014 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353493929 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353637934 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353668928 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353696108 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353701115 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353738070 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353758097 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353810072 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353835106 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353868008 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353873968 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.353919029 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.353935003 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.354114056 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.354139090 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.354171991 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.354177952 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.354214907 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.354245901 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.394309044 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.394326925 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.394381046 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.394391060 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.394443989 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.394469023 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.394761086 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.394776106 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.394829988 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.394836903 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.394890070 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.395457983 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.395473003 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.395524979 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.395534992 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.395570040 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.395662069 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.395725012 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.395740032 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.395793915 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.395800114 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.395848989 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.395869970 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.514199972 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514229059 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514326096 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.514349937 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514395952 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.514568090 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514588118 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514626026 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514636040 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.514642954 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514698982 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.514704943 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514724970 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.514767885 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.515393019 CEST	49743	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.515409946 CEST	443	49743	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544397116 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544415951 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544493914 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.544516087 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544564962 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.544692993 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544711113 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544754982 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544759035 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.544765949 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544826984 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.544833899 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544846058 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.544888973 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.545840979 CEST	49741	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.545855045 CEST	443	49741	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.583498001 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.583553076 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.583631992 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.583786964 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.583802938 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.604975939 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.605027914 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.605094910 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.605354071 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:08.605370998 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.976054907 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:08.996180058 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.000662088 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.000699043 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.000951052 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.000977993 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.001235008 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.001240969 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.001375914 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.001382113 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.387629986 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.437441111 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.579288006 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579301119 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579330921 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579343081 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579372883 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579380989 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.579401970 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579431057 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.579461098 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.579529047 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579550982 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579591036 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.579598904 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.579608917 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.579636097 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.771058083 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.771090984 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.771308899 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.771337032 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.783293009 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.783333063 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.786058903 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.787115097 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.787115097 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.809173107 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.809195995 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.809876919 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.809887886 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.810173988 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.965415001 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.965442896 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.965646029 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.965679884 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.965766907 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.965783119 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.966798067 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.966814041 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.966850996 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.966871977 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.966892958 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.966917038 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.967221975 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.969333887 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.969388962 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.969393969 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:09.969420910 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.969456911 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.969512939 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:09.970175028 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.000901937 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.000920057 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.003505945 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.003519058 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.005625010 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.157546997 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.157571077 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.160473108 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.160511971 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.160676956 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.160692930 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.161273956 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.161293030 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.162061930 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.162090063 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.162590981 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.162611008 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.163269997 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.163288116 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.163465023 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.163496971 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.164141893 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.164160967 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.164289951 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.166182041 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.166194916 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.166230917 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.166400909 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.166450024 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.166455984 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.166482925 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.166918993 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.166961908 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.167006969 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.171432018 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.171489954 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.171513081 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.171541929 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.174912930 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.192274094 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192293882 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192512989 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192548990 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192560911 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.192573071 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192811966 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192828894 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192872047 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.192961931 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:10.193294048 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.193444014 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.193938971 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.193998098 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.194571972 CEST	49745	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:10.194587946 CEST	443	49745	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:13.875690937 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:13.875750065 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:13.876277924 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:13.876298904 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:13.925379992 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.068444014 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.068461895 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.068532944 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.068557978 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.069015980 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.069057941 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.069077969 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.069087029 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.069150925 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.069160938 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.069346905 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.259963989 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.260052919 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.260056019 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.260080099 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.260112047 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.260137081 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.260626078 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.260746956 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.260754108 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261327028 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261399984 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261400938 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.261411905 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261454105 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.261491060 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261637926 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261668921 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.261673927 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.261816025 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.262516975 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.262581110 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.262587070 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.312079906 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.453474998 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.453532934 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.453562021 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.453579903 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.453599930 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.453668118 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:14.453743935 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.454006910 CEST	49744	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:14.454022884 CEST	443	49744	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:44.738312960 CEST	49751	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:28:44.738369942 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:44.738482952 CEST	49751	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:28:44.738643885 CEST	49751	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:28:44.738655090 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:45.051953077 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:45.052381039 CEST	49751	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:28:45.052407026 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:46.946922064 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:46.946952105 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:55.035813093 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:55.035872936 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:55.036061049 CEST	49751	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:28:55.570678949 CEST	49751	443	192.168.2.4	192.178.49.164
Apr 22, 2025 13:28:55.570705891 CEST	443	49751	192.178.49.164	192.168.2.4
Apr 22, 2025 13:28:57.168430090 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:57.168510914 CEST	443	49734	67.205.58.99	192.168.2.4
Apr 22, 2025 13:28:57.168633938 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:57.574773073 CEST	49734	443	192.168.2.4	67.205.58.99
Apr 22, 2025 13:28:57.574795961 CEST	443	49734	67.205.58.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2025 13:27:40.216224909 CEST	53	60167	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:40.431529045 CEST	53	59522	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:41.433038950 CEST	53	60784	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:41.510838985 CEST	53	49730	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:44.675169945 CEST	53332	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:27:44.675350904 CEST	56150	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:27:44.815345049 CEST	53	53332	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:44.815516949 CEST	53	56150	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:46.143348932 CEST	65122	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:27:46.143479109 CEST	62347	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:27:46.355329037 CEST	53	65122	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:46.367417097 CEST	53	62347	1.1.1.1	192.168.2.4
Apr 22, 2025 13:27:58.572680950 CEST	53	61035	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:01.279069901 CEST	60506	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:28:01.279413939 CEST	50287	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:28:01.500606060 CEST	53	60506	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:01.529089928 CEST	53	50287	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:04.843457937 CEST	57563	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:28:04.843631029 CEST	50283	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:28:05.133272886 CEST	53	57563	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:05.133292913 CEST	53	50283	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:06.976344109 CEST	53	59999	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:07.194518089 CEST	49824	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:28:07.194751978 CEST	54130	53	192.168.2.4	1.1.1.1
Apr 22, 2025 13:28:07.345146894 CEST	53	49824	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:07.347737074 CEST	53	54130	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:17.414294004 CEST	53	51143	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:39.848505974 CEST	53	64940	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:40.192672968 CEST	53	53628	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:43.260616064 CEST	53	60422	1.1.1.1	192.168.2.4
Apr 22, 2025 13:28:48.442816973 CEST	138	138	192.168.2.4	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 22, 2025 13:27:41.432615995 CEST	192.168.2.4	1.1.1.1	c1f9	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 22, 2025 13:27:44.675169945 CEST	192.168.2.4	1.1.1.1	0xcf25	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:27:44.675350904 CEST	192.168.2.4	1.1.1.1	0x83	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 22, 2025 13:27:46.143348932 CEST	192.168.2.4	1.1.1.1	0xfbb	Standard query (0)	url.za.m.mimecastprotect.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:27:46.143479109 CEST	192.168.2.4	1.1.1.1	0xdec6	Standard query (0)	url.za.m.mimecastprotect.com	65	IN (0x0001)	false
Apr 22, 2025 13:28:01.279069901 CEST	192.168.2.4	1.1.1.1	0x4ceb	Standard query (0)	viajayapanama.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:28:01.279413939 CEST	192.168.2.4	1.1.1.1	0x3222	Standard query (0)	viajayapanama.com	65	IN (0x0001)	false
Apr 22, 2025 13:28:04.843457937 CEST	192.168.2.4	1.1.1.1	0xc9e7	Standard query (0)	libelulaspedasi.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:28:04.843631029 CEST	192.168.2.4	1.1.1.1	0x4fbe	Standard query (0)	libelulaspedasi.com	65	IN (0x0001)	false
Apr 22, 2025 13:28:07.194518089 CEST	192.168.2.4	1.1.1.1	0x2fd6	Standard query (0)	libelulaspedasi.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:28:07.194751978 CEST	192.168.2.4	1.1.1.1	0xd1bb	Standard query (0)	libelulaspedasi.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 22, 2025 13:27:44.815345049 CEST	1.1.1.1	192.168.2.4	0xcf25	No error (0)	www.google.com	192.178.49.164	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:27:44.815516949 CEST	1.1.1.1	192.168.2.4	0x83	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 22, 2025 13:27:46.355329037 CEST	1.1.1.1	192.168.2.4	0xfbb	No error (0)	url.za.m.mimecastprotect.com	41.74.196.103	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:27:46.355329037 CEST	1.1.1.1	192.168.2.4	0xfbb	No error (0)	url.za.m.mimecastprotect.com	41.74.192.103	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:28:01.500606060 CEST	1.1.1.1	192.168.2.4	0x4ceb	No error (0)	viajayapanama.com	67.205.58.99	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:28:05.133272886 CEST	1.1.1.1	192.168.2.4	0xc9e7	No error (0)	libelulaspedasi.com	67.205.58.99	A (IP address)	IN (0x0001)	false
Apr 22, 2025 13:28:07.345146894 CEST	1.1.1.1	192.168.2.4	0x2fd6	No error (0)	libelulaspedasi.com	67.205.58.99	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

url.za.m.mimecastprotect.com

viajayapanama.com

libelulaspedasi.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49724	41.74.196.103	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:27:47 UTC	731	OUT	GET /s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com HTTP/1.1 Host: url.za.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:27:48 UTC	1901	IN	HTTP/1.1 307 Temporary Redirect Date: Tue, 22 Apr 2025 11:27:48 GMT Content-Length: 0 Connection: close Location: https://url.za.m.mimecastprotect.com/r/BUS351laoVh7OhcLTI_PJsxT4ahuyZ6Wxt4wbmZKYpBeals43KDEoPQ5tzQJewRKKw1_bA-L71pBzJ-XRhrIpoFwGIA0x92DNzwa75cddNZh9f37Q7V_VrvWZPfsQ3V1fyussIKnt_X_Ah28RlTL7lLwzNnRkQLWghs_BxHNKTMKOLKj3Q9HRrXRz7oG0k686iMObWN9yzIeYONdPbRhdgKrCvRPnYnxcyVJ6UYRozyTIIyBB00qDCq-7FA8ts8y2So-Wgcgn27PrOXIC7fNifAYHKmeXW5DhX-mwpN-rg_ILHjT06decu5hgaLluPEeNCyyrj9qamE2p-CZrdOiu6SZ3f1BmMgR0uZN6iN3OHC4mS6rA1N0qq8_ciVrGdBvwHdvq5w6c_wPwUxCG7VZ97Ot2dH74UN-UV6pVpD4sZ-C03Jd0sb08LpRrne_aVTNxgOCNBEexkCE4mXKm2I8hEtqq6ACMWJzkcYJXHeAJ3Rn-IXIt8hGi-HC1jENEWx_zt0lLlsVI4vvaqmArHf2VCwLejTOGkshLt9UCPrvbGXmG-tSKooNz1siqokPbRoncjwrczKysgtLxc3yDxMik4IEYfJ1dh_jm8-LiSR5apXlB2-9-OZ5H_KT6SpokE5hgVOcceET8JkRvmqTw2MWPG5BJF7ZvxPfohDOopcZ_8qcI0xTn-9ZRcX6eQ6Mx9sxL0gHJezgVSzZ5x4k1xP8zvtoiK8oGJc6yMBVJWetk1b1s3C9_suXJftb8Vk3Cg6RB-ZW5DfkPJ3JXqu5kmKmTUAC42B_OCIEoGRDX_LsqwX71tge7jytknFKnAwdkwUhWkrX95cQNrqSCQgQ3-y6CrFW_V8bKXeOz7WuWVGS4_PtQGrd9NFtbQDRDvINB_0fu7ete8-tUDRzr7T2sFBAhF2pjKuc2ecneyDgtlfjCIn_7aLEHD1RtfToNQCf_nhCR1uE8vNQlPqTORg [TRUNCATED] Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49723	41.74.196.103	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:27:48 UTC	2344	OUT	GET /r/BUS351laoVh7OhcLTI_PJsxT4ahuyZ6Wxt4wbmZKYpBeals43KDEoPQ5tzQJewRKKw1_bA-L71pBzJ-XRhrIpoFwGIA0x92DNzwa75cddNZh9f37Q7V_VrvWZPfsQ3V1fyussIKnt_X_Ah28RlTL7lLwzNnRkQLWghs_BxHNKTMKOLKj3Q9HRrXRz7oG0k686iMObWN9yzIeYONdPbRhdgKrCvRPnYnxcyVJ6UYRozyTIIyBB00qDCq-7FA8ts8y2So-Wgcgn27PrOXIC7fNifAYHKmeXW5DhX-mwpN-rg_ILHjT06decu5hgaLluPEeNCyyrj9qamE2p-CZrdOiu6SZ3f1BmMgR0uZN6iN3OHC4mS6rA1N0qq8_ciVrGdBvwHdvq5w6c_wPwUxCG7VZ97Ot2dH74UN-UV6pVpD4sZ-C03Jd0sb08LpRrne_aVTNxgOCNBEexkCE4mXKm2I8hEtqq6ACMWJzkcYJXHeAJ3Rn-IXIt8hGi-HC1jENEWx_zt0lLlsVI4vvaqmArHf2VCwLejTOGkshLt9UCPrvbGXmG-tSKooNz1siqokPbRoncjwrczKysgtLxc3yDxMik4IEYfJ1dh_jm8-LiSR5apXlB2-9-OZ5H_KT6SpokE5hgVOcceET8JkRvmqTw2MWPG5BJF7ZvxPfohDOopcZ_8qcI0xTn-9ZRcX6eQ6Mx9sxL0gHJezgVSzZ5x4k1xP8zvtoiK8oGJc6yMBVJWetk1b1s3C9_suXJftb8Vk3Cg6RB-ZW5DfkPJ3JXqu5kmKmTUAC42B_OCIEoGRDX_LsqwX71tge7jytknFKnAwdkwUhWkrX95cQNrqSCQgQ3-y6CrFW_V8bKXeOz7WuWVGS4_PtQGrd9NFtbQDRDvINB_0fu7ete8-tUDRzr7T2sFBAhF2pjKuc2ecneyDgtlfjCIn_7aLEHD1RtfToNQCf_nhCR1uE8vNQlPqTORgoaChi83xpwO0bIWdyke_6c3urjTkwbHm42mVRmdC0m [TRUNCATED] Host: url.za.m.mimecastprotect.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:01 UTC	302	IN	HTTP/1.1 307 Temporary Redirect Date: Tue, 22 Apr 2025 11:28:01 GMT Content-Length: 0 Connection: close Location: https://viajayapanama.com/cels/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:01 UTC	672	OUT	GET /cels/ HTTP/1.1 Host: viajayapanama.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:04 UTC	415	IN	HTTP/1.1 302 Found Date: Tue, 22 Apr 2025 11:28:02 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=5d8cb472f0d62c5a56bc22a09744d2ba; path=/ Upgrade: h2 Connection: Upgrade, close location: https://libelulaspedasi.com/parcels/ Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49736	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:05 UTC	677	OUT	GET /parcels/ HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:05 UTC	277	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:05 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Cache-Control: max-age=600 Expires: Tue, 22 Apr 2025 11:38:05 GMT Vary: Accept-Encoding,User-Agent Content-Length: 3661 Content-Type: text/html; charset=UTF-8
2025-04-22 11:28:05 UTC	3661	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta http-equiv="Content-Type" content="text/html; charset=u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:06 UTC	575	OUT	GET /parcels/style/style.css HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://libelulaspedasi.com/parcels/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:06 UTC	360	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:06 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "674-6335488d20a80" Accept-Ranges: bytes Content-Length: 1652 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:06 GMT Vary: Accept-Encoding,User-Agent Content-Type: text/css
2025-04-22 11:28:06 UTC	1652	IN	Data Raw: 62 6f 64 79 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 69 63 6f 6e 2f 66 66 2e 70 6e 67 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 63 6f 76 65 72 3b 0a 7d 0a 23 63 6f 6e 74 65 6e 74 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 20 20 20 20 2f 2a 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 61 71 75 61 3b 20 2a 2f 0a 20 20 20 20 2f 2a 20 77 69 64 74 68 3a 20 33 35 25 3b 20 2a 2f 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 35 70 78 3b 0a 7d 0a 2e Data Ascii: body{ background-image: url(../icon/ff.png); background-position: center; background-repeat: no-repeat; background-size: cover;}#content{ margin: auto; /* background-color: aqua; / / width: 35%; */ margin-top: 35px;}.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49737	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:06 UTC	614	OUT	GET /parcels/mini.png HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://libelulaspedasi.com/parcels/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:06 UTC	364	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:06 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "11679-6335488d20a80" Accept-Ranges: bytes Content-Length: 71289 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:06 GMT Vary: User-Agent,Accept-Encoding Content-Type: image/png
2025-04-22 11:28:06 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 0a ff 00 00 03 74 08 03 00 00 00 ae e6 56 fa 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b Data Ascii: PNGIHDRtVpHYsOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
2025-04-22 11:28:06 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-04-22 11:28:07 UTC	16384	IN	Data Raw: c0 61 16 3f eb 94 b2 5d ca c2 85 3e 33 78 4a bd b1 a0 72 62 38 1f 15 ce 02 5f 81 ed 8f 23 09 04 bc 40 77 41 08 9e 76 76 46 32 09 82 36 83 6d 89 30 2c 61 83 ee a6 e5 2f 5e 26 4d d2 90 62 6e df 3d 27 90 57 f5 98 f1 58 86 13 44 19 d4 4f 29 c1 f6 d9 43 c3 9d b6 87 66 74 8e 3e 6f 37 e1 78 2d 91 3d 7b 46 c1 33 bf a3 35 7d 6e 0a a0 4d ef 7d b8 ca 64 87 5e a1 6d de 6d 99 4d 60 cf 9b 36 2e 7f e1 fc 75 89 0f 53 01 2b 80 66 6c c1 3a c1 1c fa a7 19 eb 5f b8 c9 6f ed 71 1f 33 2e 7f 0d 1f 7f 28 70 5b 20 5f 2e 08 27 14 9f af aa af 3e 75 ff 08 ad e9 b1 f6 44 5b 39 7a d4 5b 49 16 b2 03 8b ff 56 b5 05 bd c7 f2 17 6f 2f a9 6c fd 0f 3c 61 08 79 55 d7 51 b6 63 19 af f4 67 06 02 08 75 56 38 31 fe de 84 ab 74 f5 79 b5 03 64 1f eb 49 20 b4 d0 2e 08 6e 95 86 15 13 4a 3f 93 f9 11 Data Ascii: a?]>3xJrb8_#@wAvvF26m0,a/^&Mbn='WXDO)Cft>o7x-={F35}nM}d^mmM`6.uS+fl:_oq3.(p[ _.'>uD[9z[IVo/l<ayUQcguV81tydI .nJ?
2025-04-22 11:28:07 UTC	16384	IN	Data Raw: 63 b6 8c 5a 7f 35 55 b2 ba 12 5e db 31 00 1c 87 c1 15 42 e4 bd 13 d2 8c 72 fd c1 5e e5 96 6c 1d d7 b9 2e 80 d6 c9 d2 cd 63 e6 ed 5d 83 6b d4 6c f7 2b 78 40 a5 63 b6 eb 2e e6 26 b9 1e bf dd f0 9a 9c 15 d0 e2 14 9f c9 f9 cd f7 0d 86 8e 99 d0 08 8d 5d 8e c9 d6 71 9d eb 02 68 99 f6 65 33 fa 17 ef ad 94 6d e4 8f 49 31 6e 89 ba 9c 25 34 30 54 fc 4c 24 44 c7 09 2b a0 c5 60 74 7b d3 f7 ca b7 86 56 9a 0c b0 38 5e b6 84 ac be 2d 37 6d a6 c1 53 33 fa 17 6f db 33 db 2b a2 ff c1 2d 3b 54 d7 9c 2d e3 5a a1 04 68 4c e4 2e c3 5e ce 8d 4e de be fb 1f 0c 1d cb d4 e0 09 c8 4e c9 fa b5 96 e3 02 68 d9 3a 4b 8c e8 df de 14 ad 51 1b d9 3a 66 5a 9c 13 9d b2 3d 1c 32 e0 d6 b4 da 60 31 17 fe 0d 51 ff 72 b3 67 2f 66 37 61 4a 7e 37 46 c7 54 64 84 85 cd 9d 92 b5 df 3a bf 79 c5 ed 6c Data Ascii: cZ5U^1Br^l.c]kl+x@c.&]qhe3mI1n%40TL$D+`t{V8^-7mS3o3+-;T-ZhL.^NNh:KQ:fZ=2`1Qrg/f7aJ~7FTd:yl
2025-04-22 11:28:07 UTC	5753	IN	Data Raw: 2f 21 c4 57 54 eb ef 5a da b2 56 d4 96 3a 05 9e 54 45 cd ce f0 ad d5 33 c1 e6 66 1a 40 b5 81 8e 9d 3c ae 18 b7 86 0b ab ea c1 26 45 45 52 47 26 92 2d 8f 65 63 22 a5 6e 5c e8 4b 76 a4 dc 21 ea 7c bf 60 b1 5f b3 94 8d 7f 62 b7 d7 1c 53 fe 12 42 f2 45 fd 45 e9 d7 16 76 be bd a7 b8 1f af 23 db 14 15 e6 6e 99 ac 18 5a 1d a4 0a 00 8f cd 34 80 6a 44 55 33 8d b1 f6 ac 26 10 63 fa dc b3 ed 5e 5d 3e 48 65 46 71 64 22 d9 26 30 64 38 9b 6a 7f ca 54 fa a7 99 bd 49 52 f9 17 ae 37 25 61 e8 d7 30 45 0b fd 73 bb 47 87 f2 97 10 e2 2f 0e ea ef 1a 90 d5 3a b2 4d 37 7c 6b f5 4c b0 be a1 06 b0 ea 51 4e 2c 10 6b 5a ff ac af 7e 4b df d2 dd a7 1b 13 c9 8e 15 ce c6 c4 59 18 8b ec 22 c0 c9 97 c8 9d ab b3 22 5d bf 5e e8 5f e9 6e ab 54 4d f9 4b 08 f1 18 c5 f8 e3 da ce b7 6b 7b 13 cc Data Ascii: /!WTZV:TE3f@<&EERG&-ec"n\Kv!\|`_bSBEEv#nZ4jDU3&c^]>HeFqd"&0d8jTIR7%a0EsG/:M7\|kLQN,kZ~KY""]^_nTMKk{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49740	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:06 UTC	565	OUT	GET /parcels/s.css HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://libelulaspedasi.com/parcels/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:06 UTC	359	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:06 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "31a-6335488d20a80" Accept-Ranges: bytes Content-Length: 794 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:06 GMT Vary: Accept-Encoding,User-Agent Content-Type: text/css
2025-04-22 11:28:06 UTC	794	IN	Data Raw: 23 72 61 6e 64 6f 6d 66 69 65 6c 64 20 7b 20 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 6f 75 63 68 2d 63 61 6c 6c 6f 75 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 6b 68 74 6d 6c 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 0a 20 20 20 20 77 69 64 74 68 3a 20 31 37 30 70 78 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 0a 20 Data Ascii: #randomfield { -webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; width: 170px; color: black; border-color: black;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49738	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:06 UTC	550	OUT	GET /parcels/s.js HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://libelulaspedasi.com/parcels/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:06 UTC	373	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:06 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "248-6335488d20a80" Accept-Ranges: bytes Content-Length: 584 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:06 GMT Vary: Accept-Encoding,User-Agent Content-Type: application/javascript
2025-04-22 11:28:06 UTC	584	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 43 68 61 6e 67 65 43 61 70 74 63 68 61 28 29 20 7b 0a 20 20 20 20 76 61 72 20 63 68 61 72 73 20 3d 20 22 30 31 32 33 34 35 36 37 38 39 22 3b 0a 20 20 20 20 76 61 72 20 73 74 72 69 6e 67 5f 6c 65 6e 67 74 68 20 3d 20 34 3b 0a 20 20 20 20 76 61 72 20 43 68 61 6e 67 65 43 61 70 74 63 68 61 20 3d 20 27 27 3b 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 3d 30 3b 20 69 3c 73 74 72 69 6e 67 5f 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 72 6e 75 6d 20 3d 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 20 2a 20 63 68 61 72 73 2e 6c 65 6e 67 74 68 29 3b 0a 20 20 20 20 20 20 20 20 43 68 61 6e 67 65 43 61 70 74 63 68 61 20 2b 3d 20 63 68 61 72 73 2e 73 75 62 73 74 72 69 6e 67 Data Ascii: function ChangeCaptcha() { var chars = "0123456789"; var string_length = 4; var ChangeCaptcha = ''; for (var i=0; i<string_length; i++) { var rnum = Math.floor(Math.random() * chars.length); ChangeCaptcha += chars.substring

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49741	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:07 UTC	619	OUT	GET /parcels/icon/zaml.png HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://libelulaspedasi.com/parcels/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:07 UTC	365	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:07 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "6d8de-6335488d20a80" Accept-Ranges: bytes Content-Length: 448734 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:07 GMT Vary: User-Agent,Accept-Encoding Content-Type: image/png
2025-04-22 11:28:07 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 02 76 08 02 00 00 00 c0 22 ec 0b 00 00 00 09 70 48 59 73 00 00 17 5c 00 00 17 5c 01 3c 37 db c5 00 00 00 11 74 45 58 74 54 69 74 6c 65 00 50 44 46 20 43 72 65 61 74 6f 72 41 5e bc 28 00 00 00 13 74 45 58 74 41 75 74 68 6f 72 00 50 44 46 20 54 6f 6f 6c 73 20 41 47 1b cf 77 30 00 00 00 2d 7a 54 58 74 44 65 73 63 72 69 70 74 69 6f 6e 00 00 08 99 cb 28 29 29 b0 d2 d7 2f 2f 2f d7 2b 48 49 d3 2d c9 cf cf 29 d6 4b ce cf 05 00 6e 9f 08 f1 97 af 2c b8 00 06 d8 1b 49 44 41 54 78 da ec bd 6b 93 24 d9 71 25 e6 8f 7b 23 32 b3 b2 1e dd 3d 4f 3c 48 62 c5 37 b5 26 ae 24 33 c9 24 93 fe 92 7e 80 3e e8 df e8 93 d6 24 99 c9 76 45 8a 5c 2e 09 10 18 60 00 0c 80 01 c0 c1 00 20 09 10 c0 60 1e fd ac aa cc 8c 88 eb Data Ascii: PNGIHDRv"pHYs\\<7tEXtTitlePDF CreatorA^(tEXtAuthorPDF Tools AGw0-zTXtDescription())///+HI-)Kn,IDATxk$q%{#2=O<Hb7&$3$~>$vE\.` `
2025-04-22 11:28:07 UTC	16384	IN	Data Raw: d4 da 96 27 8a 2e 4b 03 c0 60 84 c0 84 cc 48 04 16 fa 38 73 6d f2 5b f8 ee 72 51 94 50 dc bd de 08 0d d6 b6 8d de 41 a2 a6 60 6b c1 99 56 f7 05 c8 40 dd 08 31 4f 5e fc 57 68 06 46 04 92 d4 10 25 fb bc 20 a1 11 27 10 08 d1 dd 18 5d a5 c0 1f 80 7a aa a8 60 8a 94 40 05 49 c0 d4 72 87 9f 79 c7 0b a8 e5 5b 0c 06 26 ba 9e 85 1b b8 e3 a4 99 91 f7 bd e0 06 88 07 00 d2 da c5 0e a8 b5 5a 33 6f 51 6c 33 46 5b 95 5b 70 db 8c 7c b1 11 01 91 08 d1 74 12 98 80 b0 91 86 d2 b2 2c ce 27 45 35 6d ee d7 cb 4b 91 f3 06 0c a3 12 2b 24 82 14 40 d5 a8 0f e0 bb d7 8a c7 cc 09 c1 ad 2c fb a1 74 eb c3 a1 ef 6f fb 2e b8 b8 50 ff 75 de 9e 5b ec 99 25 d0 d6 44 19 36 05 54 86 fb 25 75 01 8c 9c f9 31 5b 7b a6 6e e5 92 89 48 44 5a 2e 3f 76 b9 6f 00 a0 4d 3d 30 dc 50 88 45 7f 04 5a 82 33 Data Ascii: '.K`H8sm[rQPA`kV@1O^WhF% ']z`@Iry[&Z3oQl3F[[p\|t,'E5mK+$@,to.Pu[%D6T%u1[{nHDZ.?voM=0PEZ3
2025-04-22 11:28:07 UTC	16384	IN	Data Raw: d7 5f af 56 2b 55 05 b4 b6 16 b9 9a 55 66 8f 74 1c 00 94 12 3c 25 60 a0 94 04 00 d4 60 28 c3 50 8b 3a 8a 88 e4 84 90 54 dd 54 dd 41 30 85 05 52 24 6b 0c 0d c1 85 38 a4 ad 25 10 75 51 74 48 29 5d 2c ce 7e 74 ef de 0f 3f 78 f0 83 1f fc e0 de fd f3 8b 6c 59 52 87 9c 91 17 29 e7 9c 85 05 00 98 61 da 71 e6 c9 8b bd ed 72 9a 3f 89 bb 79 8a bd d6 e6 df 05 5e 5b 8d 4e 5b a6 39 da 20 c5 8b ba 55 f5 62 3a 94 ba 1e ea c6 07 28 5a 4b 01 80 9c 38 b1 54 73 18 4a d9 a8 95 da 72 75 88 cc dc 80 39 5b 75 13 26 33 43 63 e7 66 04 55 8b 99 18 83 31 f3 d4 c7 11 ae 83 a5 94 67 cf 9e c5 81 2d 72 ea ba 2e 09 4d fc d4 f9 3e 3b b9 0d 5f 5e 5e 7e f3 cd 37 8f 1e 3d 3a 7f f0 77 fd fd 84 c0 8c ee f4 b6 1f d2 bb 71 37 ee c6 6b 8d bb f0 68 1a 3d 56 a4 69 05 0b 4e 00 98 31 de 2e 71 63 8d Data Ascii: _V+UUft<%``(P:TTA0R$k8%uQtH)],~t?xlYR)aqr?y^[N[9 Ub:(ZK8TsJru9[u&3CcfU1g-r.M>;_^^~7=:wq7kh=ViN1.qc
2025-04-22 11:28:07 UTC	16384	IN	Data Raw: c2 28 59 c2 52 82 93 52 f7 d2 46 ab 92 73 09 41 50 2c d6 95 75 0a 8d c2 45 52 4b e8 13 bf 01 d2 45 8a 11 3c 30 cc 3c 65 10 36 6c 7f ba 77 41 38 62 e2 ba 6b 0c 7f a6 f0 6d a2 d7 86 51 fc b5 c2 6c 32 c6 cb 28 a2 a3 b9 85 0c fd ab 05 d0 4e ba 3c 88 c9 68 a9 5d 9d 8c 88 e8 b3 f7 39 b2 4b e4 d5 ca 9a 6c a9 4f 39 67 2a 81 a8 0a 79 44 ed e3 1e d9 61 52 2d a3 22 62 d3 75 a5 78 db 34 4d 71 10 53 d3 04 11 45 97 7b 91 b0 84 88 9c c3 f5 1c bf fc f6 fa 8f 3f ff f1 d9 ab ef be 69 4d 9a 33 68 20 61 0d 0b 45 e1 b8 44 84 52 a0 50 f9 64 32 83 c7 57 b9 eb 82 ab 29 2c bc 3e 51 f2 f7 01 6c 8e 38 b1 3d 1e 1f 03 83 7d f2 53 9a d6 00 cb 3f 0d 6a 50 95 d1 e0 8d 63 25 59 e7 1c 11 1e fb 75 12 7b 66 51 7a 2c 2b fa 09 d7 81 6b 28 a3 31 c8 f3 47 40 29 41 a1 03 1a 37 ec 91 77 a0 8c de Data Ascii: (YRRFsAP,uERKE<0<e6lwA8bkmQl2(N<h]9KlO9g*yDaR-"bux4MqSE{?iM3h aEDRPd2W),>Ql8=}S?jPc%Yu{fQz,+k(1G@)A7w
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: 92 70 63 39 f5 7d 3e f4 c9 dd 43 6c 37 9b ed 66 b3 69 9a 26 b6 ed a6 69 83 90 88 44 26 26 12 33 f5 ec 1e a3 bb 59 56 d5 be ef fb 5e 52 4a 3b 76 01 79 56 cd 49 03 71 02 dc d4 fa d4 a7 2a 91 c2 92 b3 b9 b9 a9 02 4c 45 fc 6d 44 39 45 99 13 18 e5 44 07 29 3a 2a 5e 81 51 00 52 26 0a 14 d8 a5 69 24 46 b9 7b 7b f7 fd ed ed ff d3 f7 ff f9 ef 7f fe f9 e7 9f 49 b8 73 dd 7b ee 0d dc 5e e5 ae 87 37 0d 31 32 6b 26 43 e8 49 37 bc 75 12 80 d9 8c 54 89 e0 65 cd 9b 7c 4d 05 60 42 20 30 81 cc 3b 2e fd 27 44 c4 c1 07 fb 07 33 62 66 26 26 90 3b 78 28 ed b9 15 d9 d6 62 d3 09 61 06 09 53 28 fc 25 b8 83 9c 05 c4 30 50 01 d5 cc cc 91 9d 44 19 a6 5a b6 18 f5 06 0a 81 04 11 18 72 4e 06 17 91 ca 00 0d c2 65 a9 2f 3a a0 ec 30 27 07 d8 91 55 54 2d 27 4b 39 a5 64 70 12 36 82 b9 e6 9c Data Ascii: pc9}>Cl7fi&iD&&3YV^RJ;vyVIqLEmD9ED):^QR&i$F{{Is{^712k&CI7uTe\|M`B 0;.'D3bf&&;x(baS(%0PDZrNe/:0'UT-'K9dp6
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: 02 02 84 31 14 a2 c1 a3 5d be 06 21 72 63 77 0a 06 14 07 28 98 0b c8 50 6b d8 ac 44 26 ec c2 04 9f 5c 4c e7 3c e1 c1 f8 7c c8 04 2e c3 f5 39 de a7 f3 b1 84 d3 72 d6 66 26 1f 07 82 d7 e2 63 1c 62 cd 13 1f 3e 5f 9f 91 a7 74 da ae 79 54 6e 38 f0 89 59 a2 07 4f 75 a4 82 b1 c6 c6 44 bc 67 74 07 58 2e 7c b4 e6 e6 97 4f 60 8b 49 09 e7 c7 d6 c9 44 0a b3 0e 5e 9e d5 8f 16 2a 9a 47 f2 e3 53 87 b4 23 12 95 16 5c 7f 9f 98 db f6 6a cc c7 67 6a d4 a0 36 c7 70 60 87 c9 02 67 db cb fd 4c 85 d5 66 0b 6b 01 30 6f 6e 3e 95 9a 4f 39 89 47 6b 77 3d 27 3d 1d 16 e1 14 58 d4 45 9c c5 58 84 98 d4 dd 61 ca 81 85 6a ff 18 44 24 f7 fd 38 6b fa ac c8 5b 67 5b 72 f7 5a c5 12 12 11 48 12 1e 6e 5a 77 76 12 18 a6 00 a7 a1 f1 6f 2a 3a 8d 1c be 5a 81 88 32 ab 99 b9 93 86 58 1d a4 8d e0 5c Data Ascii: 1]!rcw(PkD&\L<\|.9rf&cb>_tyTn8YOuDgtX.\|O`ID^GS#\jgj6p`gLfk0on>O9Gkw='=XEXajD$8k[g[rZHnZwvo:Z2X\
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: 41 63 62 f3 6e 65 86 39 45 86 02 08 6f b3 83 2b 1e 81 78 62 32 f1 91 4f 5f 8b 57 9d 6a f3 04 1a 8d de e1 00 94 64 1d 31 c5 ca ae e9 70 be b9 2f 97 3c 1a 33 fe 25 32 0d cd 54 b6 db e9 f5 e8 64 45 39 73 29 dc 8a 7b ad a8 dd 6a 42 33 1a b4 56 62 c5 22 53 06 1e 23 43 bd f8 bc bd c6 a5 3c 51 15 c3 83 8d 88 e7 c5 c0 c7 77 df 1d ff 89 3d e0 74 f4 98 b2 fe 53 d7 bb a7 0a c7 5f e3 30 9c 9f f3 da b7 10 67 56 c2 92 09 1e 0c 93 35 e2 18 c9 b0 80 a2 29 85 b3 c1 c2 a6 3e 8f 44 d6 73 3e f3 2c 6d 6a c5 b1 2b a0 14 55 0a 4e 4e 41 9b 31 64 32 4a 10 84 30 0c 60 e6 21 74 54 34 ff 50 4a 10 3d 18 0a 38 14 41 17 dc 19 c1 fd a4 ea b1 2f da 15 ed 0a ee 26 ec 0a f6 45 1f 26 df bb f6 55 53 58 a0 d5 36 c3 b4 e8 d7 e9 34 0e ff 33 3b 5e ca 6d f6 cb a5 72 af ab ed 7d 7a 06 fd f3 27 a7 Data Ascii: Acbne9Eo+xb2O_Wjd1p/<3%2TdE9s){jB3Vb"S#C<Qw=tS_0gV5)>Ds>,mj+UNNA1d2J0`!tT4PJ=8A/&E&USX643;^mr}z'
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: ad ab 70 c2 ee f4 e4 23 e6 08 88 c5 8a 9f 3c 3b f9 e2 37 9f 3a a0 d7 2f 5f ee de 5e 31 f3 7a bd 71 bc ba be dc be 7e 7d c9 e4 cf cf cf 5d c1 c1 61 44 85 5d 03 57 5b 07 78 f2 e2 e2 ec 17 1f 17 cf 3e 29 bc 2f 91 e3 ae be 7a fd 66 1b 82 f3 76 72 b1 f2 cf bd 5e 12 72 e0 9a 22 eb e5 f6 52 d0 42 53 7b ef ed 7a bb bb bc ba 7a 73 fd a7 ff f6 df ff f4 af 7f bc f0 67 4f 36 a7 9f 9d 9d fb 8b d5 c7 9f 7c ea 4b b7 8b 75 63 a1 20 60 53 c1 56 72 4c 23 22 31 03 a6 fa 22 88 24 66 50 37 37 4e e8 88 99 18 3a 69 c1 de 10 44 66 81 22 19 92 1a 1a 20 99 45 b5 84 ab ad e5 a4 62 37 d8 03 38 95 5b 9f cd 7a a7 7a cb 0f 43 19 7d 0c 2e 8f c7 23 d0 ba f1 34 3e 34 ca e8 08 2f 8c 0a 3d dd cf a4 9c 7c aa 2a 9c c6 bc cc 40 01 09 d1 a8 b5 2f 58 b0 a3 58 fa 5c 0f a1 32 da ea e1 80 2a 88 98 Data Ascii: p#<;7:/_^1zq~}]aD]W[x>)/zfvr^r"RBS{zzsgO6\|Kuc `SVrL#"1"$fP77N:iDf" Eb78[zzC}.#4>4/=\|@/XX\2
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: ee be 6b db 56 d5 d5 43 d4 0b 4d 73 53 1b 0e 2c 2a 83 e1 23 c4 38 47 95 59 95 07 79 cf 98 78 9f 3a b8 f1 9a f3 2b ef 66 1a 6c ee 5c ef 4f 18 e5 e5 87 9e 26 df 8e e4 93 9a 10 5d 82 c3 7d 5a 3f cf 6f 11 5d 3e fd 36 17 dc f3 02 5f af 87 35 fa cc be 4c 23 26 fc 4c 8e da bb 47 3e 93 0e 5f 5c c8 e0 ea 49 10 38 a8 76 18 5a fd 03 77 23 62 0b 77 08 9f f4 04 ce 87 c1 a8 7a 07 ae ef 2f 80 c2 25 3c 9d 7f 0d 8b dd 25 c3 cc 9f a4 9a 7b dd 08 1f ba 9f cb ff 9f 76 7f f6 5c 34 9e f6 c8 e6 3c 85 87 df e1 42 d6 e8 eb 19 cf ee 2e cd d1 b5 37 b3 ec 9d 88 dc 1c 8e ea d6 75 9d 31 8e df fc e6 6f 12 dd 1c f0 af e8 7f fe b7 b6 6b 4f 44 94 1a 02 47 af e0 dc 20 ce 38 ba d6 05 0c 02 57 cd b3 2a 12 53 b8 9d ec 04 61 00 83 80 27 26 6e ba 5c aa 89 b1 a6 0d 54 17 62 66 ac 6c 81 e2 9d a3 Data Ascii: kVCMsS,#8GYyx:+fl\O&]}Z?o]>6_5L#&LG>_\I8vZw#bwz/%<%{v\4<B.7u1okODG 8WSa'&n\Tbfl
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: e4 c3 f1 e2 9c 9d 29 32 20 99 8d 8f 9f 69 f1 3e a8 2b fb e9 16 35 c7 72 62 d3 20 5b 86 cc 5b 99 50 25 83 40 29 01 08 02 15 51 4a 10 84 01 3d 58 46 40 65 31 fb 36 29 ad f7 f7 5a 78 12 50 9f 79 5e 60 de 8f be fe fb 92 bc d3 e0 36 51 fb 89 9e 31 a1 3f 58 4d e8 21 7e 82 40 54 90 9d 99 e6 4e 5b c0 10 4d 62 67 d6 de fd f7 7f b6 ed 87 ee fe 7f 64 ff 8b b6 1f 77 6d e7 4f d9 48 9a 49 67 74 49 1d 42 bc 13 2e 68 70 ea ad 64 f7 9a 74 fe 66 b3 75 72 22 f6 fb 08 a0 25 e9 d3 af 0f cb 04 6f 2d b9 cd 91 2a cd 1c dc ca 03 22 6b 80 70 50 1e 14 ae 3c d0 fd 8a 20 c7 13 ab d2 55 b9 48 57 12 a8 65 bd 7e fb 42 fa 48 38 a7 54 4a 01 d0 53 55 9a f4 67 a0 20 29 0a 8b 34 87 bb 2a a2 10 55 af eb 8a 04 20 d9 80 02 2a 02 a3 89 50 25 40 01 04 ef 2b 68 44 54 a0 34 d1 d6 c0 d6 ee f6 f7 b1 Data Ascii: )2 i>+5rb [[P%@)QJ=XF@e16)ZxPy^`6Q1?XM!~@TN[MbgdwmOHIgtIB.hpdtfur"%o-"kpP< UHWe~BH8TJSUg )4U *P%@+hDT4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49743	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:07 UTC	399	OUT	GET /parcels/mini.png HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:08 UTC	364	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:08 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "11679-6335488d20a80" Accept-Ranges: bytes Content-Length: 71289 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:08 GMT Vary: User-Agent,Accept-Encoding Content-Type: image/png
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 0a ff 00 00 03 74 08 03 00 00 00 ae e6 56 fa 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b Data Ascii: PNGIHDRtVpHYsOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: c0 61 16 3f eb 94 b2 5d ca c2 85 3e 33 78 4a bd b1 a0 72 62 38 1f 15 ce 02 5f 81 ed 8f 23 09 04 bc 40 77 41 08 9e 76 76 46 32 09 82 36 83 6d 89 30 2c 61 83 ee a6 e5 2f 5e 26 4d d2 90 62 6e df 3d 27 90 57 f5 98 f1 58 86 13 44 19 d4 4f 29 c1 f6 d9 43 c3 9d b6 87 66 74 8e 3e 6f 37 e1 78 2d 91 3d 7b 46 c1 33 bf a3 35 7d 6e 0a a0 4d ef 7d b8 ca 64 87 5e a1 6d de 6d 99 4d 60 cf 9b 36 2e 7f e1 fc 75 89 0f 53 01 2b 80 66 6c c1 3a c1 1c fa a7 19 eb 5f b8 c9 6f ed 71 1f 33 2e 7f 0d 1f 7f 28 70 5b 20 5f 2e 08 27 14 9f af aa af 3e 75 ff 08 ad e9 b1 f6 44 5b 39 7a d4 5b 49 16 b2 03 8b ff 56 b5 05 bd c7 f2 17 6f 2f a9 6c fd 0f 3c 61 08 79 55 d7 51 b6 63 19 af f4 67 06 02 08 75 56 38 31 fe de 84 ab 74 f5 79 b5 03 64 1f eb 49 20 b4 d0 2e 08 6e 95 86 15 13 4a 3f 93 f9 11 Data Ascii: a?]>3xJrb8_#@wAvvF26m0,a/^&Mbn='WXDO)Cft>o7x-={F35}nM}d^mmM`6.uS+fl:_oq3.(p[ _.'>uD[9z[IVo/l<ayUQcguV81tydI .nJ?
2025-04-22 11:28:08 UTC	16384	IN	Data Raw: 63 b6 8c 5a 7f 35 55 b2 ba 12 5e db 31 00 1c 87 c1 15 42 e4 bd 13 d2 8c 72 fd c1 5e e5 96 6c 1d d7 b9 2e 80 d6 c9 d2 cd 63 e6 ed 5d 83 6b d4 6c f7 2b 78 40 a5 63 b6 eb 2e e6 26 b9 1e bf dd f0 9a 9c 15 d0 e2 14 9f c9 f9 cd f7 0d 86 8e 99 d0 08 8d 5d 8e c9 d6 71 9d eb 02 68 99 f6 65 33 fa 17 ef ad 94 6d e4 8f 49 31 6e 89 ba 9c 25 34 30 54 fc 4c 24 44 c7 09 2b a0 c5 60 74 7b d3 f7 ca b7 86 56 9a 0c b0 38 5e b6 84 ac be 2d 37 6d a6 c1 53 33 fa 17 6f db 33 db 2b a2 ff c1 2d 3b 54 d7 9c 2d e3 5a a1 04 68 4c e4 2e c3 5e ce 8d 4e de be fb 1f 0c 1d cb d4 e0 09 c8 4e c9 fa b5 96 e3 02 68 d9 3a 4b 8c e8 df de 14 ad 51 1b d9 3a 66 5a 9c 13 9d b2 3d 1c 32 e0 d6 b4 da 60 31 17 fe 0d 51 ff 72 b3 67 2f 66 37 61 4a 7e 37 46 c7 54 64 84 85 cd 9d 92 b5 df 3a bf 79 c5 ed 6c Data Ascii: cZ5U^1Br^l.c]kl+x@c.&]qhe3mI1n%40TL$D+`t{V8^-7mS3o3+-;T-ZhL.^NNh:KQ:fZ=2`1Qrg/f7aJ~7FTd:yl
2025-04-22 11:28:08 UTC	5753	IN	Data Raw: 2f 21 c4 57 54 eb ef 5a da b2 56 d4 96 3a 05 9e 54 45 cd ce f0 ad d5 33 c1 e6 66 1a 40 b5 81 8e 9d 3c ae 18 b7 86 0b ab ea c1 26 45 45 52 47 26 92 2d 8f 65 63 22 a5 6e 5c e8 4b 76 a4 dc 21 ea 7c bf 60 b1 5f b3 94 8d 7f 62 b7 d7 1c 53 fe 12 42 f2 45 fd 45 e9 d7 16 76 be bd a7 b8 1f af 23 db 14 15 e6 6e 99 ac 18 5a 1d a4 0a 00 8f cd 34 80 6a 44 55 33 8d b1 f6 ac 26 10 63 fa dc b3 ed 5e 5d 3e 48 65 46 71 64 22 d9 26 30 64 38 9b 6a 7f ca 54 fa a7 99 bd 49 52 f9 17 ae 37 25 61 e8 d7 30 45 0b fd 73 bb 47 87 f2 97 10 e2 2f 0e ea ef 1a 90 d5 3a b2 4d 37 7c 6b f5 4c b0 be a1 06 b0 ea 51 4e 2c 10 6b 5a ff ac af 7e 4b df d2 dd a7 1b 13 c9 8e 15 ce c6 c4 59 18 8b ec 22 c0 c9 97 c8 9d ab b3 22 5d bf 5e e8 5f e9 6e ab 54 4d f9 4b 08 f1 18 c5 f8 e3 da ce b7 6b 7b 13 cc Data Ascii: /!WTZV:TE3f@<&EERG&-ec"n\Kv!\|`_bSBEEv#nZ4jDU3&c^]>HeFqd"&0d8jTIR7%a0EsG/:M7\|kLQN,kZ~KY""]^_nTMKk{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49744	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:09 UTC	626	OUT	GET /parcels/making/files/fav.ico HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://libelulaspedasi.com/parcels/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:13 UTC	629	IN	HTTP/1.1 404 Not Found Date: Tue, 22 Apr 2025 11:28:09 GMT Server: Apache Pragma: no-cache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://libelulaspedasi.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: WP_SESSION_COOKIE=a8164f9c9569128289503b0609aaaabb%7C%7C1745323091%7C%7C1745322731; expires=Tue, 22 Apr 2025 11:58:11 GMT; Max-Age=1800; path=/ Set-Cookie: PHPSESSID=5e4fbc20fb4478800f0237964011dae6; path=/ Upgrade: h2 Connection: Upgrade, close Vary: User-Agent Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-04-22 11:28:13 UTC	7	IN	Data Raw: 31 31 65 30 30 0d 0a Data Ascii: 11e00
2025-04-22 11:28:13 UTC	7688	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 20 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6c 74 2d 69 65 39 20 6c 74 2d 69 65 38 20 6c 74 2d 69 65 37 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6c 74 2d 69 65 39 20 6c 74 2d 69 65 38 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="en-US" prefix="og: https://ogp.me/ns#"> <![endif]-->...[if IE 7]> <html class="no-js lt-ie9 lt-ie8" lang="en-US" prefix="og: https://ogp.me/ns#"> <![endif]-->
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c Data Ascii: .setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 72 69 6e 67 2d 62 75 74 74 6f 6e 73 5f 5f 73 65 72 76 69 63 65 73 2d 6c 69 73 74 2e 68 61 73 2d 68 75 67 65 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 7d 40 6d 65 64 69 61 20 70 72 69 6e 74 7b 2e 6a 65 74 70 61 63 6b 2d 73 68 61 72 69 6e 67 2d 62 75 74 74 6f 6e 73 5f 5f 73 65 72 76 69 63 65 73 2d 6c 69 73 74 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 65 64 69 74 6f 72 2d 73 74 79 6c 65 73 2d 77 72 61 70 70 65 72 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6a 65 74 70 61 63 6b 2d 73 68 61 72 69 6e 67 2d 62 75 74 74 6f 6e 73 7b 67 61 70 3a 30 3b 70 61 64 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 30 7d 75 6c 2e 6a 65 74 70 61 63 6b 2d 73 68 61 72 69 6e 67 2d 62 75 74 74 6f 6e 73 5f 5f 73 65 Data Ascii: ring-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__se
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 2d 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 29 20 21 69 6d 70 6f 72 Data Ascii: ight-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !impor
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 62 65 6c 75 6c 61 73 70 65 64 61 73 69 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 77 6f 6f 63 6f 6d 6d 65 72 63 65 2f 61 73 73 65 74 73 2f 63 73 73 2f 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 73 6d 61 6c 6c 73 63 72 65 65 6e 2e 63 73 73 3f 76 65 72 3d 39 2e 38 2e 31 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 36 38 70 78 29 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 67 65 6e 65 72 61 6c 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 Data Ascii: belulaspedasi.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=9.8.1' type='text/css' media='only screen and (max-width: 768px)' /><link rel='stylesheet' id='woocommerce-general-css' href='https://libelulaspedasi.com/wp-conte
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 61 6c 79 74 69 63 73 2d 6a 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 64 61 74 61 2d 77 70 2d 73 74 72 61 74 65 67 79 3d 22 64 65 66 65 72 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 64 3d 22 62 6f 6f 6b 65 64 2d 77 63 2d 66 65 2d 66 75 6e 63 74 69 6f 6e 73 2d 6a 73 2d 65 78 74 72 61 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 76 61 72 20 62 6f 6f 6b 65 64 5f 77 63 5f 76 61 72 69 61 62 6c 65 73 20 3d 20 7b 22 70 72 65 66 69 78 22 3a 22 62 6f 6f 6b 65 64 5f 77 63 5f 22 2c 22 61 6a 61 78 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 2e 63 6f 6d 5c 2f 77 70 2d 61 64 6d 69 6e 5c 2f 61 64 6d 69 6e 2d 61 6a Data Ascii: alytics-js" defer="defer" data-wp-strategy="defer"></script><script type="text/javascript" id="booked-wc-fe-functions-js-extra">/* <![CDATA[ */var booked_wc_variables = {"prefix":"booked_wc_","ajaxurl":"https:\/\/libelulaspedasi.com\/wp-admin\/admin-aj
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4c 61 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 66 6f 6e 74 73 2f 6c 61 74 6f 2f 53 36 75 79 77 34 42 4d 55 54 50 48 6a 78 34 77 58 67 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 30 30 30 2d 30 30 46 46 2c 20 55 2b 30 31 33 31 2c Data Ascii: }/* latin */@font-face { font-family: 'Lato'; font-style: normal; font-weight: 400; font-display: swap; src: url(https://libelulaspedasi.com/wp-content/fonts/lato/S6uyw4BMUTPHjx4wXg.woff2) format('woff2'); unicode-range: U+0000-00FF, U+0131,
2025-04-22 11:28:14 UTC	8192	IN	Data Raw: 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 09 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 09 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 74 68 65 6d 6f 5f 64 65 66 61 75 6c 74 5f 6c 61 79 6f 75 74 5f 63 6f 6e 74 65 6e 74 22 20 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 09 20 20 20 20 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 31 32 22 3e 0a 09 09 09 20 20 20 20 20 20 20 20 20 20 20 20 0a 09 09 09 09 09 09 Data Ascii: ge Not Found</h1> </section> </div> </div> <section id="themo_default_layout_content" ><div class='container'> <div class="row"> <div class="col-md-12">
2025-04-22 11:28:14 UTC	496	IN	Data Raw: 20 63 6c 61 73 73 3d 22 73 68 6f 77 2d 61 75 74 68 6f 72 22 3e 50 6f 73 74 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 5f 76 74 38 66 6d 61 2f 22 20 74 69 74 6c 65 3d 22 50 6f 73 74 73 20 62 79 20 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 5f 76 74 38 66 6d 61 22 20 72 65 6c 3d 22 61 75 74 68 6f 72 22 3e 6c 69 62 65 6c 75 6c 61 73 70 65 64 61 73 69 5f 76 74 38 66 6d 61 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 68 6f 77 2d 64 61 74 65 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 72 65 2d 64 61 74 65 22 3e 6f 6e 3c 2f 73 70 61 6e 3e 20 3c 74 69 6d 65 20 63 6c 61 73 73 Data Ascii: class="show-author">Posted by <a href="https://libelulaspedasi.com/author/libelulaspedasi_vt8fma/" title="Posts by libelulaspedasi_vt8fma" rel="author">libelulaspedasi_vt8fma</a></span> <span class="show-date"><span class="pre-date">on</span> <time class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49745	67.205.58.99	443	5688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 11:28:09 UTC	404	OUT	GET /parcels/icon/zaml.png HTTP/1.1 Host: libelulaspedasi.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 11:28:09 UTC	365	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 11:28:09 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 22 Apr 2025 02:13:46 GMT ETag: "6d8de-6335488d20a80" Accept-Ranges: bytes Content-Length: 448734 Cache-Control: max-age=2592000 Expires: Thu, 22 May 2025 11:28:09 GMT Vary: User-Agent,Accept-Encoding Content-Type: image/png
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 02 76 08 02 00 00 00 c0 22 ec 0b 00 00 00 09 70 48 59 73 00 00 17 5c 00 00 17 5c 01 3c 37 db c5 00 00 00 11 74 45 58 74 54 69 74 6c 65 00 50 44 46 20 43 72 65 61 74 6f 72 41 5e bc 28 00 00 00 13 74 45 58 74 41 75 74 68 6f 72 00 50 44 46 20 54 6f 6f 6c 73 20 41 47 1b cf 77 30 00 00 00 2d 7a 54 58 74 44 65 73 63 72 69 70 74 69 6f 6e 00 00 08 99 cb 28 29 29 b0 d2 d7 2f 2f 2f d7 2b 48 49 d3 2d c9 cf cf 29 d6 4b ce cf 05 00 6e 9f 08 f1 97 af 2c b8 00 06 d8 1b 49 44 41 54 78 da ec bd 6b 93 24 d9 71 25 e6 8f 7b 23 32 b3 b2 1e dd 3d 4f 3c 48 62 c5 37 b5 26 ae 24 33 c9 24 93 fe 92 7e 80 3e e8 df e8 93 d6 24 99 c9 76 45 8a 5c 2e 09 10 18 60 00 0c 80 01 c0 c1 00 20 09 10 c0 60 1e fd ac aa cc 8c 88 eb Data Ascii: PNGIHDRv"pHYs\\<7tEXtTitlePDF CreatorA^(tEXtAuthorPDF Tools AGw0-zTXtDescription())///+HI-)Kn,IDATxk$q%{#2=O<Hb7&$3$~>$vE\.` `
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: d4 da 96 27 8a 2e 4b 03 c0 60 84 c0 84 cc 48 04 16 fa 38 73 6d f2 5b f8 ee 72 51 94 50 dc bd de 08 0d d6 b6 8d de 41 a2 a6 60 6b c1 99 56 f7 05 c8 40 dd 08 31 4f 5e fc 57 68 06 46 04 92 d4 10 25 fb bc 20 a1 11 27 10 08 d1 dd 18 5d a5 c0 1f 80 7a aa a8 60 8a 94 40 05 49 c0 d4 72 87 9f 79 c7 0b a8 e5 5b 0c 06 26 ba 9e 85 1b b8 e3 a4 99 91 f7 bd e0 06 88 07 00 d2 da c5 0e a8 b5 5a 33 6f 51 6c 33 46 5b 95 5b 70 db 8c 7c b1 11 01 91 08 d1 74 12 98 80 b0 91 86 d2 b2 2c ce 27 45 35 6d ee d7 cb 4b 91 f3 06 0c a3 12 2b 24 82 14 40 d5 a8 0f e0 bb d7 8a c7 cc 09 c1 ad 2c fb a1 74 eb c3 a1 ef 6f fb 2e b8 b8 50 ff 75 de 9e 5b ec 99 25 d0 d6 44 19 36 05 54 86 fb 25 75 01 8c 9c f9 31 5b 7b a6 6e e5 92 89 48 44 5a 2e 3f 76 b9 6f 00 a0 4d 3d 30 dc 50 88 45 7f 04 5a 82 33 Data Ascii: '.K`H8sm[rQPA`kV@1O^WhF% ']z`@Iry[&Z3oQl3F[[p\|t,'E5mK+$@,to.Pu[%D6T%u1[{nHDZ.?voM=0PEZ3
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: d7 5f af 56 2b 55 05 b4 b6 16 b9 9a 55 66 8f 74 1c 00 94 12 3c 25 60 a0 94 04 00 d4 60 28 c3 50 8b 3a 8a 88 e4 84 90 54 dd 54 dd 41 30 85 05 52 24 6b 0c 0d c1 85 38 a4 ad 25 10 75 51 74 48 29 5d 2c ce 7e 74 ef de 0f 3f 78 f0 83 1f fc e0 de fd f3 8b 6c 59 52 87 9c 91 17 29 e7 9c 85 05 00 98 61 da 71 e6 c9 8b bd ed 72 9a 3f 89 bb 79 8a bd d6 e6 df 05 5e 5b 8d 4e 5b a6 39 da 20 c5 8b ba 55 f5 62 3a 94 ba 1e ea c6 07 28 5a 4b 01 80 9c 38 b1 54 73 18 4a d9 a8 95 da 72 75 88 cc dc 80 39 5b 75 13 26 33 43 63 e7 66 04 55 8b 99 18 83 31 f3 d4 c7 11 ae 83 a5 94 67 cf 9e c5 81 2d 72 ea ba 2e 09 4d fc d4 f9 3e 3b b9 0d 5f 5e 5e 7e f3 cd 37 8f 1e 3d 3a 7f f0 77 fd fd 84 c0 8c ee f4 b6 1f d2 bb 71 37 ee c6 6b 8d bb f0 68 1a 3d 56 a4 69 05 0b 4e 00 98 31 de 2e 71 63 8d Data Ascii: _V+UUft<%``(P:TTA0R$k8%uQtH)],~t?xlYR)aqr?y^[N[9 Ub:(ZK8TsJru9[u&3CcfU1g-r.M>;_^^~7=:wq7kh=ViN1.qc
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: c2 28 59 c2 52 82 93 52 f7 d2 46 ab 92 73 09 41 50 2c d6 95 75 0a 8d c2 45 52 4b e8 13 bf 01 d2 45 8a 11 3c 30 cc 3c 65 10 36 6c 7f ba 77 41 38 62 e2 ba 6b 0c 7f a6 f0 6d a2 d7 86 51 fc b5 c2 6c 32 c6 cb 28 a2 a3 b9 85 0c fd ab 05 d0 4e ba 3c 88 c9 68 a9 5d 9d 8c 88 e8 b3 f7 39 b2 4b e4 d5 ca 9a 6c a9 4f 39 67 2a 81 a8 0a 79 44 ed e3 1e d9 61 52 2d a3 22 62 d3 75 a5 78 db 34 4d 71 10 53 d3 04 11 45 97 7b 91 b0 84 88 9c c3 f5 1c bf fc f6 fa 8f 3f ff f1 d9 ab ef be 69 4d 9a 33 68 20 61 0d 0b 45 e1 b8 44 84 52 a0 50 f9 64 32 83 c7 57 b9 eb 82 ab 29 2c bc 3e 51 f2 f7 01 6c 8e 38 b1 3d 1e 1f 03 83 7d f2 53 9a d6 00 cb 3f 0d 6a 50 95 d1 e0 8d 63 25 59 e7 1c 11 1e fb 75 12 7b 66 51 7a 2c 2b fa 09 d7 81 6b 28 a3 31 c8 f3 47 40 29 41 a1 03 1a 37 ec 91 77 a0 8c de Data Ascii: (YRRFsAP,uERKE<0<e6lwA8bkmQl2(N<h]9KlO9g*yDaR-"bux4MqSE{?iM3h aEDRPd2W),>Ql8=}S?jPc%Yu{fQz,+k(1G@)A7w
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: 92 70 63 39 f5 7d 3e f4 c9 dd 43 6c 37 9b ed 66 b3 69 9a 26 b6 ed a6 69 83 90 88 44 26 26 12 33 f5 ec 1e a3 bb 59 56 d5 be ef fb 5e 52 4a 3b 76 01 79 56 cd 49 03 71 02 dc d4 fa d4 a7 2a 91 c2 92 b3 b9 b9 a9 02 4c 45 fc 6d 44 39 45 99 13 18 e5 44 07 29 3a 2a 5e 81 51 00 52 26 0a 14 d8 a5 69 24 46 b9 7b 7b f7 fd ed ed ff d3 f7 ff f9 ef 7f fe f9 e7 9f 49 b8 73 dd 7b ee 0d dc 5e e5 ae 87 37 0d 31 32 6b 26 43 e8 49 37 bc 75 12 80 d9 8c 54 89 e0 65 cd 9b 7c 4d 05 60 42 20 30 81 cc 3b 2e fd 27 44 c4 c1 07 fb 07 33 62 66 26 26 90 3b 78 28 ed b9 15 d9 d6 62 d3 09 61 06 09 53 28 fc 25 b8 83 9c 05 c4 30 50 01 d5 cc cc 91 9d 44 19 a6 5a b6 18 f5 06 0a 81 04 11 18 72 4e 06 17 91 ca 00 0d c2 65 a9 2f 3a a0 ec 30 27 07 d8 91 55 54 2d 27 4b 39 a5 64 70 12 36 82 b9 e6 9c Data Ascii: pc9}>Cl7fi&iD&&3YV^RJ;vyVIqLEmD9ED):^QR&i$F{{Is{^712k&CI7uTe\|M`B 0;.'D3bf&&;x(baS(%0PDZrNe/:0'UT-'K9dp6
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: 02 02 84 31 14 a2 c1 a3 5d be 06 21 72 63 77 0a 06 14 07 28 98 0b c8 50 6b d8 ac 44 26 ec c2 04 9f 5c 4c e7 3c e1 c1 f8 7c c8 04 2e c3 f5 39 de a7 f3 b1 84 d3 72 d6 66 26 1f 07 82 d7 e2 63 1c 62 cd 13 1f 3e 5f 9f 91 a7 74 da ae 79 54 6e 38 f0 89 59 a2 07 4f 75 a4 82 b1 c6 c6 44 bc 67 74 07 58 2e 7c b4 e6 e6 97 4f 60 8b 49 09 e7 c7 d6 c9 44 0a b3 0e 5e 9e d5 8f 16 2a 9a 47 f2 e3 53 87 b4 23 12 95 16 5c 7f 9f 98 db f6 6a cc c7 67 6a d4 a0 36 c7 70 60 87 c9 02 67 db cb fd 4c 85 d5 66 0b 6b 01 30 6f 6e 3e 95 9a 4f 39 89 47 6b 77 3d 27 3d 1d 16 e1 14 58 d4 45 9c c5 58 84 98 d4 dd 61 ca 81 85 6a ff 18 44 24 f7 fd 38 6b fa ac c8 5b 67 5b 72 f7 5a c5 12 12 11 48 12 1e 6e 5a 77 76 12 18 a6 00 a7 a1 f1 6f 2a 3a 8d 1c be 5a 81 88 32 ab 99 b9 93 86 58 1d a4 8d e0 5c Data Ascii: 1]!rcw(PkD&\L<\|.9rf&cb>_tyTn8YOuDgtX.\|O`ID^GS#\jgj6p`gLfk0on>O9Gkw='=XEXajD$8k[g[rZHnZwvo:Z2X\
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: 41 63 62 f3 6e 65 86 39 45 86 02 08 6f b3 83 2b 1e 81 78 62 32 f1 91 4f 5f 8b 57 9d 6a f3 04 1a 8d de e1 00 94 64 1d 31 c5 ca ae e9 70 be b9 2f 97 3c 1a 33 fe 25 32 0d cd 54 b6 db e9 f5 e8 64 45 39 73 29 dc 8a 7b ad a8 dd 6a 42 33 1a b4 56 62 c5 22 53 06 1e 23 43 bd f8 bc bd c6 a5 3c 51 15 c3 83 8d 88 e7 c5 c0 c7 77 df 1d ff 89 3d e0 74 f4 98 b2 fe 53 d7 bb a7 0a c7 5f e3 30 9c 9f f3 da b7 10 67 56 c2 92 09 1e 0c 93 35 e2 18 c9 b0 80 a2 29 85 b3 c1 c2 a6 3e 8f 44 d6 73 3e f3 2c 6d 6a c5 b1 2b a0 14 55 0a 4e 4e 41 9b 31 64 32 4a 10 84 30 0c 60 e6 21 74 54 34 ff 50 4a 10 3d 18 0a 38 14 41 17 dc 19 c1 fd a4 ea b1 2f da 15 ed 0a ee 26 ec 0a f6 45 1f 26 df bb f6 55 53 58 a0 d5 36 c3 b4 e8 d7 e9 34 0e ff 33 3b 5e ca 6d f6 cb a5 72 af ab ed 7d 7a 06 fd f3 27 a7 Data Ascii: Acbne9Eo+xb2O_Wjd1p/<3%2TdE9s){jB3Vb"S#C<Qw=tS_0gV5)>Ds>,mj+UNNA1d2J0`!tT4PJ=8A/&E&USX643;^mr}z'
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: ad ab 70 c2 ee f4 e4 23 e6 08 88 c5 8a 9f 3c 3b f9 e2 37 9f 3a a0 d7 2f 5f ee de 5e 31 f3 7a bd 71 bc ba be dc be 7e 7d c9 e4 cf cf cf 5d c1 c1 61 44 85 5d 03 57 5b 07 78 f2 e2 e2 ec 17 1f 17 cf 3e 29 bc 2f 91 e3 ae be 7a fd 66 1b 82 f3 76 72 b1 f2 cf bd 5e 12 72 e0 9a 22 eb e5 f6 52 d0 42 53 7b ef ed 7a bb bb bc ba 7a 73 fd a7 ff f6 df ff f4 af 7f bc f0 67 4f 36 a7 9f 9d 9d fb 8b d5 c7 9f 7c ea 4b b7 8b 75 63 a1 20 60 53 c1 56 72 4c 23 22 31 03 a6 fa 22 88 24 66 50 37 37 4e e8 88 99 18 3a 69 c1 de 10 44 66 81 22 19 92 1a 1a 20 99 45 b5 84 ab ad e5 a4 62 37 d8 03 38 95 5b 9f cd 7a a7 7a cb 0f 43 19 7d 0c 2e 8f c7 23 d0 ba f1 34 3e 34 ca e8 08 2f 8c 0a 3d dd cf a4 9c 7c aa 2a 9c c6 bc cc 40 01 09 d1 a8 b5 2f 58 b0 a3 58 fa 5c 0f a1 32 da ea e1 80 2a 88 98 Data Ascii: p#<;7:/_^1zq~}]aD]W[x>)/zfvr^r"RBS{zzsgO6\|Kuc `SVrL#"1"$fP77N:iDf" Eb78[zzC}.#4>4/=\|@/XX\2
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: ee be 6b db 56 d5 d5 43 d4 0b 4d 73 53 1b 0e 2c 2a 83 e1 23 c4 38 47 95 59 95 07 79 cf 98 78 9f 3a b8 f1 9a f3 2b ef 66 1a 6c ee 5c ef 4f 18 e5 e5 87 9e 26 df 8e e4 93 9a 10 5d 82 c3 7d 5a 3f cf 6f 11 5d 3e fd 36 17 dc f3 02 5f af 87 35 fa cc be 4c 23 26 fc 4c 8e da bb 47 3e 93 0e 5f 5c c8 e0 ea 49 10 38 a8 76 18 5a fd 03 77 23 62 0b 77 08 9f f4 04 ce 87 c1 a8 7a 07 ae ef 2f 80 c2 25 3c 9d 7f 0d 8b dd 25 c3 cc 9f a4 9a 7b dd 08 1f ba 9f cb ff 9f 76 7f f6 5c 34 9e f6 c8 e6 3c 85 87 df e1 42 d6 e8 eb 19 cf ee 2e cd d1 b5 37 b3 ec 9d 88 dc 1c 8e ea d6 75 9d 31 8e df fc e6 6f 12 dd 1c f0 af e8 7f fe b7 b6 6b 4f 44 94 1a 02 47 af e0 dc 20 ce 38 ba d6 05 0c 02 57 cd b3 2a 12 53 b8 9d ec 04 61 00 83 80 27 26 6e ba 5c aa 89 b1 a6 0d 54 17 62 66 ac 6c 81 e2 9d a3 Data Ascii: kVCMsS,#8GYyx:+fl\O&]}Z?o]>6_5L#&LG>_\I8vZw#bwz/%<%{v\4<B.7u1okODG 8WSa'&n\Tbfl
2025-04-22 11:28:09 UTC	16384	IN	Data Raw: e4 c3 f1 e2 9c 9d 29 32 20 99 8d 8f 9f 69 f1 3e a8 2b fb e9 16 35 c7 72 62 d3 20 5b 86 cc 5b 99 50 25 83 40 29 01 08 02 15 51 4a 10 84 01 3d 58 46 40 65 31 fb 36 29 ad f7 f7 5a 78 12 50 9f 79 5e 60 de 8f be fe fb 92 bc d3 e0 36 51 fb 89 9e 31 a1 3f 58 4d e8 21 7e 82 40 54 90 9d 99 e6 4e 5b c0 10 4d 62 67 d6 de fd f7 7f b6 ed 87 ee fe 7f 64 ff 8b b6 1f 77 6d e7 4f d9 48 9a 49 67 74 49 1d 42 bc 13 2e 68 70 ea ad 64 f7 9a 74 fe 66 b3 75 72 22 f6 fb 08 a0 25 e9 d3 af 0f cb 04 6f 2d b9 cd 91 2a cd 1c dc ca 03 22 6b 80 70 50 1e 14 ae 3c d0 fd 8a 20 c7 13 ab d2 55 b9 48 57 12 a8 65 bd 7e fb 42 fa 48 38 a7 54 4a 01 d0 53 55 9a f4 67 a0 20 29 0a 8b 34 87 bb 2a a2 10 55 af eb 8a 04 20 d9 80 02 2a 02 a3 89 50 25 40 01 04 ef 2b 68 44 54 a0 34 d1 d6 c0 d6 ee f6 f7 b1 Data Ascii: )2 i>+5rb [[P%@)QJ=XF@e16)ZxPy^`6Q1?XM!~@TN[MbgdwmOHIgtIB.hpdtfur"%o-"kpP< UHWe~BH8TJSUg )4U *P%@+hDT4

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	07:27:36
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	07:27:39
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,5111458036098780711,7479014456531485044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	07:27:45
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5388, Parent PID: 3784

General

File Activities

File Opened

File Created

Windows Analysis Report
https://url.za.m.mimecastprotect.com/s/HN4oC8qYY1un9KkvSnfxcybQ9a?domain=viajayapanama.com