Create Interactive Tour

Analysis Report https://bit.ly/39kvkUX

Overview

General Information

Sample URL:	https://bit.ly/39kvkUX
Analysis ID:	347015
Most interesting Screenshot:

Detection

GRQ Scam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected GRQ Scam

Found iframes

HTML body contains low number of good links

None HTTPS page querying sensitive user data (password, username or email)

Yara detected BitlySuspendedLink

Classification

Startup

System is w10x64

iexplore.exe (PID: 5800 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4760 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5800 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-UFW50dbck[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVZ0d[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\glyphicons-halflings-regular[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWp0dbck[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVp0dbck[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\warning[1].htm	JoeSecurity_BitlySuspendedLink	Yara detected BitlySuspendedLink	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\0WSZOYV6.htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWZ0dbck[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bitcoin-widget[1].htm	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
Click to see the 4 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

• AV Detection
• Phishing
• Compliance
• Networking
• Spam, unwanted Advertisements and Ransom Demands
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1

SlashNext: Label: Internet Scam type: Phishing & Social Engineering

Phishing:

Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: Iframe src: https://www.youtube.com/embed/Upg0Hvk8tZ0?controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&fs=0&showinfo=0&autoplay=1&playlist=Upg0Hvk8tZ0&mute=1&enablejsapi=1&origin=http%3A%2F%2Fde.gewinncode.zulole28.vip&widgetid=1
Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: Iframe src: https://www.youtube.com/embed/Upg0Hvk8tZ0?controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&fs=0&showinfo=0&autoplay=1&playlist=Upg0Hvk8tZ0&mute=1&enablejsapi=1&origin=http%3A%2F%2Fde.gewinncode.zulole28.vip&widgetid=1

Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: Number of links: 0
Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: Number of links: 0

Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: Has password / email / username input fields
Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: Has password / email / username input fields

Source: Yara match	File source: 651689.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\warning[1].htm, type: DROPPED

Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: No <meta name="author".. found
Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: No <meta name="author".. found

Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: No <meta name="copyright".. found
Source: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.162:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.162:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.225:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.225:443 -> 192.168.2.3:49759 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 19813Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "1d9d1-5ab1be1c19b52-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f8bb00004c1fbc995000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UfrnIfn%2FourBYeoRq2FXMQdx0nVZRjMAsRVrtYGvX55yMmt5iqfLn6D1K9qzvJpCtMYtoEkfA9a9UDh5Sv4MgC7g6%2Bx1ysKIvOpCmC5b6R%2BYF7wscOKkipQZog%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a12dfc4c1f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 8f eb b8 91 e8 f7 fd 15 de 13 0c 66 4e 8e ed 23 cb af 76 37 a6 ef ee cd 2e 76 03 6c f2 e5 e6 c3 02 93 c1 85 2c c9 6d 65 64 cb 91 e4 f3 18 5f ef 6f bf 7c 8a c5 62 91 92 dd 3d 83 04 48 7a f7 4c 37 59 2c 16 ab 8a 55 64 89 2c 7e fc ed 3f ff d3 e8 b7 a3 ff 5d 55 6d d3 d6 c9 69 f4 69 3e 9d 4f d7 a3 ef f6 6d 7b 7a fc f8 f1 25 6f b7 ba 6e 9a 56 87 f7 1c fa 77 d5 e9 6b 5d bc ec db 51 1c cd 66 13 f6 cf 7a f4 a7 cf 45 db e6 f5 78 f4 fb 63 3a e5 40 ff 55 a4 f9 b1 c9 b3 d1 f9 98 e5 f5 e8 0f bf ff 93 44 da 70 ac 45 bb 3f 6f 39 be 8f ed e7 6d f3 b1 eb e2 e3 b6 ac b6 1f 0f 49 c3 50 7d fc af df ff ee df ff f8 7f fe 9d 77 f9 f1 9f fe e9 a3 a4 f4 3f f2 63 5e 27 2d c7 db 14 c7 97 51 bb cf 01 f5 bf 3b 37 6d 75 28 7e 66 1d 9a ce d0 10 3e 66 55 da 7c 64 c3 fc 98 6a e8 8f ff ab c8 be df ce 56 49 3e 9b 6f a2 65 92 e7 cb cd 76 b3 58 a5 cb c5 2e 5b 2e 97 69 fa 10 a5 6a e8 c7 5d f1 32 6a 92 4f 8c 82 b6 1a a5 e2 ef e9 5f 9a ea 38 4a 8e d9 c8 8c b0 69 a7 60 98 7d c8 f9 18 3f be 8d 2c 56 bf b4 2c 18 9d a3 63 55 1f 92 92 b1 6e 9a 36 0d 27 34 9a ce 47 ff 4f 60 56 9d b1 bf 00 ea 63 9e 56 65 d2 7c b4 db fd f6 e3 be 3d 94 97 5d 75 6c 27 bb e4 50 94 5f 1f 9b e4 d8 4c 9a bc 2e 76 4f 93 43 33 69 f3 2f ed a4 61 f0 93 24 fb 0b 13 d7 e3 2c 8a be 79 9a 7c ce b7 3f 15 2d 5d 7b dd 56 d9 d7 cb 21 a9 5f 8a e3 63 74 4d ea b6 48 cb 7c 9c 34 45 96 8f b3 bc 4d 8a b2 19 33 a1 a5 c9 a9 2d aa 23 ff f5 5c e7 e3 1d 1b 37 e3 d9 3e 4f 32 fe 9f 97 ba 3a 9f c6 87 a4 38 8e 0f f9 f1 3c 3e 26 9f c6 4d 9e 8a 16 cd f9 c0 d0 7f bd 64 45 73 2a 93 af 8f 8c 51 e9 4f d7 e4 9c 15 d5 38 4d 8e 9f 92 66 7c aa ab 97 3a 6f 9a f1 27 d6 6b d5 41 16 c7 b2 38 e6 13 d1 e0 e9 53 ce 49 4b ca 09 63 c8 cb f1 71 9b 34 39 af 95 88 1e 8f 55 fb dd 0f 4c bd da ba 2a 9b 1f df 77 28 8e d5 31 7f da e7 5c e4 Data Ascii: }kfN#v7.vl,med_o\|b=HzL7Y,Ud,~?]Umii>Om{z%onVwk]QfzExc:@UDpE?o9mIP}w?c^'-Q;7mu(~f>fU\|djVI>oevX.[.ij]2jO_8Ji`}?,V,cUn6'4GO`VcVe\|=]ul'P_L.vOC3i/a$,y\|?-]{V!_ctMH\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 2877Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "5f64-5ab1be1c19b52-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f8bd00000b4b8818e000000001Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QvGjJOE5tQ4rI1sRiSXNW7icO4O000EBCAQtd3Ab6Kj%2BKnkW2vVeiF37GqA%2FKi%2BugG%2FryN0sZ3TiyAmyJ%2FOJ5WUXv3GhO6jV7xlqZtR7hyFkOSNXF%2BVuSLXtaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a12d7e0b4b-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6d 8f a3 38 12 fe 3e bf 82 d3 6a b4 dd ab 84 10 12 92 d0 a3 e9 3b dd ec 6a 35 d2 ee 7d b9 f9 70 d2 e9 3e 18 6c d2 dc 26 10 01 fd 32 d7 ea ff 7e 60 43 82 a1 8c ed 98 74 ef 48 33 68 a6 07 63 9e 2a bb ca 8f 5f aa e8 d9 4f 7f 79 67 fd 64 fd 3d 4d 8b bc c8 d0 c1 7a 58 d8 0b 7b 6d 5d dd 15 c5 e1 66 36 db 92 22 68 9e d9 61 ba bf ae 6a 7f 4a 0f 5f b3 78 7b 57 58 ae 33 9f 4f cb 7f d6 d6 97 c7 b8 28 48 36 b1 3e 27 a1 5d 55 fa 2d 0e 49 92 13 6c dd 27 98 64 d6 ef 9f bf 30 d0 bc 42 8d 8b bb fb a0 c2 9b 15 8f 41 3e 3b 8a 98 05 bb 34 98 ed 51 5e 42 cd 7e fb fc e9 97 7f fc f3 97 4a e4 ec dd bb 19 d3 f4 57 92 90 0c 15 15 6e 1e 27 5b ab b8 23 2d ed 3f dd e7 45 ba 8f ff 57 0a 3c 09 eb 34 61 86 d3 30 9f 95 cd 9c 85 4d ed d9 5f 63 fc 31 98 af 10 99 2f 7c c7 43 84 78 7e e0 2f 57 a1 b7 8c b0 e7 79 61 b8 71 c2 ba e9 49 14 6f ad 1c 3d 94 1a 14 a9 15 d2 7b fb bf 79 9a 58 28 c1 d6 a9 85 79 61 b7 9a 29 03 af da 38 1b c7 16 ab 4b db c2 0e 8a 64 8a 49 84 ee 77 c5 84 de 1c b2 78 8f b2 af ec 26 bf 0f 43 92 e7 ec 26 4e a2 94 fd ef 11 65 49 69 30 76 83 51 b2 25 d9 73 41 9e 8a 69 7e 87 70 fa 78 e3 58 d3 f9 e1 c9 72 ac 6c 1b a0 2b 67 42 2f db bd fe 30 7d 24 c1 1f 71 31 0d d2 a7 a6 6e 5c 36 a6 28 ab b6 5e 70 3d 6f d2 fc 75 ec b9 77 3d 61 8f ab bf 1c a2 b3 f6 ae 3f 8c 88 f5 d2 ee 8e 1b 14 16 f1 03 e1 7a 85 2b ab 3b 87 2b ab fa 88 2b a8 bb 8a 2b 63 3d c6 17 31 99 36 20 d3 06 64 da 5d 99 36 20 d3 ee cb ac 8b 9e 07 ec b0 28 3b c6 eb 76 ce dc 85 3b 5a 58 99 eb 49 1b c7 39 0a 76 04 f3 ed e2 4b 9b 96 f1 a5 b4 6d 7c 51 d3 3a be b4 6e 5f a7 90 c9 ff 77 53 fa 1f 4e 81 6e 71 ad 41 b7 b8 52 a1 5b 56 eb d0 2d 66 4a b4 4a a3 98 ec 70 d9 55 a7 22 8b 1b 71 a2 e7 cd 20 14 3d 6f c6 a5 e8 39 1d aa a2 87 cd e8 15 2a c7 06 34 e0 23 49 9a 90 0f 9d 7b ce d2 25 00 c2 Data Ascii: \m8>j;j5}p>l&2~`CtH3hc*_Oygd=MzX{m]f6"hajJ_x{WX3O(H6>']U-Il'd0BA>;4Q^B~JWn'[#-?EW<4a0M_c1/\|Cx~/WyaqIo={yX(ya)8KdIwx&C&NeIi0vQ%sAi~pxXrl+gB/0}$q1n\6(^p=ouw=a?z+;+++c=
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 674Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "163e-5ab1be1c19b52-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f8e100009c3f54aa8000000001Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HokuF%2Ftv2AnIpnfJKhXvWgup2IPa3Vygy20iMf%2Fryj%2F5tVfY%2F8CLFh6IiNDY%2B4hBuq4DQYsQnEKZdse4tNfAoBfI3mOH7KxKaQoApn3Uiqb8VDq0032lNUGpYA%3D%3D"}],"max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a16cc59c3f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 96 df 6f 9b 30 10 c7 df f3 57 f0 96 a4 2b 89 ed f0 23 a4 2f 03 12 57 6a bb 4d db 94 44 ed 1b 21 86 91 1a 88 80 24 8d a6 fd ef 33 98 a6 51 b6 6a f5 26 2a a8 f6 62 eb 7c c8 f8 3e f7 f5 9d fb 67 92 bb 4f 02 4a 03 57 26 0f 99 74 d6 6f bd f7 e2 28 93 3d c7 25 d2 f7 96 24 95 56 18 d0 fd 48 6a 7f 5a 93 48 fa ea 44 69 fb e2 d1 97 66 7b 4a 46 52 14 27 a1 43 0f ab 3b 12 f8 df b2 91 a4 00 90 af a5 89 3b 92 68 ec 3a b4 f3 b4 87 f4 85 f8 1b ea 24 ed ee f9 b1 2f 77 c9 47 ae 4d 42 3b bd 5e 3f df 36 ed 87 24 1c de 3a 97 29 44 da 87 e0 6e 6d 99 f2 14 cf af c0 72 e1 de f7 76 b1 e7 75 d9 ef d9 41 b2 4e 3b b7 da dd fc e7 9b 28 70 e3 25 91 13 27 f2 d9 49 a7 ef 80 a2 01 19 a8 08 9f 33 03 da 43 20 b3 61 98 1b 08 58 4a 31 8f 27 40 46 63 5c 7c 61 6a 0a 90 4d cd 28 0c 3c 41 13 99 0d f8 a2 f5 a3 d5 7f c2 d7 4c 74 d3 3b 61 74 80 a1 53 d4 82 05 50 8c dc 30 20 37 ac dc b0 0a 03 41 a8 95 80 fc 84 90 fb 06 8b 4b 94 10 c4 8c 10 c4 18 1f c7 df cc d8 67 6b 51 75 0c 74 a6 81 c1 21 f6 6d 40 b2 c8 09 49 4a 9a 09 60 2e 0c 00 02 24 b3 61 50 dc 08 08 19 0d 08 8b 1b 01 27 26 93 c5 04 1b bc cc 98 56 89 88 3a 59 10 35 f8 7a a8 e2 84 18 14 a4 f0 02 82 54 83 c3 01 05 1c cc e1 20 50 42 62 35 98 91 2a 8d 31 33 6c 5c 56 97 02 30 b2 59 1d 47 b6 ce ab b4 8e 58 95 d6 0f da 2b c0 36 13 ea 8c d5 1c 01 a2 20 27 0a 38 3c 00 07 bc 1a 43 35 17 a2 ca 85 88 2c 8b 31 b7 6c 6e d8 1a 9f c7 66 39 db 9c 30 c8 71 6b 65 0e 74 a5 c4 ce 9d 10 21 3e 1b 65 7d 37 78 06 98 a3 9c 55 de 1d f9 31 58 f9 1b 9f 34 c8 17 69 7c ba d8 44 d9 e6 1f 72 c1 37 f8 4d 22 b8 e3 d9 34 28 81 9d 6a d7 b3 d5 e2 a3 75 4b fd f8 da f5 f5 dd 0a 80 9a bf 29 6a 83 8b ec 84 71 55 f7 8e a8 0d 15 57 94 ca df bd 1d 6a 13 af 67 8a aa e0 e4 bd f0 f2 66 58 9b 98 dd cf a2 31 d7 ab 01 d6 06 a4 c7 2e cb ff a6 f7 e7 14 e8 cf a6 Data Ascii: o0W+#/WjMD!$3Qj&b\|>gOJW&to(=%$VHjZHDif{JFR'C;;h:$/wGMB;^?6$:)DnmrvuAN;(p%'I3C aXJ1'@Fc\\|ajM(<ALt;atSP0 7AKgkQut!m@IJ`.$aP'&V:Y5zT PBb513l\V0YGX+6 '8<C5,
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 6663Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "7160-5ab1be1c1aaf2-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f90000001ed2159e0000000001Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8EY%2FoWdTR8YlyrSNA%2FIByzv9ioLSuVVtxv3U3EGIA4xpUkW4itlCfv6uELAA9n5xOfFvs6WPkkxNwdKeiDOg3Kat12NBLFT%2FuJaclH357eDqVTAer9CzbZPNWQ%3D%3D"}],"group":"cf-nel"}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a19ded1ed2-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 5d 5d 8f e4 b8 75 7d f7 af a8 ec c2 99 19 a3 ab b7 a8 fa ee 81 83 8d 13 18 30 60 23 0f f6 43 1e 02 04 94 44 55 71 5a 12 b5 94 d4 dd 35 83 f9 ef 21 25 5e 8a aa 3e 94 f7 61 1f b2 58 ec 76 93 47 14 45 5e de 2f 1e b2 7f fa c3 bf fc 6e f5 87 d5 ea cf aa ee 56 ff fe 2a 5a 55 89 d5 ee f1 f0 b8 5d a5 b7 d5 cf 39 7f 11 17 5e e7 b7 d5 7a 75 ed ba e6 e9 a7 9f 0a 83 e4 23 f0 51 2a 53 fe 73 50 32 b4 f5 57 99 89 ba 15 b1 47 7e 2a 5d fd 47 fb d2 a7 d5 df ff f2 d7 d5 7f fd f9 af 2b f6 c8 1e 56 ff f1 f7 bf 3f ad fe f6 97 7f 50 23 9f 4c 8b 3f 0d 6f 58 17 3c 13 df dc 4f 95 2c 6f 4f 1f ec f3 ae cf 1f 3e b7 3a 7b ea 75 f9 f1 c3 e3 e3 f0 c2 36 7c ed fa 55 a4 f6 d7 ff 65 8f 42 75 1f 3e fd 3a b4 c5 fe 28 45 21 df fe f5 e5 8f c3 a0 7c f8 b4 2a 94 ae 78 f7 f1 83 a8 52 91 e7 22 5f ab 46 d4 dd ad 11 1f 3e 3d fc f3 16 5f 55 51 24 41 2b ee f7 5f f9 e4 dd 83 bf ea b9 ae 0b 1f eb 74 2f 7e 75 67 db 97 cb 8f 41 b9 16 97 be e4 3a 68 cd 00 cc 58 0e 73 f2 2a e4 e5 da 3d d5 b6 a6 1c 8b da ee 56 0a 57 f2 fd b1 e0 df 72 d9 36 25 bf 3d c9 ba 94 b5 58 a7 a5 ca 9e 07 a8 03 ad e6 ff 63 bb e6 ed 27 b6 0a 66 d9 b5 2b bf 0a d3 c6 55 68 d9 7d ee c4 5b b7 d6 a2 ce cd 6f f5 e5 89 f7 9d fa 6c 3f e0 59 1a 39 19 d0 95 52 dd 75 a8 ab 3b c9 4b c9 5b 91 7f 5e 57 ea eb 5a b5 6f f7 98 8b e6 b7 36 e3 a5 b0 1d 5e 97 97 6f d3 1b d9 e3 d6 fd 23 aa cf c3 07 5c c7 6f 7e 3c ee 4d c9 8b d0 9d 34 4f ae cd 2b 2e f5 d3 9a ed 7f 3f b4 91 bc 05 6d 24 a2 1a 0a b7 61 e1 d6 15 ee c2 c2 9d 2b dc 87 85 7b 57 58 bc 7e 7b 95 79 77 35 7d 4a 4e fb 23 db 25 67 d3 83 61 28 c6 b7 9b b5 d3 09 3d 60 fb f2 5b c3 f3 dc 7c dc ba 14 45 f7 b4 f9 5c 71 7d 91 f5 f8 5b f2 68 1e 1e 9a 18 3e aa 75 b3 b6 b6 32 62 66 a5 16 ae 8d 7f 2b e5 b7 46 b5 b2 93 aa 7e d2 a2 e4 9d 7c 71 63 14 54 f0 b4 55 65 df 89 cf 43 db eb 59 e3 63 Data Ascii: ]]u}0`#CDUqZ5!%^>aXvGE^/nVZU]9^zu#QSsP2WG~]G+V?P#L?oX<O,oO>:{u6\|UeBu>:(E!\|xR"_F>=_UQ$A+_t/~ugA:hXs*=VWr6%=Xc'f+Uh}[ol?Y9Ru;K[^WZo6^o#
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 8663Connection: keep-aliveLast-Modified: Fri, 24 Jul 2020 08:26:11 GMTETag: "bc28-5ab2bb9bcfb1b-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f90800004c1fd397b000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pWcm%2BT9%2Bsdq4fvGqor%2BIibderRFTxhlpa7Hl76eIVEwasUNhMsqFCvmacS5K3ItjgeTbs8caeD4MdSXIN6nDyv8I6RZVGov%2BdgSi1sYechtT9TmVmwFXvb4QoQ%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a1af5b4c1f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d d9 72 e4 48 6e cf d6 57 d0 a3 50 4c 6b 2c d6 b0 78 d4 21 85 3b 76 f6 98 f0 83 9f fc e4 0d 87 43 c1 22 b3 54 9c 66 91 b5 24 4b dd 1a 85 fe dd 79 9f 48 92 52 ab 67 0f 6f 57 eb 22 f3 40 22 91 00 12 40 22 17 fb ba 3a 85 45 dd 16 9f c2 cf 5d 7e 3a a1 6e 51 d4 28 ef f6 d5 97 db 7c 3f a0 ee e6 62 31 56 66 87 f6 6d 87 c0 42 23 f5 79 b5 e0 f9 22 c0 ff 8a b6 19 50 33 dc 06 df 05 df dd d1 27 65 d5 9f ea fc e9 36 18 f2 5d 8d 2e 5e 2e c6 81 18 e9 88 be 12 fd 90 f2 b7 c1 ae 1d 0e a4 c9 5d 5b 3e b1 17 7b 0c 40 b8 cf 8f 55 8d bb fc af 16 17 68 ef 68 a7 4d fe 48 be c2 5f ce fd 50 ed 2b 54 7e ac ab 8f 39 6f ee d4 f6 d5 50 b5 cd 6d d0 a1 3a 1f aa 47 34 52 e7 76 df 16 e7 fe c6 fb fa d0 3e 4a 38 77 79 f1 e9 a1 6b cf 4d 19 16 6d dd 62 90 87 2e 6f fa 53 de 61 2c 8d f4 f1 71 f1 97 73 3b 20 07 bc 7c d7 b7 f5 79 40 0c b7 35 da 63 54 47 ec 8f a1 3d c9 df db 53 5e 54 c3 93 fc fb 73 55 0e 87 db 20 89 4e 5f d8 83 03 aa 1e 0e 83 fe e4 94 97 65 d5 3c dc 06 99 78 e2 c2 7e b9 4c 8a 68 97 f3 d7 6d 57 a2 2e ec f2 b2 3a f7 b7 c1 52 d6 13 85 f7 fb 3d 1d e1 6e 68 c2 fe 5c 14 a8 ef 19 6e 6e 02 e3 19 45 a7 0f 5d 97 7f fa fd 6a 19 fd 74 27 5b 3a 75 d5 31 ef 9e 6e f3 82 4c d3 0d f4 50 4e 90 fe 0a 7a 36 3e 53 97 59 5e 2c b3 dc 3b 4b 0b d6 9b 3d 59 12 f7 4b 5c 73 f1 98 d7 55 19 9e f2 be 0f eb 7c 87 ea 89 19 55 50 e0 fe 7f fe 09 7f 7e d6 b1 8d 1b 3d 7d 09 70 85 aa c4 af 7f 8e a2 e4 0f e2 f5 97 b0 af 7e a5 13 c8 27 06 3f 62 ef 7e 0d ab a6 44 5f 6e 83 ed 76 bb d2 68 25 95 73 af 91 c8 32 8a ae ee 14 e0 c5 01 15 9f 02 1d 72 39 bb db 28 8e 96 c1 bf 56 c7 53 db 0d 79 33 b8 64 14 c4 92 26 dc 05 c6 01 41 5f 86 10 f7 f4 80 df 10 6a 76 da 33 d6 f3 7f e6 64 35 cb c7 fd f0 54 a3 db a0 69 bb 63 5e 6b cf 3f 73 e2 76 5e 60 0c e1 f2 cb 58 40 55 57 0d 0a c5 52 58 4a 74 60 da 78 a8 Data Ascii: =rHnWPLk,x!;vC"Tf$KyHRgoW"@"@":E]~:nQ(\|?b1VfmB#y"P3'e6].^.][>{@UhhMH_P+T~9oPm:G4Rv>J8wykMmb.oSa,qs; \|y@5cTG=S^TsU N_e<x~LhmW.:R=nh\nnE]jt'[:u1nLPNz6>SY^,;K=YK\sU\|UP~
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 2871Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "4562-5ab1be1c1aaf2-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f90700000b4b89ba2000000001Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gx3HuFpt764mtdZOY9nfOMqQ8YAX44UhWVSsn6JudQT%2F1rGDaPIhEMZxupsTT18D8SD%2BuPLlIWSPdVAMi5YSZsB2uEOiaXNKLsxEQpGkunyliy89FJV1Ez3BPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a1aec00b4b-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 1c 6b 73 db 38 ee fb fe 0a 4d 6f 32 8d bb 96 23 c9 76 9a c8 73 9d dd 6b b7 33 37 d7 7e b9 db b9 ef b4 44 db dc c8 a2 86 94 e3 24 9e fc f7 03 1f 7a 93 b2 ec a6 b7 dd 69 db 26 92 01 10 04 01 10 e0 03 ee d5 9b 37 3f 39 6f 9c ff ec 49 86 99 33 9d cc 26 be f8 fc 99 f2 dc d9 d2 18 b3 14 1e 4b 92 60 27 a7 bb 68 e3 f0 84 00 d0 41 69 ec ac 18 da e2 3d 65 77 ce 9e e4 1b 67 83 58 bc 47 0c 3b 28 8a 70 82 19 ca 71 ec e4 0c a5 9c e4 84 a6 5c b0 15 3f 9b 3c cf c2 ab ab fd 7e 3f 21 31 4a d7 98 d1 c9 8e 5f 71 29 c1 55 41 f5 9e 66 8f 8c ac 37 b9 13 78 fe f5 d8 f9 6f 82 62 b2 25 cc f9 17 f4 93 a0 6d 46 62 22 e8 7e df 60 87 7c 28 d9 f4 74 50 70 fe 44 22 9c 72 90 6d 97 8a 91 7c fe e7 ef 05 e6 df 20 36 12 18 9a 86 ce 07 1c e1 ed 12 08 fc e9 58 ca 00 14 57 3f 4d 94 98 6e 44 d3 1c 91 14 b3 c3 16 b1 35 49 dd 04 af f2 10 ed 72 ba d0 00 29 bc 82 64 54 a9 20 64 38 41 39 b9 c7 0b 7a 8f d9 2a a1 fb 70 43 e2 18 a7 8b 27 97 80 30 0f a1 ff dc e9 c0 4d a9 bb 4a f0 c3 92 3e 38 05 52 1a e1 00 0c 50 1e 8a 8e 0d ad a0 83 9c 44 28 79 57 a0 f6 0c 65 f0 3c b8 7b bc bc 23 b9 0b fc 5c ca 08 4e f3 b0 a0 5d b8 5b fa 64 41 70 29 84 1b 13 86 23 39 96 88 26 bb 6d ba 28 d8 99 b1 46 e8 73 5b a4 ae 7e f6 24 ce 37 a1 ef 79 17 8b 0d 96 8a 94 ef a5 9a 16 31 e1 59 82 1e c3 da 68 2a 98 1e 45 0d c0 0b 15 76 1a 0a 78 09 94 1f 0a 4c e5 ba 6e c6 28 c8 99 57 ad 24 6e 45 d9 56 a9 cc 48 5a 22 14 1d 35 53 d1 06 2f 6e 61 c5 6b 54 26 8a 1a 8f 9a 79 39 79 22 e9 3a 14 4e 01 d6 94 2a 29 2d 6c c0 99 c1 06 df 82 c9 cf 28 89 9b ee 38 b6 39 5a 29 9b 92 12 2c 8c a7 f1 a5 37 86 bf a3 45 53 4b 46 0a 6a c2 5f ea d6 bc bf 71 1f d2 30 b0 ed 2e c9 09 a3 fb de 49 93 00 29 0f 25 69 96 e0 4a a3 1d b8 9e 32 82 47 28 7e 35 e7 4a 05 6e 7e 34 88 b5 62 18 bb 22 18 5b e5 aa f9 44 0e 51 32 5d bb ab 5d aa e6 9c 88 68 2e dd Data Ascii: ks8Mo2#vsk37~D$zi&7?9oI3&K`'hAi=ewgXG;(pq\?<~?!1J_q)UAf7xob%mFb"~`\|(tPpD"rm\| 6XW?MnD5Ir)dT d8A9zpC'0MJ>8RPD(yWe<{#\N][dAp)#9&m(Fs[~$7y1YhEvx
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: text/cssContent-Length: 1238Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "6d02-5ab1be1c1aaf2-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f91300000b472e985000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g7wxw1yOJr6tsFOOHvupS5b%2BYAJvb1mGylifBI%2BqApyy8fCbLgXJGJJJ0HeqiSzG6yggnV0%2F%2FfuWB2kOCmj66kjdswGjsVC84XCUT%2Bj2tfLXZT9djs3TND%2FaFw%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a1be180b47-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 9b 5d 6f 9b 48 14 86 ef f3 2b b8 73 d2 2d f1 cc 18 ec 90 de 14 30 74 a3 38 aa f2 e1 ad 7a 55 51 8c 1d 1a 8c bb 36 de 24 5e ed 7f ef c0 d0 34 d9 04 05 46 ea 9c e1 e3 c6 e8 78 1c e4 3c ef 01 1e 9d 4c fa 6f 14 ff 7e 1d 46 51 e8 ab c1 5d a2 bc e9 ef bd 9f af e2 44 9d 7b 7e a0 fc bb a7 28 79 b5 0c a3 fb 63 a5 77 b1 fa ba 4a 56 bd 77 3f 17 36 c9 7d 14 1c 2b 61 e2 d1 33 3c bc 7b 1b 84 8b eb e4 58 c1 08 3d bc 37 0b 37 df 23 8f 9e e3 6b b4 f2 6f d2 b7 37 6b ff 58 a1 85 17 ed e7 e7 55 ae ae c3 58 39 c9 4e d6 3b 78 fb 74 51 4d 17 7f ad 6d d7 d1 fe e1 61 3f 3d f7 a6 7f ea 7e 0c ed f8 6f 67 6b 10 77 8d cf b6 3a 3e 5f 3b 3b 34 9b 7c 89 77 87 b7 ab f9 9c 1c d0 6f b1 5e 7a c9 7e 2f 2b 7b 07 e9 37 d8 c6 a1 bf 9a 05 ea da 8b 17 f4 b7 98 fe 81 b4 21 52 91 4e dc b7 b4 c0 f6 11 52 e9 cb 51 5a 10 64 69 d9 71 ec 20 95 8c dd ec 13 e6 50 43 aa 39 34 b2 c2 75 88 a3 d2 17 f7 dd de 7f 7b fd 5f 5c 9b c5 f4 9c 83 29 a2 4c 35 3d 83 84 34 23 2d 0c cc 0a 2b 2d ac ac 20 18 0f 73 72 8b 75 10 dc 34 af 1d 6f 2b a3 c3 2e 45 87 5d d7 7d 0c a6 59 50 ce aa f7 d3 60 44 bb 66 f0 00 e5 9f 30 48 62 6f 19 6c 82 66 91 39 aa 4e 06 23 a2 d2 97 41 76 71 61 4c 31 61 cc ae 34 4c 8e 68 41 0c 56 0c d3 62 98 17 66 fa 31 33 ff 98 e9 d2 c2 42 d9 ed cf a1 2b d8 71 0d 76 fb 33 ad 9c 77 e4 25 61 dc bc ab 53 e3 c1 4d d1 11 8d dd d8 88 6e 30 6a 28 a3 e6 32 6a 04 e5 f4 e8 43 83 22 cc 8b 31 2d 6c 37 bf eb 65 69 11 9b 3e 78 88 3d 62 8f 95 11 a1 8f 95 d1 43 87 67 c4 9b 45 db 9c 4d 6e 2b b1 46 29 6b c4 b0 22 3c c8 db 55 4f fb 5d 67 fd 4e 2c 8b a6 61 d9 ac b0 87 ec 38 36 f3 a3 cd d8 a3 34 88 61 9e ce 48 cb 03 61 8b 98 10 76 34 f2 27 92 c1 b2 a1 0b f9 51 67 0f 7a f6 35 e8 7d 79 fc bf 67 fd 6f b8 2c 06 55 83 9a a4 3f 57 98 54 b6 5a 1c d5 b7 a7 51 5d 7d 33 2f fd 81 bd b9 3a 8d cc Data Ascii: ]oH+s-0t8zUQ6$^4Fx<Lo~FQ]D{~(ycwJVw?6}+a3<{X=77#ko7kXUX9N;xtQMma?=~ogkw:>_;;4\|wo^z~/+{7!RNRQZdiq PC94u{_\)L5=4#-+- sru4o+.E]}YP`Df0Hbolf9N#AvqaL1a4LhAVbf13B+qv3w%aSMn0j(2jC"
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 33760Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "17b8b-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f91c00009c3f6b176000000001Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XwmAiaJ1CO%2B2XE%2BmXdpcjvhVEV6QaJ86hOlj1ZColKtVFVBaDG5pPOP4Vs5p3TkuBpXo%2FaCUGHIqR68Guu9YhYMq2lIMu0D8Kl62M9tCsUzlUnFgNET2ZVacaQ%3D%3D"}],"max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a1cd139c3f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd 6b 7b 1b c7 b1 2e fa 7d fd 0a 62 a2 45 cf 08 4d 90 94 ed ec 64 a0 21 8e 2c c9 b1 12 db b2 2d 39 b6 17 08 fb 99 1b 80 21 71 23 00 8a 94 09 e4 b7 9f 7a ab ba 7b 7a 2e 90 9c b5 f6 3e cf 7e 8e 13 11 73 e9 e9 7b 57 57 55 57 bd 75 fa b8 73 74 f5 fd 6d be 7e 7f f4 ee bc 77 fe a4 f7 d9 d1 ee c8 4f 03 f3 f0 cb e5 ed 22 8b b7 c5 72 41 cf af 6e f0 ac b7 5c 4f 4e 67 45 9a 2f 36 f9 d1 e3 d3 ff e8 8c 6f 17 29 52 f8 b1 4a 82 07 6f 99 5c e5 e9 d6 8b a2 ed fb 55 be 1c 1f cd 97 d9 ed 2c 3f 3e 3e f0 a2 97 df af 96 eb ed 66 50 bd 8d e2 5e b6 4c 6f e7 f9 62 3b 48 28 e7 ce 59 10 96 05 05 0f c5 d8 ef 94 49 82 ed 74 bd bc 3b 5a e4 77 47 2f d7 eb e5 da f7 74 fd d7 f9 cd 6d b1 ce 37 47 f1 d1 5d b1 c8 28 cd 5d b1 9d d2 9d f9 d2 0b fa eb 7c 7b bb 5e 1c 51 29 c1 3e e4 bf be 47 ad ce c7 c5 22 cf bc 8e a9 ae 7c 3f 90 9f 70 3b 2d 36 aa da f2 77 f1 fa 28 8d 86 23 95 39 95 57 79 94 f6 36 e8 2e 35 a6 ab 74 b9 48 e3 ad 9a d0 e5 ea 76 33 55 53 ba a0 0c f3 fb d7 63 55 44 0f 7b 75 15 15 bd ed f2 cd 76 5d 2c 26 ea 9a 6e a6 f1 e6 f5 dd e2 bb f5 72 95 af b7 ef d5 0c 89 e6 91 27 83 e5 a9 45 54 ad 84 6e 0c 7a 62 d1 1b 2f 28 f3 62 cb 6f f6 6a 19 9d fe 3a bc dc 5c de 7e f9 f2 cb 2f 2f ef 9f 9d 8d ba bb da fd a3 d3 89 5a 51 b2 93 f9 e6 e4 54 dd 44 a7 27 fe f0 32 8b 4f 7e 1f 05 a7 93 42 ad db 0b 4b a8 c6 3f ae a8 7e cf e3 4d ee 07 fb 3e 4a 8e 16 bd d5 7a b9 5d a2 f7 a2 07 99 3a e1 5c 51 07 6c b6 eb db 74 bb 5c 87 0b b5 c9 67 39 5f 7a 9e 9a e5 8b c9 76 1a 9e a9 ed f2 d9 7a 1d bf 2f 87 db 16 94 f7 d2 78 36 f3 d1 f7 d4 9e 49 be ad 4c 09 d3 f4 db d9 ac 13 c5 83 b3 8b 78 80 94 c3 b8 8b 9f 9e e4 3f 0a e5 d9 28 ac 66 86 d1 78 b3 8d d3 eb 4a 96 18 d2 84 5a 32 cf d7 93 9c 93 f6 9c 06 f8 81 8a cb e9 43 cd cd df bd e6 39 1e f1 ec 48 90 Data Ascii: k{.}bEMd!,-9!q#z{z.>~s{WWUWustm~wO"rAn\ONgE/6o)RJo\U,?>>fP^Lob;H(YIt;ZwG/tm7G](]\|{^Q)>G"\|?p;-6w(#9Wy6.5tHv3UScUD{uv],&nr'ETnzb/(boj:\~//ZQTD'2O~BK?~M>Jz]:\Qlt\
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 9929Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "91dc-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f93b00001ed2bfa6a000000001Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FTj88yvzzj8V6UxljqPIO2hwfsOFB6STlJ3ve8X0inYwXS5sMNBxPlsSdWzXqG%2BJyuT4kADHHvocgU%2BR6gzDoxeeSw85aOLywRF%2BD3UrzXxoy0XEUAhCRtAxrA%3D%3D"}],"group":"cf-nel"}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a1fecd1ed2-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 5b 7b db c6 95 ef fd 15 24 e2 a5 81 10 a4 28 3b 6e 1a d0 30 3f c7 76 77 bd 9b 26 d9 d8 69 bf 5d ad da 42 e4 48 9c 04 02 58 00 94 ec 88 ec 6f df 73 e6 7e 03 29 b9 dd bc ec 8b 44 00 73 3d 73 ee e7 cc cc c9 e7 c3 df 0c 3e 1f 7c 5d d7 5d db 35 c5 66 70 f3 74 fa 74 fa e5 20 5e 77 dd 26 3b 39 b9 22 dd 85 fc 36 5d d6 d7 09 96 7e 55 6f 3e 36 f4 6a dd 0d 9e cc 4e 4f 27 f0 e7 cb c1 fb 5b da 75 a4 49 07 6f ab e5 14 0b 7d 43 97 a4 6a c9 6a b0 ad 56 a4 19 fc e1 ed 7b de 68 8b ad d2 6e bd bd c0 f6 4e ba db 8b f6 44 75 71 72 51 d6 17 27 d7 45 0b 4d 9d 7c f3 f6 d5 9b 6f df bd c1 2e 4f 7e f3 9b 13 3e d2 7f 25 15 69 8a 0e db 6d 69 75 35 e8 d6 c4 18 fd ab 6d db d5 d7 f4 17 e8 50 77 e6 4c e1 64 55 2f db 13 98 e6 c9 52 96 3e 59 d0 55 7e 71 fa db 82 9c 3e fd 6a f6 ac 20 e4 d9 57 17 5f 7d f1 db e5 b3 2f 2e 57 cf 9e 3d 5b 2e 7f 37 5b 8a a9 57 97 f4 6a d0 16 37 30 82 ae 1e 2c d9 f3 f4 a7 b6 ae 06 45 b5 1a e8 19 b6 dd d4 98 e6 b1 c6 d9 1c e9 65 1c 21 b4 2e 69 45 56 51 9e 77 1f 37 a4 be 1c fc f4 9f 5b d2 7c 4c ba 75 53 df 0e 2a 72 3b 78 d3 34 75 13 47 6a da 8f db c1 bf 17 37 c5 bb 65 43 37 dd a0 21 7f db d2 86 b4 a2 5e 94 cc c7 97 db 6a d9 d1 ba 8a bb e4 2e da b6 64 00 d5 e8 b2 8b e6 37 45 33 20 79 37 bd ac a6 3f fd 0d 4b 4f db 4d 49 bb 38 1a 44 c9 d9 ec 5c 3e 4d a1 11 18 1c 81 57 cf 9f 8c 46 e4 ec f4 fc f9 57 bb dd 69 9e e3 ab d1 e8 2b fc 71 7a 8e 5f 9e 9c 3f 3f dd ed f0 f5 8b a7 9f 3a e4 c1 0d 69 5a 18 ee e0 74 fa d5 f4 74 50 37 83 35 60 1b 22 d7 c5 b6 1b 94 f5 2d 2c 6f b7 2e 2a 55 ee 8b 28 d9 c7 02 4c 69 ff 6c e5 87 01 89 49 72 d7 90 6e db 54 d0 10 6d a7 a4 58 ae 63 55 2f b9 43 b8 d0 bc 8b f1 63 92 56 39 9d ae 8a ae 88 a3 8b 76 5a 94 a4 e9 00 1e d5 6e e7 bd 85 92 38 d9 9a d7 4b d2 08 7b ae ae f4 52 92 Data Ascii: =[{$(;n0?vw&i]BHXos~)Ds=s>\|]]5fptt ^w&;9"6]~Uo>6jNO'[uIo}CjjV{hnNDuqrQ'EM\|o.O~>%imiu5mPwLdU/R>YU~q>j W_}/.W=[.7[Wj70,Ee!.iEVQw7[\|LuS*r;x4uGj7eC7!^j.d7E3 y7?KOMI8D\>MWFWi+qz_??:iZ
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 23631Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "17a38-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f95500000b47809fa000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R4TrpABydf%2FE%2Fkli54qkYlWtu7t57tf9T5qd5SGu9EVd9ETMYkAE54j9W9W9Rm3XQbujidpGor%2B7%2FYbmev%2BiF8CGmTbe9hVYuJokRiSmIoVxGTvh3RcChC2Ebw%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a22f560b47-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd fb 77 db c8 91 28 fc 7b fe 0a 09 7b 57 03 88 20 45 da 33 49 86 14 c4 e3 c7 4c c6 27 f6 d8 77 e4 64 ac 28 ba 39 10 d9 92 10 93 00 03 80 92 65 91 f7 6f ff aa aa df 8d 06 49 79 66 b2 bb f7 7c 9b 1d 8b e8 77 57 57 57 57 57 d7 e3 e8 f0 f0 77 7b 87 7b a7 77 d9 82 95 7b 4f 7b 5f f7 06 f8 fd a6 a8 ea bd 79 31 65 65 0e 7f 2e b3 19 db ab 8b e5 e4 66 af 9a 65 90 b8 97 e6 d3 bd ab 32 9d b3 bb a2 fc b8 77 97 d5 37 7b 37 69 39 bd 4b 4b b6 97 4e 26 6c c6 ca b4 66 d3 bd ba 4c f3 2a ab b3 22 af b0 59 fc ef a6 ae 17 c3 a3 a3 bb bb bb 5e 36 4d f3 6b 56 16 bd 65 75 54 d1 08 8e 64 a9 17 c5 e2 be cc ae 6f ea bd 27 fd c1 ef e3 bd bf ce d2 69 36 cf ca bd 3f 43 3f b3 74 be c8 a6 19 96 7b 7f c3 f6 b2 97 aa 99 0d 1d c8 96 5f 67 13 96 57 30 b6 65 8e 33 79 f3 ea bd cc f9 09 86 9d 62 4e 91 0f f7 5e b2 09 9b 5f 42 81 c1 d3 98 c6 00 25 8e 7e b7 7f b5 cc 27 38 9d 30 7a 08 96 15 db ab ea 32 9b d4 c1 48 a6 ef b1 90 45 0f ac 77 95 f7 f8 8c 12 55 23 8d 1e 6e d3 72 af 1a 95 ac 5e 96 58 b2 be c9 aa a8 c7 d2 c9 4d 68 b4 8b 85 58 92 b3 bb bd 9a 4a c4 69 34 aa 56 ab b0 4a 58 b4 8e e2 6a bd c6 12 69 5c eb a6 59 9c 45 0f 6a 08 25 0e 41 74 f2 26 ad 6f 7a 57 b3 a2 c0 c4 b5 2a a2 fb b9 ec 2d 52 58 c8 aa 97 2e eb 62 31 4b ef e3 14 d2 68 99 ab 1e fb 57 78 d9 4b a1 ca 2d 7b 05 d0 fa 14 8d d2 5e 5a d7 65 18 4c d3 3a ed f2 19 76 65 cd 20 3a 38 08 59 b2 b9 c8 6a d5 e8 31 8a 2f d5 ef f7 d9 9c 15 cb fa d5 34 a9 58 2d 3e 4c e0 a8 ca 30 a5 c5 18 46 77 95 7d 7a 0d 3f 43 6c e4 1f 34 ec 1f d9 a7 9a 3e d9 3c ab c3 a0 c8 9f c9 ce e3 cb 28 1a 5e f6 b2 ea bb 7c 3a ce 54 9f a7 f0 e7 6d fe 3a ad ea 31 cc 1c 3e 64 85 30 1a 86 b2 d5 f7 45 d8 6f 6f 34 dc ad f3 75 6c 2e 42 01 eb 56 0b a4 48 d2 90 f5 ea b4 bc 66 75 34 ca ae c2 fd 0a 86 Data Ascii: w({{W E3IL'wd(9eoIyf\|wWWWWWw{{w{O{_y1ee.fe2w7{7i9KKN&lfL"Y^6MkVeuTdo'i6?C?t{_gW0e3ybN^_B%~'80z2HEwU#nr^XMhXJi4VJXji\YEj%At&ozW-RX.b1KhWxK-{^ZeL:ve :8Yj1/4X->L0Fw
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 750Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "a2d-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f96600009c3f5d1d6000000001Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7Qsj0AIOCTTUoXT1K3jnCaVfMFHb3rAWkqUu0zwjdEeW0hhBJ87l3cfvMO3xpdeDmrosGv1u2yAhKhq503hLruJs7VrWx%2BxlNl9r%2F9qTpLMSRd%2BrCwjOJHbNcg%3D%3D"}],"max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a23d659c3f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 56 c1 6e 9c 30 10 bd f7 2b 58 0e 2b 93 b8 64 f7 50 55 61 85 50 55 e5 96 b6 51 95 5b d5 83 31 06 dc b0 78 65 bc bb 69 93 fd f7 da c1 80 0d a6 f4 04 7e f3 e6 79 c6 9e 19 b8 b9 5a 79 19 39 51 4c c2 5f 8d b7 09 b7 e1 87 8f de d5 cd 3b 90 1f 6b 2c 28 ab 41 f0 72 42 dc 43 30 85 18 66 90 c0 1c 16 b0 84 74 77 a6 75 c6 ce 61 eb 1c bf 5c 60 1a 77 10 c3 c7 3d a9 45 ff 72 57 11 f5 80 b4 63 d4 e8 44 0b 24 18 0f 8f 0d e1 9f 0a 45 16 ec 9e 9d 09 ff 8c 1a 02 02 a8 63 a2 ac 89 8d 48 38 11 47 5e 77 01 d3 43 c9 6a 49 7e 7d ed 01 96 59 4b 24 97 17 68 d1 1d 72 18 f8 ad cd 37 c9 2c 9b a3 b2 cc 22 a2 59 22 32 89 a8 ce 38 a3 33 5c 6d 9c d2 1f 66 62 b6 59 20 58 af a5 ca 9e a5 b4 22 53 91 47 94 56 44 fc 97 ca ca 25 93 56 08 3f a5 84 f3 df ee e8 07 bb 2f 4f 5f 01 e9 76 a3 5f 39 dd 3b 95 16 12 1b 88 5d 54 e2 2d 09 a7 d6 52 7e b6 98 4b ab ad 4b 57 ad 49 b6 36 4e e9 0b 39 68 96 de 73 5c 61 da ba 14 bb 2d 22 d8 11 97 86 48 fe ec 6c 10 c9 04 ed 2d ee 3c 7e 8a f4 55 80 36 6d 0d 59 1a 0b 99 28 ca 5c 8d 29 db 52 12 86 ff e4 e8 5b c1 c5 e2 7c 98 f4 fa bf 9b df bc 22 03 1e 15 a0 61 e9 8f c1 18 19 62 21 af 76 c2 f4 12 56 bb 39 37 9d 98 ac 2a 18 45 d3 81 7d 38 07 c6 05 47 d4 15 d0 ed 66 15 c7 5f 90 28 43 94 36 40 8f 59 c6 a9 9c ac 48 31 07 91 4a 46 d9 60 74 70 1d f9 ed 26 5e 52 c1 83 1b ea fc de 6f e5 e6 34 94 74 f2 fc 2d 97 f8 05 12 8b a6 be 20 78 d7 15 67 5c 93 b3 f7 9d 14 77 cf 07 80 a0 4f fd 00 a6 21 ae 50 d3 7c 45 7b 59 10 48 e0 12 60 29 82 1c 7b 79 44 be 27 27 79 cc de 26 32 dc ae 63 df f3 af d1 05 16 b3 4e 06 3b 36 37 e4 e4 20 2f 88 a8 58 fc 20 6a a5 2f c6 17 08 04 89 75 df 09 92 c3 9d 35 9e 5a 79 5d 3d 47 a3 ba 1c 48 6a ed 75 6d 13 59 d5 ba 5e f7 2c 96 4d 38 fd 58 4e dc f5 a5 b6 d0 d0 10 86 81 8d f5 cc 31 98 cc 96 a6 52 1d Data Ascii: Vn0+X+dPUaPUQ[1xei~yZy9QL_;k,(ArBC0ftwua\`w=ErWcD$EcH8G^wCjI~}YK$hr7,"Y"283\mfbY X"SGVD%V?/O_v_9;]T-R~KKWI6N9hs\a-"Hl-<~U6mY(\)R[\|"ab!vV97*E}8Gf_(C6@YH1JF`tp&^Ro4t- xg\wO
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 168Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "128-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f96600004c1fbd90a000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P9rL3F2Gaz9GmY845UFae1pUg0VCWl66w7XOfrkTO%2Fk2woUZybGnN5tULGu1r0v9NS59f4M3jVb8GX7KZrwXY19o2rYDcKrCUOrSrnM%2BOggdo%2BIMfOy2xWOAKw%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a2392b4c1f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 8e 41 0a c2 30 10 45 f7 3d c5 80 85 26 d0 06 dd ea d6 23 78 81 34 4e 48 70 9a 29 cd b4 20 e2 dd 4d ab 0b 3d 80 1f 66 31 9f ff 3e bf 56 cd 2e d9 c5 31 75 07 a0 08 b6 d1 c6 51 74 37 e5 e7 e4 24 72 52 a8 e1 51 41 11 9a 71 c2 05 93 9c d1 db 99 44 e9 d3 e6 d7 aa 09 32 50 0b 3d 5f ef 85 b7 29 0e 56 50 7d b0 55 d9 4d 4c 74 e1 f1 58 d2 12 62 36 c1 e6 a0 0d 7b 9f b1 14 19 e1 71 0b 3f 4b e7 7a 55 29 35 6f aa eb 25 41 0b 5f 5f f7 ff 95 6a af 7f f6 bc 00 ac b4 0b a3 28 01 00 00 Data Ascii: A0E=&#x4NHp) M=f1>V.1uQt7$rRQAqD2P=_)VP}UMLtXb6{q?KzU)5o%A__j(
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 1368Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "cce-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f96100000b4b9fa69000000001Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6OKdvdqxuStfwYoei6SO4%2BNnKWNHrrY2I1kKxG%2FZlzZjhZNfvOXGDFMOrgHtYMLnPfkyHJr9dZ5r12IS%2Bqw60XaM%2FVd3w8QD8pugUCUA3N2e9agECsVvJh9f9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a2281a0b4b-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 57 db 6e 1b 37 10 7d f7 57 b0 9b 20 59 c5 92 ad c4 6d d2 48 b2 80 58 71 ac 26 b2 eb fa 92 20 08 f2 c0 dd 1d 69 59 71 49 81 cb b5 23 17 79 e9 df 14 e8 27 f4 2d 7f d2 2f e9 0c c9 d5 cd 4e 8a 02 15 60 f3 68 38 73 e6 70 48 ce ae c6 95 4a ad d0 8a f1 d9 4c ce df e5 a0 0e 25 14 a0 ec e1 27 51 da 32 86 26 e3 4d a6 1a ec b7 2d 86 9f 2b 6e 98 65 fb ac 04 fb 93 b2 60 ae b8 8c c7 81 22 ae 9d e8 f3 eb 2f 15 98 79 0c 8d 1d 09 6a 62 73 d6 67 6d f6 e0 01 8b 79 dc 68 b2 54 02 37 0b 02 db 68 b8 b8 cf 94 68 eb f3 d6 fd 38 d3 69 45 22 1a 3b 06 78 36 bf 9d 62 d5 a5 d0 55 09 85 be 82 a5 1b ac 4a 81 9d 19 9f c0 7b d6 db 67 3f 90 84 fb 71 74 0f 3e 09 db 2a 74 c6 65 44 04 38 c6 51 99 eb eb 28 28 41 8d e4 e6 66 5a a9 d4 25 a0 5f 2a 45 3a bd 7b b9 5f e3 cc 45 06 5f e7 6c 25 95 b5 5a fd 0f d4 5b 9e fd 5f eb a6 e0 9a 9d 5f 8b 19 98 38 da 29 1d 68 a5 5a 59 2e 14 98 a8 b9 92 36 13 06 5c 6c 87 45 57 60 ac 48 31 79 73 31 2d b5 9e 75 d8 77 ed a5 85 57 56 cf 24 9f 77 d8 33 d8 5b 9a b5 92 f3 c3 4f b8 d3 8a 4b 0a f8 8f 82 6b 03 83 f5 4d 35 60 2b 83 56 d6 63 8f fd c1 02 3c 96 51 3b 62 db 0c 90 1a 7c 9e ad 75 12 be 56 59 3a cc 14 45 45 79 c9 2d 74 17 33 16 93 dd 49 a0 be 49 b0 5c b5 ab 35 ce c0 ce 04 ec 85 28 00 e3 5a ec 29 7c bf ee 62 d0 a5 bd 6e 92 68 7a 0a 7b 4b 2d 63 6d 58 2c c8 b1 cb 04 2e f7 39 0e db db ab 32 6a 29 1a 9d 8e b9 cd 77 0c 57 99 2e 30 e5 23 16 4b cc 6b 1a 58 15 d3 dd 50 b7 bd cf 74 93 65 2b fa 63 85 95 b3 71 86 ff 0d 4d 3f 6b b7 9b 28 c8 a3 45 f4 e7 e5 96 c7 77 57 c9 c6 7c b3 4c 54 0c f3 c1 a9 1b e3 d9 31 f1 a6 50 13 1a 45 e3 e3 7a 3d a8 db c8 6f 05 ca af 04 52 c9 20 e6 b4 01 43 5d 99 32 6e 50 15 a2 8e 3b 21 de 7e 2c 54 65 e1 ae 99 73 c0 5b 91 d1 cc 3a 29 95 f8 49 bb 8d 8e 2b 8a 7e 44 c3 a3 8d ca ef b2 Data Ascii: Wn7}W YmHXq& iYqI#y'-/N`h8spHJL%'Q2&M-+ne`"/yjbsgmyhT7hh8iE";x6bUJ{g?qt>teD8Q((AfZ%_E:{_E_l%Z[__8)hZY.6\lEW`H1ys1-uwWV$w3[OKkM5`+Vc<Q;b\|uVY:EEy-t3II\5(Z)\|bnhz{K-cmX,.92j)wW.0#KkXPte+
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 171Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "d8-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f97200004c6143a68000000001Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FbNXjpf%2BMVeROTbLox4RayArOxnIvq06HD%2FFwZ8XwzQzt%2FkwnbGJ6mO2yYD5%2Bi3KkJs4EOGYIdh%2F%2Fm3EMUU4DBD5EaVtOiSj4VIu1mniJqu%2B50gREbUX2yC86w%3D%3D"}],"max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a25dcd4c61-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 65 8d c1 0a c2 30 10 44 ef 7e c5 82 d2 24 0a 41 cf 12 3c 79 17 af 35 42 a8 5b 2d a4 5b d9 36 b6 60 fb ef 36 b5 9e 9c c3 0e 2c 8f 37 2b 1d d8 9f 1c bb 12 0c e4 81 b2 a6 a8 48 92 2b 51 bd 17 30 e6 e5 18 18 eb e0 9b 7a 24 08 5b 38 e3 fd d8 3d a5 48 2f 87 c4 0a d8 40 a4 c7 12 46 a6 d7 64 69 d7 4a 28 8d 1d 66 b2 2d e8 56 b5 da 57 99 8b 5a fd 60 cc d5 7e d2 16 39 c8 59 6b 0c 05 ef e7 b9 18 c6 26 30 41 fc 7e e1 61 ba e8 6b fc 83 66 47 ba b3 d0 f7 b0 fd f1 c3 07 1d 83 e9 d4 d8 00 00 00 Data Ascii: e0D~$A<y5B[-[6`6,7+H+Q0z$[8=H/@FdiJ(f-VWZ`~9Yk&0A~akfG
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 7320Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "58a0-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f97700001ed22aa0d000000001Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mbSGGTZmV4Hwmh7s3rVhDx6oxEk4N9B2M%2F3nf5rBMUsaErCrs0GniLl8y9WscvuUFrS0wwJlYBAg7dajsJxt1Blk6ilhvXOea%2FwuYjy8%2B7nOwPLkY1YgX986ZA%3D%3D"}],"group":"cf-nel"}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 61aec2a25fb31ed2-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3c db 96 db 36 92 ef fb 15 14 27 23 13 16 9a 92 da 97 24 94 69 8d c7 f1 9c c9 9e c4 c9 c6 9e 9d 73 46 52 76 41 12 94 d8 96 c4 1e 92 72 db 23 69 3f 6b 7f 60 7f 6c ab 70 23 48 91 76 7b 76 93 e3 b4 48 5c 0a 85 42 a1 6e 28 70 fc 70 e0 dc fc db 81 17 1f 9d 7f 67 db 2c 61 55 96 ef 9d 9f b7 87 75 b6 77 ae 9c f7 53 7f fa c4 9f c0 d3 f5 f8 fa f1 f8 7a 32 7d fa 2f ce 43 67 53 55 b7 c1 78 7c f3 77 ec f8 de f4 f3 f3 62 3d c6 fa 97 f9 ed c7 22 5b 6f 2a c7 8b 89 83 bd 9c 7f fd 9f ff 2e f6 ce df 18 4f 53 5e f0 62 e6 fc 90 c5 7c 5f f2 c4 f9 f1 fb b7 ce c3 f1 bf 0c d2 c3 3e 46 28 1e 23 47 57 bf b8 61 58 7d bc e5 79 ea 24 3c cd f6 7c 38 94 bf 3e db 25 73 f9 e8 2d 5c 89 88 bb a2 8c 04 6e 1e dd f0 b8 aa 3b ee f2 e4 b0 85 8e f2 d7 e7 1f 6e f3 a2 2a e7 cd d7 90 79 05 ff fb 21 2b b8 a7 a1 11 12 30 4f d2 86 9c 3d 1b 3b 06 bd 2a be 4f 3c e6 a7 7b 7a 54 04 e0 81 69 13 91 63 96 7a 83 6a 93 95 fe 96 ef d7 d5 86 14 bc 3a 00 01 de e7 59 e2 45 c3 61 e4 27 3c 3a ac 87 c3 bb 6c 9f e4 77 7e 9c ef cb 1c b1 54 0f fe 1d 2b f6 9e fb 3a 07 18 fb b5 53 f2 2d cc 89 27 d4 89 d9 fe 41 e5 e8 21 a9 23 e1 62 9b bd 6c eb 03 e2 b3 f7 ac 70 e2 90 f9 d0 86 79 88 c6 62 b2 a2 ae ea 95 17 2e 99 29 7c e2 79 1c 88 06 3e ab aa c2 73 f7 b9 06 ed 52 fb 85 d0 38 dc f3 3b 87 f9 06 88 17 51 05 99 d0 fe 91 68 0c 5d fd 92 57 15 e0 56 fa 30 bb 43 b4 cb aa e1 50 8e 0a c4 72 e3 6d 16 bf f3 ad 71 03 d9 c6 a5 36 41 2d 20 b2 fa cf 6c 9f 6c 79 01 90 62 55 f2 c7 43 55 e5 fb 30 f2 2b 56 ac 79 05 68 89 41 88 bf 61 e5 cb 2d 2b 4b 18 8b ed 63 be 75 89 e8 25 5f de 88 be e1 60 42 28 ae 8e 33 19 84 a1 ee 28 89 92 e6 c5 ce a6 45 67 e7 33 a1 66 46 12 1d 6b 4a f6 44 f4 b3 93 78 e4 88 0b 95 50 6e 96 a3 67 92 f3 d6 1c 01 83 04 90 74 9f 65 fb db 43 e5 20 a7 87 0f 36 59 Data Ascii: <6'#$isFRvAr#i?k`lp#Hv{vH\Bn(ppg,aUuwSz2}/CgSUx\|wb="[o.OS^b\|_>F(#GWaX}y$<\|8>%s-\n;ny!+0O=;*O<{zTiczj:YEa'<:lw~T+:S-'A!#blpyb.)\|y>sR8;Qh]WV0CPrmq6A- l
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 523Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "543-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f99800000b472f11f000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=izi6DVeIrev84tM429XsMMqOY2jZUD%2BVcRZqRD1fHlU612Cpjsx3FxZA89vI31kro6HhvlhLft6qI0VnDoIjpdbbsRoCfy8t7tD2D6QtOCAJjVJMaECgW9Lwjw%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a2885e0b47-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 53 4d 6f d3 40 10 bd e7 57 58 6e 21 b6 54 6c 17 48 85 68 03 42 e2 c0 a5 82 03 3d 50 45 8a d6 de b1 bd cd ae 67 b5 bb ae 95 b6 f9 ef 8c e3 55 9a 0f 82 90 10 62 4f 7e e3 e7 99 37 ef ad 47 01 9d d3 68 9c d4 78 0f e6 95 42 ce e4 38 1e 50 54 b6 4d e1 04 36 51 fc 38 0a fc e9 b9 1a 75 ab e7 45 6b 1d 2a 22 db 1a bb 28 de 30 fa b3 1a 60 4f 2e 24 5a 98 e7 ad 73 d8 10 b9 90 a2 58 fc 69 e7 5a 70 f0 9d 57 cf 03 44 19 71 b8 17 05 24 0a 73 21 89 11 3c 3d 05 be 24 34 e3 3b 05 d6 70 83 82 6a bb 0a 1f 77 d0 69 14 9e 2c 9d 96 6c 09 26 8c 13 a6 35 34 3c 0a af 84 aa 02 6b 8a e9 2c 14 8a 55 60 53 6d 40 22 e3 60 e6 3f b0 75 6d 0e 49 25 ca 59 18 08 4e 1c a6 a9 38 0b 3f 84 f1 e5 5e f7 7d 7f 0d 28 c2 d1 01 2f 24 b9 4e ac 3d 5a 0b 29 ac 8d c6 39 ba de 8e b3 f1 c5 e4 c5 78 ef 93 34 3d ae bd 34 4c 41 d0 09 ee 6a 12 37 b9 c8 48 67 0d a2 aa 1d c1 37 e7 13 82 c3 6e b5 73 da be 4f d3 ae eb 92 a5 5f ab 40 95 82 ca 81 a7 b7 5f 3f b9 eb b7 ed c3 e7 87 eb 8f aa 75 30 cd 5e 32 a5 2f 59 eb b0 1f 3a 3d 5f c3 02 1b 67 50 5a 0f b9 b0 2c 97 b0 c8 3d 5b 22 6a ff 8a 3c 00 eb 72 43 c1 88 a6 f2 45 b2 d5 33 fb db 24 9a 12 3d ec 47 48 61 dd 74 4b 06 09 5f ef 96 a3 a1 24 68 81 7e 33 26 25 76 65 2b a5 2d 0c 40 43 55 4a e2 2a 1d 5c 38 88 c4 82 fb 2e 14 d0 b2 bf bc 8b 3e b5 93 75 a2 9b 8b 78 90 d6 3f f5 fd 46 57 d9 97 fb c5 3b 77 9b fd 4f df b7 64 fc a5 ef ab b3 d7 59 96 c5 c1 73 61 f3 04 d2 c2 ce 2f 49 e6 e6 c8 97 db be 52 7f a1 9d b7 ee ce a6 de b1 9b 6f c9 9d ed 47 ce d2 81 b1 97 f5 f0 87 fc b6 d9 b1 1c 86 1d e6 4c 8b a3 fd 57 a3 d1 4f 84 0a cc 70 43 05 00 00 Data Ascii: SMo@WXn!TlHhB=PEgUbO~7GhxB8PTM6Q8uEk"(0`O.$ZsXiZpWDq$s!<=$4;pjwi,l&54<k,U`Sm@"`?umI%YN8?^}(/$N=Z)9x4=4LAj7Hg7nsO_@_?u0^2/Y:=_gPZ,=["j<rCE3$=GHatK_$h~3&%ve+-@CUJ\8.>ux?FW;wOdYsa/IRoGLWOpC
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:06 GMTContent-Type: application/javascriptContent-Length: 3746Connection: keep-alivelast-modified: Tue, 03 Nov 2020 08:17:10 GMTetag: "307e-5b32f7d4c9791-gzip"vary: Accept-Encoding,User-Agentcontent-encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 4302Accept-Ranges: bytescf-request-id: 080117f9a000004c1febb4b000000001Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iOBiOQhdkEv8p2EoGvQPChH2yLQpvcJtHllIMkwUH0WYyoMRwWorbtGEnjqdyEgDaGAJGw3oz83sDK4JeChrdYnrKBhLqtX4tftUhfAt90bwb%2B8mm45it5zQVA%3D%3D"}]}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2a29a274c1f-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 5b 5b 6f 1b c7 15 7e 37 e0 ff b0 11 8c 90 8c 15 8a 7b df 8d a2 d8 b3 33 3b 45 1f 7a 41 da 3c b4 92 6c d0 d2 4a 66 4c 91 02 2f 8d 5d 47 40 12 a7 37 04 48 5e fa 43 1c c7 46 dc 38 4e fe 02 f9 8f 7a ce 77 b8 bc 88 b2 45 c5 0e da a2 84 f5 ed 9e 39 33 e7 3a 73 66 b8 5c 6f 5e be 74 a5 ba df dd 1b 1e 15 9d 41 ad de 2b 9a fb f7 aa 07 c3 ce de a0 d5 ed 54 6b f7 2f 5f ba 7c c9 a1 cf c6 86 33 fa e7 e8 87 d1 d7 a3 87 a3 47 a3 67 e3 af 46 4f 46 df 3b a3 1f a9 e9 d9 e8 89 33 7a 34 fe 94 5a be 19 3d 1e 3d 74 f6 86 bd 1e 49 bb 39 ec b5 6f ae f2 11 0d 7f 6a f6 9c 4e f3 a8 f8 a0 d7 76 b6 9c 8f 5a 9d fd ee 47 f5 76 77 af c9 96 d4 6f 77 fb 83 4d e9 38 6f ef 01 75 ab 56 0e ba bd a3 4a ad de 3c 3e 2e 98 7c b7 d5 39 1e 0e 9c c1 bd e3 62 6b ed 76 6b 7f bf e8 ac 41 f4 d6 da 9c 69 6b a4 b1 3d a4 b6 8a 73 75 aa f8 aa 53 59 7b ef dd 0d 08 78 af 52 2b 7d cf 7f 6d 5e ea fe c5 3d be 7c e9 a4 b6 c9 17 0e ec e3 99 64 92 fb 7c f4 94 23 fa 94 6e 7e 1c 3f 18 7f 46 cc 47 64 18 1a be 23 dd 0f 46 8f 89 70 c6 5f 8e 3f 19 3d 63 1b 1e d2 cd c3 d1 f7 a3 27 e3 cf e8 8e 7a af 68 c3 34 cf 4e b5 e6 4c 33 3d 6d 3c 2c 06 bf 2b 9a bd bd db bf 6d f6 28 3c 83 a2 d7 97 7e ce e4 c3 19 3b ee 1d f5 07 bd 33 12 d6 c7 d0 7a 7f 78 8b f8 55 b7 b6 39 1b d7 2b 06 c3 5e a7 1c fa c6 96 d3 19 b6 db ce 9b 6f ce b5 ac ad 39 d7 9c 41 af d9 e9 73 6e 7f df 55 fd 7e 77 4f f5 7a cd 7b 55 e9 54 73 de 71 ee 9f 4c 84 9e 2c d9 7e f6 d0 52 c1 b2 17 ec 61 9f bc 98 8a 9c f3 af d9 63 ff 64 68 bd 7f dc 6e 0d aa 6b 6f ae cd 3b 44 8a 9c 2a ba b7 a8 67 63 93 2e ef 4e 46 d6 db 45 e7 70 70 9b 9a ae 5e 5d 50 5b 2a 18 1c 1d 4f 15 d0 cd 76 6b b7 d4 b1 b5 a0 83 3f 62 e6 b6 0c d9 6e ec ee d2 b0 fd 62 af bb 5f 7c f0 fe 2f 75 f7 e8 b8 db a1 59 58 9d f0 dd dd f9 f1 27 cb f1 87 b4 d3 21 5c 08 Data Ascii: [[o~7{3;EzA<lJfL/]G@7H^CF8NzwE93:sf\o^tA+Tk/_\|3GgFOF;3z4Z==tI9ojNvZGvwowM8ouVJ<>.\|9bkvkAik=suSY{xR+}m^=\|d\|#n~?FGd#Fp_?=c'zh4NL3=m<,+m(<~;3zxU9+^o9AsnU~wOz{UTsqL
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Feb 2021 21:28:11 GMTContent-Type: application/javascriptContent-Length: 824Connection: keep-aliveLast-Modified: Thu, 23 Jul 2020 13:32:03 GMTETag: "710-5ab1be1c1ca32-gzip"Vary: Accept-Encoding,User-AgentContent-Encoding: gzipCache-Control: max-age=14400CF-Cache-Status: HITAge: 6520Accept-Ranges: bytescf-request-id: 0801180b8200000b4ba581d000000001Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p%2B1E6yqhjgpqQAbChah5y01FlR9S4TQn%2BTOXlgjGBCZRFKw1sZY1Fc99GpGFwy4ZMbXixJW1B9yeh1ScD8XAmQqZPpqavk4Z6lZGsx0F5cA8bRlBKce1uzDHqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"max_age":604800,"report_to":"cf-nel"}Server: cloudflareCF-RAY: 61aec2bf3b330b4b-AMSData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 55 4d 8f d3 30 10 bd e7 57 18 81 e4 54 14 37 2c 5a 40 0d 1c 00 21 b1 07 96 15 14 a4 a5 aa 90 e3 4c 12 6f 5d 3b b2 9d 96 08 f2 df 19 a7 a5 5f 1b c8 25 19 bf 99 37 f3 66 c6 6d 44 f0 29 1a 2d bc 34 9a 18 7d 6b 9a 59 93 c1 55 61 f9 0a de dc 5c 7d 06 9e b7 f1 88 fc 8a c8 ee a9 15 6f c1 92 d7 44 c3 86 dc ce d8 4d 6f c7 b4 f5 5b 84 8e 8f 9c c3 b3 91 b9 af a6 84 3e 7f 71 49 c7 27 48 05 b2 ac 3c 42 cf 5e 26 67 d0 5a e6 60 ae 72 c4 be d6 65 f2 61 bd 7c e9 bf 9f fb 6c f3 7d e3 d6 4d cf 52 12 22 8c f6 d6 28 44 9e 8e cf a0 5c 3a 9e 29 58 66 53 92 9c 63 ca 98 7a 20 64 65 72 70 3e b3 5c e7 52 97 03 0e 16 d4 00 5b e1 06 0e 5d 65 36 52 17 66 00 e2 8d 37 41 d4 40 82 70 ac a4 f3 ff 6d 08 16 da 78 98 9e 05 77 a7 26 ac 41 fb 81 8e e1 43 8d ee e7 4d a7 fb 95 88 7b f7 d1 80 33 2a 01 3f 93 2b 30 8d 8f 8d de ae 41 1f 3e 26 17 49 92 8c d2 fb 31 5d 34 f4 dd f5 ae 5d 14 9d 6c e2 11 e1 49 11 8f 62 ca 9a fa 87 33 8d ce c7 0f d7 46 35 2b f8 d1 d4 74 c4 b0 5a 2a 94 14 4b 5c c1 7d fd f7 57 97 35 fa 23 b6 29 3e 2a f0 df 9c 05 cf e1 13 0a bc 3c 11 84 db e5 8c 02 a6 4c 19 d3 23 77 f4 e8 46 11 2a 39 6a cd a1 92 50 c8 ff 33 5d e9 7d a2 7e 6a 97 db 3e 4e 26 a4 45 2a bc 97 78 23 23 59 90 f8 01 ae 50 6e 36 73 7a 3b a3 0b 94 b8 e6 16 ef 22 5e ca 5f ca f0 ed 8e 26 e3 f0 09 78 85 92 2e ed ce 82 de 19 5d c8 f2 28 74 7b 10 08 68 65 9c c7 0d a0 95 f7 f5 74 32 d9 6c 36 6c 97 9d 09 b3 a2 7f c9 f0 ea ef 72 21 c9 c1 40 8a a7 e9 b1 e8 c0 af f0 74 be 48 d1 cb 86 79 a2 b5 77 28 30 3a f0 ed 18 20 47 bb c0 d9 74 04 94 03 d4 c3 ea c6 55 e8 96 76 5d ba 15 80 83 be 9d 7d 3e 27 3a 54 01 79 5f 44 61 2c 89 43 76 89 66 92 e2 eb 15 51 4c 81 2e 7d 85 d6 e3 c7 18 e1 6d 8b 29 e6 72 d1 67 14 dc 8b 8a c4 80 40 87 d9 90 0e e7 b8 ef cc 3e 93 08 25 fe 25 5f 12 a9 89 d8 Data Ascii: }UM0WT7,Z@!Lo];_%7fmD)-4}kYUa\}oDMo[>qI'H<B^&gZ`rea\|l}MR"(D\:)XfScz derp>\R[]e6Rf7A@pmxw&ACM{3?+0A>&I1]4]lIb3F5+tZK\}W5#)><L#wF9jP3]}~j>N&E*x##YPn6sz;"^_&x.](t{het2l6l

Source: global traffic	HTTP traffic detected: GET /index HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: rghr.associateneed.linkConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /04uu HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: it.1k-dailyprofit.zulole28.vip
Source: global traffic	HTTP traffic detected: GET /?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: de.gewinncode.zulole28.vipCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/logo_crop.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/volume.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/form-bg-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/info-bg-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/ceo2.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/form-bg-2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/bootstrap-theme.min.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/css.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/crypto-bg5.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/font-awesome.min.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/swiper.min.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/style.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /css/stylesheet.css HTTP/1.1Accept: text/css, /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/jquery.min.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/bootstrap.min.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/swiper.min.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/script.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/index.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/device.min.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/getdetector.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/jquery.validate.min.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/custom.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/bitcoin-widget.jsv=20 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/commonJs.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/info-bg-2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/forbes.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/time.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/ft.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/cnn.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/20.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/person-bg-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/83.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/person-bg-2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/81.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/person-bg-3.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /js/youtubeUP.js HTTP/1.1Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01X-Requested-With: XMLHttpRequestReferer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/crypto-bg.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFWJ0dbck.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFUZ0dbck.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFWZ0dbck.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFVp0dbck.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFWp0dbck.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFW50dbck.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/mem8YaGs126MiZpBA-UFVZ0d.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/glyphicons-halflings-regular.eot HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/preloader.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/crypto-bg3.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/success-li.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /fonts/glyphicons-halflings-regular.woff HTTP/1.1Accept: /Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://de.gewinncode.zulole28.vipAccept-Encoding: gzip, deflateHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Source: global traffic	HTTP traffic detected: GET /images/favicon.png HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: de.gewinncode.zulole28.vipConnection: Keep-AliveCookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886

Source: mem8YaGs126MiZpBA-UFWp0dbck[1].htm.2.dr	String found in binary or memory: <!-- <iframe width="560" height="315" src="https://www.youtube.com/embed/metjgze-uZY?mute=1&autoplay=1&controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&showinfo=0&playlist=metjgze-uZY" frameborder="0" allowfullscreen="" id="ytv" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe> --> equals www.youtube.com (Youtube)
Source: custom[1].js.2.dr	String found in binary or memory: $("#ytplayer").append("<iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/Upg0Hvk8tZ0?mute=0&autoplay=1&controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&showinfo=0&playlist=Upg0Hvk8tZ0\" frameborder=\"0\" allowfullscreen=\"\"></iframe>"); equals www.youtube.com (Youtube)
Source: custom[1].js.2.dr	String found in binary or memory: // $("#ytplayer").append("<iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/ZOAtM4uzDzM?mute=0&autoplay=1&controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&showinfo=0&playlist=ZOAtM4uzDzM\" frameborder=\"0\" allowfullscreen=\"\"></iframe>"); equals www.youtube.com (Youtube)
Source: custom[1].js.2.dr	String found in binary or memory: // $("body").append("<script src=\"https://www.youtube.com/iframe_api\"><\/script>"); equals www.youtube.com (Youtube)
Source: Upg0Hvk8tZ0[1].htm.2.dr	String found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=Upg0Hvk8tZ0"> equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: (g.Wm(b,"www.youtube.com"),c=b.toString()):c=Kw(c);b=new Mw(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x982104fd,0x01d6f92c</date><accdate>0x982104fd,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x982104fd,0x01d6f92c</date><accdate>0x9821a136,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x98286edb,0x01d6f92c</date><accdate>0x98286edb,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x98286edb,0x01d6f92c</date><accdate>0x9828f43e,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x982a2ca1,0x01d6f92c</date><accdate>0x982a2ca1,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x982a2ca1,0x01d6f92c</date><accdate>0x982ac8e3,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: warning[1].htm.2.dr	String found in binary or memory: <html xmlns:fb="http://www.facebook.com/2008/fbml"> equals www.facebook.com (Facebook)
Source: Upg0Hvk8tZ0[1].htm.2.dr	String found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="https://www.youtube.com/watch?v=Upg0Hvk8tZ0" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.dr	String found in binary or memory: Wa.prototype.g=function(a){if(a.origin==V(this,"host")\|\|a.origin==V(this,"host").replace(/^http:/,"https:")){try{var b=JSON.parse(a.data)}catch(c){return}this.c=!0;this.a\|\|0!=a.origin.indexOf("https:")\|\|(this.a=!0);if(a=U[b.id])a.A=!0,a.A&&(y(a.s,a.B,a),a.s.length=0),a.H(b)}};function W(a,b,c){this.h=this.a=this.b=null;this.g=this[r]\|\|(this[r]=++t);this.c=0;this.A=!1;this.s=[];this.f=null;this.l=c;this.m={};c=document;if(a=l(a)?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host\|\|(b.host=c?Ba(a.src):"https://www.youtube.com"),this.b=new Wa(b),c\|\|(b=Ya(this,a),this.h=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.a=a,this.a.id\|\|(a=b=this.a,a=a[r]\|\|(a[r]=++t),b.id="widget"+a),R[this.a.id]=this,window.postMessage){this.f=new M;Za(this);b=V(this.b,"events"); equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: b),this.U=!1,this.videoData.Y("html5_playready_enable_non_persist_license")&&(this.F.pst="0"));b=yH(this.B)?dta(c.initData).replace("skd://","https://"):this.B.C;this.videoData.Y("enable_shadow_yttv_channels")&&(b=new g.Um(b),document.location.origin&&document.location.origin.includes("green")?g.Wm(b,"web-green-qa.youtube.com"):g.Wm(b,"www.youtube.com"),b=b.toString());this.baseUrl=b;this.fairplayKeyId=Rd(this.baseUrl,"ek")\|\|"";if(b=Rd(this.baseUrl,"cpi")\|\|"")this.cryptoPeriodIndex=Number(b);this.ga= equals www.youtube.com (Youtube)
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: fbq('track', 'PageView');</script> <noscript><img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=760251964586188&ev=PageView&noscript=1"></noscript> <script type="text/javascript">(function(o){var b="https://zippyfrog.co/anywhere/",t="cdc700557af740f28db94c45b02cb6b743603d29033348e9a0e2a5bd72d41572",a=window.AutopilotAnywhere={_runQueue:[],run:function(){this._runQueue.push(arguments);}},c=encodeURIComponent,s="SCRIPT",d=document,l=d.getElementsByTagName(s)[0],p="t="+c(d.title\|\|"")+"&u="+c(d.location.href\|\|"")+"&r="+c(d.referrer\|\|""),j="text/javascript",z,y;if(!window.Autopilot) window.Autopilot=a;if(o.app) p="devmode=true&"+p;z=function(src,asy){var e=d.createElement(s);e.src=src;e.type=j;e.async=asy;l.parentNode.insertBefore(e,l);};y=function(){z(b+t+'?'+p,true);};if(window.attachEvent){window.attachEvent("onload",y);}else{window.addEventListener("load",y,false);}})({});</script> <style>.top-bar-right.show-for-small ul.menu .menu-icon::after{ background-image: url(https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/feather-icon-menu.svg);} .top-bar-right.formobile ul.menu .menu-icon::after { background-image: url(https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/feather-icon-x.svg);}</style><div class="icon-bag"></div><div class="hide"><li class="promo-customize" style="display:none"><h5>Want to customize, brand, and track your links?</h5> <a class="button button-primary" href="https://bitly.com/pages/pricing?utm_content=link-shortener&utm_source=organic&utm_medium=website&utm_campaign=website&utm_cta=web2-blank-pricing-linkshortener-getenterprise-getenterprise-enterprise">Get Started</a></li></div></body></html> equals www.facebook.com (Facebook)
Source: base[1].js.2.dr	String found in binary or memory: g.$D=function(a){var b=g.KD(a);!a.Y("yt_embeds_disable_new_error_lozenge_url")&&Eha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.FO.prototype.B=function(a){var b=this;vpa(this);var c=a.Mx,d=this.api.S();"GENERIC_WITHOUT_LINK"!==c\|\|d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Fc(IO(this,"TOO_MANY_REQUESTS_WITH_LINK",d.El(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c\|\|d.I?this.Fc(g.GO(a.errorMessage)):this.Fc(IO(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.JD=function(a){a=yD(a.U);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.k.clone=function(){var a=new $m;a.C=this.C;this.u&&(a.u=this.u.clone(),a.B=this.B);return a};var gn="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Jda=/\bocr\b/;var Kda=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;var FD={hY:"LIVING_ROOM_APP_MODE_UNSPECIFIED",eY:"LIVING_ROOM_APP_MODE_MAIN",dY:"LIVING_ROOM_APP_MODE_KIDS",fY:"LIVING_ROOM_APP_MODE_MUSIC",gY:"LIVING_ROOM_APP_MODE_UNPLUGGED",cY:"LIVING_ROOM_APP_MODE_GAMING"},Nxa={B0:"PLAYBACK_TYPE_UNKNOWN",v0:"PLAYBACK_TYPE_APPLICATION",u0:"PLAYBACK_TYPE_ADS",z0:"PLAYBACK_TYPE_REMOTE",A0:"PLAYBACK_TYPE_SECONDARY_CAMERA",y0:"PLAYBACK_TYPE_PREROLL_INTERSTITIAL",x0:"PLAYBACK_TYPE_POSTROLL_INTERSTITIAL",w0:"PLAYBACK_TYPE_MIDROLL_INTERSTITIAL"};kn.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.B[a]!=b&&(this.B[a]=b,this.u=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.KD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.DD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,er&&(a=Xp())&&(b.ebc=a));return g.Nd(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: hL.prototype.replace=function(a,b){for(var c=g.q(a),d=c.next();!d.done;d=c.next())delete this.u[d.value.encryptedTokenJarContents];ula(this,b)};iL.prototype.qn=function(a){var b,c,d=null===(b=a.responseContext)\|\|void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.u=void 0,"TVHTML5"===(null===(c=a.responseContext)\|\|void 0===c?void 0:c.clientName)?(this.localStorage=vla(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.Bq("YT_CL",JSON.stringify({w4:d}),15552E3,void 0,!0))};var yla={bluetooth:"CONN_DISCO",cellular:"CONN_CELLULAR_UNKNOWN",ethernet:"CONN_WIFI",none:"CONN_NONE",wifi:"CONN_WIFI",wimax:"CONN_CELLULAR_4G",other:"CONN_UNKNOWN",unknown:"CONN_UNKNOWN","slow-2g":"CONN_CELLULAR_2G","2g":"CONN_CELLULAR_2G","3g":"CONN_CELLULAR_3G","4g":"CONN_CELLULAR_4G"};var lL;g.u(kL,Oq);kL.prototype.Mt=function(a,b){return Object.assign(Object.assign({},Oq.prototype.Mt.call(this,a,b)),this.u)};var Nla=/[&\?]action_proxy=1/,Mla=/[&\?]token=([\w-])/,Ola=/[&\?]video_id=([\w-])/,Pla=/[&\?]index=([\d-])/,Qla=/[&\?]m_pos_ms=([\d-])/,Tla=/[&\?]vvt=([\w-])/,Ula=/[&\?]mt=([\d-])/,Hla="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Rla="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "), equals www.youtube.com (Youtube)
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.youtube.com/embed/Upg0Hvk8tZ0?controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&fs=0&showinfo=0&autoplay=1&playlist=Upg0Hvk8tZ0&mute=1&enablejsapi=1&origin=http%3A%2F%2Fde.gewinncode.zulole28.vip&widgetid=1 equals www.youtube.com (Youtube)
Source: youtubeUP[1].js.2.dr	String found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce \|\| c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: iha=function(a,b){if(!a.u["0"]){var c=new kB("0","fakesb",void 0,new fB(0,0,0,void 0,void 0,"auto"),null,null,1);a.u["0"]=b?new cA(new Mw("http://www.youtube.com/videoplayback"),c,"fake"):new Ey(new Mw("http://www.youtube.com/videoplayback"),c,new Mv(0,0),new Mv(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: l,"Trusted Ad Domain URL");this.ka=Q(!1,a.privembed);this.protocol=0===this.Zb.indexOf("http:")?"http":"https";this.U=Fw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|Fw(this.Zb)\|\|this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.B?"embedded":"detailpage":"embedded"===l\|\|this.C?h=cD(h,l,Cha):l&&(h="embedded");this.da=h;Dp();l=null;h=b?b.playerStyle:a.ps;var m=g.gb(iD,h);!h\|\|m&&!this.C\|\|(l=h);this.playerStyle=l;this.K=(this.I=g.gb(iD,this.playerStyle))&& equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: new Set;this.deviceHasDisplay=b?!b.deviceIsAudioOnly:Q(!0,a.deviceHasDisplay);this.Ee=dD(this.Ee,a.ismb);t=a;g.bB(this.experiments,"html5_qoe_intercept")?t=g.bB(this.experiments,"html5_qoe_intercept"):this.gj?(t=t.vss_host\|\|"s.youtube.com",this.Y("www_for_videostats")&&"s.youtube.com"===t&&(t=yD(this.U)\|\|"www.youtube.com")):t="video.google.com";this.Rh=t;zD(this,a,!0);this.N=new QC;g.C(this,this.N);t=b?b.innertubeApiKey:eD("",a.innertube_api_key);r=b?b.innertubeApiVersion:eD("",a.innertube_api_version); equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: this.V("highrepfallback");else if(a.u){var d=this.B?this.B.B.F:null;if(aua(a)&&d&&d.isLocked())var e="FORMAT_UNAVAILABLE";else if(!this.u.I&&"auth"===a.errorCode&&"429"===a.details.rc){e="TOO_MANY_REQUESTS";var f="6"}this.V("playererror",a.errorCode,e,g.zB(a.details),f)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),kU(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(d="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.M)(),(new xT(d, equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: bit.ly

Source: warning[1].htm.2.dr	String found in binary or memory: http://bit.ly/39kvkUX
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://de.gewinncode.z
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://de.gewinncode.zrning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findexulole28.vip
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://de.gewinncode.zulole28.vip/?session=9271bf
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1
Source: ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.
Source: imagestore.dat.2.dr	String found in binary or memory: http://de.gewinncode.zulole28.vip/images/favicon.png
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: jquery.validate.min[1].js.2.dr	String found in binary or memory: http://jqueryvalidation.org/
Source: warning[1].htm.2.dr	String found in binary or memory: http://rghr.associateneed.link/index
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: swiper.min[1].js.2.dr	String found in binary or memory: http://www.idangero.us/
Source: swiper.min[1].js.2.dr	String found in binary or memory: http://www.idangero.us/swiper/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: youtubeUP[1].js.2.dr	String found in binary or memory: http://www.youtube.com
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: base[1].js.2.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: base[1].js.2.dr	String found in binary or memory: https://admin.youtube.com
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://api.w.org/
Source: ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://bit.ly/39kvkUX
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, G7K60ZJ9.htm.2.dr, warning[1].htm.2.dr	String found in binary or memory: https://bitly.com/
Source: 39kvkUX[1].htm.2.dr	String found in binary or memory: https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findex
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findex
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2FindexRoot
Source: ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2FindexS
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2FindexvWarning
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/blog/
Source: imagestore.dat.2.dr	String found in binary or memory: https://bitly.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://bitly.com/favicon.ico~
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://bitly.com/hi
Source: ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://bitly.com/hing.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.png
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/#webpage
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/#website
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/?s=
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/about
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/about/team
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/careers
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/contact
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/features/branded-links
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/features/campaign-management-analytics
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/features/link-management
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/features/mobile-links
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/partners
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/press
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/pricing
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/pricing?utm_content=site-free-linkbar&utm_source=organic&utm_medium=website&
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/privacy
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/resources
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/reviews
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/solutions/customer-service
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/solutions/digital-marketing
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/solutions/for-developers
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/solutions/social-media
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/terms-of-service
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/why-bitly
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/why-bitly/bitly-101
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/why-bitly/enterprise-class
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/why-bitly/integrations-api
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/wp-json/
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/wp-json/oembed/1.0/embed
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/wp-json/wp/v2/pages/52
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://bitly.com/pages/xmlrpc.php
Source: imagestore.dat.2.dr, ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://bitly.com/s/v468/graphics/favicon.png
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://bitly.com/~URL
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://cdn.optimizely.com/js/16488430484.js
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://dev.bitly.com
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/themes/JointsWP-CSS-master/a
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/02/bitly.png
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/02/favicon.ico
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/chevron.png
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/feather-icon
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/recognizable
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/08/Homepage-Bra
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/cache/fvm/1611691201
Source: base[1].js.2.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: mem8YaGs126MiZpBA-UFWp0dbck[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:ital
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://getbootstrap.com/docs/3.3/customize/?id=b16ae13905aee59b946c54fd555cc80c)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://gist.github.com/b16ae13905aee59b946c54fd555cc80c
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: base[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: mem8YaGs126MiZpBA-UFWp0dbck[1].htm.2.dr, youtubeUP[1].js.2.dr	String found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://schema.org
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://support.bitly.com/hc/en-us
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: remote[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/answer/7640706
Source: base[1].js.2.dr	String found in binary or memory: https://viacon.corp.google.com
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, warning[1].htm.2.dr	String found in binary or memory: https://www.antiphishing.org/
Source: ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://www.antiphishing.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.p
Source: base[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: G7K60ZJ9.htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=AW-768371374
Source: remote[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, warning[1].htm.2.dr	String found in binary or memory: https://www.stopbadware.org/
Source: ~DF68199105E1E8B993.TMP.1.dr	String found in binary or memory: https://www.stopbadware.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.pn
Source: www-widgetapi[1].js.2.dr	String found in binary or memory: https://www.youtube.com
Source: {C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.youtube.com/embed/Upg0Hvk8tZ0?controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&fs=0&
Source: custom[1].js.2.dr	String found in binary or memory: https://www.youtube.com/embed/Upg0Hvk8tZ0?mute=0&autoplay=1&controls=1&disablekb=0&l
Source: custom[1].js.2.dr	String found in binary or memory: https://www.youtube.com/embed/ZOAtM4uzDzM?mute=0&autoplay=1&controls=1&disablekb=0&l
Source: mem8YaGs126MiZpBA-UFWp0dbck[1].htm.2.dr	String found in binary or memory: https://www.youtube.com/embed/metjgze-uZY?mute=1&autoplay=1&controls=1&disablekb=0&l
Source: base[1].js.2.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: custom[1].js.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: Upg0Hvk8tZ0[1].htm.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=Upg0Hvk8tZ0
Source: base[1].js.2.dr	String found in binary or memory: https://youtu.be/
Source: base[1].js.2.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.2.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.2.dr	String found in binary or memory: https://yurt.corp.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758

Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.162:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.162:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.225:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.225:443 -> 192.168.2.3:49759 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands:

Yara detected GRQ Scam

Show sources

Source: Yara match	File source: 651689.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-UFW50dbck[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVZ0d[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\glyphicons-halflings-regular[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWp0dbck[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVp0dbck[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\0WSZOYV6.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWZ0dbck[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bitcoin-widget[1].htm, type: DROPPED

System Summary:

Source: classification engine

Classification label: mal56.phis.win@3/103@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF267B8D8B392FD926.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5800 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5800 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer2	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bit.ly/39kvkUX	0%	Virustotal		Browse
https://bit.ly/39kvkUX	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
it.1k-dailyprofit.zulole28.vip	1%	Virustotal		Browse
de.gewinncode.zulole28.vip	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	100%	SlashNext	Internet Scam type: Phishing & Social Engineering
http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/device.min.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/glyphicons-halflings-regular.eot	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/youtubeUP.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/bitcoin-widget.jsv=20	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/commonJs.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/getdetector.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/crypto-bg5.jpg	0%	Avira URL Cloud	safe
https://www.antiphishing.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.p	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/form-bg-1.png	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFW50dbck.woff	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/bootstrap.min.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFVZ0d.woff	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/time.png	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/css/css.css	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/81.jpg	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/20.jpg	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/info-bg-2.png	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWZ0dbck.woff	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/crypto-bg3.jpg	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/success-li.png	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/css/bootstrap.min.css	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/jquery.min.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/index.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/crypto-bg.jpg	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWJ0dbck.woff	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/ft.png	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/person-bg-3.png	0%	Avira URL Cloud	safe
http://it.1k-dailyprofit.zulole28.vip/04uu	0%	Avira URL Cloud	safe
http://de.gewinncode.zrning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findexulole28.vip	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/person-bg-1.png	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/css/bootstrap-theme.min.css	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/js/jquery.validate.min.js	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/glyphicons-halflings-regular.woff	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/images/ceo2.jpg	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/css/stylesheet.css	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/css/font-awesome.min.css	0%	Avira URL Cloud	safe
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFUZ0dbck.woff	0%	Avira URL Cloud	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
it.1k-dailyprofit.zulole28.vip	172.67.207.131	true	false	1%, Virustotal, Browse	unknown
pagead46.l.doubleclick.net	216.58.207.162	true	false		high
rghr.associateneed.link	8.208.92.142	true	false		unknown
bit.ly	67.199.248.11	true	false		high
bitly.com	67.199.248.15	true	false		high
photos-ugc.l.googleusercontent.com	172.217.168.225	true	false		high
de.gewinncode.zulole28.vip	172.67.207.131	true	false	1%, Virustotal, Browse	unknown
s.ytimg.com	172.217.23.46	true	false		high
yt3.ggpht.com	unknown	unknown	false		high
googleads.g.doubleclick.net	unknown	unknown	false		high
www.youtube.com	unknown	unknown	false		high
static.doubleclick.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bitly.com/	false		high
http://de.gewinncode.zulole28.vip/js/device.min.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/glyphicons-halflings-regular.eot	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/youtubeUP.js	false	Avira URL Cloud: safe	unknown
https://www.antiphishing.org/	true		unknown
http://de.gewinncode.zulole28.vip/js/bitcoin-widget.jsv=20	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/commonJs.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/getdetector.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/crypto-bg5.jpg	false	Avira URL Cloud: safe	unknown
https://www.stopbadware.org/	false		high
http://de.gewinncode.zulole28.vip/images/form-bg-1.png	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFW50dbck.woff	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/bootstrap.min.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFVZ0d.woff	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/time.png	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/css/css.css	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/81.jpg	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/20.jpg	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/info-bg-2.png	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWZ0dbck.woff	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/crypto-bg3.jpg	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/success-li.png	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1	true	SlashNext: Internet Scam type: Phishing & Social Engineering	unknown
http://de.gewinncode.zulole28.vip/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/jquery.min.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/index.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/crypto-bg.jpg	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWJ0dbck.woff	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/ft.png	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/person-bg-3.png	false	Avira URL Cloud: safe	unknown
http://it.1k-dailyprofit.zulole28.vip/04uu	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/person-bg-1.png	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/css/bootstrap-theme.min.css	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/js/jquery.validate.min.js	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/glyphicons-halflings-regular.woff	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/images/ceo2.jpg	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/css/stylesheet.css	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/css/font-awesome.min.css	false	Avira URL Cloud: safe	unknown
http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFUZ0dbck.woff	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bitly.com/pages/features/link-management	G7K60ZJ9.htm.2.dr	false		high
http://fontawesome.io	font-awesome.min[1].css.2.dr	false		high
http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.	~DF68199105E1E8B993.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://www.antiphishing.org/	{C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, warning[1].htm.2.dr	false		unknown
http://youtube.com/streaming/otf/durations/112015	base[1].js.2.dr	false		high
https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findex	39kvkUX[1].htm.2.dr	false		high
https://bitly.com/pages/about/team	G7K60ZJ9.htm.2.dr	false		high
https://www.stopbadware.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.pn	~DF68199105E1E8B993.TMP.1.dr	false		high
https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/feather-icon	G7K60ZJ9.htm.2.dr	false		high
https://www.youtube.com	www-widgetapi[1].js.2.dr	false		high
https://www.antiphishing.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.p	~DF68199105E1E8B993.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/iframe_api	custom[1].js.2.dr	false		high
https://bitly.com/pages/careers	G7K60ZJ9.htm.2.dr	false		high
https://admin.youtube.com	base[1].js.2.dr	false		high
https://bitly.com/pages/features/mobile-links	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/hing.org/vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1favicon.png	~DF68199105E1E8B993.TMP.1.dr	false		high
https://bitly.com/pages/press	G7K60ZJ9.htm.2.dr	false		high
https://connect.facebook.net/en_US/fbevents.js	G7K60ZJ9.htm.2.dr	false		high
http://getbootstrap.com)	bootstrap.min[1].js.2.dr	false	Avira URL Cloud: safe	low
https://bitly.com/pages/why-bitly/integrations-api	G7K60ZJ9.htm.2.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
https://bitly.com/	{C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, G7K60ZJ9.htm.2.dr, warning[1].htm.2.dr	false		high
https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2FindexS	~DF68199105E1E8B993.TMP.1.dr	false		high
https://bitly.com/pages/solutions/customer-service	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/why-bitly/bitly-101	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/features/branded-links	G7K60ZJ9.htm.2.dr	false		high
https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/02/favicon.ico	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/pricing?utm_content=site-free-linkbar&utm_source=organic&utm_medium=website&	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findex	{C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DF68199105E1E8B993.TMP.1.dr	false		high
https://bitly.com/favicon.ico~	imagestore.dat.2.dr	false		high
https://bitly.com/pages/about	G7K60ZJ9.htm.2.dr	false		high
https://www.youtube.com/generate_204?cpn=	base[1].js.2.dr	false		high
https://dev.bitly.com	G7K60ZJ9.htm.2.dr	false		high
https://cdn.optimizely.com/js/16488430484.js	G7K60ZJ9.htm.2.dr	false		high
http://www.idangero.us/swiper/	swiper.min[1].js.2.dr	false		high
https://schema.org	G7K60ZJ9.htm.2.dr	false		high
https://bit.ly/39kvkUX	~DF68199105E1E8B993.TMP.1.dr	false		high
http://youtube.com/yt/2012/10/10	base[1].js.2.dr	false		high
https://bitly.com/pages/pricing	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/contact	G7K60ZJ9.htm.2.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
http://www.youtube.com/videoplayback	base[1].js.2.dr	false		high
http://de.gewinncode.zrning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findexulole28.vip	{C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://bitly.com/~URL	{C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].js.2.dr	false		high
https://bitly.com/pages/	G7K60ZJ9.htm.2.dr	false		high
https://gist.github.com/b16ae13905aee59b946c54fd555cc80c	bootstrap.min[1].js.2.dr	false		high
https://bitly.com/pages/wp-json/	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/partners	G7K60ZJ9.htm.2.dr	false		high
http://www.idangero.us/	swiper.min[1].js.2.dr	false		high
https://bitly.com/pages/resources	G7K60ZJ9.htm.2.dr	false		high
https://www.youtube.com/watch?v=Upg0Hvk8tZ0	Upg0Hvk8tZ0[1].htm.2.dr	false		high
https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/03/recognizable	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/#website	G7K60ZJ9.htm.2.dr	false		high
http://www.amazon.com/	msapplication.xml.1.dr	false		high
https://bitly.com/blog/	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/pages/privacy	G7K60ZJ9.htm.2.dr	false		high
https://bitly.com/favicon.ico	imagestore.dat.2.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/cache/fvm/1611691201	G7K60ZJ9.htm.2.dr	false		high
http://youtube.com/streaming/metadata/segment/102015	base[1].js.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.207.162	unknown	United States	15169	GOOGLEUS	false
172.67.207.131	unknown	United States	13335	CLOUDFLARENETUS	false
8.208.92.142	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
67.199.248.15	unknown	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false
67.199.248.11	unknown	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false
172.217.168.225	unknown	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	347015
Start date:	01.02.2021
Start time:	22:26:55
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bit.ly/39kvkUX
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/103@11/6
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: http://rghr.associateneed.link/index Browsing link: https://www.stopbadware.org/ Browsing link: https://www.antiphishing.org/ Browsing link: https://bitly.com/
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 104.43.193.48, 52.255.188.83, 88.221.62.148, 40.88.32.150, 51.104.144.132, 216.58.207.174, 172.217.20.238, 172.217.23.14, 172.217.23.46, 172.217.23.78, 172.217.22.206, 216.58.207.142, 152.199.19.161, 216.58.207.134, 172.217.23.67, 23.210.248.85, 216.58.207.164, 8.248.123.254, 8.248.125.254, 67.27.157.254, 8.241.122.254, 8.241.122.126, 92.122.213.194, 92.122.213.247, 20.54.26.129 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, www.google.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ie9comview.vo.msecnd.net, fonts.gstatic.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, static-doubleclick-net.l.google.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, youtube-ui.l.google.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\ITYR1Y1Q\www.youtube[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1665
Entropy (8bit):	5.096996459478062
Encrypted:	false
SSDEEP:	48:BiziNiyiziNiR8QiyiziNiR8QizDiyiziNiR8Qin:UziNihziNiRZihziNiRZiHihziNiRZin
MD5:	5268A40B2784E324ABDAF4214F87C609
SHA1:	0AC15A001A6F1DDAF867A71BDE06BB4B72D650BF
SHA-256:	99C44038F3D941C046D9EB3EBA093BEF25A1F5F1E864E3F4F7F7AD798BA43AE0
SHA-512:	F5F50CDC13A30B9C8DAA4D71EE3DF6D066D8768BAE36E5FF05DC7D03C3E2F3A7A309CCD5A18644B3D008422ED5AE5CB2750EA86F8A950CD2F649443EE1C917AF
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root><root></root><root></root><root></root><root></root><root><item name="yt-remote-device-id" value="{"data":"992ccf4b-b671-4ade-b93f-f5a10fae1ca2","expiration":1643783312812,"creation":1612247312812}" ltime="2700314432" htime="30865708" /></root><root><item name="yt-remote-device-id" value="{"data":"992ccf4b-b671-4ade-b93f-f5a10fae1ca2","expiration":1643783312812,"creation":1612247312812}" ltime="2700314432" htime="30865708" /><item name="yt-remote-connected-devices" value="{"data":"[]","expiration":1612333712936,"creation":1612247312936}" ltime="2701474432" htime="30865708" /></root><root><item name="yt-remote-device-id" value="{"data":"992ccf4b-b671-4ade-b93f-f5a10fae1ca2","expiration":1643783312812,"creation":1612247312812}" ltime="2700314432" htime="30865708" /><item name="yt-remote-conne

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1E01C07-651F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	39000
Entropy (8bit):	1.9263103185906627
Encrypted:	false
SSDEEP:	384:rOvEtE1pUE1fjE1f/nE1f/oOE1f0joaE1f03ogE1f035oTE1f035o5HE1f035o5o:0
MD5:	8386A31682FFDB087DBB20051A4D07E1
SHA1:	A17336DE07BBE55E73D6C13EC1B3E1B26ADA3229
SHA-256:	A61DEB1AF05BBAF48CC4346F938F3D3F98E6F8481CD95369BE4349916A7E1EB8
SHA-512:	81D55529DED669431EF8E9A9F9F5E971459B7EC42657D6660823CF6A184652446645ACAAF70F1AAA4BBA4BC7C4D842B6ABF5161081DBDE8142CC6C79827C5194
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1E01C09-651F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	107222
Entropy (8bit):	2.5081243136676257
Encrypted:	false
SSDEEP:	384:ru2MQs2hAscSOjtALWWdrGnpwNCwygwBAwCjvXBYvPZPT9Yct1X3tBvXBYvPZPTc:R+ALWTPN/WPzQv
MD5:	3AA3182F9E1A7912DE8E48903F9DC854
SHA1:	B98F8A642897E392A0851979C73CEF6BFAE814B6
SHA-256:	431C1854C0EB7F562DF08AC5FEA96AB289DD15209B924B3DD65A5644FCF22707
SHA-512:	8F2E285EA924E53BCE81ED91321A12EEFDA5EB99C961ADE63EF1742A025796C8BF867C293B44FD64DBA0BE8CC9C76EAF64DE1B1B3288F5A53B811DCD089EAA40
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1E01C0A-651F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.5852448026996477
Encrypted:	false
SSDEEP:	48:IwCGcprDGwpa+G4pQehGrapbS0erGQpKWWG7HpRusTGIpX2nGApm:r2ZdQ+6exBSNFAWBTu4Fyg
MD5:	616E8CDACBC98167928E6209D6A54858
SHA1:	BB8E2AC7BD1A5CDF52F3296C18069B6AAE63D646
SHA-256:	6B8F3BBFE776FCEE0DF958FEEBBE286B6875184E95570955B58491BBE07A7A80
SHA-512:	8C52F47531A6DFFBC3287722800815E11BF8653560B3BB9F49C3CA48E31BF7A747754D5EC05D263201C84C71C187F21F12F87DCB176FC49AFB409A76947F236F
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.1311975105407255
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEMEjnWimI002EtM3MHdNMNxOEMBnWimI00ObVbkEtMb:2d6NxOvEjSZHKd6NxOvBSZ76b
MD5:	28281361EA57965258F32B3C15AE5897
SHA1:	A31C490DC64DCC7A2E84F59F064044F06BC3E54E
SHA-256:	B33D486E10E0E9DB4B7679F6AD812E2C951C6D7C79A86963F69B7E195CEAEF00
SHA-512:	6ECCC6BFAC792D223BEC34A99614B0A845692113A18F1843C1861D60CEA363C1C3FF5877A7A565B1CDDF81B09D3C0E1B46D7FF4C231C4E04D660A4932FDBBDA5
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x98286edb,0x01d6f92c</date><accdate>0x98286edb,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x98286edb,0x01d6f92c</date><accdate>0x9828f43e,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.148262245561863
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kkWpnWimI002EtM3MHdNMNxe2kkWmInWimI00Obkak6EtMb:2d6NxrQSZHKd6Nxr0SZ7Aa7b
MD5:	7043A489AE078C21406BF6F48CC9C500
SHA1:	5099354A11E4330D44978256801E34560E349205
SHA-256:	4416B78145E73062B32085103F4E6957EDEEB03BEA2B1C69615E7895BDA69CA1
SHA-512:	1FFFE68D206BF111BDECEAA2494F6DA306A51169BACE5EB5FE235692983BDE5637DE4198DA367B28AAEEF4C2B1D3DE34712DD3AE581D06E9A103C439328C4379
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x981cbf27,0x01d6f92c</date><accdate>0x981cbf27,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x981cbf27,0x01d6f92c</date><accdate>0x981d5b72,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.151665294809015
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLhouoAnWimI002EtM3MHdNMNxvLhos1nWimI00ObmZEtMb:2d6Nxv9ouoASZHKd6Nxv9o0SZ7mb
MD5:	8500A94F912B5723AD5B86C8887A3597
SHA1:	356303523644E611A89038335CCA3863F86EFC41
SHA-256:	F6671BED63BA577BEC5746A6D79EA77DB492CCA848B16B2C4C2B3D08D3C8E92A
SHA-512:	7B8BBA795A7A7EEFA0561172F8BF78D5AC3814D01B450C046F42BAB5CA235D13B5C019C92C81D657B199BD55E0B7B616F259606C11854E433155206E3DD45D44
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x98299064,0x01d6f92c</date><accdate>0x98299064,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x98299064,0x01d6f92c</date><accdate>0x982a2ca1,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.151030914155652
Encrypted:	false
SSDEEP:	12:TMHdNMNxingAnWimI002EtM3MHdNMNxingAnWimI00Obd5EtMb:2d6NxSSZHKd6NxSSZ7Jjb
MD5:	E87386D05C65229B25DAEDE2E711CBC0
SHA1:	0BD4407862CF35D98048E7CFCCD1B374BA02D00E
SHA-256:	E99BC8E9F001289175519C4101918F0BE5FB9CE9ED62B62EE2460227696E6250
SHA-512:	4C4E5C48904F2B0E90277E4648FE3BFF1D7EA892B36F499F0A308553E80BD01B0AA118DE2431DB9DC16E6298DF637F6477C943961BC4C78938A231FC9D5CD772
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x9824ae76,0x01d6f92c</date><accdate>0x9824ae76,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x9824ae76,0x01d6f92c</date><accdate>0x9824ae76,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.132943531616109
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwDZ1nWimI002EtM3MHdNMNxhGwDdnWimI00Ob8K075EtMb:2d6NxQqSZHKd6NxQ0SZ7YKajb
MD5:	5CEE648A385E808D106AE399BE7C968A
SHA1:	D0D7472133EC806524B4D47C06BE255C431E6DFD
SHA-256:	EE14436C7F453A893A487D8BA8B7B1D4E4BB0F47A7E75753E4559BD525C9A685
SHA-512:	5466CDAB70513D9B6A0493D87A7F95F6E655FD9AE1E00F36AF1FAD6D818A0389A227C41C982B3CBC6000275A180956BF7A1B373225D0924436454AF421FF1BD1
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x982a2ca1,0x01d6f92c</date><accdate>0x982a2ca1,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x982a2ca1,0x01d6f92c</date><accdate>0x982ac8e3,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.154918583194691
Encrypted:	false
SSDEEP:	12:TMHdNMNx0ni2j2AnWimI002EtM3MHdNMNx0ni2gEBAnWimI00ObxEtMb:2d6Nx0i2j2ASZHKd6Nx0i2gESSZ7nb
MD5:	96D8FD04E9DCFDF1392A34527E8FCB43
SHA1:	77C8AB6D7A72B6624733ECC5B178C6FDB18AB8BF
SHA-256:	0CD197B1183C4AB0199C255B454329893DFCD4CA62C4B1FFFA851A444064FD28
SHA-512:	ECD43BD3306A1720C3EAEA61DD929F53072187DE2F6C24814D0260D4740226D2A97C140C2A41133717E919E6A9C70049608F8EFEEFF2AB1DEC081C229236BC92
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x98268324,0x01d6f92c</date><accdate>0x98268324,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x98268324,0x01d6f92c</date><accdate>0x98271f6f,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.177677266444319
Encrypted:	false
SSDEEP:	12:TMHdNMNxx5nWimI002EtM3MHdNMNxxf2AnWimI00Ob6Kq5EtMb:2d6NxDSZHKd6Nxp2ASZ7ob
MD5:	3BB4ED6352569E76E9AB16C9510CB557
SHA1:	02DCA313F194ECB1C1705E738E3C9532AE96E947
SHA-256:	4824638ACD46AD115ABADE915C33D13A3862A6B4F4420794848D7C0317A14E85
SHA-512:	C619D21BD599A662674857F2919A8A8F3FD3A5C8BF266FA690AA6DC4A31045E8701C0327641426555E3FD6CC3CEED45D0A2679498ACBEC35D27033ACBA43A005
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9825e6eb,0x01d6f92c</date><accdate>0x9825e6eb,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9825e6eb,0x01d6f92c</date><accdate>0x98268324,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.143081253027383
Encrypted:	false
SSDEEP:	12:TMHdNMNxcRWAnWimI002EtM3MHdNMNxcRkFVYAnWimI00ObVEtMb:2d6Nx0WASZHKd6Nx0kFVlSZ7Db
MD5:	0AC50EDA9E4167D2E48B0480509F06B2
SHA1:	855098F6F27D20FBC2692046009B99658646532B
SHA-256:	1FC1D7CB655B3B3270015826F1AC5CA90E7C1EEA68C78632E9546DD40BC33927
SHA-512:	4EEBBF95BEA244BF33F7F80D7A7FC3BCE6C134AD39E636584B3D5D7DFAE64B35F63BAAE2EF8563E3F539DC8FBAAB111FFFD919E3D5CD11C18D69BF25DC4F6592
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x982104fd,0x01d6f92c</date><accdate>0x982104fd,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x982104fd,0x01d6f92c</date><accdate>0x9821a136,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.131673505544411
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnNnWimI002EtM3MHdNMNxfnIAnWimI00Obe5EtMb:2d6Nx1SZHKd6NxdSZ7ijb
MD5:	BFB4D96AF632C510B2257F10D9C91749
SHA1:	D3D56AFD5A1483CF6AEFB8646946E71C28C97504
SHA-256:	F9177C608540A430DE520AD34195E3093E99478C70225E967977AF7739B46C72
SHA-512:	0D35A166E7CDE8F0B2D30118F57A707C4A93A6E6019B09A45B0FA379A2193BD58327C1309C23BFB493412567BEE0252758BF78B88324F851C8A2B57A16A70ECB
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x9823760e,0x01d6f92c</date><accdate>0x9823760e,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x9823760e,0x01d6f92c</date><accdate>0x9824122f,0x01d6f92c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	7793
Entropy (8bit):	5.111536062064444
Encrypted:	false
SSDEEP:	96:pxgs6ehrtzkOSi4GieE1jxV3c5HwPT4HcG:pKEkOSi4z1jxV32OG
MD5:	FD3B68E294D51F8F45E3114FD299DB71
SHA1:	E01A54032DFA494B815A17AEDFA2111B68C66E54
SHA-256:	354F509F577F20306B73E811709625D3E46DA97CEF0E06EB5E1AD4692721AC34
SHA-512:	6EAAEA7A32039D4BE40728F7AA118023DA22F820E1536CB2E7302D214A41AFC8C4A76EE191A03546E8962250378AD0E7333AD26504E8C2A82FD29C319F07D13B
Malicious:	false
Reputation:	low
Preview:	-.h.t.t.p.s.:././.b.i.t.l.y...c.o.m./.s./.v.4.6.8./.g.r.a.p.h.i.c.s./.f.a.v.i.c.o.n...p.n.g......PNG........IHDR... ... .....szz....TIDATX..[lTU....gZj[.........E..DB@.>rQ.P.........$.I..cD..%..TI.."..4.........e:.....r.)..Y>.3.N.%$....g..}k.}....c..N<3.....\.Z,....$.h. .@..H~[.........)-2e.DX......jm......c..7@.!....H.X.. ...U..?..`......b.P.q.hS.vT..q.........<.KU.=.K.........1.Y.#..T.....P.z!....rWy.....y:._.#.PG.=.........\|....ow.\~..P.Bf...D.:...P..Q.b..%...v..^.....X.g[....V.@z."...P.D.o..u.....kgB...op.......9.]N@5{..O.........Zv...C....U5.......Ez.j..j...L...... ..N[u..p&.x..k.......o..5._..D.Y..Y...m..........?LO.5.W..w .l....Q.c`.x T.w...$..7N.......D....2.KD..`.......s..K..w......$..v.sG7a1G../..7.....SN.f...]j.fe(r1..{....7y}P.E`..&8f%.0.......:..5.+w...I.I.7....\|U...{..-...%.`..........Y..v....j.d.p..{m..B..2.@..P..= t.4./...Pi.:).....W..O.u..WcM....&me.D...2.a..wf../..&]..\.U#......c.7=5.o.5L..B.=..@.-j....U../:....Z........g3.ms...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\81[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 339x218, frames 3
Category:	downloaded
Size (bytes):	14713
Entropy (8bit):	7.958893969169819
Encrypted:	false
SSDEEP:	384:OXvgEZc3BaayqKBYRQEdvGKHZ7jKGELtJu309JIC:OXv41EYCE9HPEYg
MD5:	BBA64F1EE33E14C3459B3BDD9A3BC870
SHA1:	9BA70ABF370A79DCE0376CD3B30E75B61DED8246
SHA-256:	3D9EB31D8B82BAE55D9009B0491C51CD6BFD2BA28BB8D8E94E3960EC63EE9835
SHA-512:	91951000802CB8C6BE0845BD8F1D86941FBAC2A01D4410EA220D3453E67E85D25DF7E397F9A983A3D753E4C88BBE92B7AA402A92B7BC290E09533593015A328C
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/81.jpg
Preview:	......JFIF................................................................"..."%%424DD\.................................................."..."%%424DD\........S.."...................................................SM.......k..RW.....4..d"&.&....7.\|.bzj...'.v.2.`....>..U..A..o.!h."..g.]:..k.X.Es.D..xu.6......0...G.:7..,.C[.c.~.5..,E..'2..ai.Z........ ..Y.L.9..z+.T..m...`q..!.!....UoHi.G.<".@..Ff....nLS.i..~.Kd..M..u.$.....E?._.L.-r...s.....h..I.l6u...V4."..c..h..NG...,a...{.WcK..%.......@c....S.hU:..be.$...JEf..'.....$..`n&.UN.e..=\....j!NV..mW.i..!..=.......H..K.....[/..0w..-D...h...V.B.(...R...AI.]n..H.....z.e..:7C...y{...fP..A..Ci........B.wPB...../.r .D.><..>.GS..R.o....6..Seg.U....O..6+A....].O..Qq......^.r..B.O..V...] ......Id.*j..N......N......q.....h....Q....(.).qr.3..z...4tv..v.c.....m..[.....vz={.S....[.58k...4...j........Y.46.m... .....%...5..>).52K..}:...l.AST..CE.Y.2.D[..l.@m~.P4....]!..4w..@..2N...i3$W-...!...f.#..Y....lXEX....h.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\83[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 339x218, frames 3
Category:	downloaded
Size (bytes):	14653
Entropy (8bit):	7.958734491534386
Encrypted:	false
SSDEEP:	384:1MJfLAI9/wQRIPwMxuHJm/LCrqyCe48Y6gIENx5AHQ3:GJfJ9/pRITxx/Gd+auN3H3
MD5:	C176D842A98834D5380C711DA0D4F9D7
SHA1:	F14A722F5E33F506CFEF4406E56EB528895615AF
SHA-256:	6948DC72912A7C54D46A43819712B8D53EB000F2DC63EDFC3DCD02573628BA4D
SHA-512:	1BA5B03A94FD9BF94A091FAB4119DEE55D713E9252C6D9F1E2B73E58F18E469462D859D87B8DD798F1E4F7E9BE38655EC93E46C6EEBABC5FB4C624549E874E20
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/83.jpg
Preview:	......JFIF................................................................"..."%%424DD\.................................................."..."%%424DD\........S..".................................................].".XIzXK...a.U/oX......X.\|.{@..[..+/ev,0..,CU0..m.e:a\...vaa.jh.3.lv...\|oq......B.x.3..%..\|c........HJ.......;.Ic..s.+.".v...]_#.`...F.z.\|......X.t%.:.,,.d7..U.vK..'^]>...F...L.J.<..."!L...I,..........+j..e.t.....!.,...b.L._....y..Y..~...vD.[S.w1.....(y...(.Y.T5+P2..k.=.C...q..W_..Rkys..X.^.....Y..//t..../1..v.E....RiZ...]t......TG.;.#..h...3.....:.(.....XIBS<iG.uU...:......_.da.h.f.R9ot.2adu^.)$.Lr.=w..H.qz...y^W..3.F.<3.9..Q....R;.....p.......^....BdlrLG..8......zR.?...Ix...:....n..rzl21..{......,..N.9.F.t..L..3....-~3.eeE.Dl..9.......D.\..j..K.l....&.......\L..tdI..!4...V.B....B.@CHN.u../.].LMtS.........E.`.t%...3=....U\S..t.P,..l.......4.8..#...(.r..b...b....2>D..D/.....+..efv.p..tddn.t.. ]%h........o...:d.......4.#..u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\base[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1566990
Entropy (8bit):	5.584588538871442
Encrypted:	false
SSDEEP:	12288:rEhB0ooGSGK1zKFMBio3mA4KPJv4rhxev5RhJaUBhlZVNLizOy:I0ooGSGK1OKBio3x4KPJgCh8UbVNuJ
MD5:	C92B0B08D6122CA2100B119BB376CA73
SHA1:	685C453F3FEACFEF57F432760EC1CFCFFF1BF962
SHA-256:	90134D02F256B37AFAB4AB2E6A01155B65B9C3E61EB1B16DF0BEF1E2CE2F5A42
SHA-512:	FE2B3F3FFE5CE3B853CC2437AED52F3FD229FFCA38F6952A115A1D0FF044861659C49FF133295E2F1E2F432F3A899BBA2D1F13E880DE9BD78ED3B0FCEEB78542
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/player_ias.vflset/en_US/base.js
Preview:	var _yt_player={};(function(g){var window=this;/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var ba,da,haa,ia,ka,la,pa,qa,ra,sa,ta,ua,iaa,oaa,va,wa,paa,xa,ya,Aa,Ba,Ca,Da,Ha,Fa,Ka,La,saa,taa,Ua,Va,Wa,uaa,vaa,Xa,waa,Za,$a,xaa,yaa,bb,jb,zaa,rb,sb,Aaa,xb,ub,Baa,vb,Caa,Daa,Eaa,Fb,Hb,Jb,Nb,Pb,Qb,Yb,$b,cc,dc,hc,jc,kc,Haa,lc,mc,nc,wc,xc,zc,Ec,Kc,Lc,Pc,Nc,Laa,Oaa,Paa,Qaa,Vc,Wc,Yc,Xc,$c,cd,Raa,Saa,bd,Taa,id,jd,kd,ld,od,qd,rd,Vaa,sd,td,Bd,Cd,Dd,Ed,Fd,Gd,Hd,Id,Kd,Od,Pd,Rd,Sd,Td,Xaa,Ud,Vd,Yd,Zd,$d,ae,he,je,me,qe,re,we,xe,Ae,ye,Ce,Fe,Ee,De,bba,oe,Te,Re,Se,Ve,Ue,ne,We,Xe,dba,af,cf,$e,ef,hf,jf,kf,lf,mf,.nf,of,eba,vf,rf,Hf,fba,Lf,Nf,Sf,Tf,Uf,Vf,Wf,Yf,Xf,Zf,$f,iba,kba,lba,nba,eg,fg,gg,ig,kg,lg,oba,mg,pba,ng,qba,og,qg,sg,yg,Ag,Dg,rba,Gg,Fg,Hg,sba,Pg,tba,Qg,Sg,Tg,Ug,Vg,Wg,uba,Xg,Yg,Zg,$g,ah,bh,ch,vba,dh,eh,fh,wba,xba,gh,ih,hh,kh,lh,oh,mh,zba,nh,ph,qh,sh,rh,Bba,Aba,th,Dba,Cba,Eba,zh,Fba,Bh,Ch,Dh,Ah,Eh,Gba,Fh,Hba,Iba,Ih,Kba,Jh,Kh,Lh,Lba,Nh,Ph,Sh,Vh,Xh,Uh,Th,Yh,Mba,Zh,$h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\custom[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1347
Entropy (8bit):	5.1440323809029165
Encrypted:	false
SSDEEP:	24:+jOfWyEi5OAxiEGJiSZm6TVZcK3NXBFEOMVq+0ZXeUVZcK3NX6OMVqFW06cbYBWT:+KOyEd5dJiim2Lc4XBFlOULc4XJbYBqn
MD5:	389D0C76AFF88774D9DE5F09D0715938
SHA1:	29327C12C9CF5C1875464F941A2EB91969DA4E47
SHA-256:	91E115AD663A587E22AA59CC8274735E598637DF53A6B07A494F5513DD924078
SHA-512:	4E3D65E9552A961968B4F9BE22B20B28A0C4F5307209F40B0A64942A273F01ED71C7CF4D3ACDA3095557800AAC8D6D85024DEB5E84430D7E7454E0B5514DD001
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/custom.js
Preview:	. $('.hover-modal').hover(function(){. $('.popup_custom').show(). }). $('.close_button').click(function(){. $('.popup_custom').hide(). }). if(device.mobile() \|\| device.ipad() \|\| device.android()). {. $("#ytplayer").append("<img src=\"images/preloader_Youtube.gif\" id=\"apYou\">");. $('.hover-modal').remove();. $(".anticlicker").css('bottom','65%');. // $("#ytplayer").append("<iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/ZOAtM4uzDzM?mute=0&autoplay=1&controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&showinfo=0&playlist=ZOAtM4uzDzM\" frameborder=\"0\" allowfullscreen=\"\"></iframe>");. setTimeout(function(){. $('#apYou').hide();. $("#ytplayer").append("<iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/Upg0Hvk8tZ0?mute=0&autoplay=1&controls=1&disablekb=0&loop=1&a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\embed[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	30254
Entropy (8bit):	5.550797615977334
Encrypted:	false
SSDEEP:	768:NV+1d6mWke4FRm5y6QCCcp9FpP5g7gltxk:uMke4CRQCCqxk
MD5:	48D1BDC5B9FCF66093B519478E4B11B9
SHA1:	A2FCCDFAE9162B95299358ECD417B01DD4DC6413
SHA-256:	7497A9001FFCEB198AE851C8E68DE94E9DD480DE9174A76C10783DCCFC66191B
SHA-512:	1BA6781F65E4D499BA0F4247A7E342949D034B16EE308768B12B7476815717579A12E5CA2887CEC73323C023C0C6CB46BE404A1990D33CCAC5ED794A291A77E2
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/player_ias.vflset/en_US/embed.js
Preview:	(function(g){var window=this;var C2=function(a,b){g.pf(a.u,8b+2);var c=a.u.end();a.C.push(c);a.B+=c.length;c.push(a.B);return c},D2=function(a,b){var c=b.pop();.for(c=a.B+a.u.length()-c;127<c;)b.push(c&127\|128),c>>>=7,a.B++;b.push(c);a.B++},yFa=function(a,b,c){null!=c&&(g.pf(a.u,8b+1),a=a.u,b=c>>>0,c=Math.floor((c-b)/4294967296)>>>0,g.Af=b,g.Bf=c,g.qf(a,g.Af),g.qf(a,g.Bf))},E2=function(a,b,c){null!=c&&(g.pf(a.u,8b),a.u.u.push(c?1:0))},F2=function(a,b,c){if(null!=c){b=C2(a,b);.for(var d=a.u,e=0;e<c.length;e++){var f=c.charCodeAt(e);if(128>f)d.u.push(f);else if(2048>f)d.u.push(f>>6\|192),d.u.push(f&63\|128);else if(65536>f)if(55296<=f&&56319>=f&&e+1<c.length){var h=c.charCodeAt(e+1);56320<=h&&57343>=h&&(f=1024(f-55296)+h-56320+65536,d.u.push(f>>18\|240),d.u.push(f>>12&63\|128),d.u.push(f>>6&63\|128),d.u.push(f&63\|128),e++)}else d.u.push(f>>12\|224),d.u.push(f>>6&63\|128),d.u.push(f&63\|128)}D2(a,b)}},G2=function(a,b,c,d){null!=c&&(b=C2(a,b),d(c,a),D2(a,b))},H2=function(a,b,c,d){if(null!=.c)f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1421
Entropy (8bit):	7.784052478155088
Encrypted:	false
SSDEEP:	24:AS0LwgZljoxQUIxqQZkH2548+I07yUUQt8KTr/6C/CeI2/EWt7:Ji5oxQNkHjc0WWdX4ehrt7
MD5:	10BE1FC63993FD01005C34BE73678406
SHA1:	C88681CBA60CE9321C6FD2FD8DC97555992FA1A3
SHA-256:	3CE43EC89D890B85133C3A0F68C666B4FF9AFB9FDF6D146C642E1D3DCC1CC06B
SHA-512:	BF59E780D832982E2C4DC3CEC8164214C07F23335B2200605E52ADE3002C78F5F19AA716BD8D00946E4BA801A18032350EFF04F9ACA74F826F9D8F583D40682D
Malicious:	false
Reputation:	low
IE Cache URL:	https://bitly.com/s/v468/graphics/favicon.png
Preview:	.PNG........IHDR... ... .....szz....TIDATX..[lTU....gZj[.........E..DB@.>rQ.P.........$.I..cD..%..TI.."..4.........e:.....r.)..Y>.3.N.%$....g..}k.}....c..N<3.....\.Z,....$.h. .@..H~[.........)-2e.DX......jm......c..7@.!....H.X.. ...U..?..`......b.P.q.hS.vT..q.........<.KU.=.K.........1.Y.#..T.....P.z!....rWy.....y:._.#.PG.=.........\|....ow.\~..P.Bf...D.:...P..Q.b..%...v..^.....X.g[....V.@z."...P.D.o..u.....kgB...op.......9.]N@5{..O.........Zv...C....U5.......Ez.j..j...L...... ..N[u..p&.x..k.......o..5._..D.Y..Y...m..........?LO.5.W..w .l....Q.c`.x T.w...$..7N.......D....2.KD..`.......s..K..w......$..v.sG7a1G../..7.....SN.f...]j.fe(r1..{....7y}P.E`..&8f%.0.......:..5.+w...I.I.7....\|U...{..-...%.`..........Y..v....j.d.p..{m..B..2.@..P..= t.4./...Pi.:).....W..O.u..WcM....&me.D...2.a..wf../..&]..\.U#......c.7=5.o.5L..B.=..@.-j....U../:....Z........g3.ms...+...#. ZU.@U.&...P"..r..V.L6...CO;..G.gU./.A...U.....b..,.6{B.W.Z..\.T...B3..p.e..?S....}.z

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fetch-polyfill[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Pascal source, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8543
Entropy (8bit):	5.238064281324506
Encrypted:	false
SSDEEP:	192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V
MD5:	04E3CC8A9641B3F9F9C9370F4E9B5BDD
SHA1:	9602A891F583094BB04FD407B253ABCAFFB8C8D0
SHA-256:	DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
SHA-512:	58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/yts/jsbin/fetch-polyfill-vfl6MZH8P/fetch-polyfill.js
Preview:	/*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\form-bg-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 82 x 82, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	503
Entropy (8bit):	7.008803071518524
Encrypted:	false
SSDEEP:	12:6v/7WQ/6Ts/OZA9i9cl8Bm5wRcYQcFsRRRRu4C:q/6k9KcSRF8C
MD5:	0B5F69E16AD852D20823DEC71E397DA0
SHA1:	32100CE592D6A67F379FA023F1D865BF9FECB7AF
SHA-256:	CC376DE73C305D9257B8D08A88901BA7D29101BEB08C94256943A1EA9F7A932B
SHA-512:	E71E2CCE0EE7AA33EFCA2486B2A87DC46ACAB0244B5391BEA1F556DFF3AF5F31CAAAEA58BC8074399E8D265F5CBE7B79CF2BF137C693729915BEBCE086C9B20C
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/form-bg-1.png
Preview:	.PNG........IHDR...R...R......,......pHYs.................sRGB.........gAMA......a.....IDATx...M.0.@a.P1..l..@G..G..b...T.AGAAK....q?I....+Nw.U.r..r...C....l^G.w}....[..bzy9...g.`...7b.+.. f~...1...9.....N.9.8..1.5...s.Q.)1.7.2%..&A....d...u.O}.2....P_W'..YW.m'$..PBB..%$..PBB..%$.qX..wt,vE....O.e...#[.\.f.".jw..0W......8..."..-`.3.....)b...k.,r.F.bW.j.,z..&..vZ....](!.....JH(!.....JH(!.....JH(!.....JH(!.....JH(!.....JH.Y.,..=.Z^.PBB..%$..PBB..%$..PBB..%$..PBB....^........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\glyphicons-halflings-regular[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\glyphicons-halflings-regular[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/glyphicons-halflings-regular.eot
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	97163
Entropy (8bit):	5.373204330051448
Encrypted:	false
SSDEEP:	1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV
MD5:	4F252523D4AF0B478C810C2547A63E19
SHA1:	5A9DCFBEF655A2668E78BAEBEAA8DC6F41D8DABB
SHA-256:	668B046D12DB350CCBA6728890476B3EFEE53B2F42DBB84743E5E9F1AE0CC404
SHA-512:	8C6B0C1FCDE829EF5AB02A643959019D4AC30D3A7CC25F9A7640760FEFFF26D9713B84AB2E825D85B3B2B08150265A10143F82E05975ACCB10645EFA26357479
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/jquery.min.js
Preview:	/! jQuery v1.12.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.ca

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVZ0d[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVZ0d[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFVZ0d.woff
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVp0dbck[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem8YaGs126MiZpBA-UFVp0dbck[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFVp0dbck.woff
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\person-bg-2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	721
Entropy (8bit):	6.407130531207157
Encrypted:	false
SSDEEP:	12:6v/7SY/6Ts/hYQ46g44DXuWkibqCRBiRTb42V601zZ9:W/6gy7VOCRBiW2c01F9
MD5:	06E0592AB9909DAB18FC3C512EFB5067
SHA1:	6213DB32491FE73FD7B205BCD30B3022B81A23A5
SHA-256:	67EE974D15781A8D9EB45A022AB21788F088509E6662A071BB97491E6779BE02
SHA-512:	FD23C7FF912B676F048B0CFE9002D86E2D941CE511C9844C39F697815282BD3F59450D1474945ACA623394ABBCDCF69BAB2730B4071FCAFBDBB1B74F77B95A90
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/person-bg-2.png
Preview:	.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a....fIDATx....M.@.F.1b..I...%.P.t.%........wl..o..,,.G..$..r..>._......m.0?.....w.`........o.`..;4~.Ij...........]...?.;....?.....s....s....K....K...P.k...P.k...P.!...P.....P.!...P.....P.1...P.....P.1...P.....P.)...P.....P.)...P.....P.....(@...d.s.`....?.. ...O..........................................................................................................................................................m.l..{N}.'....>...6......I.d....%../...8~Y&....3Y.._.I.p.r....m....\|....u.%.....8~].....3X.._.A.p.z]........~....m.(..o...8~[.....sr.....p.v.....v0..o.....ag..../..g.....\|...L..8>W..loV..^.9......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\remote[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	96863
Entropy (8bit):	5.454845055761819
Encrypted:	false
SSDEEP:	1536:jEbCSQjM6FSvMdKgfWiH+1PzITwhOq5HjPqcbTfGe+/1o4zS0ygEoxaxF:EuMhMdKGWiI0sOq5HjPqcbTfGe+/1o4w
MD5:	66DC535677BFBA524853D4BEEDDBEA1A
SHA1:	AD14D3EBA1F68EE52774B52ED7D13D2A491FC478
SHA-256:	AB608717A3647E30C39D2C508E49F434709A6BB3D5979CDD7FF451639E764B48
SHA-512:	82A1C58258925EE309398ABE24AB944B1CA5A7EC3411F2BE79F38D69177D96F47BAB2EDCE46480FB0EE21E6AD4BFB550DB06417AF76BE0362983B2CB5DC6F70D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/player_ias.vflset/en_US/remote.js
Preview:	(function(g){var window=this;var RGa=function(a,b){return g.Ob(a,b)},f4=function(a,b,c){a.C.set(b,c)},g4=function(a){f4(a,"zx",Math.floor(2147483648Math.random()).toString(36)+Math.abs(Math.floor(2147483648Math.random())^g.A()).toString(36));.return a},h4=function(a,b,c){Array.isArray(c)\|\|(c=[String(c)]);.g.fn(a.C,b,c)},SGa=function(a,b){var c=[];.g.nj(b,function(d){try{var e=g.bo.prototype.B.call(this,d,!0)}catch(f){if("Storage: Invalid value was encountered"==f)return;throw f;}void 0===e?c.push(d):g.ao(e)&&c.push(d)},a);.return c},TGa=function(a,b){var c=SGa(a,b);.g.Bb(c,function(d){g.bo.prototype.remove.call(this,d)},a)},UGa=function(a){if(a.U){if(a.U.locationOverrideToken)return{locationOverrideToken:a.U.locationOverrideToken};.if(null!=a.U.latitudeE7&&null!=a.U.longitudeE7)return{latitudeE7:a.U.latitudeE7,longitudeE7:a.U.longitudeE7}}return null},VGa=function(a,b){g.gb(a,b)\|\|a.push(b)},i4=function(a){var b=0,c;.for(c in a)b++;return b},WGa=function(a,b){var c=b instanceof g.Cc?b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48168
Entropy (8bit):	4.858574324362781
Encrypted:	false
SSDEEP:	768:gFgF4FQvFOvxMnBa44OdFFp/hFsWQtsgFFaU:geWWvIvxMnYkFv/hCWQttFj
MD5:	4A12422357D9844FF79EFE51740A7828
SHA1:	F7F2825575EA8F5A656075820AF73225DC767503
SHA-256:	9827DA607BB01A78ED03C0388CDE181A5137117715302CADC6BE4308517E8555
SHA-512:	E4E9D6EAD768FF974A70C6FF2A5AFCB3206927B8C429A9817146918F8AB4FBC09B3C3D72CD7B03EA7C44ADAE0E85FF7583C09BBB95FEA9A5DF057F40E3B629B1
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/style.css
Preview:	.flip-clock-wrapper.clearfix:after,..flip-clock-wrapper.clearfix:before,..flip-clock-wrapper:after,..flip-clock-wrapper:before {. content: " ";. display: table.}...flip-clock-wrapper.clearfix:after,..flip-clock-wrapper:after {. clear: both.}..body{. font-family: Roboto;.}...nav.nav-justified>li>a {. position: relative.}...nav.nav-justified>li>a:focus,..nav.nav-justified>li>a:hover {. background-color: transparent.}...nav.nav-justified>li>a>.quote {. position: absolute;. left: 0;. top: 0;. opacity: 0;. width: 30px;. height: 30px;. padding: 5px;. background-color: #13c0ba;. border-radius: 15px;. color: #fff.}...btn-success:hover, .btn-success:focus{. background-color: #EB610A;.}...btn-primary:active,..btn-primary:active:focus,..btn-primary:focus,..btn-primary:hover {. background-color: #5ac15a.}...nav.nav-justified>li.active>a>.quote {. opacity: 1.}..valid-pass-label {. position: absolute;. background: #FAFAFF;. border: 1p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\stylesheet[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	27906
Entropy (8bit):	5.421555544616456
Encrypted:	false
SSDEEP:	768:yAh+S+JAK1MlYGtytlRigS3R5V5Y5p5m5Z5d5/:zK1MlYGtdzin83L/
MD5:	5A907CD4BF294B2A1105C186D6D8BC4B
SHA1:	2F82771D97D98CB61915918AC58DED97D25CBAD7
SHA-256:	91CDEA3FF55639DC9F696F59790E2C1813609B7966730F4F4C6C00AEE0C5C79D
SHA-512:	432EC0345785C9F986F6D1DA76BC3E7ABA370D2FDDC8FBEDC0891FC0F878465861E7650EE4FB8F96673197EC22B5C45CF32FC43E1F20D556C25DBAA648EF03B1
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/stylesheet.css
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: block;. src: local('Roboto Thin Italic'), local('Roboto-ThinItalic'), url(../fonts/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: block;. src: local('Roboto Thin Italic'), local('Roboto-ThinItalic'), url(../fonts/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2) format('woff2');. unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: block;. src: local('Roboto Thin Italic'), local('Roboto-ThinItalic'), url(../fonts/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-styl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\swiper.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	17762
Entropy (8bit):	5.1820736389426445
Encrypted:	false
SSDEEP:	192:brX0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:brX52CXfgWHfyXyzSl68Pe
MD5:	0176BF1163B6F65F3C8CF11CD367E67C
SHA1:	6509DF54687A830CC77C2D27A6E141B650CA26FC
SHA-256:	F5C9917AE6F29DE0BA5C6606EA4D7BAE6A7072F6B08FC90DDF9CFC09027B07EE
SHA-512:	2A77E02A335175D4FD7A15F8D85E4E90A5D45E963AC31249B2EF73B3791AE825D730827F6722F356603E804203A43E9D97EE296566BCA70E666486703897962F
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/swiper.min.css
Preview:	/*. Swiper 3.4.1. * Most modern mobile touch slider and framework with hardware accelerated transitions. * . * http://www.idangero.us/swiper/. * . * Copyright 2016, Vladimir Kharlampidi. * The iDangero.us. * http://www.idangero.us/. * . * Licensed under MIT. * . * Released on: December 13, 2016. */..swiper-container{margin-left:auto;margin-right:auto;position:relative;overflow:hidden;z-index:1}.swiper-container-no-flexbox .swiper-slide{float:left}.swiper-container-vertical>.swiper-wrapper{-webkit-box-orient:vertical;-moz-box-orient:vertical;-ms-flex-direction:column;-webkit-flex-direction:column;flex-direction:column}.swiper-wrapper{position:relative;width:100%;height:100%;z-index:1;display:-webkit-box;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-transition-property:-webkit-transform;-moz-transition-property:-moz-transform;-o-transition-property:-o-transform;-ms-transition-property:-ms-transform;transition-property:transform;-webkit-box-sizing:conte

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\unauth.shorten[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3689
Entropy (8bit):	4.843603202641041
Encrypted:	false
SSDEEP:	96:L5wRo9NNU1cqn59Ng76v6ccrSqMtiQ93+AAdGY:L6W9Nacq59NU6v6cWSqMtiQrWGY
MD5:	75BEA4A0F5EBDF547CFD5656FD71066C
SHA1:	A45269E9A9ACDD53C1264575DE7A1C4AF4560D5A
SHA-256:	0AB1F041D1E5265277ED5C7D219BB3AB08F2961483D14334C3101B29C9F12C51
SHA-512:	CAECEA68CAC1F92AD6D471F0E26D91C3ABA205B8DE7483A88F7E75443D492A88142490D508DC972794FE555134C23E4FD324C7C6D50FA42DC469AA6572880ADD
Malicious:	false
Reputation:	low
IE Cache URL:	https://bitly.com/s/js/unauth.shorten.js
Preview:	var BITLY = {};.(function($, BITLY) {. var _xsrf = document.cookie.match("\\b\_xsrf=([^;])\\b"),. _xsrf = (_xsrf ? _xsrf[1] : undefined);. var cookieName = 'anon_shortlinks';. var cookieValue = document.cookie.match('(^\|[^;]+)\\s' + cookieName + '\\s=\\s([^;]+)');. var shortlinks = cookieValue ? cookieValue[2].split(',') : [];.. $.ajaxSetup({. cache : false,. timeout : 12000,. type: 'POST',. dataType: 'json',. traditional: true. });. . function shorten(longUrl, success, error) {. var options = {. url: '/data/anon_shorten',. data: { url: longUrl },. beforeSend : function(XMLHttpRequest) {. XMLHttpRequest.setRequestHeader('X-XSRFToken', _xsrf);. },. success: function(res) {. if (res && res.data && res.status_code == 200) {. handleShortenSuccess(res, success);. } else {. handleError(res, error);. }. },. error: function(res) { handleError(res, error); }. };. . $.ajax(opt

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-embed-player[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	160352
Entropy (8bit):	5.572635697741077
Encrypted:	false
SSDEEP:	3072:XFzDR+ZuQgAp2Gb1QTy8hdsmVKlM3i2CwoU0:RRVAIGb10y8hnXy2Cwx0
MD5:	05B9F36DA4F45F1BFF5AA898ABB8F3C8
SHA1:	8CD070A30DF63FA9ECD288FAC5565E823DB0F3C9
SHA-256:	56ECD91217B79C7C8D05EBE2A806EAB9E5C0C84AC07E97A97C47C105DEB90893
SHA-512:	00D4CB902EAB18706C0789A2C2A673D509FA0A46BC563F81AE775277D5E29826FCCE3E9F79F730383221117480467AC4897260C273A6E8EE374B0188F3758B48
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/www-embed-player.vflset/www-embed-player.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ea=ca(this);function t(a,b){if(b)a:{for(var c=ea,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e\|\|"")+"_"+d++,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20012, version 1.1
Category:	downloaded
Size (bytes):	20012
Entropy (8bit):	7.966842359681559
Encrypted:	false
SSDEEP:	384:Yc6bX9TagDCXKqs4+W5XVgaflKHjsGdZtlh3K/qzWz/scZpuB:YcCVaeCaF4ea9KHYQZtlh3Kgy4B
MD5:	DE8B7431B74642E830AF4D4F4B513EC9
SHA1:	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C
SHA-256:	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
SHA-512:	57D3D4DE3816307ED954B796C13BFA34AF22A46A2FEA310DF90E966301350AE8ADAC62BCD2ABF7D7768E6BDCBB3DFC5069378A728436173D07ABFA483C1025AC
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:	wOFF......N,................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......R...`t.#.cmap...4.......L....cvt .......\...\1..Kfpgm...@...2......$.gasp...t............glyf......:...j.'..hdmx..G,...f........head..G....6...6...rhhea..G........$....hmtx..G....a......MOloca..JP........\v@zmaxp..L,... ... ....name..LL..........:.post..M(....... .m.dprep..M<.......S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..\|.(o.....\|$,..{\|&\|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1612
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
MD5:	DFEABDE84792228093A5A270352395B6
SHA1:	E41258C9576721025926326F76063C2305586F76
SHA-256:	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:	E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:	false
Reputation:	low
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\VN80VdEPAU4llAcAXE3Um4dgGgP3rzxPfP-z_SVZNno[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	36885
Entropy (8bit):	5.6900390330402715
Encrypted:	false
SSDEEP:	768:1vyYPIjjqDM1onvuvuWVKRPhqRGGdI3sB:hzPGx3uWVKvqUGdI3sB
MD5:	006A8839F626C9F596A2DCAB2FCC2962
SHA1:	F4070D5218520E397BC03A51FFB5432549D16EDA
SHA-256:	54DF3455D10F014E259407005C4DD49B87601A03F7AF3C4F7CFFB3FD2559367A
SHA-512:	F3BE7CF68AD868FF890D316C18CE4C5C714E96E396E3410769851ADF7A2E1105562BC6777442C57EE8EBEB3D6D42B0EA51EF1E6F28B86B3F6C985E7C21A6AE09
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/js/th/VN80VdEPAU4llAcAXE3Um4dgGgP3rzxPfP-z_SVZNno.js
Preview:	(function(){var V=function(X,Z,H,v,m){if(v=(m=H,P.trustedTypes),!v\|\|!v.createPolicy)return m;try{m=v.createPolicy(Z,{createHTML:d,createScript:d,createScriptURL:d})}catch(I){if(P.console)P.console[X](I.message)}return m},P=this\|\|self,d=function(X){return X};(0,eval)(function(X,Z){return(Z=V("error","ad",null))&&1===X.eval(Z.createScript("1"))?function(H){return Z.createScript(H)}:function(H){return""+H}}(P)(Array(7824Math.random()\|0).join("\n")+'(function(){var Q=function(Z,X,H,m,P,d,v,I,V,B,K,D,t,Y,b,k,f,g){if(!((Z-(32==(Z>>2&((Z>>2)%136\|\|H.l.splice(X,X,m),55))&&(g=(P=l[X.substring(0,3)+"_"])?P(X.substring(3),H,m):Q(25,X,H)),6))%178))try{for(k=0;71472575648!=k;)P+=(D=(b=m<<4^m>>>5,-4+-2~m+-1(b^m)+-2(~b\|m)),I=(k\|0)+(d[(k\|0)+-1(k\|3)+3]\|0),(I\|0)+~D+(D&~I)+-1(~D\|I)),k+=2233517989,m+=(V=P<<4,B=P>>>5,(V\|0)+2~(V&B)+X+-1~B)+(P\|0)^(k\|0)+(d[Y=k>>>11,(Y\|3)+X+(~Y^3)]\|0);g=[P>>>H,(t=P>>16,-1~(t&255)+-1),(K=P>>8,-1+-1~K+-1(K^255)+(~K&255)),-2~(P&255)+-257+(~P&255),m>>>H,(v=m>>16,-1+-1*~

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bitly_warning_hand[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 77 x 78, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2496
Entropy (8bit):	7.761077353306434
Encrypted:	false
SSDEEP:	48:cJ6R6Ll1tzB0jGTdaGYzXxbCtdT31hGP33NcD:YLl2jGwGubCth31gaD
MD5:	5DA4C636D5E9A03DFFB9DC2052B1390F
SHA1:	B6B83F51C2ECBE118193EB84F7CA8FDDAC79FA1A
SHA-256:	DF60E8E9AB468A0075E0EB85959BA050F6DC1AAD58248EEB627B8E21BA22CF58
SHA-512:	B56B31D51B0F01E495D8654FB4A3661D6328F3B9DEA4F6813B9F67114C1CC731AE825B194BB285D4621261D0AFD37D617CBEB00A8F5248118B18331278A5FD3D
Malicious:	false
Reputation:	low
IE Cache URL:	https://bitly.com/s/v468/graphics/bitly_warning_hand.png
Preview:	.PNG........IHDR...M...N.....RCk,....PLTE...qn.'%.$..A8..........H?.;1."..'...........................)&.6-./).+"............................40.P@.J:...L@....\|p.?>.2..N;....<:.IE....D1.d`.............A3.............1"..4 .B..8#..;..95....=).31....#.....+........^[.vp....81.UP..................\P.&.....B@.......n`....TA.H4.......!...............8'........../..86...................PM....}z....G9............1!.....tRNS................................................................................................................................8.Kg...oIDATx..[.....h"....L..O..R?..8..E......V..6XW.2O{..T...~.&..C..w]{...}.........ld.........p..;h...l.R.;<<..T..o.....Z....{....e.lM..^.}u].I.v.^.......XR++..2D.7v.....!.D.L]\.........Z!P...@wZ@..'.....Z..A...'...g..YDA......H y.~f......R.@...........Z.......o/..Y\|...[....B{.0#.G.).E.c'.o].kb..G.M.Ti..N.g%..5Z..\|...}..=U..[k~Q.^Na..>~.Q.0..v...W.njyZ....BV.....-.-........N9..x*7-e..Z.......H.:.9..j.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\captions[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	53666
Entropy (8bit):	5.552281237236392
Encrypted:	false
SSDEEP:	768:IJ+NFNuqtcbhT7GxiWg6SQtMtA20I9btEpA5U5NxRvkf21b1pWbgJ:ISeGxpgP4qtEpQUzxRMebXWbgJ
MD5:	A7F45D66E5F6C4DB45B09812E0D934A6
SHA1:	2475EF6B86BC8DA891444246B868517A08DA3FC1
SHA-256:	8C866D29502264D147DF219F48D2AFE0A34CC24B176DBA101077E3D631F191B7
SHA-512:	2D6124C939C2FC32F144A57831B4F99D7C31EBDF3D2CCC70D239A258E8B8B38D3FFBB3BB2F0B268864E2BC31E9B391B44B010E703771AFA4D48E36EE1E35DA63
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/player_ias.vflset/en_US/captions.js
Preview:	(function(g){var window=this;var z1=function(a){var b={languageCode:a.languageCode,languageName:a.languageName,displayName:g.QH(a),kind:a.kind,name:a.name,id:a.id,is_servable:a.u,is_default:a.isDefault,is_translateable:a.isTranslateable,vss_id:a.vssId};a.translationLanguage&&(b.translationLanguage=a.translationLanguage);return b},A1=function(a){return a.translationLanguage?a.translationLanguage.languageCode:a.languageCode},wEa=function(a,b){var c=new g.PH;.c.languageCode=a.languageCode;c.languageName=a.languageName;c.name=a.name;c.kind=a.kind;c.isDefault=!1;c.u=a.u;c.isTranslateable=a.isTranslateable;c.vssId=a.vssId;c.url=a.url;c.translationLanguage=b;return c},xEa=function(){this.B=[];.this.u=[]},B1=function(a,b){return b?a.u.concat(a.B):a.u},C1=function(a,b){switch(b.kind){case "asr":yEa(b,a.B);.break;default:yEa(b,a.u)}},yEa=function(a,b){g.cb(b,function(c){return c?a.toString()===c.toString():!1})\|\|b.push(a)},D1=function(){g.B.call(this);.this.B=new xEa;this.F=[]},E1=function(a,b,c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\crypto-bg5[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x255, frames 3
Category:	downloaded
Size (bytes):	65544
Entropy (8bit):	7.979387028234773
Encrypted:	false
SSDEEP:	1536:W/hpbbjZDtpVQ4u3oDZAKdwNxKA+/NFCK1dgepqkoVJ:chpXdDtEoDCPxy/NEF8S
MD5:	4CD412E4E591728799D4B8F67F759FC9
SHA1:	2D6E6A07DAA99FDD95C89E97FEA91A85FD30223E
SHA-256:	F40F4879447D21283B945EF0D9A5F859721F0F4A91A9BC5EBFCACF1867A5C937
SHA-512:	2C047A9690459483DFD51DEC9E4F9433D7511AFF7C1AEEFE13F46054860F90E1948A322AC60F9F14EEA091400EB482673C41CB31A82056F81B8E40175FDEA3B5
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/crypto-bg5.jpg
Preview:	......JFIF................................................................"..."%%424DD\.................................................."..."%%424DD\...........".................................................ndm.F.)f..B1M.4.UA.........n...3..m.W.....g.i.... ......V..1.....0.n.=....E[..b.y.@.z,..io.}b.'..]p.@..:H....x.....3m.i..c..1l.64+....>.].s.}...Z.zj.;Es...L4).<.f<.9!......i....!.....sg......5R....(...(8.R..;e..E.XPoG....T...v.T}c.\.l.n....P\U.}.H.1..{...GS.4..c.MN..Z...qA...u...5w...................L..N....5./..G.....g.bg...lG3..lv......,.]..&MJ.....e..+.!.h.gM:.g`...H...8i..}...].YE.l..Nb.U..}.iW..U...{.[.g,m.N.L.$..7.u.<...^N... ...;..,........y..m....@...F..<....k...2Z,^..V{.c.K_/.zhV...Eb.........T...C+.@.;m...0.%kdh.:.b/...t...r%h399q.......F..Y..J..S......W....t}j^v.^ui....3P....$.C.S.j.U..<.t...II...Z.....U'.i.Z._9v.K>..w*.~{Y.}.duE..l.9.l...8....{-..=R.v..p;...Kj..`..(>-..U.....8<..V....q.z.k` .X\LPv.y.<.........7D.....3=X..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\crypto-bg[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x680, frames 3
Category:	downloaded
Size (bytes):	198572
Entropy (8bit):	7.9873707419889035
Encrypted:	false
SSDEEP:	3072:ZGw+7hZvPBwe4n+47p3Bb7E3YZJ7wUJCYN7YQXApIhkt/rASIpay9XJY:j+rRYn+okUJC87fktvy9XJY
MD5:	4BD86D0C4BF31D0605F3764D5F70BAD8
SHA1:	4B1639E3DB330045D9BADED6CCC77DB33A579CC9
SHA-256:	EB4A241A258335276A24918491EA408682FBC24073073B610C63E005887CF868
SHA-512:	DE1DAE412DBB81BBBCFE4935BF07AD57D9CF1A018879D5654B318CA80AC1BCF0ED54573037C702A1E99997AB7E85992785E6C01E0D9B22DACC5EBDE4A6E19820
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/crypto-bg.jpg
Preview:	......JFIF................................................................"..."%%424DD\.................................................."..."%%424DD\...........".................................................S......B.....f....t\....\lPuk...&M...Q"%l......5.Z.J....n.G[..d...>...y....I..;.^.u.5m.+.s>.Y.UoNo.3....eZ$..@.J#.7t.U.k3#.\.a...H.[r.#5.p.....{t>.H."....(....'<Ikp...vm.......cN.7.ds'd.t..u.......2o=.yP.W0.N.....j.t\0..D.Q...&..s..I..A........r...k5.s......f...jg.(4...].....u.O..T.R..3h.p.~....e...o5....f.vfYm.Z..J....ET..sw.<.....u={...B.u.....(Z.vc.....(..........v.p.W..z.9.Z.g;.%..<..\|y........u..#..>.........J]s..ah'Z....n..43{.f]}'2.8E.......ss.\|.......h..=a..w.y..e.6t.sX.^. ..c...X.mtb[r..2UGY...2..Kq{.)...jbC....[q..r>t....EQ..b.j..Y.o.Qr...CU.R..n..oz..C.+ Z.w+.$.U........u=...QT.U...]WN.:...........X...b.U.eH./k....8N.....'.v.oBSG.:^E..sX...r.....K..L.f....9......>.....`..f.r.A..B9..>.(;'..i..y..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2997
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
MD5:	2DC61EB461DA1436F5D22BCE51425660
SHA1:	E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:	A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	29024
Entropy (8bit):	4.75017947243935
Encrypted:	false
SSDEEP:	384:gu5yWeTUKW+KlkJ5de2UYDyVfwYUas8l8yQ/8dwwdG:Llr+Klk3Yi+fwYUf8l8yQ/eC
MD5:	D701DD0C642033E7EDEEB7A68A7493D3
SHA1:	36D476CB43B8F544BF033FB7D9FE7FAB4DA577EF
SHA-256:	2DA51C3FF41E5746CDEA3C75F26A28C3DE6314BDACC2BD9A6EE37A6FA828B203
SHA-512:	4150E21AA80D454854A09F57C6DBEFFE91D4668FC6BB3C565B3F1264E3504FA0B53538B03CD44115F4DC917661B8AAC0BB9DC88A6467B7FB342E83761310D314
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.6.3 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont_1.eot');src:url('../fonts/fontawesome-webfont.eot#iefix&v=4.6.3') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../fonts/fontawesome-webfont.svg#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{pad

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\getdetector[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	216
Entropy (8bit):	4.621144836528548
Encrypted:	false
SSDEEP:	6:E7EUyWlyGeqHnM3+mMwEz3+JQmQf3rNiUrAewAn:ZWlzM3+EMP37NiU7
MD5:	A63BDBBE2078E8E2AA6926D427E903B2
SHA1:	29F3B6915E87350FED21A51056CE2DFD84772267
SHA-256:	AA4FE92E09F94671F24E453A8CF9527C0851F65B608C7F9FAB304608353AE354
SHA-512:	3ACAD374E8E231DC03848B37270C405D26F20A124085C162F9369CA36085C39251483386C8D54449C0DD77F685174441BA63C08ADA41B96F0A6229CCE59FE8D6
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/getdetector.js
Preview:	$.urlParam = function(name){. var results = new RegExp('[\?&]' + name + '=([^&#]*)').exec(window.location.href);. if (results==null){. return null;. }. else{. return results[1] \|\| 0;. }.}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\glyphicons-halflings-regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23424, version 1.0
Category:	downloaded
Size (bytes):	23424
Entropy (8bit):	7.979178151305869
Encrypted:	false
SSDEEP:	384:3KH0SsEmXiuhM8/sUn9HyuJhk42a2KuDAwtGqCEFznq4yVL7SFykJMJd:3KUSsEHDUn9HBk4VV0UiFr4L7wU
MD5:	FA2772327F55D8198301FDB8BCFC8158
SHA1:	278E49A86E634DA6F2A02F3B47DD9D2A8F26210F
SHA-256:	A26394F7EDE100CA118EFF2EDA08596275A9839B959C226E15439557A5A80742
SHA-512:	F5366AB255AFEFE3FE06150E8509E776B5618FF50FE3E0FA8E4D715D645B1E44DDF3AD185E21DF1A276E08B3707F55866CB2A83D2F325A56885FCB8E57A74A67
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/glyphicons-halflings-regular.woff
Preview:	wOFF......[........\........................FFTM...X........m..GDEF...t....... .D..OS/2.......E...`g.k.cmap...........r..cvt .............(..gasp................glyf......M.....}].ohead..Q....4...6.M/.hhea..Q........$.D..hmtx..R....O...t.. `loca..S`...'...0o...maxp..U.... ... .j..name..U..........,..post..WH...-......5webf..[x..........TP.........=.......v.u.....vs.x.c`d``..b...`b`d`d...,`....H.J.x.c`f.f........t...!.B3.a0b...................?...@u"..@aF$%....1......x..?hSA.....iS.....m.44...,.q.PK. q...XE.].(..2.......].. ".E..D......i]D.ZJ...\....8.....w..w.........V".F....pU........(.g..K.4O.n.;.N...R.{.g`'!...P.M.UHE.J........Y.q..9.c..<...U..9..!..Q..I..Y..-..KC....+....U).Q9.4.J...Yp.]Nq..9...q..yV.V..n...)..9....[..{.....v.V.......FWb+.+{.>...a\|..*..g.Q....,K.<'....<!..r.Yw.....y.<q.9..{-]....c...]o....I...!0l6..7.......{j.G,..OX..^.P..d..Q......{,.M4.c.(QBX...m!.K.,...Y..Ha.2...}........0B.A.).F}..,.Q8.......'A.5..(.>.W@..Ex...D...&.U...d.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.validate.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	22688
Entropy (8bit):	5.223240277623455
Encrypted:	false
SSDEEP:	384:QNrHpjEC+JY6/tNAlHsdkMiKnFpY54LOdANtc0Eny+RWgW7N3rwV/vtrx+OLDJgy:C+JY6/UlHsdkMi2FpY54KKBEny+HxVR9
MD5:	C4499184878D17D8AF6F4181C0D03102
SHA1:	C5A2FF013FA357C1D2A6571B5D8E658E670080EA
SHA-256:	AA1D80CDF0990E97A21069AB16C048EF90A35DF1165B87D19ACCABD7C4EDC860
SHA-512:	0DA5E2CD6EEB9DE26233F5CE9D341543BC0364154D5DFE54F6B13CF013D8850704438A63684665097E61818DFEE02DCAF758DF7695166F3F2DF262FF8350434F
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/jquery.validate.min.js
Preview:	/! jQuery Validation Plugin - v1.15.0 - 2/24/2016. http://jqueryvalidation.org/. * Copyright (c) 2016 J.rn Zaefferer; Licensed MIT */.!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery")):a(jQuery)}(function(a){a.extend(a.fn,{validate:function(b){if(!this.length)return void(b&&b.debug&&window.console&&console.warn("Nothing selected, can't validate, returning nothing."));var c=a.data(this[0],"validator");return c?c:(this.attr("novalidate","novalidate"),c=new a.validator(b,this[0]),a.data(this[0],"validator",c),c.settings.onsubmit&&(this.on("click.validate",":submit",function(b){c.settings.submitHandler&&(c.submitButton=b.target),a(this).hasClass("cancel")&&(c.cancelSubmit=!0),void 0!==a(this).attr("formnovalidate")&&(c.cancelSubmit=!0)}),this.on("submit.validate",function(b){function d(){var d,e;return c.settings.submitHandler?(c.submitButton&&(d=a("<input type='hidden'/>").attr("name",c.su

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem8YaGs126MiZpBA-UFUZ0dbck[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 11748, version 1.1
Category:	downloaded
Size (bytes):	11748
Entropy (8bit):	7.936768192726114
Encrypted:	false
SSDEEP:	192:WvbKTQEqRZwNuRRMdDn1rPXYaDbsV0urQQtbkEARTRBysE9md9UGEbuNXVJ6q:Y6QHZbRgn1DXLQV0uUQtkEcTXE5TbilN
MD5:	4414FFA353949D94D33AC84AEA661689
SHA1:	5BA835402994A500E1B3A434774E268B636DE654
SHA-256:	EAB332B4BC5D1248A252B4BA66A20B2F80ACB5C28214E08E5DD6B479B2FBCE41
SHA-512:	206BD615BBED60B4B639A98B74DF23FEDD34FDA86C48C8728AD841FE7D6B11BBDFF910ADC84E4CA0B9BA35A43331A97CA1B7ECBE9802B9E1A864B4603A1300BB
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFUZ0dbck.woff
Preview:	wOFF......-.......G.........................GDEF.......%...(...7GPOS................GSUB............l.t.OS/2.......Z...`....cmap...0...s....WD.mcvt .......Y.....M..fpgm............~a..gasp...............#glyf..........1..<..head..'d...6...6..cphhea..'........$...Whmtx..'....j... ..>.loca..)(........e.p.maxp..<... ... ."..name..\........&:A.post..+L.......?..= prep..,.........C...x..........,..P..1.}.`.....-.+./....................................latn............x.c`f..8.....u..1...<.f......................8....1....AQ.M...C.G/S....\|.....6 .....77....x.4........a3\#.%..$.Rj....:.^.i..p........D.@....)....i.......B..6.XG...{u^Yx.....8...nA.2...m.:...h.d..o...U...x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG............K{..L:548..gqV..#.......C\/..?..K>...X =.G.^7..(".#1Q...zd......z.....u....V...3...j...5...(yR\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem8YaGs126MiZpBA-UFWJ0dbck[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20952, version 1.1
Category:	downloaded
Size (bytes):	20952
Entropy (8bit):	7.971209772717252
Encrypted:	false
SSDEEP:	384:+fHsQHZKRGTguTXbWr66HMFXxgcu8Gl4gbo3Gvm2TLFcxiMKinm:TcgErWm6z4io2NTLFcxNrnm
MD5:	4203A602A9A1FB3B1DDAE2E73FAEB103
SHA1:	539D0ADA263D07CB0469BBAE930C1D79547A9A86
SHA-256:	910715ABDBEA35537BD834A34D12AF8A172030C37DF99F14A678D816716C03B4
SHA-512:	F0FC854B1D08B3E98C88F78CB23560043EEC1F5D066D814A1C246E80178C863A09631D5B9F61B7326274D15DC901FDC37BA98BA1A8505EF271E9559F9FE02245
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWJ0dbck.woff
Preview:	wOFF......Q.................................GDEF......."..."....GPOS................GSUB............l.t.OS/2.......V...`....cmap...(...Y...d....cvt .......Y.....M..fpgm............~a..gasp...\|...........#glyf......As..g.\w..head..I....6...6..cphhea..I8.......$....hmtx..IX...8...p\|.S1loca..K.........s...maxp..ML... ... .v..name..Ml........&:A.post..N\.......J.P.^prep..P.........C..........................)........................................latn............x.c`f..8.....u..1...<.f.......................:.;38.$......ah..e.P``...c.`.......=.....x.........._M@H].@.I@t....IAu..m1.')Q.I.P..T..t.L,..<y....32.m<..v.i...?.....>.4...........x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG............K{..L:548..gqV..#.......C\/..?..K>...X =.G.^7..(".#1Q...zd......z.....u....V...3...j...5...(yR\.<LU.Z.c.QC....l....L..L..,Ix.6

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\person-bg-3[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	729
Entropy (8bit):	6.312061094659271
Encrypted:	false
SSDEEP:	12:6v/7SY/6Ts/HG0WqKVb6IOwVPeelMIKNhc1+aNh9OYwyMg4QsU7:W/6EtWq6b3fRKNuh/n4Pu
MD5:	4BAF91E3867CBE9EA669256DE1908B64
SHA1:	A4D2A36050C7B119429ADACAB19E5C273637D67E
SHA-256:	598F31A9800098D4F60B3F4EBC0AAADAF5AB167F99DB9E709B1181EE0EDED4CD
SHA-512:	8B3E00AB6767C38B4BB99EC4B52ABF11B39C908644A4DEE6DB90AC8AE58794554EB518F592E7ACEC9FCE938BDB676D743EE3D9D036AAEB89DD8D4467683421B0
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/person-bg-3.png
Preview:	.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a....nIDATx....M]1.@..T...5PB:I...:H^.@Z.................{`.'y...W.zSK.!+9..[y...Yy.....~C...G.".T>;......... ..;. ..... ..... ..\|.. ..\.. ..<.. ..... ...]. ...]. ...-. ...-. ..x-. ..X-. ..8.. ..... .A... .....W~.u...2...&.2...f.2....2.....2..S........L..k. ......u.+%.k..hXs..v.......oa...O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O....O..........a...R.6.V.w..7... .Nj.@......:kk...-....B ......:om....5..`..B ..Z....ki....%..`.B ..[.....R....K..`..E ..:...&.T....S..`.E ..;...&......... }.@..>B .X.....[.....C.uR"x..$.>e.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\script[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	3278
Entropy (8bit):	4.94455519481222
Encrypted:	false
SSDEEP:	96:LRWmO0qh0xUeSNIyt+gxnMDlDPbVNdfoYKCNJGgKv:9XO0e0xUeSNIytPxnMDBbXdftNJFKv
MD5:	8E606E8B084B9CC7378EF6D0F5BB97FC
SHA1:	A36B3E9D6E5CE2788851A2DDEE8A174A7949764E
SHA-256:	1973E3F447E3D0F5B1E4DD6AA9EE87C7E32FE9808DAC20718ECE1079E3B1735B
SHA-512:	D8D3AEE34807966F6DC3663962CE0355E071A3F357D8A51106EF846B1CB380C31085E02EFC617B7F99F6AA29FCD1AA922369369420CF03299A12B004FDF540FB
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/script.js
Preview:	function applyWhenElementExists(e, a, n) {. var t = setInterval(function() {. jQuery(e).length > 0 && (a(), clearInterval(t)). }, n).}.$(document).ready(function() {. $(document).mousemove(function(e) {. e.pageY <= 5 && $("#exit-modal").modal("show"). }), $("#modal-close").click(function() {. $("#exit-modal").modal("hide"). }), $("#modal-close-button").click(function() {. $("#exit-modal").modal("hide"). }).}), $(document).ready(function() {. new Swiper(".swiper-container", {. direction: "vertical",. loop: !0,. autoplay: 7e3,. onlyExternal: !0. }).}), $(document).ready(function() {. function e(e) {. return e < 10 && (e = "0" + e), e. }.. function a() {. var e = new Date;. t(e). }.. function n() {. var e = new Date,. n = e.getTime() - 6e4,. r = 0,. l = 6e3;. for (i = 0; i < 9; i++) {. var o = Math.random() * (l - r)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\swiper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	96824
Entropy (8bit):	5.2381914247548735
Encrypted:	false
SSDEEP:	1536:mOC3bgML3Z34RntLnw1HlBoW+B9J75h5KtI5GitEll/nXEBTO:8rgrkKGoI
MD5:	5A5CEF826D45FF6878FF5A2B41EE8C7D
SHA1:	E1C289508360ECB73E122C7E41E7378AFCBA80A2
SHA-256:	EA8C5DF320F2B420D4C8A074EB2CE1F9274827E1711954BFD6B01DB9DA4A5D3C
SHA-512:	93BEECF2957476B7343D5D978D49EFACDE6B3B308B7122551FA031B8F74FCB8DE9F8D18286CA9EC90760AAA0DC968983E57FE64D703125BBB6C659BA09F349A2
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/swiper.min.js
Preview:	/*. Swiper 3.4.1. * Most modern mobile touch slider and framework with hardware accelerated transitions. * . * http://www.idangero.us/swiper/. * . * Copyright 2016, Vladimir Kharlampidi. * The iDangero.us. * http://www.idangero.us/. * . * Licensed under MIT. * . * Released on: December 13, 2016. */.!function(){"use strict";function e(e){e.fn.swiper=function(a){var s;return e(this).each(function(){var e=new t(this,a);s\|\|(s=e)}),s}}var a,t=function(e,i){function r(e){return Math.floor(e)}function n(){var e=b.params.autoplay,a=b.slides.eq(b.activeIndex);a.attr("data-swiper-autoplay")&&(e=a.attr("data-swiper-autoplay")\|\|b.params.autoplay),b.autoplayTimeoutId=setTimeout(function(){b.params.loop?(b.fixLoop(),b._slideNext(),b.emit("onAutoplay",b)):b.isEnd?i.autoplayStopOnLast?b.stopAutoplay():(b._slideTo(0),b.emit("onAutoplay",b)):(b._slideNext(),b.emit("onAutoplay",b))},e)}function o(e,t){var s=a(e.target);if(!s.is(t))if("string"==typeof t)s=s.parents(t);else if(t.nodeType){var i;return s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\volume[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	875
Entropy (8bit):	7.511760855505471
Encrypted:	false
SSDEEP:	24:ha2FCgVxHNYUwvdLL9+YAICX33ne/9XgZtD:hZCUfBwFLL8vT3e/9XgZtD
MD5:	25209F54CCEEB6AC42097D82256CBFAB
SHA1:	A2CBCFB42B1CE89A17AED8BF640B90F057319390
SHA-256:	CF53BA9A7F63136E884DA82519C4F9343A04B1F56C4AD19B8014A91078F88E77
SHA-512:	3339857CC88D309A443D1ACA56CFDD9CC8C6C7B4BB080EBC01B55B19E7F5A1CB34959BECC89B437DA7FBFA745F95ADF6D232BCFA48CE7DF8A98000BD59AD3D62
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/volume.png
Preview:	.PNG........IHDR.............f.:%....PLTE.............tRNS.@..f....IDATh....m.0..`.<...v..B...m].KQ.>. h.,Cd6KQ...d..#....R^..9..o.3......9.........I...,..7.".....@..A&P.{P...T..<....\f.E.'..@....2.L.GY..\|..A....g.....`@.QF.......H..#>.j..Z,...@_..p..W....@j.....U..2..r..,...].mK..s......2wI ..D.\<l..@..L k.b.,...T-..ZO..).DA.......o.l.....$.YkHfA..i.l..W.. ..hV.<..B......... 9.Z.....Q..tWYP-......w.<....2..`..N.x(...r.......AB.y..Oa.J........e..@..A.U.....y.K.E.G@S..\|.zFz5.R.... .... ..E...5...w.......(=.C.70....c 1.=...@.).....9.. ...'xo.m... ..`.P%....V..+@.:pb.._@.p ...v....@.V ...~=......'...<.....0?...P......X....].\0\Q..&P.T.\.\.Jtu.....Ee.(9...Pmn*.U..P........".....&.....r.`p.N..i..v....7au...B.}..m....E."Cq@....X....B.l....B...,a.B.I.Ui.C.n... ...-0S...$.I.K.K...<..ls...&%^..I-O......<O.........S...w.O..t..o.F......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\warning[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	6941
Entropy (8bit):	5.283670732647188
Encrypted:	false
SSDEEP:	96:aSb9yXLtR4v/UmIdQtUB3dzEgg9m1Q5gxA2YOJeIuYTGqLNuWzbbNL4QtoKn5:aSbcLtR4UDK2B3dggg9mwKUouYKHWztH
MD5:	F7375064853C04304FD5097A60DAD74B
SHA1:	DDC1D3D3665527E4A8F62B90F1CC0C8308035E8C
SHA-256:	8848B76D769E5F83DEAC17AB83F5CE7D7F79AE16F9C25E6654BCF1F2A58E6A1D
SHA-512:	D186DE0130E537B741577C842215D74C39B2209AC01BFA4D54B3D11586C3FF1A3F976D428A11D2197AB67BB009D50B556B98330CF3EDC5B936B448A0313D8FC7
Malicious:	false
Yara Hits:	Rule: JoeSecurity_BitlySuspendedLink, Description: Yara detected BitlySuspendedLink, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\warning[1].htm, Author: Joe Security
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"."http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns:fb="http://www.facebook.com/2008/fbml">.<head>.<title>Warning! \| There might be a problem with the requested link</title>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>.<meta name="referrer" content="always">.<link rel="icon" type="image/png" href="/s/v468/graphics/favicon.png" />.<style type="text/css">.* { padding:0; margin:0; }.body {.font-family:Arial, sans-serif;.font-size:12px;.color:#333;.background:#555;.}.h1,h2,h3,h4,h5,h6,input,select,option {.font-size:12px;.font-family:Arial, sans-serif;.}.ul li { list-style:none; }..hr { clear:both; float:none; }..hr hr {display:none;}.a { text-decoration:none; color:#6699ff; }.a:hover { text-decoration:underline; }..spamContainer {.width:960px;.margin:50px auto 0;.border:1px solid #ccc;.background:white;.text-align:center;.padding-bottom:20px;.}.p {.padding-bottom:10px;.}..spamWarningH

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\www-player[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	345378
Entropy (8bit):	5.242144971538907
Encrypted:	false
SSDEEP:	1536:gzu9IdYR9WDQI0irpHrp3/fn8MZv8M5q4ay95G0hXkMNGOP5kRrDJciM/By2N+Cg:gzu99F7K4gFyV1uS
MD5:	A1DECB3E1899889E7C7AE7942A3B238E
SHA1:	2773DDA63CC3709AD96617623563B646F605FF90
SHA-256:	B1204340FDDD455478893FB7FFBE4C9D24CB7DF52D2867BDD51D0DA687416F3A
SHA-512:	B105D36C9E2DAF94B6230B8BE1FBCFAEC49A6FDC41D76CB3C5D518022E54C3F2C0EFCB68729BAFB8DABC7DC1EF2C558B7B2410FC8A81F66D90E5AD519F29AEC6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/www-player.css
Preview:	.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\youtubeUP[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1808
Entropy (8bit):	4.874803722814522
Encrypted:	false
SSDEEP:	48:hxefusbEmN2qOrAG0CPjGu35WhVjD1vwRZaUOwUn3:ZsIzqQB0kFp+j8Zaqu3
MD5:	5A4093EA2E50ED37DFC07D2C74B55F68
SHA1:	3EFDD490B4F8FF25C9D5C4D4EFF4CDFA143FAE84
SHA-256:	6DAED18152D00583FBC6359E62E2C028A126BD80FBDB416A752A3060CBFDA614
SHA-512:	8044A99408244D3E0879EE27CB4729BE44F2DEAC4C79AB1A4C835F53A1C5D82F78A7171362A00BEF7F219000B5FABEA58CDE7D5C637A0F57F84F91C897C533E2
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/youtubeUP.js
Preview:	. function onYouTubeIframeAPIReady() {. player = new YT.Player('ytplayer', {. width: '675',. height: '380',. videoId: 'Upg0Hvk8tZ0',. playerVars: {. controls: 1,. disablekb: 0,. loop: 1,. modestbranding: 1,. rel: 0,. fs: 0,. showinfo: 0,. autoplay: 1,. playlist: 'Upg0Hvk8tZ0',. mute:1,. },. events: {. 'onReady': function(event){. setTimeout(onPlayerReady, 2000);. }. }. });. }.. function onPlayerReady(event){. $('.up_sound,#volume_up').on('click', function() {. player.unMute();. $('.up_sound,#volume_up').fadeOut(500);. console.log('volume_up');. }).}..setTimeout(function(){. $('.up_sound,#volume_up').fadeIn(500);. },. 5000);.// youtubeAPI.if (!window['YT']) {var YT = {loading: 0,loaded: 0};}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\0WSZOYV6.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\0WSZOYV6.htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 21528, version 1.1
Category:	downloaded
Size (bytes):	21528
Entropy (8bit):	7.973887568128485
Encrypted:	false
SSDEEP:	384:uy/NCb8EbjU+Fos6gaUFZ3qR474EAqAG3w/Qpt/uxMsucMgwtDw031F:7/4zb7o6XqR4+3QptcuLg0w031F
MD5:	9680D5A0C32D2FD084E07BBC4C8B2923
SHA1:	8020B21E3DB55FF7A02100FAEBD92C2305E7156E
SHA-256:	2CFE69657C55133DAC6EA017B4452EFFF2131422ABD9E90500A072DF7CA5A9C8
SHA-512:	E19A498866F69F3D8136A65A5AB4E92CC047170673ED00B506E325165A84216267B9FEF1E5CFD66458E85ED820C12E9C345CEC9BEE4DE48E1C2E2B1A784F179F
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff
Preview:	wOFF......T.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#gcmap...........L....cvt .......R...R..-.fpgm.......4....s...gasp...<............glyf...H..@...o..Na.hdmx..M....g........head..Mp...6...6...ehhea..M...."...$...{hmtx..M....k.....1<.loca..P8........6...maxp..R.... ... ....name..R4..........:.post..S........ .a.dprep..S$.......D..].x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ad_status[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	4.142295219190901
Encrypted:	false
SSDEEP:	3:lZOwFQvn:lQw6n
MD5:	1FA71744DB23D0F8DF9CCE6719DEFCB7
SHA1:	E4BE9B7136697942A036F97CF26EBAF703AD2067
SHA-256:	EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
SHA-512:	17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.doubleclick.net/instream/ad_status.js
Preview:	window.google_ad_status = 1;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap-theme.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	24420
Entropy (8bit):	5.162562295575819
Encrypted:	false
SSDEEP:	192:zZbTbdOHdOqElNEIdxCZdObdOPqKOzfiPOCdOSdOAlE4hKKkBwYYkYYXYYGHO9Hh:5CPEYIK2sqFfWVbKEgB
MD5:	4FD69437CA5594C2AC640DB5359A08FF
SHA1:	166F3B40E661F7ADBBB34D560638A209BF71D9D2
SHA-256:	2ED1FC6E7590340A5451F60EC2099DA0043A1FD403B97F8D6C860259C02B71E0
SHA-512:	09EE928E48A6686EC73596B0B88E1BEA4F8A29D559546CDF1739AF6C1D8477A40064CEEEC82FE5FF69D2D09D7C14D6DE0D599FF18AF81B0CE59E81AAF6D17B3B
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/bootstrap-theme.min.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2017 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /../!. * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.3/customize/?id=b16ae13905aee59b946c54fd555cc80c). * Config saved to config.json and https://gist.github.com/b16ae13905aee59b946c54fd555cc80c. //!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.btn-default,.btn-primary,.btn-success,.btn-info,.btn-warning,.btn-danger{text-shadow:0 -1px 0 rgba(0,0,0,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075)}.btn-default:active,.btn-primary:active,.btn-success:active,.btn-info:active,.btn-warning:active,.btn-danger:active,.btn-default.active,.btn-primary.active,.btn-succ

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	121297
Entropy (8bit):	5.1076157453201425
Encrypted:	false
SSDEEP:	768:NGxw/CIH4UVtPn+uI60H1UVqoeqhRttZbZbVVyN+O+trlfRnscAQUYQzaa:2w/xbBI60H1UVqwRvdV5xpnskU7
MD5:	11F9409EB523CF592100E45BFD00F274
SHA1:	36AD37B371E41A0640A9887B3C9FBBC11C40B70F
SHA-256:	4940CE8A9496616DC9A2B0E43A302FF2979F4B943A8E66BB00AEC094E71CE4AE
SHA-512:	B2D8272DC31AC62949D5AC005C3538EBB04DFC46D9B8D93F7A8E580E84815C7B7CAA25A599EC6F03855121E1FD3D84B7B868C84C482F436F662D0C37D794CE4C
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/bootstrap.min.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2017 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /../!. * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.3/customize/?id=b16ae13905aee59b946c54fd555cc80c). * Config saved to config.json and https://gist.github.com/b16ae13905aee59b946c54fd555cc80c. //!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{backgro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ceo2[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x379, frames 3
Category:	downloaded
Size (bytes):	22253
Entropy (8bit):	7.972582245876852
Encrypted:	false
SSDEEP:	384:5yV/qb8O0UwHb5njKsOxl8f5Q6vdGaqXQT9DW+szkBhvJwBSRBOEw2w:f8Oe+HPgOXUJczkFqcOEfw
MD5:	EAE1B44D3F0DA4EB91DB9B3DDFBC796C
SHA1:	E756E3A24160D8A9B511A6169B692CFDFDFC8F57
SHA-256:	1ACD820ECD80BBA41FD07F8AB945B09AB5DC73B4F4CD20E1F1FD9E9AE1AA7AF4
SHA-512:	0CAA918C1CB2ADD83444F5EFFB8028E170ADCD31CCA00F0A4C99BF8CF1DE9C7BFF60A7AC030A069BE946E75346E6929691725E9BE54805B270BD66A58BBCF21F
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/ceo2.jpg
Preview:	......JFIF................................................................"..."%%424DD\.................................................."..."%%424DD\......{.h.."..................................................6&b.H<...6x...#)$=.$Kp.N...W5..8.xd.J...6...W.X.v.G~.A?..B.Dd....A.........X...,\|W.M..2.}..j.ID+J6........E`1......mK~.M`...N^@0...G.$..G.w..O].d.+m8...H.....b[ K'!.A....Fw] .h.?.m.....sJ.F!l....1.(....,..L..y....AE..n.........i_.[f\cL6.2z!....Y9.....(.n..%..Yo.".I...6m.q..+f.L..a$..l`,...._.t....a.cS.....M..v......:.X....f.T....+...>Bt.Y$....Z.C.jQ.;=.a..+F...U$...<l.{.9.:$"..0.:p.4!J<u.[.......i..P...!........0;0.~t[8,f2..u.W ..;-..,xK....A,.`....Fk..W......$.rYkj.,.[.<c.\|.1...(...A.....XRW.F..CBS..R..^..Z.n...g5Q..M)F>.U8.....Tj..2.(..$..qU.i..}.d....C."QipI..........P.<.a...`ml$..}....T#....H.")..l4.d..<={=.dDK.f....]lw..0.:.N.....d.....g%j..,..).Y.G;.0E-..]i...jI..6u%...."9...N.&Z.....v.._..C!.7..U..U.g.....ggE>J$.[..[...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\commonJs[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	12414
Entropy (8bit):	5.624218103982076
Encrypted:	false
SSDEEP:	192:zfP8F6YNWhNZukNEhLIh/T2a8CUXJC1pUlehyCazFWlMHl1iPmm:C6Y0hNAkNGyqa8CUXcHUQhx6g
MD5:	D19C547F463B9602093F53E81ABEC0E0
SHA1:	094D013717210C45191A8817174E8FDACF19C0C1
SHA-256:	5DA0154771D7BA49B314EA05D22C8CCA6CD44D13F5AA0476D1222D43A1C80441
SHA-512:	D2E9FE2A95EBA8A663D56F3122C74FFD76128FDB60D03F2C999CB002A2CEA30576D6B2BBBCF4FFB240CDD63AFB59797D5316460B80F8629BA52BF0CBBC582D73
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/commonJs.js
Preview:	;..$(document).ready(function(){.... // ......... .... ...... current_url_____________________________________.. var nameUrl = window.location.host;.. $(document).find('form').append('<input type="hidden" name="current_url" value="' + nameUrl + '"></input>').. //END ......... .... current_url_____________________________________....});....// .......... ....... + ...... . ... .........._____________________________________..(function () {.... function getSearchParameters() {.. var prmstr = window.location.search.substr(1);.. return prmstr != null && prmstr != "" ? transformToAssocArray(prmstr) : {};.. }.... function transformToAssocArray( prmstr ) {.. var params = {};.. var prmarr = prmstr.split("&");.. for ( var i = 0; i < prmarr.length; i++) {.. var tmparr = prmarr[i].split("=");.. params[tmparr[0]] = decodeURIComponent(tmparr[1]);..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\crypto-bg3[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x561, frames 3
Category:	downloaded
Size (bytes):	72875
Entropy (8bit):	7.982451136144018
Encrypted:	false
SSDEEP:	1536:/Te4WX+Olnw8aXENfqNGZncKrfMbHxyfnHPo6I6XKz8A2K4L:Le4WX+OhwDElqNGiIfMbR0HPPHXKgA2N
MD5:	45C9413D8F15B741E8FF7F2AAF85B303
SHA1:	F34670578B5F8CF9CC2D34556A6B1E539DE4AD6D
SHA-256:	1BFFD19E3E500AB81604C5CF5CC25AED6E124C8FBD62027786EE092861D7D0E5
SHA-512:	470F29F850929151D2FBE14D9D43966E95C0C98E635CDDC68CAE79D12F746643394E8DC0C6CF81537311E6865C0141F7101A14B2DBB050323E911D4829EE9AD3
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/crypto-bg3.jpg
Preview:	......JFIF................................................................"..."%%424DD\.................................................."..."%%424DD\......1....".................................................I...S.5.....T)...G>.#W..y.....w....g..........4...m~e...Q......b.+. ._$.WdD.......-.P..@.....t.]>..\....2B.4..Z..kW.:K.=.$.9.........Kf.!..q,..$T.........&.[.h..DDA...6'.h..U.J.J.bX!...._....".....,.=>...;F:.LB.i.7._.....c.m.......5:.2Z...Y....G....&.&..e.,...EA..DA..5'...$.dcc`...D.. .=.........6.O....Q.....i.&.7..Af.<v.0d.B...2.b.oE_&[7..j...3.GF.\|...Xn.5RY...."....U..,:.".[...1......QD..sT..PA......:]..Q[..Pe)'H]6.Dz.$.Z..T,...F..w_#B<...5....p...qQ._.z.4...C$...`..h.A....F..f.u..P.t.....(.. *...P....e..5.....'.@..c3b...W.Nijt5.hP..f.N.3S...5....B.g........k...SA[..0..+F.4.@.......Q..U@.....U.T....T..P&..5D..h&s.H.}Ld.$Z..h...9.f.~........"[W.....g..[F.\|..Xf.<.^4y.. """.......n.V."....U....#...Q..T.....f..5C...e..@...Z....J..3..c/F.1...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\endscreen[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26614
Entropy (8bit):	5.357647755187309
Encrypted:	false
SSDEEP:	384:BwRewo7wlbUsJuaXEOTrMIIETKYLPUrJ+Y0RMFEi9jgDOCze:BwRed7wlbUsJuaXEITKPJ7cQ
MD5:	E847B09CE52615B1B75BBBC0D1D062CF
SHA1:	02D545F95D053DE728B7C437B0C765359D3EB315
SHA-256:	501EAB9736F1B280D94018BE504644CB069937BF52E8AE267CCD51210B5E4E73
SHA-512:	8509791850FAD1480DD009063AAC1B2F1350DAB9777DAD0FE0A3ABC9F37572C6862896CDFD91D2413AA6DC478D2FC110FFE0D47DBB06F3E9A96AF437D87E8140
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/7bc032d0/player_ias.vflset/en_US/endscreen.js
Preview:	(function(g){var window=this;var cGa=function(a,b){a.va("onAutonavCoundownStarted",b)},e3=function(a,b,c){var d=b.Ma();.g.K(a.element,"ytp-suggestion-set",!!d.videoId);var e=b.getPlaylistId();c=b.ue(c?c:"mqdefault.jpg");var f=null,h=null;b instanceof g.rI&&(b.lengthText?(f=b.lengthText\|\|null,h=b.tu\|\|null):b.lengthSeconds&&(f=g.DM(b.lengthSeconds),h=g.DM(b.lengthSeconds,!0)));var l=!!e;e=l&&"RD"===(new g.$N(e.substr(0,2),e.substr(2))).type;var m=b instanceof g.rI?b.isLivePlayback:null,n=b instanceof g.rI?b.isUpcoming:null;d={title:b.title,author:b.author,author_and_views:d.shortViewCount?b.author+" \u2022 "+d.shortViewCount:.b.author,aria_label:b.qq\|\|g.sK("Watch $TITLE",{TITLE:b.title}),duration:f,timestamp:h,url:b.El(),is_live:m,is_upcoming:n,is_list:l,is_mix:e,background:c?"background-image: url("+c+")":"",views_and_publish_time:d.shortViewCount?d.shortViewCount+" \u2022 "+d.publishedTimeText:d.publishedTimeText,autoplayAlternativeHeader:b.uq};b instanceof g.aO&&(d.playlist_length=b.l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.598095574436548
Encrypted:	false
SSDEEP:	48:W54GHe9ZE3+cjG8FpX36hSW5HwPg9ysLBdcwxa:I4GiZE1jxV3c5HwPT4Hch
MD5:	CE0260C17B7F1DBDB7726EF7E8FD8C7A
SHA1:	B0C679DEF36E3CCBB3C39A3F84CE47F87FE38BE8
SHA-256:	4260C4CA799132F04BFA7AF774C1A5F4AC12B775E21D380884D7D08B35270679
SHA-512:	A7A20FB2CEC0FD1B5EBB2CCA577C052F42C803D7A4FF4CD6237809329B85618C8C6A748C7FB9FA595F7F14A3901D05C2889CF7DB41A9F665041602FF88F38EDF
Malicious:	false
Reputation:	low
IE Cache URL:	https://bitly.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ...................................................:..0vT.0vz.0v`.+v...................................9.......:."`..#a..#a..#a.."`...Z...:.......................;""`...0wX.0vf#a...H.../v6.H..#a..#a.."`....;$..............;."`..!_...8..].#a...0v0........"a.."a.."_."`....;........."`."`....:......U.#a...E.X........"`.#a...=.."`...].......;."`...E.f.........U.#a.."`.../v4./u&"`..#`.......H.."a...q..0vR"`...'k..........U.#a..#a..#a..#a..#a...G.......0v2#a...0vX.0vt"`...............\.#a...H.l"_."`..G.h..6....../r.#a...0vv.0vp"`..............._.#a...0vD.....................-t.#a...0vr.0vP#a...0v...."^.!_.#a...0vB.....................0vD#a...0vR..:.#a...Z......H.x#a.."a....;..................... `.#a....;......].#a...H.J......u..........................H.N"`...Z...........;.#`..#a...G.`..*......................F.Z#`.."`....;...............{,#`..#a.."`...H.t./vH./vJ.E.p"a..#a.."`....;(......................:.._."`..#a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\forbes[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 80 x 22, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1655
Entropy (8bit):	7.8314173783204835
Encrypted:	false
SSDEEP:	24:n/6v+24/8lQRsxuQGsmBLr2lkgNYm2Vyj+nNyU5m0G/0Vti9voO1HuT0wkbZqN:n/6v+24GxPtmVrqL2NhA/0Kx1HtTqN
MD5:	29FA756775EA3F0D828D4F3D7E3ED785
SHA1:	308C87D8756DF9251B4730446FB80E653FA581DB
SHA-256:	C12B898379969DF467D7F03C69198F1158761551A1A06BFED333E1609BB101A8
SHA-512:	BBD1862E4B8A0B11E108A5449285E916CF3313811F4A92B3F759651B14435858C8F8F6144B70CA374BB0733D01D7542D6B5B737DAC714AC0A2C68AE1C5ABBE01
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/forbes.png
Preview:	.PNG........IHDR...P.........W.......pHYs.................sRGB.........gAMA......a.....IDATx..Y.Q.H...s...VD..........`"."."."......`#...&.........}=...,....}UkF.QwO.[.+.KZ..v{.~.vvv..L.`XmE.f3..t....BZ.1%"U.{.....8.q>....X.T.....]`KFH...;C.7...5.+..YQ......3u&u.[O.vK.m\..\..n...J(W...)F3...A.`^.....v%...@0q.....M..Z.7d.Mj#..Cc.H.h.Cc.t^..}#y.!a.).Y..U...3.~..{...=..j.k."-..}A?..N.......(U...Viz!?.Y...j6.=f:w.........sh..Zvu....+.F.Z=..6....@...Kh...5ar5.v.&}-..J...1.iA..fskw.....qC.oX..>.C....Tj'.....?..~..>...Y7..p8...X.^D.......>0.j.O..h....G2..B..az.H.][?.A:S.N.....h9.....c..nnn...E4.....}...m....W..)..HyF.Dt.K."...........0.h.B.h..."ek....w.K/.f(..m~...U..V..eLz.E .[...-...(..f..~.&`-.=...4.D...A8..S&.{.Q..{..H4.+/...luZ.-.P1...Sz..3<.`...y..@.I@.....<N..w.l.a/ZO.p...<.P;.Bs....&.a2...Ds...\|...1.]G>5B..A.x$.`....]...0.%.pe.....p.........S*..1\.'.q..dO...L.(...../.<.b.j=&@3..E...Lqd.d`.6.#Zn.sJ.q.3+......w....}....=q........+....L.BKJC.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\form-bg-2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	456
Entropy (8bit):	7.217059179005432
Encrypted:	false
SSDEEP:	12:6v/7O/6Ts/siz6PNLkEjEhrZfChFgWgXvYa/tEpkrW1:z/66GPWE+KFgBXv3ipd1
MD5:	7AA871514377D7827025320A75D6925F
SHA1:	41BA58B495D7AAF28D334548BE17AEAC6DFE50F5
SHA-256:	4DB77A7B0301B85272C25B4FEC2EA0F6291B32A77E57EFAA8A2E565CCED2F331
SHA-512:	23F4938AB62F40A3D8D47E460E595C1E1206BD43B8A95BC366895628278FFD0A73B7FFE802C9CFCFE972339FAD817355C78D269BA5CF48A6BB44D40C54042693
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/form-bg-2.png
Preview:	.PNG........IHDR...)...)......`......pHYs.................sRGB.........gAMA......a....]IDATx..1K.@.....A(..AE.].1...9.Y....K.A]89.'...:+..R. uQ(.37.).......o..#....{.`....x..N...d...!.O]....%(...~/.......N.....z1.nO.p.,.$.'..I..F..Z...#...;.4..`A.I..9...D(...rOv...5.'..F..%j<..Ds..6.....E.....W$!.}..@.. P\|.........h.d. ..k.;.q...Aq.E.N...+0t. ....j...=+..W.*().c+...{.Y.../..4..cV.I-....+n].,...7..bVf....%j......K.?.E5...gC`..O....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\info-bg-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	731
Entropy (8bit):	6.448846636917553
Encrypted:	false
SSDEEP:	12:6v/7SY/6Ts/Ri/I8afFVv7+GB+Hikr4TqNLpsNfZrgNRW7OG6dkFQQsjN:W/6F/kt1KGaiQLpUdg+vVFQ5jN
MD5:	0FC1E39E3F3E178DD4E6D2F0070C5283
SHA1:	DB836BC6000B9BBAB3DCB856C6E3FA80AE8B0F90
SHA-256:	324D3FE154B3B3E6A3B8AD0099719B9DAA7616AA19DB0BB995E3FC784908D1F4
SHA-512:	EBF2FE45ED26A1D5DC7C49B9DBB9FF84186A3965E69A8EAB5E7AD3CA90987715328551F4FAFF95B5047562DA445A34559035F61D41E6026119114A52E4CE1197
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/info-bg-1.png
Preview:	.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a....pIDATx....Q.1..a..a..8.G..........9@.D........H.....]..V./...i..."....huj.@.......?......@\|6~0......0.M.....w.....6.....................>...........!................\...............D...t.......9~0....Y...du_.o...... .......@6.... ......E...d.h.`..5.?.,.M.n...DS.^.I.......?EMx........................................................................................................................................................e.....LS9.=Z..5.,...I......8~......,....H...W...?...8~~..p.>T....1{...Y.p.......i...._....};(......8.......s..?...p..l...i....\....c...............C....&...y.....p\|._..q....,.....V....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\info-bg-2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	721
Entropy (8bit):	6.407130531207157
Encrypted:	false
SSDEEP:	12:6v/7SY/6Ts/hYQ46g44DXuWkibqCRBiRTb42V601zZ9:W/6gy7VOCRBiW2c01F9
MD5:	06E0592AB9909DAB18FC3C512EFB5067
SHA1:	6213DB32491FE73FD7B205BCD30B3022B81A23A5
SHA-256:	67EE974D15781A8D9EB45A022AB21788F088509E6662A071BB97491E6779BE02
SHA-512:	FD23C7FF912B676F048B0CFE9002D86E2D941CE511C9844C39F697815282BD3F59450D1474945ACA623394ABBCDCF69BAB2730B4071FCAFBDBB1B74F77B95A90
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/info-bg-2.png
Preview:	.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a....fIDATx....M.@.F.1b..I...%.P.t.%........wl..o..,,.G..$..r..>._......m.0?.....w.`........o.`..;4~.Ij...........]...?.;....?.....s....s....K....K...P.k...P.k...P.!...P.....P.!...P.....P.1...P.....P.1...P.....P.)...P.....P.)...P.....P.....(@...d.s.`....?.. ...O..........................................................................................................................................................m.l..{N}.'....>...6......I.d....%../...8~Y&....3Y.._.I.p.r....m....\|....u.%.....8~].....3X.._.A.p.z]........~....m.(..o...8~[.....sr.....p.v.....v0..o.....ag..../..g.....\|...L..8>W..loV..^.9......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWZ0dbck[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWZ0dbck[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWZ0dbck.woff
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWp0dbck[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFWp0dbck[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFWp0dbck.woff
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\preloader[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 530 x 260
Category:	downloaded
Size (bytes):	2391
Entropy (8bit):	7.690188443892358
Encrypted:	false
SSDEEP:	48:jAPcWIczhk9hDIIThAAPcWIc421qIITdVAPcWIcpzz9x9ngqPIITV:0EW1YUohNEWYolodeEWpBTngqgoV
MD5:	9129C06831233D5178D8E61C7F4FB208
SHA1:	5EFB0656C4941AF51E32C90AFFABB80CD445C5AF
SHA-256:	D05AE8164206B2CEF6B7890AF6551AA59ED403820877533583EC0916D2A6EDD1
SHA-512:	03FF425E321422FBB751597CEDAD9316D29E41D550071C196D778D37D90C9804549CBA80131E4CB643780985F6EEA08FA42AAA5B3648C450F98FB9E6E38A938D
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/preloader.gif
Preview:	GIF89a.......':.G..X.....!..NETSCAPE2.0.....!.......,...........................H........L..............L.....J.....j..........N....................(8HXhx..........)9IYiy..........:JZjz..........+;K[k{..........,<L\l\|..........-=M]m}...........>N^n~........../?O_o..........0......<.0....:\|.1...+Z..1....;z..2..$K.<.2..,[.\|.3..4k..3..<{...4..D..=.4..L.:}.5..T.Z..5..\.z..6..d.=.6..2..}.........W...x...VL.......X.^....U.....r.;N.x...~3G.B.r..G....K..O.m..n.....v..Al..A.{.wp.....{w].......8..#p^.zt..8....v,.+.n.....oK.sz...[y. ..........~.......G`g..f...&....5...E.`_.Fa............:.au$...\|+.hDys....U.c.:..c.>..d.B.Id.F..d.J..d.N>.e.RNIe.V^.e.Zn.e.^~.f.b.If.f..f.j..f.n..g.r.Ig.v.g.z..g.~..h...Jh....h....h..>.i..NJi..^.i..n.i..~.j...Jj....j....j....k...Jk...k....k....l...Kl!...!.......,...........................H........L..............L.....J.....j..........N....................(8HXhx..........)9IYiy..........:JZjz..........+;K[k{.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\time[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 95 x 37, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1821
Entropy (8bit):	7.859930118710041
Encrypted:	false
SSDEEP:	48:7/6pCRi9lzYlHciD5LiWO67p5+7JFFvzgHgDK14EMZl:7SpCReVYl8iD5LiWj7p5oJF1zgNAH
MD5:	319BBC5471DCC4A49EDB8533FC0D31FC
SHA1:	255FFD8E8FACAF3FD08048DC1BA1694DD7E60C2D
SHA-256:	23808E591AC16807CFC47D3D8ECEE4B5DAA0F20DC03387308CEC169117BA8EC0
SHA-512:	5B384C7AB1F89E70112B8D08AC8D3D4E1732C77DDC9083557C540C674139367F3EF794A0CFE6131A241245FA9B2DF796470146FD8B717D647A41A58AEA03A5F2
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/time.png
Preview:	.PNG........IHDR..._...%.....$.5R....pHYs.................sRGB.........gAMA......a.....IDATx..Ko[E...v........KLi.........E...R.X.c..#.C......P.(...Z)..M.&8I.h.....p..X.....c7.kK./..;.3.{.r..........3...7......x<~...y<.w..77::z.S9cl.1.Oxhh................<xp....[...odd..0#L...UU..\......~....kkk..f9.OVVV......c...___.nnn.N...>.....$.../......khh.B............j.`.n.t....._VUUE.u.@.tt.i..}._8[..:$....+..%&.,....,.h....^.B...>@?......Z..-.7n.X'..8..1..........r%-...X8...Q....!a.]0...A..>....ek........8.9I .'.G..../--ui...~Ry.y.1.\|..8p...v.2Agg.........zH..v...^3M.M.H.Ykz:I...%.U..'..&...q.rRI...........D..p8<?>>^.....6a.....655.Q9...,.o.%..K.Q..hVw.t..vl.M6..{Z..2..A..P6.@...f.d.:...#ve...h(G..,.>..[5.=..EB\...!...... ...C4.....\|..f.r.{![.3g.xh.c$. ..^N.]..l.1^.NgY..^..C...p.R..:t[...... Z.$N.o.?F.r....kT.....f.W..@@...&..4.l..M.......s..;eX.....0..m....Y+c.....s...m.. ....<...U9EV...g...........S....?m;.....uuu..&Y...>.. _\...d...,..!.oLT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\unnamed[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, frames 3
Category:	downloaded
Size (bytes):	1014
Entropy (8bit):	7.131215136652295
Encrypted:	false
SSDEEP:	24:dQojo27nlvNS7EI3f/+6Sf90qdTa9lZM4H3Iu4wS3:XosLYfGnJd4lZB3I7wS
MD5:	AD0E6CEEB276E9C447D537AE8C4FE198
SHA1:	80A71BB8DD598B8701286531CB3E35FF97B7D28B
SHA-256:	694C5ACB0212D5F94BE467132157E7C71249860E6C54DE3960BFEBCE849BD2B3
SHA-512:	6A2B2741AE706D5713ED214CE058C5C6D0686A37D14BA74BBB3B684110FDB7652840490637346C6D6E5B64B35E7C0EB1892704627248BB9309D18DC1D869C355
Malicious:	false
Reputation:	low
IE Cache URL:	https://yt3.ggpht.com/ytc/AAUvwnhJvRciVjLavrSoE8QwugycjKNtKA--5iduMQ=s68-c-k-c0x00ffffff-no-rj
Preview:	......JFIF......................................................................................................................................................D.D.......................................*..........................!...Qa"12A#$R.................................,.......................!.1A.a..Q."q..2R...............?..KY.`. .... .... .... .... .... .... ....l.&^..4l..67.z.;\.......[...O.s].}..=.#.2..#E./>N..J8[K5{..#5if.1.....ln....9...6....&.`.-.....+......(..Gm...........>...E....B..\7.E..+m.c.,.SJ..[".kE.X.\|w.X.......b....$#W+Q\.9.Q...^.Wj...K.Y1.o.)2.... ...}......UF.;..c.....z.R,W...%.v..4..)........W..S....`...e..}x.Kc.^..[..A..&f.JgZ.._I...+."YOj...`...\|/.51.oo.,.=^..L...I.{H....=6.W..:......\..:zl.r.ei`W..Un....\|.$!~.#..b..5.S.n.Yy......ps1. .... ......IK0.)..XK>=........sQ.R....w-.5:I..}.gE...5.......x^U7.T..d.S....\|.=..u".E..R.........V.....^.=.,)..k......a-.s.D...c..33m..nYv.{......~.(..`=..Z.M)..j.d....{....8.x.. .... .... .... .... ....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\20[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 339x218, frames 3
Category:	downloaded
Size (bytes):	61254
Entropy (8bit):	7.943876808973346
Encrypted:	false
SSDEEP:	1536:viYZ/ycl6jP6X9fWSB1v8tROEzf9F3cqwBmkM6z:bZ/36jsII1EHOETcqw5MI
MD5:	793FB37793B9EE018F713F225647A44D
SHA1:	7310F32215FDC000901833127F8A2CB9629D3F9C
SHA-256:	BE1611B6F5052925640F9A0BC639E2E0C60687F7DF3FC48A045D0966D470A660
SHA-512:	4A770E1AD3CFE63F618D860204E191A35470CAB0D7AF0B42DF17BACDBBF7DDEDACA3ED4B2AE913DD9F8F8AE436F33FCEB6695E338C6E5675BDCFEDC46CBE56E4
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/20.jpg
Preview:	......JFIF.....H.H.....C....................................................................C.........................................................................S...............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...&...........+......g&...q.`.......B;w.:..pq....H..m.c...z.NpA..3.u.\|..9'....._K).d/_n.^..}.=........`.L2..{.........K.{..ggm....F.....;.....z>.EE&.7c.]pA;p.n.Z.r.K...pv...{..O.y.......0.0.8.#.....~...B."H.c. ~.......1.3......$d~...Z=..R.....@...<.S.8.q...@....a..9....W].5.g...........+5..F..#......v..........D.<..1........]....Ae.2......{u....&....Fz..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\39kvkUX[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.995211635727181
Encrypted:	false
SSDEEP:	3:qVvzLURODccZ/vXbvx9nDycGoLkKT+hVPXJYNVzJsXjSxAA9C65njFSXbKFvNGb:qFzLIeco3XLx92c9YKTMp6HszSx7R5SN
MD5:	7BDA350DCD637606874A81C57D9A7B0E
SHA1:	99ECC596DA4EC0363D484F8D5AD993F3C51F47C8
SHA-256:	243F1F2A570FA1820B52E50F52EEC1C6805CBDB5C3E3E6EC0C2C730BEBB97FD7
SHA-512:	CC3E34F579369A8C0F865D7BC3DE14F1528C4208AB167747635A419A3E7B7BE95A9B6C74274184B83748ECBF8E8313E32C64126372440732AFDECEC17906B4AB
Malicious:	false
Reputation:	low
Preview:	<html>.<head><title>Bitly</title></head>.<body><a href="https://bitly.com/a/warning?hash=39kvkUX&url=http%3A%2F%2Frghr.associateneed.link%2Findex">moved here</a></body>.</html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\G7K60ZJ9.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	50054
Entropy (8bit):	5.175283482104815
Encrypted:	false
SSDEEP:	768:ao3L8U9MKlvokdS8bc2uoniY3JAwgTeQ2lF1:7MUvxdS8FFniY+qQ2lr
MD5:	0AD3878FC818D95BCCDB3D0CF1D1A3AF
SHA1:	E669A53D7E3A4FF2D9E8CF9F502629D45F14BF0B
SHA-256:	B4A1D3336F485839EF8DA56424B3552A73D4AC9F43A2598FE054BDF90F5DB88A
SHA-512:	846A6524140CA216E6A2D183F1E12D3532E0103D8899A2E20C1B28219B5784840BBF04EC8CF37776D8828265891AA983BEE0A3E1A411C76941BFE47AFD16B038
Malicious:	false
Reputation:	low
IE Cache URL:	https://bitly.com/
Preview:	<!DOCTYPE html>.<html class="no-js" lang="en-US"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta class="foundation-mq"><link rel="icon" href="https://docrdsfx76ssb.cloudfront.net/static/1611691313/pages/wp-content/uploads/2019/02/favicon.ico"><link rel="pingback" href="https://bitly.com/pages/xmlrpc.php"> <script>function fvmuag(){if(navigator.userAgent.match(/x11.fox\/54\|oid\s4.xus.ome\/62\|oobot\|ighth\|tmetr\|eadles\|ingdo/i))return!1;if(navigator.userAgent.match(/x11.ome\/75\.0\.3770\.100/i)){var e=screen.width,t=screen.height;if("number"==typeof e&&"number"==typeof t&&862==t&&1367==e)return!1}return!0}</script> <title>URL Shortener - Short URLs & Custom Free Link Shortener \| Bitly</title><meta name="description" content="Free URL shortener to create perfect URLs for your business. Bitly helps you create and share branded links with custom domains at scale. . Check it out!"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 21564, version 1.1
Category:	downloaded
Size (bytes):	21564
Entropy (8bit):	7.9688026243536
Encrypted:	false
SSDEEP:	384:bc6bX9TFqgFUvxQi0W1jHYHwnSthN/yiJsMw52R5oBAvhPFx466gfwu5:bcCV4aUlxHSw8ZyixnFP3N6U5
MD5:	FFCC050B2D92D4B14A4FCB527EE0BCC8
SHA1:	DE3033F27DB6BBDA89A0E6F16EC51E8C877739AB
SHA-256:	C8912EBD82B4DF2EB87E37B1F66432FA2186182E08BB8A533BA4C2DF6CE67FBA
SHA-512:	7D517BB33DE3D088B8EE4EC9250AB1645CF76B35B25F57C004BF82B5A9A30C15252C865765EFFD4679A68ACDF6EFB89E4B0319283914880935D8D1AC823FE652
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff
Preview:	wOFF......T<................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......Q...`t.#ycmap...4.......L....cvt .......\...\1..Mfpgm...@...2......$.gasp...t............glyf......@...p.N..Hhdmx..M(...f........head..M....6...6...vhhea..M...."...$....hmtx..M....k......3.loca..PX........G.*"maxp..R4... ... ....name..RT........!.>gpost..S0....... .a.dprep..SH.......X9..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..\|.(o.....\|$,..{\|&\|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19824, version 1.1
Category:	downloaded
Size (bytes):	19824
Entropy (8bit):	7.970306766642997
Encrypted:	false
SSDEEP:	384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
MD5:	BAFB105BAEB22D965C70FE52BA6B49D9
SHA1:	934014CC9BBE5883542BE756B3146C05844B254F
SHA-256:	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
SHA-512:	85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1612
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
MD5:	DFEABDE84792228093A5A270352395B6
SHA1:	E41258C9576721025926326F76063C2305586F76
SHA-256:	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:	E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/NewErrorPageTemplate.css
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Upg0Hvk8tZ0[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	50445
Entropy (8bit):	5.868188441100556
Encrypted:	false
SSDEEP:	768:PCECaR6oVfO0YUMOKQhgS88kK1s9nYzxrJjmpJy3NvhBG3SrqS4pJkfuNjjsT:sWHCpcFhB0SrqS4NjY
MD5:	04CB559155BF24467CB443558C19D1E5
SHA1:	3FE842BA6B7D2019DBB9913CCBB60318753A7463
SHA-256:	1235C97C8FFF3B823964B11A96BB98C5D53D827445BCF682141AE38D8DCEA2DC
SHA-512:	0A46E03A38ACE951044462AFC3A23824035F39BF410818F76A303089A3E0E23DAD00D9E772E2ACC45B977E0FD935CA460FFF174D1D45CC018D04099A67B6A72F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/embed/Upg0Hvk8tZ0?controls=1&disablekb=0&loop=1&modestbranding=1&rel=0&fs=0&showinfo=0&autoplay=1&playlist=Upg0Hvk8tZ0&mute=1&enablejsapi=1&origin=http%3A%2F%2Fde.gewinncode.zulole28.vip&widgetid=1
Preview:	<!DOCTYPE html> <html lang="en" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script> <l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bitcoin-widget[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bitcoin-widget[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/bitcoin-widget.jsv=20
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	37340
Entropy (8bit):	5.127646420717904
Encrypted:	false
SSDEEP:	768:4DQwPPI5I0PZXN8SXKVhyj+joOiA61l8qNfsDP:A7iA60pDP
MD5:	E20FC107045ADE107B55E0AE470916BC
SHA1:	553532C890AEBFAD8C54BB31F3A5F042BAADAD88
SHA-256:	3C575DA4E700FB0B82155B82710EFF7691C8D0BDAFF6F9FFF44EE30D5E2FC449
SHA-512:	D9E812FED1FA3B79D83D040DF1F23621412946F0B5EB1478639060950B0DD710BCF6D0A17611C728CD446AE5F77DCD3C317537F6FDC2779FF97A527A1F926E68
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/bootstrap.min.js
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2017 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /../!. * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.3/customize/?id=b16ae13905aee59b946c54fd555cc80c). * Config saved to config.json and https://gist.github.com/b16ae13905aee59b946c54fd555cc80c. */.if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9\|\|1==e[0]&&9==e[1]&&e[2]<1\|\|e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),n=i.data("bs.alert");n\|\|i.data("bs.alert",n=new o(this)),"string"==typeof e&&n[e].call(i)})}var i='[data-dismiss="alert"]',o=function(e){t(e).on("click",i,this.close)};o.VERSION="3.3.7",o.TRANSIT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cnn[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 56 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2031
Entropy (8bit):	7.879564955823038
Encrypted:	false
SSDEEP:	48:h/6Rm+lpCQz55td+276mXsi0OoT8zYPrECragxahoYvPkm:hSRzbrNw276Ss7OlkPe3km
MD5:	1B02019DF786687498C9E46B8350E761
SHA1:	F291F8E3368D1D8EE2EA27FF735F5155C1200E15
SHA-256:	EC345DDADE1E8F5122FBAEC5C1E52BEDE5D64CB6069B82168AFD6E70BBB66898
SHA-512:	8627F677C18E76C553F0285A8E86A46FD58DF165BE7D8E9792D77FD3DBA69A252A1A05E9B6D8C45EDB96DAB55248A0B2DA20B2FF557992C559CB15AAF12B9524
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/cnn.png
Preview:	.PNG........IHDR...8...........#....pHYs.................sRGB.........gAMA......a.....IDATx..X.p.W..^..D.AV..4.hjj.T.V.c.Z[..j.=..&...A;..t.....}.J..-!d..B..........'...B.....?.=.s.=.7..,..............}.c...}..e.....K0..I{..X.....z..........isY.f.I..RE4.o2.W.v..q.;z4nGD...K...,.".mB..:...8.}.......s..@F7UD{.hH..X.V]./....}#.#.$.... C.,...J8Wa........z~.yE.._X5v@.M...B...(#..@1p..A...#\|...IJ.....,*S"X...#.C.M`l,"rr...Mx6jd_....<.......A..""7.-.^.{H...........&.B........C.C........A....W.._..B.M..GX...-..SaJOG.m...R.....h........h...f...WG]....a?........,@.9s..l.2...);..G.).\|=.G..u...(.v.....?p r......3.B...>.[....b6#{.........N...Sk.\|..nY.. m.'.G....sQo.D....Of.p*....x!.,....f....l......O.F.M.]A'i...H.....7.sqj.F....?......G...r.7[.n.;m..<.l....a..G....c....A.y.n..~.l..;....0R{.xx.....c...+.o...t.O.}..M....#.&..d..m...D-..,.....L./^..;.Hge~.\.i..C,......oU.fL.<[..i......L8W..u.4. Z....{...(d.Z..............&..:~./...)+K.Q.r....q$..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5694
Entropy (8bit):	5.462434863697651
Encrypted:	false
SSDEEP:	96:ZOLXJOLzwZ8OLQOLapUOLLOLjoQOLlN7OLfbOLMZUOLQOLKOLEooOLTN7OCpmbOa:8XMeNapZOjcuf+ANvEOtI3e/oPHt
MD5:	CCD66BF9CC92C6ABE1AE7A5C524C905D
SHA1:	EA8B8FAF39923144B7BF0FB28072B10E364EBD28
SHA-256:	F13CDF71E045EE3B3306BDBEED12D9AD948C591899ECC1E98ECDF844A17997D1
SHA-512:	45C9AD12FF0CE5620C422869E9E980EE1F725252857C3BC85AEE908DD1D495471ADDBD1EAA804C0057E18DDAE50C76408DDB068474B9B361A9BF75AFD53B64E2
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/css/css.css
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local('OpenSans-Regular'), url(../fonts/mem8YaGs126MiZpBA-UFWJ0dbck.woff) format('woff');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local('OpenSans-Regular'), url(../fonts/mem8YaGs126MiZpBA-UFUZ0dbck.woff) format('woff');. unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local('OpenSans-Regular'), url(../fonts/mem8YaGs126MiZpBA-UFWZ0dbck.woff) format('woff');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\device.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2605
Entropy (8bit):	4.926770372721062
Encrypted:	false
SSDEEP:	48:DKnN+tn3O+zUFyUAHK1dNzz1JhxHCrasMM89Dv4+E8eeHr0NTLCgg:2OAwaZ2ds
MD5:	54EDE9769A07158288324CC456C40BD5
SHA1:	D16EB8A25489F3C3713F5C9AFAC4562C197CF658
SHA-256:	44427CB2A51E54CCA2CB648212F313CE64433CE7454E3DF0C386C0156E98E36A
SHA-512:	6EBBA1404AFB7076A19C8D7A4D4C1D953893716007EBEF9942372F025E94F319250D59460C2F8F9134FA2FCCD8CBF8B088AF7F033F758043DF31E6A8367417E7
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/device.min.js
Preview:	/! device.js 0.1.57 /.(function(){var a,b,c,d,e,f,g,h,i;window.device={},b=window.document.documentElement,i=window.navigator.userAgent.toLowerCase(),device.ios=function(){return device.iphone()\|\|device.ipod()\|\|device.ipad()},device.iphone=function(){return c("iphone")},device.ipod=function(){return c("ipod")},device.ipad=function(){return c("ipad")},device.android=function(){return c("android")},device.androidPhone=function(){return device.android()&&c("mobile")},device.androidTablet=function(){return device.android()&&!c("mobile")},device.blackberry=function(){return c("blackberry")\|\|c("bb10")\|\|c("rim")},device.blackberryPhone=function(){return device.blackberry()&&!c("tablet")},device.blackberryTablet=function(){return device.blackberry()&&c("tablet")},device.windows=function(){return c("windows")},device.windowsPhone=function(){return device.windows()&&c("phone")},device.windowsTablet=function(){return device.windows()&&c("touch")},device.fxos=function(){return c("(mobile; rv:")\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2997
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
MD5:	2DC61EB461DA1436F5D22BCE51425660
SHA1:	E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:	A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	474
Entropy (8bit):	7.214239203003126
Encrypted:	false
SSDEEP:	12:6v/7sYYs/6Ts/Wf4SVz8NpMxijmW+iPqy+v2SVqu5mPPGfn:JYf/6B8h3RqyDaMXGf
MD5:	885C420DCDD0DB056CF0A556D6B23F27
SHA1:	4D064010E8976C641C7B2EEA365129E6E1D65A26
SHA-256:	F87BC55547930ACD72012173321ADC147830414CC402BC9991EDBA4FC76D0BE4
SHA-512:	270F7B9D7DE88D780D12AAD907421E3C0CAFE7CAAA5A1A63EDC7D8A4FE9FBF28CC12B75AD954D664CB300E5B22958B73FD7DF7435AEBDC36E5A8A075CAB84E4D
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/favicon.png
Preview:	.PNG........IHDR...#...#.......Y....pHYs.................sRGB.........gAMA......a....oIDATx..?N.0...K:.Ll.....4.$.k:Q....6......7.....@J....<.VJ[..8u.\|K..Y.$?.l..8z..`P.0....."a>..\D.U.....&........~/......y..3Y.e.%T.cV4.V...d:..\g.U..0....T....e#?<..d5.yW..T.zbJ....>".@....0z..2."C?.RzF.=p...,.5...3UE......a6..."3....:m.......U.E:s../.z-....).\|.#R)R^.:rd.J2M...LS".i...^.{.?.....".:\.d...w..\|..'.f.3*.#....6dAF.bd.gQ..].2..D..-".?.wAcT<.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ft[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 169 x 23, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2281
Entropy (8bit):	7.8588395996803015
Encrypted:	false
SSDEEP:	48:1/6jVVPp9MBW4dO7s7DpiWv4mYBGepH9irtwps:1SjVuW4Y7ocWv4mYBGyHoups
MD5:	9324872A57027239DC90C0A662ACB008
SHA1:	725E87D9064AB0E5AA944D9E8A60049B0D0152B2
SHA-256:	00E56886098B1055FB660D56741C52D317589426399D615E8F72DA3D63A61E6F
SHA-512:	2C28622B27D007D05953227992AFD90A0E5E931B4C5BB1CC924EBB4FD15CC6D4C3B0859FC75E25C4794FE24ACFCB988BD7C0144988A3033888B07910EF3AFE8A
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/ft.png
Preview:	.PNG........IHDR.............p.o....pHYs.................sRGB.........gAMA......a....~IDATx..u..E......(.......+4..k..w(.........H...R...Hp+P..R.y...........~.o.3.o.y...j.Q.F..5j.Q.FC.d...v....d.M6v...0N....3..j.Yy.....(y>.....b.5.f..1........#...~..^....?...o{;e.9....>)..,>V........(\|w1..nU5...E...O..cRf.5...?3.c.a\Hn.;....=n..y...._.3...[....?..7.4.i....U......4.5.h.B.X....q..$.#.`.6.fV...?..S0..C...op.v5.c..x..Qo...`...V.].<z....-y..a<Ga.......9.-...z.q..{.E._?..\.2.5.....0/..oS..-X....;.G..+...>naKWE.....K._X..E.....{.{.../=..><#..qnt=Pm..cv......y..BWTc.....h...$...9..`t)P...u.........\..1.y....`.\|C.u..3..#.././..G.:.>.e;4....W..5j.....hu.........<....g.....q8.....r.b\|,.n-...S...].<q...8....>...{.....S.`..r.6(>./..C..+,..S..o....e ....RK6h.{Z}.fBl.<.e.V1Xh/F....../;F...P2..!..u...<..r .......}._%.....-j.V:^..5.>.H...I....>O!T.R.."U..P...*T....Q....1.....Haa."....h.L.....Y.mG6...).s>....t.jq...e^..N....J.Fo(8..FJ.......B...'...}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\index[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	296
Entropy (8bit):	4.674148901398718
Encrypted:	false
SSDEEP:	6:tEKp2mTHeQL6cC9Fed9YMhKnAFRsB6uqJ12mTHeQL6cC9FedRYv:xHeQL6RFw95KADsB6uyxHeQL6RFwRYv
MD5:	397CEE8F41A6046BB5829A58A5D33514
SHA1:	B195D4B0C12EEE4A07091B47F559A72C15007913
SHA-256:	0FDF2F6DBB4F475D619B2217CE278B3B30465D9A7CCCFD42C2F76231A35541E6
SHA-512:	A48288AF3B5B9909A67416B71505E2EC959A0F2611FC903BBD4080B0877A045C232951265422F604DBFE563701E49097B5581E9B4ECC58CED4AC14AF489F4097
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/js/index.js
Preview:	$('#navcol-1 li a').click(function(e) {. e.preventDefault();. $('html, body').animate( {. scrollTop: $(this.hash).offset().top. });.});..$('.scroll-btn , .scroll-btn-a').click(function(e) {. e.preventDefault();. $('html, body').animate( {. scrollTop: (0). });.});.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo_crop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 195x37, frames 3
Category:	downloaded
Size (bytes):	8644
Entropy (8bit):	7.814343376261525
Encrypted:	false
SSDEEP:	192:LSPml11XFgHuTSfbOkUDsxC1ZxXKuA6tD:L3QOTkbBUQxCPxW6p
MD5:	B7799C0F62FFC266CDB16EF8B0C908B7
SHA1:	30D4B0B09E3C692C56D214F3D228E03122899BBE
SHA-256:	2F89D57FF89F52331262E811CA1842CD3B3CD6FE85D367DD8198085A0039D11F
SHA-512:	3A558428A0457A43E845466532AE61EC28645786CC585B2E02FA4D4C960B93D12B7A07B3E8DD715711563B59FDD30D4E0FB371599B285C56A9B8EC873ED8E483
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/logo_crop.png
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................%.................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(........?j/.(..........[V...U.U...N.-..Z.<N.\|3.&H....1.....7..o..F_...6.....\..........0.0.js..3.IF...;..+E6..y..Y...H...?+.0Yf/..<q../....B......e.<Ur.c..F.ZG.\|q...I\|V.........u.'..dZ.......=F..o..<.G....d.x.~.D]..9"..\|[..<-.......q.g..Y&'...sL.....n.l..k...C..UzU1k.I.*a.R..S.8........\|H.G.8#:..#.~!.p.<.0...~/3.e..S...]C.N..x..p.ia.&....N.J.N..?.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-UFW50dbck[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26956
Entropy (8bit):	4.475351210456599
Encrypted:	false
SSDEEP:	384:WF1A7n/vw1B0yTtCc4EWnhSgmCG3eT5FWUjOcGy+g+LM:U1A7ng1GyQc4EuBmCHTGUja3gf
MD5:	1330DFB8F07D4EAB15DED6BD88E543A8
SHA1:	5C4503A81C26F6BCF33633771C32CB28062C402E
SHA-256:	E3CA93D06C8C8078AC8474A00C125CECDCE0D0DC4DE980AD1ADD0A1C83FA439D
SHA-512:	0F0C657F536E4123C797F77558481B299D58A678EEE242EAF60E3B24E6FB800DF6134F58DAE894B876BD506057C63515C668EBB689B819FE9E7F631C7EBC0A6B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GRQScam, Description: Yara detected GRQ Scam, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-UFW50dbck[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/fonts/mem8YaGs126MiZpBA-UFW50dbck.woff
Preview:	<!DOCTYPE html>.<html id="home">..<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="description" content="The Future Of Currency Is Here">. <title>Gewinncode</title>. <link rel="icon" href="images/favicon.png" type="image/png">..</head>..<body>.. <div class="modal fade" role="dialog" tabindex="-1" id="exit-modal">. <div class="modal-dialog" role="document">. <div class="prelouder-popup"></div>. <div class="modal-content">. <div class="modal-header">. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">.</span></button>. <h2 class="text-center text-danger modal-title" style="font-style:normal;font-weight:bold;color:rgb(242,6,2);">WARTEN SIE NOCH!</h2>. <h3 class="text-center" style="margin-top:5px;margin-bottom:5px;"><strong>Lesen Sie dies, bevor Sie gehen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\person-bg-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	731
Entropy (8bit):	6.448846636917553
Encrypted:	false
SSDEEP:	12:6v/7SY/6Ts/Ri/I8afFVv7+GB+Hikr4TqNLpsNfZrgNRW7OG6dkFQQsjN:W/6F/kt1KGaiQLpUdg+vVFQ5jN
MD5:	0FC1E39E3F3E178DD4E6D2F0070C5283
SHA1:	DB836BC6000B9BBAB3DCB856C6E3FA80AE8B0F90
SHA-256:	324D3FE154B3B3E6A3B8AD0099719B9DAA7616AA19DB0BB995E3FC784908D1F4
SHA-512:	EBF2FE45ED26A1D5DC7C49B9DBB9FF84186A3965E69A8EAB5E7AD3CA90987715328551F4FAFF95B5047562DA445A34559035F61D41E6026119114A52E4CE1197
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/person-bg-1.png
Preview:	.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a....pIDATx....Q.1..a..a..8.G..........9@.D........H.....]..V./...i..."....huj.@.......?......@\|6~0......0.M.....w.....6.....................>...........!................\...............D...t.......9~0....Y...du_.o...... .......@6.... ......E...d.h.`..5.?.,.M.n...DS.^.I.......?EMx........................................................................................................................................................e.....LS9.=Z..5.,...I......8~......,....H...W...?...8~~..p.>T....1{...Y.p.......i...._....};(......8.......s..?...p..l...i....\....c...............C....&...y.....p\|._..q....,.....V....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\success-li[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 42 x 36, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	816
Entropy (8bit):	7.61985032250664
Encrypted:	false
SSDEEP:	24:s/64PpuFMbVg58OSatuanUXwaAGog/6W5vH/OsN:s/64Ppvb1RaAanMYGog/55H1
MD5:	A3BCC4A4DA2E8D9FEB23E4AE3CBD6B1C
SHA1:	405E3EB45B342E2A49CBE8CB1EDD4AF6B1B1ADD6
SHA-256:	1F86DB42EDBCC85C729FB74A5FF2D246446098806F692D57B182A47E40F5C910
SHA-512:	A0773C9C6FAB35F600A76028358F6BA8CCC7CE46844002A251F33E5A980A499649C5E181F7ACEF60A68D3D30DBB9CDE7DB838C72F405A4E9ED80294C3D435A55
Malicious:	false
Reputation:	low
IE Cache URL:	http://de.gewinncode.zulole28.vip/images/success-li.png
Preview:	.PNG........IHDR......$.......+....pHYs.................sRGB.........gAMA......a.....IDATx..An.@.... $.RAU..Ko..]...............Z\|.....$G..../.$..76H..ff..I.c.5.=.....=3r..xj..;D.g..]r.~......w.u>...b...b..a...,..............M.Qh....5)V .>p.......yY..z:m.....qk.BG.!.......=Y:(.t..ME.d.W;.:...S.<.../..,..<..&.H.S^...N...Q..?.!D...\|/.S....;..9m.EJR....o...Ze....T.........S.....S.j.k.H.A.}.......TQ9I.....@......f....9......w.]u..u...R13...y.L`...J...y....'...H$......5...To../..L0c... ..i+".z. .V...CU0.)...y:...6...a.tA.f.\|..l#....7W.4.C0\|#xe..(...g....... ...).x.!..A....X..!..k.wFf.R.&......u.di....^.(Z.e..?5H.8KE.kN..s.....6.)..z.b.s.......'%..+."?9.2..h...h...{.M......W`K$..r^..b."$...h.B.V.oBAeS.........m.....\X.B.T.F.l....J.m..:X.B..Y..4tY.w.&7.G...a.ul%.q.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\www-widgetapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	20799
Entropy (8bit):	5.372973671833535
Encrypted:	false
SSDEEP:	384:oQWcSvyLmv5soMalkwV1aE6G33i7B5Tiw6yLCJicnluLQMTW8J:oQWG6v5soMalzaE6Gn8ewTO6t
MD5:	CEA3ADFBAD56C73C56C627AEC022DB27
SHA1:	46A440F0E9D9623140BB08AB5BF53BFF1C08E018
SHA-256:	D6D1F0F7C29C75C0BF3F35FDB95EF16B1CA016BCE397885DCB56C6C8C0B8367F
SHA-512:	1BD15A94E8957D69DCCBB25643D6D2593A878B700107A828A0775E35FD7F99D26B6A4DA959EB4CB0E80A2FB41E11ACAFDB1D3E83CA13856012ABE42A608A5919
Malicious:	false
Reputation:	low
IE Cache URL:	https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js
Preview:	(function(){var h,k=this;function l(a){return"string"==typeof a}.function m(a){a=a.split(".");for(var b=k,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}.function aa(){}.function p(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c\|\|"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c\|\|"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}.function q(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}.var r="closure_uid_"+(1E9*Math.random()>>>0),t=0;function ba(a,b,c){return a.call.apply(a.bind,arguments)}.function ca(a,b,c){if(!a)

C:\Users\user\AppData\Local\Temp\~DF10747E7FE3143063.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	29745
Entropy (8bit):	0.3110864079923232
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laARO+9laAC9t:kBqoxxJhHWSVSEab3Q2y
MD5:	9139CF0B0FB9A93628E0E021E209C7BB
SHA1:	AE9F7137BEA4E9619FDFB0DF4E42C7E0F8DDCDC5
SHA-256:	44A78071B55997AD8C819FEE6349F34527076F4A5337283B75945ECCD1183459
SHA-512:	E33A3FEB403956ABEEDA631A7238BD628EB5D83E5B7D5159CB243DFB36E4255AEBA1A84BDB4BD6443BEC0E4E6B4C5DAE90FDA4B9348AF712332982E93F2F2210
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF267B8D8B392FD926.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	0.5139465344577182
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loEDF9loEJ9lWE5bfGRiofGLfsGLfKq5o5oo52:kBqoIESEME5bfGRiofG7sG7Kq5o5oo52
MD5:	8861036D5B8D4396F8E86F8DA5B9299F
SHA1:	F6B6F3FAF1675B7D891A8D00BC5006E026CA5C36
SHA-256:	3F21C30AF09295036AE950D645ED0D173E8893EC692749BC63633E982FAA9FA2
SHA-512:	22FC9A895927BF33A6027A7F83EC76C5A60167CD3777845C3F6F8F904D8B930A3B90A9FCAA975D399BBAE2349766FFF187082E1EC172E8D48A524CECF32B130F
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF68199105E1E8B993.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	101179
Entropy (8bit):	1.8203002226969203
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+S0e3ED+tALW0vphGslsDsjKqjvXBYvPZPT9YctVXvXBYvPZPT9YcZ:0ALW9LPNaPNLRrMRHkX
MD5:	08FB35D106A289E7DD0179C45DA6B93E
SHA1:	B37D24D17AE15B52CCC52169074B0BD6C5FE404C
SHA-256:	65DBEA84C9F5655827D5F47BE52F6C1AE82FF149CD5D9868CBBEF956695B18F5
SHA-512:	A89ADB1496596311D3E08D0ADB2A83E4C69F12EF15EB5DDEB78A71E29EA101C0E480A1AF5EFA368CC09F7B10F1B9B7D1444A9F3C75228DFF1DB51CA0DA8249CB
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 928
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 1, 2021 22:27:47.092264891 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.092406988 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.139971972 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.140077114 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.143470049 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.143635988 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.145618916 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.145654917 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.193242073 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.194530010 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.194564104 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.194583893 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.194641113 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.194720030 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.196089983 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.196894884 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.196918011 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.196939945 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.197084904 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.197115898 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.230247021 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.230742931 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.237031937 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.237217903 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.237296104 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.280046940 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.280148029 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.281708002 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.281785965 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.282471895 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.282497883 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.282514095 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.282594919 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.282649994 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.283344030 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.284780025 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.284868956 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.287925959 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.288058996 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.289633036 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.330212116 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.338869095 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.376523972 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.376553059 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.376565933 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.376682043 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.376749992 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.381850958 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:27:47.430639029 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:27:47.454730034 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.456918955 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.502633095 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.502737999 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.503863096 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.507472992 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.507564068 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.508203030 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.553118944 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.553999901 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.554024935 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.554049969 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.554150105 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.554228067 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.558401108 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.559772968 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.559792042 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.559807062 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.559847116 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.559869051 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.563874960 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.563966990 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.564317942 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.564498901 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.564560890 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.611928940 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.611979008 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.612129927 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.612179995 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.612400055 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.613379002 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.614932060 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.614952087 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.615027905 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.615765095 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.615834951 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.616260052 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.665039062 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.671693087 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.721014977 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.721086979 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.721118927 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.721131086 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.721144915 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.721169949 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.721189022 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.721224070 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.723797083 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.723906040 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.723931074 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.723968983 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.723994017 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.724023104 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.727011919 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.727123022 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.727293968 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.777827978 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.847664118 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.898329973 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.995523930 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.995580912 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.995666027 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.995697975 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.997456074 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.997564077 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.999059916 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:47.999159098 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:47.999300003 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:48.050201893 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:48.135868073 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:48.188242912 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:48.285763979 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:48.285788059 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:48.285968065 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:48.287564993 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:48.287683964 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:48.287689924 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:27:48.287775993 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:48.288341999 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:27:48.338812113 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.482637882 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.533245087 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.533557892 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.537584066 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.588154078 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.589010000 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.589091063 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.589143038 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.589143991 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.589256048 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.589270115 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.596225977 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.646974087 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.647136927 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.649833918 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:03.705632925 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.796519995 CET	443	49727	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:03.796674013 CET	49727	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:05.624380112 CET	49728	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:05.624382019 CET	49729	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:05.683532000 CET	80	49728	8.208.92.142	192.168.2.3
Feb 1, 2021 22:28:05.683666945 CET	49728	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:05.684336901 CET	49728	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:05.684715033 CET	80	49729	8.208.92.142	192.168.2.3
Feb 1, 2021 22:28:05.684813976 CET	49729	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:05.787729025 CET	80	49728	8.208.92.142	192.168.2.3
Feb 1, 2021 22:28:05.948857069 CET	80	49728	8.208.92.142	192.168.2.3
Feb 1, 2021 22:28:05.948949099 CET	49728	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:05.951246977 CET	49728	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:06.010106087 CET	80	49728	8.208.92.142	192.168.2.3
Feb 1, 2021 22:28:06.018352985 CET	49731	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.019134998 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.064549923 CET	80	49731	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.064668894 CET	49731	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.065011978 CET	80	49732	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.065093994 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.065800905 CET	49731	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.111938953 CET	80	49731	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.176043987 CET	80	49731	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.176198959 CET	49731	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.252288103 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.252336979 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.298010111 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.298146009 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.298410892 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.298523903 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.298577070 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.344269037 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446513891 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446563005 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446599960 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446615934 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.446640015 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446643114 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.446646929 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.446680069 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446696043 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.446715117 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446742058 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.446743011 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.446773052 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.446793079 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.465481997 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.467211008 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.468415022 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.470251083 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.470480919 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.470899105 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.511162996 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.516576052 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.516721964 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.516865015 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.518330097 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.518361092 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.518435955 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.518487930 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.518822908 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.518949032 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.520914078 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.520956039 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.521003008 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.521003962 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.521017075 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.521048069 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.521061897 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.521097898 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.521248102 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.521291018 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.521306038 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.521339893 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.522324085 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.522356033 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.522397995 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.522418022 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.530821085 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.531080008 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.535330057 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.535346031 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.535450935 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.549617052 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.549916029 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.550206900 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.551517963 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.576468945 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.576762915 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.586848021 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.587002039 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.589807034 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.598479033 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.598515034 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.598721981 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.600855112 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610434055 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610500097 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610532045 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610539913 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610553026 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610579967 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610590935 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610620022 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610640049 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610668898 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610670090 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610714912 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610716105 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610753059 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610770941 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610797882 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610827923 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610840082 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.610851049 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.610908031 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.611341000 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.611406088 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.611896038 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.611948967 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.611974955 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.612024069 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.612381935 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.612420082 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.612478971 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.612513065 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613141060 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613178968 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613202095 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613214016 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613508940 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613548040 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613585949 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613606930 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613622904 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613627911 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613631010 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613671064 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613683939 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613713026 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613725901 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613749981 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613775015 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613789082 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613806963 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613826036 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613850117 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613883018 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613890886 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613929033 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613940954 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.613976955 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.613998890 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.614020109 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.614027023 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.614058971 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.614072084 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.614095926 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.614109039 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.614125013 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.614145041 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.614162922 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.615786076 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.615828037 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.615860939 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.615864038 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.615881920 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.615915060 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.615943909 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.616297007 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.616341114 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.616378069 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.616405964 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.617489100 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.617523909 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.617589951 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.617613077 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.618474007 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.627325058 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.627927065 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.634859085 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.635451078 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.641580105 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.641668081 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.641684055 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.641736984 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.645035982 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.662014961 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.666404009 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670517921 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670569897 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670608997 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.670613050 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670629978 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.670672894 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.670867920 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670917034 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670933008 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.670958996 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.670972109 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.670998096 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671010971 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671037912 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671047926 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671078920 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671092033 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671117067 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671142101 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671179056 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671758890 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671798944 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671838045 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671844006 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671859026 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671875954 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.671905041 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.671937943 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.672372103 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.672415018 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.672434092 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.672482967 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.672863007 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.672905922 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.672936916 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.672954082 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.673492908 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.673532963 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.673566103 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.673590899 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.673612118 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.674209118 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.674251080 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.674288988 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.674313068 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.674335003 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.675127029 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.675175905 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.675193071 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.675226927 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.676405907 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.676446915 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.676475048 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.676500082 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.677402020 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.677460909 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.677476883 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.677515984 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.678546906 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.678590059 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.678617954 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.678643942 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.679609060 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.679737091 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.679775000 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.679792881 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.679824114 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.680192947 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680253983 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680284977 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.680305958 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.680546999 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680588961 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680620909 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.680664062 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.680676937 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680772066 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680809021 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.680840015 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.680876017 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681122065 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681164026 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681193113 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681196928 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681216002 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681246996 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681693077 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681735992 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681756973 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681875944 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681915045 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.681915045 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681935072 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.681971073 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.682818890 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.682851076 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.682919979 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.682939053 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.683017969 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.683073997 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.695949078 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.695987940 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.696083069 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.696130037 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.701685905 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.701773882 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.701787949 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.701852083 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.702152014 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.702200890 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.702209949 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.702258110 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.703237057 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.703296900 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.703318119 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.703375101 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.704341888 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.704385042 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.704416990 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.704440117 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.705363035 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.705466986 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.705511093 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.705533028 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.705557108 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.706442118 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.706482887 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.706513882 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.706540108 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.707597017 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.707639933 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.707655907 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.707688093 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.708684921 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.708728075 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.708743095 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.708777905 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.709757090 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.709800959 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.709835052 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.709861994 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.709913969 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.710731030 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.710794926 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.710798025 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.710850000 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.711879969 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.711922884 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.711956024 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.711975098 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.712974072 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.713012934 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.713042021 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.713068962 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.714123964 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.714163065 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.714196920 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.714221001 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.717303991 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.717348099 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.717402935 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.717423916 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.717803001 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.717844009 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.717861891 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.717891932 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.718899012 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.718936920 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.718970060 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.718996048 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.719790936 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.720026016 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.720066071 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.720088005 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.720114946 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.721138000 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.721180916 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.721204042 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.721237898 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.722273111 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.722316980 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.722348928 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.722374916 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.722651958 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.723437071 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.723490953 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.723509073 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.723550081 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.724612951 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.724656105 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.724672079 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.724703074 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.725349903 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.725636959 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.725677967 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.725703001 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.725776911 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.726804018 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.726872921 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.730611086 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.730695009 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.730776072 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.730845928 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.731090069 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.731163979 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.731179953 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.731226921 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.732220888 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.732260942 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.732305050 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.732331038 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.732355118 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.733449936 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.733515978 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.733517885 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.733567953 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.736515999 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.751547098 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761780977 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761799097 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761811972 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761828899 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761850119 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761864901 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.761867046 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.761888027 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.761934042 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.762813091 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.762830973 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.762873888 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.762916088 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.763897896 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.763920069 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.763994932 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.765131950 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.765152931 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.765219927 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.766278028 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.766300917 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.766350031 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.767419100 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.767446041 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.767472982 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.767486095 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.768083096 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.768402100 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.768424034 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.768461943 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.768477917 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.769571066 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.769639015 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.772281885 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.773960114 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.773976088 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.774080038 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.776611090 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.776691914 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.779022932 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.779047966 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.779117107 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.779145956 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.780303001 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.780304909 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.780579090 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.790937901 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.791034937 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.793642998 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.793683052 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.793715954 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.793740988 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.794311047 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.794349909 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.794378996 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.794403076 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.795253038 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.795289993 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.795312881 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.795351028 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.796488047 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.796556950 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.798444986 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.800487041 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.802999020 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.829329014 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.829440117 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.832020998 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.850625038 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.850666046 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.850733042 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.850756884 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.851824045 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.851861000 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.851912975 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.851953983 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.852204084 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.852233887 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.852262020 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.852279902 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.852546930 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.852627039 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.852653980 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.852710009 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.856698990 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.856745005 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.856801987 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.856827021 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.858474970 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.861535072 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.863653898 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.866940975 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.877039909 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.877095938 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.877270937 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.877437115 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.877481937 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.877500057 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.877548933 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.877557993 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.878519058 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.878556967 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.878599882 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.878623009 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.879343033 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.879414082 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.892652988 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.892704010 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.892832994 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.892873049 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.893198967 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.893269062 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.912246943 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.912285089 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.912388086 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.912442923 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.912544012 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.912606955 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.915054083 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.915112019 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.915172100 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.915201902 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.915487051 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.915535927 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.915553093 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.915605068 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.916721106 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.916766882 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.916783094 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.916824102 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.917643070 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.917691946 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.917711020 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.917757034 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.918895960 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.918939114 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.918962955 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.918998957 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.919712067 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.919759989 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.919778109 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.919826984 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.920763969 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.920806885 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.920825958 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.920852900 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.921840906 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.921890020 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.921905041 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.921935081 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.922730923 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.922774076 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.922794104 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.922847986 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.923824072 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.923872948 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.923892021 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.923938036 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.924889088 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.924931049 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.924952984 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.924995899 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.925884962 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.925934076 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.925950050 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.925998926 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.926914930 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.926955938 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.926976919 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.927012920 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.927970886 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.928020000 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.928036928 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.928083897 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.928998947 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.929040909 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.929061890 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.929105043 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.930002928 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.930042982 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.930072069 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.930113077 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.931054115 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.931096077 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.931118011 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.931142092 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.931488991 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.931518078 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.931556940 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.931574106 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.932118893 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.932162046 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.932176113 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.932214022 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.933118105 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.933156967 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.933180094 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.933224916 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.934201956 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.934243917 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.934263945 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.934302092 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.935194016 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.935233116 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.935255051 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.935280085 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.936264992 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.936320066 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.936342001 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.936372042 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.937287092 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.937328100 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.937350988 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.937378883 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.938314915 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:06.938379049 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.969326973 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.971087933 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.972918034 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:06.974329948 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.018774986 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.023672104 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.023711920 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.023833036 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.023865938 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.025993109 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.026034117 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.026071072 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.026081085 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.026103973 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.026108027 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.026128054 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.026168108 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.026364088 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.026391983 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.026442051 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.026464939 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.027076006 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.027113914 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.027147055 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.027168989 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.027652025 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.027689934 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.027729988 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.027755976 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.028062105 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.028101921 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.028145075 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.028188944 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.028510094 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.028553009 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.028584957 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.028606892 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.029272079 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.029311895 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.029361010 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.029376984 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.029392004 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.029426098 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.029444933 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.029505014 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.030391932 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.030435085 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.030473948 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.030476093 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.030498981 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.030504942 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.030533075 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.030550003 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.031579018 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.031605005 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.031655073 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.031677008 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.032582998 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.032604933 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:07.032665014 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:07.032685995 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.354315996 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.415302992 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.415358067 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.415432930 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.415482044 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.803062916 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.811512947 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.818223953 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.829966068 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.831080914 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.835696936 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.862814903 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.862876892 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.863008976 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.863126993 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.863168955 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.863188028 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.863198042 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.863238096 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.864370108 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.864413023 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.864450932 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.864743948 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.865355968 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.865437031 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.865464926 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.865495920 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.865528107 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.866415024 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.866456032 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.866496086 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.866497040 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.866513968 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.866533995 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.866585016 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.866755962 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.866983891 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.867022038 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.867060900 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.867088079 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.867548943 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.867590904 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.867631912 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.867654085 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.868156910 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.868197918 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.868231058 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.868257999 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.868573904 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.868618011 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.868650913 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.868673086 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.869210958 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.869254112 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.869306087 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.869329929 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.869673014 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.869714022 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.869770050 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.869792938 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.870357990 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.870404005 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.870444059 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.870493889 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.870682001 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.870723009 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.870760918 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.870790958 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.871464014 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.871505022 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.871552944 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.871587038 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.871789932 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.871828079 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.871870041 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.871896982 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.872621059 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.872665882 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.872972965 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.873020887 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.873020887 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.873030901 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.873051882 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.873095989 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.873766899 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.873806000 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.873848915 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.873873949 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.873982906 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.874022961 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.874063969 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.874088049 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.874821901 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.874901056 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.875108957 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.875157118 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.875184059 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.875209093 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.876054049 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.876096964 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.876140118 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.876179934 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.877127886 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.877168894 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.877201080 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.877243042 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.878215075 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.878256083 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.878314972 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.878334045 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.879369974 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.879407883 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.879451036 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.879468918 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.880403042 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.880438089 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.880554914 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.880589008 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.881488085 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.881524086 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.881571054 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.881593943 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.882150888 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.882185936 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.882239103 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.882265091 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.882601023 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.882638931 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.882658005 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.882688999 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.883702040 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.883737087 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.883779049 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.883804083 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.884208918 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.884710073 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.884749889 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.884793043 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.884816885 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.885818005 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.885862112 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.885910988 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.885932922 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.887049913 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.887094021 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.887131929 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.887161016 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.887487888 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.887526989 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.887562037 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.887587070 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.888551950 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.888592005 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.888636112 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.888652086 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.889441967 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.889522076 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.891124010 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.891165972 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.891232014 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.891268015 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.891674042 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.891724110 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.891774893 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.891793966 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.892887115 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.892923117 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.892924070 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.892971992 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.892976046 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.892992973 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.893013954 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.893068075 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.893215895 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.893493891 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.893543005 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.893565893 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.893598080 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.893846989 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.893912077 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.894591093 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.894618988 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.894670010 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.894696951 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.903270006 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.909142971 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.909276009 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.909426928 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.909467936 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.909503937 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.909529924 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.910578966 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.910626888 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.910655022 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.910685062 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.911598921 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.911638975 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.911686897 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.911710024 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.912703991 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.912753105 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.912767887 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.912818909 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.913798094 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.913837910 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.913858891 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.913893938 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.914900064 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.914942026 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.914958954 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.915004015 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.915940046 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.916003942 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.916043043 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.916100025 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.917129993 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.917171955 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.917210102 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.917229891 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.918054104 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.918132067 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.918620110 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.918663025 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.918684959 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.918741941 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.919857025 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.919898033 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.919926882 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.919950008 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.920836926 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.920870066 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.920984030 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.920996904 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.921842098 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.921883106 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.921904087 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.921930075 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.922957897 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.922998905 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.923023939 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.923058033 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.924041986 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.924082994 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.924120903 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.924140930 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.925092936 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.925134897 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.925162077 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.925187111 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.926196098 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.926238060 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.926279068 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.926301003 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.927320957 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.927361012 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.927388906 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.927421093 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.928265095 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.928308964 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.928354025 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.928374052 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.929297924 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.929431915 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.929481983 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.929493904 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.929559946 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.930447102 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.930488110 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.930507898 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.930536985 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.931514978 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.931564093 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.931576014 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.931597948 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.931622028 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.932600975 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.932642937 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.932662010 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.932696104 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.933743954 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.933794022 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.933813095 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.933840036 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.934799910 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.934839964 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.934868097 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.934885979 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.935902119 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.935941935 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.935962915 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.936007977 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.936938047 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.936978102 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.937002897 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.937048912 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.938003063 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.938051939 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.938086987 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.938118935 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.938623905 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.939079046 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.939127922 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.939141035 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.939203024 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.939999104 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.940042019 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.940092087 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.940108061 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.940115929 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.940145969 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.940156937 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.940191984 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.940507889 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.940551043 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.940583944 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.940606117 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.941200972 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.941241026 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.941253901 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.941284895 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.941672087 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.941709042 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.941740990 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.941764116 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.942353010 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.942393064 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.942413092 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.942435026 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.942646027 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.942711115 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.949826002 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.949867964 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.949937105 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.949992895 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.950269938 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.950311899 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.950340986 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.950364113 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.951457977 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.951502085 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.951544046 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.951570988 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.952289104 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.952362061 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.955607891 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.955658913 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.955689907 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.955715895 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.955970049 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.956021070 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.956022978 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.956072092 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.956778049 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.956821918 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.956859112 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.956864119 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.956881046 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.956897974 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.956897974 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.956949949 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.957299948 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.957340956 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.957360983 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.957389116 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.957719088 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.957762957 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.957798004 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.957806110 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.958256960 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.958293915 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.958326101 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.958353996 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.958621979 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.958667040 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.958678961 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.958715916 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.959192038 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.959259987 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.959363937 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.959403038 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.959423065 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.959459066 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.960227013 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.960267067 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.960285902 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.960462093 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.961081982 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.961122036 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.961147070 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.961191893 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.961956978 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.961994886 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.962028980 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.962055922 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.962759018 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.962799072 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.962816954 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.962847948 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.963646889 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.963689089 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.963696003 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.963736057 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.964567900 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.964611053 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.964622974 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.964658022 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.965428114 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.965481043 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.965483904 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.965527058 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.966228008 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.966272116 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.966285944 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.966320038 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.967019081 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.967067957 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.967080116 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.967118979 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.967885971 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.967925072 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.967937946 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.967972994 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.968637943 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.968677998 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.968688965 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.968729973 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.969432116 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.969476938 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.969489098 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.969521046 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.970249891 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.970282078 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.970299006 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.970319986 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.971021891 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.971056938 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.971075058 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.971097946 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.971841097 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.971874952 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.971894979 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.971918106 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.972608089 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.972641945 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.972656012 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.972687960 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.973400116 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.973438025 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.973453999 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.973491907 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.974253893 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.974308014 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.983288050 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.983333111 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.983443975 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.983474970 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.983839989 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.983881950 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.983913898 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.983939886 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.984987020 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.985029936 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.985074997 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.986090899 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.986129045 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.986151934 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.986166000 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.986169100 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.987324953 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.987375021 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.987415075 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.987445116 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.988365889 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.988405943 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.988451958 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.989311934 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.989485025 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.989526033 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.989546061 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.989579916 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.990647078 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.990688086 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.990720987 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.990736961 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.991801023 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.991844893 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.991874933 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.991892099 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.992939949 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.992980957 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.993026018 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.993043900 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.994031906 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.994072914 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.994127035 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.994141102 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.995127916 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.995167971 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.995229006 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.995244026 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.996229887 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.996269941 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.996392012 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.997508049 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.997553110 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.997654915 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.997762918 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.997806072 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.997886896 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.997915983 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.998106956 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.998198986 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.998537064 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.998577118 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.998653889 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:11.999728918 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.999763966 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:11.999874115 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.000767946 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.000808001 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.000906944 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.001930952 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.001969099 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.002068043 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.003067970 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.003107071 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.003200054 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.004162073 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.004203081 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.004309893 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.005280018 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.005316973 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.005397081 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.006416082 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.006467104 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.006498098 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.006515026 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.007616997 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.007698059 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.007731915 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.007796049 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.008698940 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.008836031 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.008900881 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.009015083 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.029484987 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.029587030 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.029908895 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.029968977 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.029970884 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.030015945 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.031296968 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.031383038 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.031419039 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.031431913 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.032577991 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.032638073 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.032674074 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.032685995 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.033097029 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.033154011 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.054270029 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.109824896 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.109855890 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.109960079 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.109985113 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.358663082 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.430607080 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.430633068 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.430649042 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.430665970 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.430767059 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.430804014 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431021929 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431050062 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431071997 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431087017 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431092978 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431102037 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431128025 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431154966 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431868076 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431900978 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431926966 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431941986 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431956053 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.431966066 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.431991100 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.432017088 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.433120012 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.433151007 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.433182001 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.433193922 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.433212042 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.433223009 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.433234930 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.433259010 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.433532000 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.433562040 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:12.433598995 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:12.433634996 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:17.204813957 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.205869913 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.247700930 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.247814894 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.248117924 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.248296022 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.249100924 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.249334097 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.293498039 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.293679953 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307122946 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307229996 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.307341099 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307394028 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.307404041 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307449102 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.307679892 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307809114 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307832956 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.307861090 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.307874918 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.307921886 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.316625118 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.320702076 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.361282110 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.361349106 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.361377001 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.361413956 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.365135908 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.365194082 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.365279913 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.365333080 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.383366108 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.425753117 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.425854921 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.632203102 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.676225901 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.676352024 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.686254025 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.687077999 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.687093973 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.731631994 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.736103058 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.762490034 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.762644053 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.763293028 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.763355970 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.763365030 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.763415098 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.770636082 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.782910109 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.820035934 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.827780008 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.847769976 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.847898960 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.847958088 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.848011971 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.849045038 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.849102020 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.849245071 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:17.849298000 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.855948925 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:28:17.906008005 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:28:21.111120939 CET	80	49732	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:21.111263037 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:27.813488007 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.813955069 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.868767023 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.868933916 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.870045900 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.872279882 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.872406960 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.873260021 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.925345898 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.926911116 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.926930904 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.926944017 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.926961899 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.927028894 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.927061081 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.930915117 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.933165073 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.933190107 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.933206081 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.933222055 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.933250904 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.933280945 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.933300972 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.943432093 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.943646908 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.944288969 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.944693089 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.944828033 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.997472048 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.997508049 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.997684002 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:27.998261929 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:27.998382092 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.000351906 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.000375986 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.000468969 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.000498056 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.000768900 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.000828028 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.002439022 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.002475023 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.002492905 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.002538919 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.002567053 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.002764940 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.003225088 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.003555059 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:28:28.060039997 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:28.061703920 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:28:29.444690943 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:29.503849030 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:28:29.504066944 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:28:35.746458054 CET	80	49729	8.208.92.142	192.168.2.3
Feb 1, 2021 22:28:35.746620893 CET	49729	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:28:39.561609983 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.612025976 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.713670969 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.713736057 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.713779926 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.713843107 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.715575933 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.715617895 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.715696096 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.715723038 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.718714952 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.718817949 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.720458031 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.720501900 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.720554113 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.720583916 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.724050999 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.724126101 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.724155903 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.724195004 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.727559090 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.727593899 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.727657080 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.727700949 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.730006933 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.730070114 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.730093956 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.730134964 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.733374119 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.733470917 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.733474970 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.733551979 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.736927986 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.736994982 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.737011909 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.737046957 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.740485907 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.740528107 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.740575075 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.740601063 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.744330883 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.744371891 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.744448900 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.744473934 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.747519970 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.747566938 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.747627020 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.747653961 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.751087904 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.751162052 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.751166105 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.751219034 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.754631042 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.754689932 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.754726887 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.754750967 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.764262915 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.764342070 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.798078060 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.798227072 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.802932978 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.802984953 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.803040981 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.803086996 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.804645061 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.804687977 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.804708004 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.804742098 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.808162928 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.808235884 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.808274984 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.808339119 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.816138983 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.816183090 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.816243887 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.816276073 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.850630999 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.850698948 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.850745916 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.850800037 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.855014086 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.855070114 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:39.855086088 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:39.855130911 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.199651003 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.250547886 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.746083975 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.796664953 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.893539906 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.893596888 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.893629074 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.893678904 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.895261049 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.895312071 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.895318031 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.895368099 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.898561954 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.898628950 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.905886889 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:40.956470966 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:40.963464022 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.015928030 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.105958939 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.106018066 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.106117964 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.106154919 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.106555939 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.106635094 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.106642008 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.106700897 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.107795954 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.107884884 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.108454943 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:28:41.108534098 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.143173933 CET	49721	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:28:41.193711996 CET	443	49721	67.199.248.15	192.168.2.3
Feb 1, 2021 22:29:36.380352974 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:29:36.380549908 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:29:36.382105112 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:29:36.382262945 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:29:36.383270025 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.383930922 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.384469986 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.384938002 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.385437965 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.385911942 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.386426926 CET	49731	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.392492056 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.392839909 CET	49729	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:29:36.392889023 CET	49729	80	192.168.2.3	8.208.92.142
Feb 1, 2021 22:29:36.393052101 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:29:36.394496918 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:29:36.394659996 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:29:36.425525904 CET	443	49748	216.58.207.162	192.168.2.3
Feb 1, 2021 22:29:36.425683022 CET	443	49747	216.58.207.162	192.168.2.3
Feb 1, 2021 22:29:36.425683022 CET	49748	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:29:36.425766945 CET	49747	443	192.168.2.3	216.58.207.162
Feb 1, 2021 22:29:36.430448055 CET	80	49733	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.430468082 CET	80	49740	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.430582047 CET	49733	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.430639982 CET	49740	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.430692911 CET	80	49737	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.430754900 CET	49737	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.431615114 CET	80	49734	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.431721926 CET	49734	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.431740999 CET	80	49739	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.431796074 CET	49739	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.431799889 CET	80	49738	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.431874990 CET	49738	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.433463097 CET	80	49731	172.67.207.131	192.168.2.3
Feb 1, 2021 22:29:36.433598995 CET	49731	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:36.434109926 CET	443	49758	172.217.168.225	192.168.2.3
Feb 1, 2021 22:29:36.434199095 CET	49758	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:29:36.436870098 CET	443	49759	172.217.168.225	192.168.2.3
Feb 1, 2021 22:29:36.436945915 CET	49759	443	192.168.2.3	172.217.168.225
Feb 1, 2021 22:29:36.441756010 CET	443	49722	67.199.248.15	192.168.2.3
Feb 1, 2021 22:29:36.441931009 CET	49722	443	192.168.2.3	67.199.248.15
Feb 1, 2021 22:29:36.442923069 CET	443	49719	67.199.248.11	192.168.2.3
Feb 1, 2021 22:29:36.443027020 CET	49719	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:29:36.445480108 CET	443	49718	67.199.248.11	192.168.2.3
Feb 1, 2021 22:29:36.445719957 CET	49718	443	192.168.2.3	67.199.248.11
Feb 1, 2021 22:29:36.692578077 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:37.302083015 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:38.505489111 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:41.036776066 CET	49732	80	192.168.2.3	172.67.207.131
Feb 1, 2021 22:29:45.849714994 CET	49732	80	192.168.2.3	172.67.207.131

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 1, 2021 22:27:39.619545937 CET	58361	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:39.669713974 CET	53	58361	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:40.731466055 CET	63492	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:40.784621954 CET	53	63492	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:41.542227030 CET	60831	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:41.590195894 CET	53	60831	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:42.673686028 CET	60100	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:42.732968092 CET	53	60100	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:43.491595984 CET	53195	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:43.539778948 CET	53	53195	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:45.268493891 CET	50141	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:45.331482887 CET	53	50141	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:45.700414896 CET	53023	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:45.748234034 CET	53	53023	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:47.032421112 CET	49563	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:47.082463026 CET	53	49563	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:47.128668070 CET	51352	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:47.176671028 CET	53	51352	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:47.390022039 CET	59349	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:47.452476978 CET	53	59349	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:48.203490973 CET	57084	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:48.254133940 CET	53	57084	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:49.143526077 CET	58823	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:49.195923090 CET	53	58823	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:50.232659101 CET	57568	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:50.290616989 CET	53	57568	8.8.8.8	192.168.2.3
Feb 1, 2021 22:27:52.488881111 CET	50540	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:27:52.550901890 CET	53	50540	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:03.417568922 CET	54366	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:03.475841045 CET	53	54366	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:05.470263958 CET	53034	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:05.621825933 CET	53	53034	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:05.955773115 CET	57762	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:06.016750097 CET	53	57762	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:06.183234930 CET	55435	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:06.250369072 CET	53	55435	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:06.306066990 CET	50713	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:06.354027033 CET	53	50713	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:06.498802900 CET	56132	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:06.564342022 CET	53	56132	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:11.767762899 CET	58987	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:11.827433109 CET	53	58987	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:15.375262976 CET	56579	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:15.423300982 CET	53	56579	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:16.770770073 CET	56579	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:16.818773031 CET	53	56579	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:16.932223082 CET	60633	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:16.982991934 CET	53	60633	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:17.116801023 CET	61292	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:17.149837017 CET	63619	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:17.186115980 CET	53	61292	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:17.213990927 CET	53	63619	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:17.307555914 CET	64938	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:17.374566078 CET	53	64938	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:17.770385027 CET	56579	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:17.828913927 CET	53	56579	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:17.949223995 CET	60633	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:17.999761105 CET	53	60633	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:18.436738968 CET	61946	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:18.497124910 CET	53	61946	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:18.952991962 CET	60633	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:19.003649950 CET	53	60633	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:19.777760983 CET	56579	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:19.825763941 CET	53	56579	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:21.201611996 CET	60633	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:21.260724068 CET	53	60633	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:24.072897911 CET	56579	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:24.129663944 CET	53	56579	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:24.551371098 CET	64910	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:24.603940964 CET	53	64910	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:25.213146925 CET	60633	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:25.274563074 CET	53	60633	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:27.740401983 CET	52123	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:27.810122013 CET	53	52123	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:30.212474108 CET	56130	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:30.265131950 CET	53	56130	8.8.8.8	192.168.2.3
Feb 1, 2021 22:28:31.502713919 CET	56338	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:28:31.550554991 CET	53	56338	8.8.8.8	192.168.2.3
Feb 1, 2021 22:29:00.271332979 CET	59420	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:29:00.329073906 CET	53	59420	8.8.8.8	192.168.2.3
Feb 1, 2021 22:29:34.733967066 CET	58784	53	192.168.2.3	8.8.8.8
Feb 1, 2021 22:29:34.790205956 CET	53	58784	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 1, 2021 22:27:47.032421112 CET	192.168.2.3	8.8.8.8	0x5fdb	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)
Feb 1, 2021 22:27:47.390022039 CET	192.168.2.3	8.8.8.8	0xb1f8	Standard query (0)	bitly.com	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:03.417568922 CET	192.168.2.3	8.8.8.8	0x5452	Standard query (0)	bitly.com	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:05.470263958 CET	192.168.2.3	8.8.8.8	0x9c2	Standard query (0)	rghr.associateneed.link	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:05.955773115 CET	192.168.2.3	8.8.8.8	0xab27	Standard query (0)	it.1k-dailyprofit.zulole28.vip	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.183234930 CET	192.168.2.3	8.8.8.8	0x820b	Standard query (0)	de.gewinncode.zulole28.vip	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.498802900 CET	192.168.2.3	8.8.8.8	0x83d2	Standard query (0)	s.ytimg.com	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:11.767762899 CET	192.168.2.3	8.8.8.8	0xb43f	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:17.116801023 CET	192.168.2.3	8.8.8.8	0xcc77	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:17.149837017 CET	192.168.2.3	8.8.8.8	0x25ed	Standard query (0)	static.doubleclick.net	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:27.740401983 CET	192.168.2.3	8.8.8.8	0xcb2c	Standard query (0)	yt3.ggpht.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 1, 2021 22:27:47.082463026 CET	8.8.8.8	192.168.2.3	0x5fdb	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)
Feb 1, 2021 22:27:47.082463026 CET	8.8.8.8	192.168.2.3	0x5fdb	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)
Feb 1, 2021 22:27:47.452476978 CET	8.8.8.8	192.168.2.3	0xb1f8	No error (0)	bitly.com		67.199.248.15	A (IP address)	IN (0x0001)
Feb 1, 2021 22:27:47.452476978 CET	8.8.8.8	192.168.2.3	0xb1f8	No error (0)	bitly.com		67.199.248.14	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:03.475841045 CET	8.8.8.8	192.168.2.3	0x5452	No error (0)	bitly.com		67.199.248.15	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:03.475841045 CET	8.8.8.8	192.168.2.3	0x5452	No error (0)	bitly.com		67.199.248.14	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:05.621825933 CET	8.8.8.8	192.168.2.3	0x9c2	No error (0)	rghr.associateneed.link		8.208.92.142	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.016750097 CET	8.8.8.8	192.168.2.3	0xab27	No error (0)	it.1k-dailyprofit.zulole28.vip		172.67.207.131	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.016750097 CET	8.8.8.8	192.168.2.3	0xab27	No error (0)	it.1k-dailyprofit.zulole28.vip		104.21.37.107	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.250369072 CET	8.8.8.8	192.168.2.3	0x820b	No error (0)	de.gewinncode.zulole28.vip		172.67.207.131	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.250369072 CET	8.8.8.8	192.168.2.3	0x820b	No error (0)	de.gewinncode.zulole28.vip		104.21.37.107	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:06.564342022 CET	8.8.8.8	192.168.2.3	0x83d2	No error (0)	s.ytimg.com		172.217.23.46	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:11.827433109 CET	8.8.8.8	192.168.2.3	0xb43f	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2021 22:28:17.186115980 CET	8.8.8.8	192.168.2.3	0xcc77	No error (0)	googleads.g.doubleclick.net	pagead46.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2021 22:28:17.186115980 CET	8.8.8.8	192.168.2.3	0xcc77	No error (0)	pagead46.l.doubleclick.net		216.58.207.162	A (IP address)	IN (0x0001)
Feb 1, 2021 22:28:17.213990927 CET	8.8.8.8	192.168.2.3	0x25ed	No error (0)	static.doubleclick.net	static-doubleclick-net.l.google.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2021 22:28:27.810122013 CET	8.8.8.8	192.168.2.3	0xcb2c	No error (0)	yt3.ggpht.com	photos-ugc.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2021 22:28:27.810122013 CET	8.8.8.8	192.168.2.3	0xcb2c	No error (0)	photos-ugc.l.googleusercontent.com		172.217.168.225	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

rghr.associateneed.link

it.1k-dailyprofit.zulole28.vip

de.gewinncode.zulole28.vip

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49728	8.208.92.142	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:05.684336901 CET	195	OUT	GET /index HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: rghr.associateneed.link Connection: Keep-Alive
Feb 1, 2021 22:28:05.948857069 CET	219	IN	HTTP/1.1 302 Found Server: nginx/1.14.2 Date: Mon, 01 Feb 2021 21:28:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Set-Cookie: zcknrt_index=0; expires=Tue, 02-Feb-2021 21:28:05 GMT; Max-Age=86400; path=/ Location: http://it.1k-dailyprofit.zulole28.vip/04uu Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49731	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.065800905 CET	220	OUT	GET /04uu HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: it.1k-dailyprofit.zulole28.vip
Feb 1, 2021 22:28:06.176043987 CET	233	IN	HTTP/1.1 302 Found Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Set-Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886; expires=Wed, 03-Mar-21 21:28:06 GMT; path=/; domain=.zulole28.vip; HttpOnly; SameSite=Lax Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Origin: * Location: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Vary: User-Agent CF-Cache-Status: DYNAMIC cf-request-id: 080117f6d500004c0d9d8d8000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=l4BPMXWS12GXqzNEyAuTEtPpthzaDcDb1kQ0hsZO%2FgCAHVGGIOuCMv3CnSGGYpyTnqf7BRC%2F%2FCjLsa1dsM1Bmj7F%2F9f3h606rwihmRYpIkX%2FkxkTUl4lTLoiPeNxeUY%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec29e2a4f4c0d-AMS

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49734	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.298577070 CET	234	OUT	GET /?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: de.gewinncode.zulole28.vip Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.446513891 CET	236	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive last-modified: Mon, 09 Nov 2020 15:03:18 GMT vary: Accept-Encoding,User-Agent CF-Cache-Status: DYNAMIC cf-request-id: 080117f7be00009c3f5d1c0000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NSAPOAXtDGnx31pCz3b46DPck3hbIloaUQXV4I9JG1kxyjYBwtkLWEskVDxoSqWY9Ms04wsBM1zI1QBEsEiS8v40jlRoLqEwzh4yDkZIjzz3AHMPhmxFjifwcQ%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec29f9ba29c3f-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb 37 1b a1 76 0c ae bd 10 18 db ed 7e 39 62 9e 25 60 74 38 5d ad 42 25 ea 24 d4 2a f7 eb b5 24 eb b4 cc f6 60 eb db 19 15 c7 c7 9e 27 d2 3c fe 15 1d Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd7v~9b%`t8]B%$*$`'<
Feb 1, 2021 22:28:06.446563005 CET	237	IN	Data Raw: fe 76 b1 c3 65 2f fb 0f 9a fa ed 5b df 1a 0c 5c 6b 4b db 71 6d e5 c3 37 d2 a0 46 78 24 33 14 51 21 13 94 60 b8 8c 60 84 89 46 79 6e 5b 60 14 44 cc 98 d6 04 a5 9f e5 f7 68 cf ad 9f db 56 35 ed f0 38 65 32 44 18 a3 ce 99 31 f4 e5 98 15 06 65 84 30 Data Ascii: ve/[\kKqm7Fx$3Q!``Fyn[`DhV58e2D1e0V YuQa\uT@6EN"x0EJ;E.T1O#nO.Pw!-pu_?z1LsepyjPyq^
Feb 1, 2021 22:28:06.446599960 CET	238	IN	Data Raw: 9f 02 3f b0 eb 15 d6 48 0f a9 22 97 30 b8 0f 47 b6 20 30 07 fe fe 9f 7f 2d 15 5a ff 41 ab d7 eb ad ef 4b 5c 01 34 af cd 98 87 30 12 2a 3c ed 9f 9c 90 cd 39 c9 99 b6 6b b0 07 b3 11 46 6d 8d 26 57 d2 f0 31 c2 e2 8b 76 ff 9b d1 d9 77 53 da 63 1e a1 Data Ascii: ?H"0G 0-ZAK\40<9kFm&W1vwScZn(C/L2aI,w.YE$O_LZn.5~#&x@a>lws[8O]Yaq;r2D5c<P/?e*BceR-_
Feb 1, 2021 22:28:06.446640015 CET	240	IN	Data Raw: b0 98 51 ee 5e 54 8e bd c7 ff 6b 2f 66 d9 dc 97 f3 5e 16 e2 95 de 1a 69 de ae f3 73 23 01 3f 1e 02 3e 73 82 52 dc 34 68 16 61 db 7d 58 12 bf f4 d6 da 03 b6 a4 2f 57 e5 ed ac 17 70 5b 7d 8d bc 2c 9b 2e 6f b0 4c c7 ef 79 4e 55 5b c9 bb 5d 9b de 52 Data Ascii: Q^Tk/f^is#?>sR4ha}X/Wp[},.oLyNU[]RW!*aJ8U.~MPy_JZW3Dozlu0$KtoTh4\|HWooPuy\|$)/`NQ>[krW"i=+P+bA
Feb 1, 2021 22:28:06.446680069 CET	241	IN	Data Raw: 54 e9 40 bd b9 bb 6e 9e 5f 7c 2c 62 9e 54 3b e2 08 4f 35 85 a7 73 57 dc f4 87 37 3b 98 b2 a4 07 0f 7f bf 26 76 f1 0d 2c 1d f1 fd e1 81 b1 84 aa 20 97 31 c5 d6 5e 0c 26 ce 0e 7d bf 7c 87 72 37 77 c7 92 9d dd d5 b4 2b 4f 6b b9 ae b3 7c e2 44 ab d4 Data Ascii: T@n_\|,bT;O5sW7;&v, 1^&}\|r7w+Ok\|DMK6{/Ts(-ZM7+XAc,8$meRNN)+`zsf u Hrhn([k8"^IM`wb)McuTf&][=}$_8
Feb 1, 2021 22:28:06.446715117 CET	242	IN	Data Raw: 79 ba 15 35 53 e4 a8 c7 dc 60 04 4a d7 68 8f ce 80 c9 33 7f bb 69 48 37 44 91 96 72 dd 90 4a c3 9b a3 e9 73 07 1e c9 33 28 e4 b4 6a 43 e3 b6 1c 22 1d 0a 1e 73 7b 46 d4 df 74 8e 3a a0 d1 f0 88 a4 80 ba 13 52 5e 25 09 7e 04 85 14 8c 6e 52 e8 dc 8e Data Ascii: y5S`Jh3iH7DrJs3(jC"s{Ft:R^%~nR0BX2Wa0Ju(CC"Iy]!V;}'O/swcY8Wp[;MNRv=~-]L%{ qol4Wn$hiZ
Feb 1, 2021 22:28:06.446743011 CET	242	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Feb 1, 2021 22:28:06.465481997 CET	243	OUT	GET /images/logo_crop.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.520914078 CET	246	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 8644 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "21c4-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300826 Accept-Ranges: bytes cf-request-id: 080117f86500009c3f65932000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lwodVIMUfAJu1sOYz4XAL5ahwD2IXZzWVNws%2FIHBoas%2FgZGDIRHmgh9qKMUBxJXShPeY9poEa%2BqnWfp1pxHsawXm4woEzOB4c%2BPmeja3NDBhl%2Fe5BTs0oY8aeA%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a0ac519c3f-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff c0 00 11 08 00 25 00 c3 03 01 11 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 Data Ascii: JFIFHHCC%}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Feb 1, 2021 22:28:06.520956039 CET	247	IN	Data Raw: f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fe fe 28 00 a0 0f e3 eb c5 9f b3 c7 88 3f 6a 2f f8 28 87 ed 03 f0 8b c3 1a f6 8d e1 ad 5b 56 f8 bd f1 b3 55 8f 55 d7 a3 bd 97 4e 8a 2d 0f c4 5a de a1 3c 4e 9a 7c 33 dc 99 26 48 fc b8 b6 c7 b4 31 cb Data Ascii: ?(?j/([VUUN-Z<N\|3&H17oF_6\.00js3IF;+E6yYH?+0Yf/<q/Be<*UrcFZG\|qI\|Vu'dZ=Fo<Gdx
Feb 1, 2021 22:28:06.521003962 CET	249	IN	Data Raw: cd bf f5 9b e1 33 e2 3e 9f ff 00 f2 78 f8 6b fe cd 9e 4d ff 00 ad 4f 19 9f 70 7e d7 5f b5 87 c2 ff 00 d8 cb e0 b6 bd f1 a7 e2 9c f7 92 e9 b6 13 c1 a4 78 77 c3 7a 4a c5 26 bd e3 2f 15 6a 09 33 69 5e 1b d1 63 9d e3 81 27 b8 5b 7b 8b bb db eb 99 12 Data Ascii: 3>xkMOp~_xwzJ&/j3i^c'[{L/uuolmu4.f+KtpI="]>yEixtMG@}kqoi>xc~$Xo.5[}?Q2"hq5i
Feb 1, 2021 22:28:06.521048069 CET	250	IN	Data Raw: e4 a1 89 c7 e2 ea fb 49 d2 95 66 eb 38 ca a3 84 29 c6 1f ce c7 fc 1c b1 aa ea f0 f8 5b f6 42 d1 21 79 46 81 a8 78 83 e3 56 ab a9 46 25 61 03 6a fa 3e 9d f0 ca d3 44 79 21 0c 16 49 63 b2 d7 7c 40 b0 ca 51 9a 24 92 75 56 41 33 87 fa f3 e2 4f b6 fe Data Ascii: If8)[B!yFxVF%aj>Dy!Ic\|@Q$uVA3O<!<5=c:G\|.x[>C}?.txIrkNG84-fOf?>0~F'K>i6z7!Zi$<1ttm^
Feb 1, 2021 22:28:06.521248102 CET	252	IN	Data Raw: a9 7c 3b a2 6a 9e 1d d6 75 eb 8d 02 d6 68 34 ed 46 e3 59 89 af ed ee 64 d2 74 99 2d 3f d3 5f 0d b3 9c 6f 11 78 7b c0 d9 f6 65 3f 6b 98 e7 1c 25 c3 d9 8e 3e ad a2 bd b6 37 17 95 61 6b e2 ab 72 c2 30 8c 7d b5 79 d4 a9 c9 18 a8 c3 9b 95 2b 24 7f 93 Data Ascii: \|;juh4FYdt-?_ox{e?k%>7akr0}y+$)X/$>%7q(sNSsNSg/^+^_cz5MRC}7X\|)C$6bIG>,7m
Feb 1, 2021 22:28:06.530821085 CET	255	OUT	GET /images/form-bg-1.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.586848021 CET	261	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 503 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "1f7-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300826 Accept-Ranges: bytes cf-request-id: 080117f8a600009c3f50bf5000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6PlLrhDhTF1H9%2BBMUvV%2FnSCGZXJQLVvsqQo6isNgi4Mw6niknH9YBMWVfybZ9HsRv28slWdEY2qtm7riHvxY4amLZbG%2FRhNo1zIkOtkuHtI5ahs9pyRiskAl0w%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a10c8f9c3f-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 52 00 00 00 52 08 06 00 00 00 c7 2c 83 9b 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 01 8c 49 44 41 54 78 01 ed db bd 4d c4 30 00 40 61 c7 50 31 01 14 6c c1 2a 0c 40 47 c5 00 47 83 04 62 00 2a c4 2e 54 ac 41 47 41 41 4b 1f e4 02 09 71 3f 49 9c a7 c4 b6 de 2b 4e 77 c9 55 9f 72 17 db 72 ba fb cd 43 7f fd f9 18 6c 5e 47 ef 97 af 77 7d 17 c2 c5 f7 5b b0 fc 62 7a 79 39 bd 0d cf 67 9b 60 f9 c5 df 37 62 ce 2b fe fd 20 66 7e f1 ff 01 31 f3 8a bb 0e 8a 39 bd b8 ef 84 98 d3 8a 87 4e 8a 39 be 38 f4 05 31 c7 35 08 99 12 73 b8 51 90 29 31 0f 37 1a 32 25 e6 fe 26 41 a6 c4 dc dd 64 c8 94 98 db 75 e7 4f 7d 1f 32 fb b8 e9 ba d0 50 5f 57 27 d9 16 59 57 a4 6d 27 24 94 90 50 42 42 09 09 25 24 94 90 50 42 42 09 09 25 24 d4 71 58 a8 d6 77 74 2c 76 45 b6 be d0 b1 e8 4f bb 65 cc c5 ff 23 5b c5 5c e5 66 d3 22 e6 6a 77 ed d6 30 57 1d fe b4 84 b9 fa 38 b2 15 cc 22 06 e4 2d 60 16 33 b3 a9 1d b3 a8 29 62 cd 98 c5 cd b5 6b c5 2c 72 d1 a2 46 cc 62 57 7f 6a c3 2c 7a 19 ad 26 cc c5 76 5a b4 be a3 c3 85 5d 28 21 a1 84 84 12 12 4a 48 28 21 a1 84 84 12 12 4a 48 28 21 a1 84 84 12 12 4a 48 28 21 a1 84 84 12 12 4a 48 28 21 a1 84 84 12 12 4a 48 28 21 a1 84 84 12 12 4a 48 a8 59 0f 2c cd d9 3d d1 5a 5e 91 50 42 42 09 09 25 24 94 90 50 42 42 09 09 25 24 94 90 50 42 42 09 09 25 24 94 90 50 42 42 fd 00 c7 1e 5e f4 8e d4 d0 c3 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRRR,pHYssRGBgAMAaIDATxM0@aP1l@GGb.TAGAAKq?I+NwUrrCl^Gw}[bzy9g`7b+ f~19N9815sQ)172%&AduO}2P_W'YWm'$PBB%$PBB%$qXwt,vEOe#[\f"jw0W8"-`3)bk,rFbWj,z&vZ](!JH(!JH(!JH(!JH(!JH(!JHY,=Z^PBB%$PBB%$PBB%$PBB^IENDB`
Feb 1, 2021 22:28:06.589807034 CET	262	OUT	GET /css/css.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.641580105 CET	319	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 674 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "163e-5ab1be1c19b52-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f8e100009c3f54aa8000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HokuF%2Ftv2AnIpnfJKhXvWgup2IPa3Vygy20iMf%2Fryj%2F5tVfY%2F8CLFh6IiNDY%2B4hBuq4DQYsQnEKZdse4tNfAoBfI3mOH7KxKaQoApn3Uiqb8VDq0032lNUGpYA%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a16cc59c3f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 96 df 6f 9b 30 10 c7 df f3 57 f0 96 a4 2b 89 ed f0 23 a4 2f 03 12 57 6a bb 4d db 94 44 ed 1b 21 86 91 1a 88 80 24 8d a6 fd ef 33 98 a6 51 b6 6a f5 26 2a a8 f6 62 eb 7c c8 f8 3e f7 f5 9d fb 67 92 bb 4f 02 4a 03 57 26 0f 99 74 d6 6f bd f7 e2 28 93 3d c7 25 d2 f7 96 24 95 56 18 d0 fd 48 6a 7f 5a 93 48 fa ea 44 69 fb e2 d1 97 66 7b 4a 46 52 14 27 a1 43 0f ab 3b 12 f8 df b2 91 a4 00 90 af a5 89 3b 92 68 ec 3a b4 f3 b4 87 f4 85 f8 1b ea 24 ed ee f9 b1 2f 77 c9 47 ae 4d 42 3b bd 5e 3f df 36 ed 87 24 1c de 3a 97 29 44 da 87 e0 6e 6d 99 f2 14 cf af c0 72 e1 de f7 76 b1 e7 75 d9 ef d9 41 b2 4e 3b b7 da dd fc e7 9b 28 70 e3 25 91 13 27 f2 d9 49 a7 ef 80 a2 01 19 a8 08 9f 33 03 da 43 20 b3 61 98 1b 08 58 4a 31 8f 27 40 46 63 5c 7c 61 6a 0a 90 4d cd 28 0c 3c 41 13 99 0d f8 a2 f5 a3 d5 7f c2 d7 4c 74 d3 3b 61 74 80 a1 53 d4 82 05 50 8c dc 30 20 37 ac dc b0 0a 03 41 a8 95 80 fc 84 90 fb 06 8b 4b 94 10 c4 8c 10 c4 18 1f c7 df cc d8 67 6b 51 75 0c 74 a6 81 c1 21 f6 6d 40 b2 c8 09 49 4a 9a 09 60 2e 0c 00 02 24 b3 61 50 dc 08 08 19 0d 08 8b 1b 01 27 26 93 c5 04 1b bc cc 98 56 89 88 3a 59 10 35 f8 7a a8 e2 84 18 14 a4 f0 02 82 54 83 c3 01 05 1c cc e1 20 50 42 62 35 98 91 2a 8d 31 33 6c 5c 56 97 02 30 b2 59 1d 47 b6 ce ab b4 8e 58 95 d6 0f da 2b c0 36 13 ea 8c d5 1c 01 a2 20 27 0a 38 3c 00 07 bc 1a 43 35 17 a2 ca 85 88 2c 8b 31 b7 6c 6e d8 1a 9f c7 66 39 db 9c 30 c8 71 6b 65 0e 74 a5 c4 ce 9d 10 21 3e 1b 65 7d 37 78 06 98 a3 9c 55 de 1d f9 31 58 f9 1b 9f 34 c8 17 69 7c ba d8 44 d9 e6 1f 72 c1 37 f8 4d 22 b8 e3 d9 34 28 81 9d 6a d7 b3 d5 e2 a3 75 4b fd f8 da f5 f5 dd 0a 80 9a bf 29 6a 83 8b ec 84 71 55 f7 8e a8 0d 15 57 94 ca df bd 1d 6a 13 af 67 8a aa e0 e4 bd f0 f2 66 58 9b 98 dd cf a2 31 d7 ab 01 d6 06 a4 c7 2e cb ff a6 f7 e7 14 e8 cf a6 Data Ascii: o0W+#/WjMD!$3Qj&b\|>gOJW&to(=%$VHjZHDif{JFR'C;;h:$/wGMB;^?6$:)DnmrvuAN;(p%'I3C aXJ1'@Fc\\|ajM(<ALt;atSP0 7AKgkQut!m@IJ`.$aP'&V:Y5zT PBb513l\V0YGX+6 '8<C5,1lnf90qket!>e}7xU1X4i\|Dr7M"4(juK)jqUWjgfX1.
Feb 1, 2021 22:28:06.645035982 CET	320	OUT	GET /js/jquery.min.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.701685905 CET	399	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 33760 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "17b8b-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f91c00009c3f6b176000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XwmAiaJ1CO%2B2XE%2BmXdpcjvhVEV6QaJ86hOlj1ZColKtVFVBaDG5pPOP4Vs5p3TkuBpXo%2FaCUGHIqR68Guu9YhYMq2lIMu0D8Kl62M9tCsUzlUnFgNET2ZVacaQ%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a1cd139c3f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd 6b 7b 1b c7 b1 2e fa 7d fd 0a 62 a2 45 cf 08 4d 90 94 ed ec 64 a0 21 8e 2c c9 b1 12 db b2 2d 39 b6 17 08 fb 99 1b 80 21 71 23 00 8a 94 09 e4 b7 9f 7a ab ba 7b 7a 2e 90 9c b5 f6 3e cf 7e 8e 13 11 73 e9 e9 7b 57 57 55 57 bd 75 fa b8 73 74 f5 fd 6d be 7e 7f f4 ee bc 77 fe a4 f7 d9 d1 ee c8 4f 03 f3 f0 cb e5 ed 22 8b b7 c5 72 41 cf af 6e f0 ac b7 5c 4f 4e 67 45 9a 2f 36 f9 d1 e3 d3 ff e8 8c 6f 17 29 52 f8 b1 4a 82 07 6f 99 5c e5 e9 d6 8b a2 ed fb 55 be 1c 1f cd 97 d9 ed 2c 3f 3e 3e f0 a2 97 df af 96 eb ed 66 50 bd 8d e2 5e b6 4c 6f e7 f9 62 3b 48 28 e7 ce 59 10 96 05 05 0f c5 d8 ef 94 49 82 ed 74 bd bc 3b 5a e4 77 47 2f d7 eb e5 da f7 74 fd d7 f9 cd 6d b1 ce 37 47 f1 d1 5d b1 c8 28 cd 5d b1 9d d2 9d f9 d2 0b fa eb 7c 7b bb 5e 1c 51 29 c1 3e e4 bf be 47 ad ce c7 c5 22 cf bc 8e a9 ae 7c 3f 90 9f 70 3b 2d 36 aa da f2 77 f1 fa 28 8d 86 23 95 39 95 57 79 94 f6 36 e8 2e 35 a6 ab 74 b9 48 e3 ad 9a d0 e5 ea 76 33 55 53 ba a0 0c f3 fb d7 63 55 44 0f 7b 75 15 15 bd ed f2 cd 76 5d 2c 26 ea 9a 6e a6 f1 e6 f5 dd e2 bb f5 72 95 af b7 ef d5 0c 89 e6 91 27 83 e5 a9 45 54 ad 84 6e 0c 7a 62 d1 1b 2f 28 f3 62 cb 6f f6 6a 19 9d fe 3a bc dc 5c de 7e f9 f2 cb 2f 2f ef 9f 9d 8d ba bb da fd a3 d3 89 5a 51 b2 93 f9 e6 e4 54 dd 44 a7 27 fe f0 32 8b 4f 7e 1f 05 a7 93 42 ad db 0b 4b a8 c6 3f ae a8 7e cf e3 4d ee 07 fb 3e 4a 8e 16 bd d5 7a b9 5d a2 f7 a2 07 99 3a e1 5c 51 07 6c b6 eb db 74 bb 5c 87 0b b5 c9 67 39 5f 7a 9e 9a e5 8b c9 76 1a 9e a9 ed f2 d9 7a 1d bf 2f 87 db 16 94 f7 d2 78 36 f3 d1 f7 d4 9e 49 be ad 4c 09 d3 f4 db d9 ac 13 c5 83 b3 8b 78 80 94 c3 b8 8b 9f 9e e4 3f 0a e5 d9 28 ac 66 86 d1 78 b3 8d d3 eb 4a 96 18 d2 84 5a 32 cf d7 93 9c 93 f6 9c 06 f8 81 8a cb e9 43 cd cd df bd e6 39 1e f1 ec 48 90 Data Ascii: k{.}bEMd!,-9!q#z{z.>~s{WWUWustm~wO"rAn\ONgE/6o)RJo\U,?>>fP^Lob;H(YIt;ZwG/tm7G](]\|{^Q)>G"\|?p;-6w(#9Wy6.5tHv3UScUD{uv],&nr'ETnzb/(boj:\~//ZQTD'2O~BK?~M>Jz]:\Qlt\g9_zvz/x6ILx?(fxJZ2C9H
Feb 1, 2021 22:28:06.722651958 CET	453	OUT	GET /js/device.min.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.773960114 CET	513	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 750 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "a2d-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f96600009c3f5d1d6000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7Qsj0AIOCTTUoXT1K3jnCaVfMFHb3rAWkqUu0zwjdEeW0hhBJ87l3cfvMO3xpdeDmrosGv1u2yAhKhq503hLruJs7VrWx%2BxlNl9r%2F9qTpLMSRd%2BrCwjOJHbNcg%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a23d659c3f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 56 c1 6e 9c 30 10 bd f7 2b 58 0e 2b 93 b8 64 f7 50 55 61 85 50 55 e5 96 b6 51 95 5b d5 83 31 06 dc b0 78 65 bc bb 69 93 fd f7 da c1 80 0d a6 f4 04 7e f3 e6 79 c6 9e 19 b8 b9 5a 79 19 39 51 4c c2 5f 8d b7 09 b7 e1 87 8f de d5 cd 3b 90 1f 6b 2c 28 ab 41 f0 72 42 dc 43 30 85 18 66 90 c0 1c 16 b0 84 74 77 a6 75 c6 ce 61 eb 1c bf 5c 60 1a 77 10 c3 c7 3d a9 45 ff 72 57 11 f5 80 b4 63 d4 e8 44 0b 24 18 0f 8f 0d e1 9f 0a 45 16 ec 9e 9d 09 ff 8c 1a 02 02 a8 63 a2 ac 89 8d 48 38 11 47 5e 77 01 d3 43 c9 6a 49 7e 7d ed 01 96 59 4b 24 97 17 68 d1 1d 72 18 f8 ad cd 37 c9 2c 9b a3 b2 cc 22 a2 59 22 32 89 a8 ce 38 a3 33 5c 6d 9c d2 1f 66 62 b6 59 20 58 af a5 ca 9e a5 b4 22 53 91 47 94 56 44 fc 97 ca ca 25 93 56 08 3f a5 84 f3 df ee e8 07 bb 2f 4f 5f 01 e9 76 a3 5f 39 dd 3b 95 16 12 1b 88 5d 54 e2 2d 09 a7 d6 52 7e b6 98 4b ab ad 4b 57 ad 49 b6 36 4e e9 0b 39 68 96 de 73 5c 61 da ba 14 bb 2d 22 d8 11 97 86 48 fe ec 6c 10 c9 04 ed 2d ee 3c 7e 8a f4 55 80 36 6d 0d 59 1a 0b 99 28 ca 5c 8d 29 db 52 12 86 ff e4 e8 5b c1 c5 e2 7c 98 f4 fa bf 9b df bc 22 03 1e 15 a0 61 e9 8f c1 18 19 62 21 af 76 c2 f4 12 56 bb 39 37 9d 98 ac 2a 18 45 d3 81 7d 38 07 c6 05 47 d4 15 d0 ed 66 15 c7 5f 90 28 43 94 36 40 8f 59 c6 a9 9c ac 48 31 07 91 4a 46 d9 60 74 70 1d f9 ed 26 5e 52 c1 83 1b ea fc de 6f e5 e6 34 94 74 f2 fc 2d 97 f8 05 12 8b a6 be 20 78 d7 15 67 5c 93 b3 f7 9d 14 77 cf 07 80 a0 4f fd 00 a6 21 ae 50 d3 7c 45 7b 59 10 48 e0 12 60 29 82 1c 7b 79 44 be 27 27 79 cc de 26 32 dc ae 63 df f3 af d1 05 16 b3 4e 06 3b 36 37 e4 e4 20 2f 88 a8 58 fc 20 6a a5 2f c6 17 08 04 89 75 df 09 92 c3 9d 35 9e 5a 79 5d 3d 47 a3 ba 1c 48 6a ed 75 6d 13 59 d5 ba 5e f7 2c 96 4d 38 fd 58 4e dc f5 a5 b6 d0 d0 10 86 81 8d f5 cc 31 98 cc 96 a6 52 1d Data Ascii: Vn0+X+dPUaPUQ[1xei~yZy9QL_;k,(ArBC0ftwua\`w=ErWcD$EcH8G^wCjI~}YK$hr7,"Y"283\mfbY X"SGVD%V?/O_v_9;]T-R~KKWI6N9hs\a-"Hl-<~U6mY(\)R[\|"ab!vV97*E}8Gf_(C6@YH1JF`tp&^Ro4t- xg\wO!P\|E{YH`){yD''y&2cN;67 /X j/u5Zy]=GHjumY^,M8XN1R
Feb 1, 2021 22:28:06.780304909 CET	517	OUT	GET /js/bitcoin-widget.jsv=20 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.877039909 CET	546	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Mon, 09 Nov 2020 15:03:18 GMT Vary: Accept-Encoding,User-Agent CF-Cache-Status: DYNAMIC cf-request-id: 080117f9a000009c3f5a9e1000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HY50i5XQd4ophPX547LqshQcAHwHW8ZasnaJDpAPk9ilaFgp9aYjp%2BoNxOwFOl00HSWKJmpCeacFwrr8SxS0NmTOyfJWzZrJTYVxUEXiIDg%2BPfAuLV3Ca47N2Q%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a29d979c3f-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb 37 1b a1 76 0c ae bd 10 18 db ed 7e 39 62 9e 25 60 74 38 5d ad 42 25 ea 24 d4 2a f7 eb b5 24 eb b4 cc f6 60 eb db 19 15 c7 c7 9e 27 d2 Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd7v~9b%`t8]B%$*$`'
Feb 1, 2021 22:28:06.972918034 CET	628	OUT	GET /images/81.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:07.027652025 CET	642	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:07 GMT Content-Type: image/jpeg Content-Length: 14713 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "3979-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300825 Accept-Ranges: bytes cf-request-id: 080117fa6000009c3f69368000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LrYfeWdHg2XM5SNGqw9wVr78w26z9F3udb1u0wQRhgW%2FntUST6nbfllH2YVyEivZ19IMGj%2FlN856UMydeA3WwsBRn%2BxVmF542sEbIyOyi47oUsHVIUxZ8Sepcw%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a3ce6e9c3f-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c 01 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c ff c2 00 11 08 00 da 01 53 03 01 22 00 02 11 01 03 11 01 ff c4 00 1d 00 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 05 06 04 07 02 03 08 01 00 09 ff da 00 08 01 01 00 00 00 00 82 d5 11 53 4d ab ab 9b 86 0e dc f1 6b 91 df 52 57 d9 eb d5 a5 c4 d1 bc 34 b4 b3 64 22 26 8f 26 fd 9c 81 fb 37 fa 7c 8d 62 7a 6a a0 ab e9 27 94 76 c8 32 f3 60 92 d9 cb 15 3e cc 98 ba 55 eb c8 41 05 ec 6f b8 21 68 d7 89 22 93 e4 67 84 5d 3a fe e4 6b 02 58 d1 b6 45 73 cd 44 cb 10 78 75 df 36 94 a1 e1 c9 ea 9b 1c 30 c1 84 d9 82 47 93 3a 37 83 18 2c 17 43 5b f6 63 8e 7e f0 35 c1 0a 2c 45 d0 09 27 32 88 f9 61 69 93 5a d1 03 ec 1e 8c 9a 88 a3 20 cc 82 d0 59 fd 4c 18 39 a2 cd 7a 2b b2 54 8c e5 6d e2 0b bc 60 71 02 03 21 97 21 ad de c6 c3 55 6f 48 69 e8 47 bb 3c 22 ea 40 9d b9 46 66 ce 08 09 8d 6e 4c 53 f5 69 c7 1f 7e e5 4b 64 92 88 4d e2 10 75 99 24 f0 e5 f7 95 95 45 3f a1 5f df 88 4c 19 2d 72 16 00 eb a5 b2 73 0a b6 1d 9b 84 68 02 e3 49 a0 6c 36 75 a5 dd e1 56 34 ea 22 ea d4 63 2a 86 b5 68 e9 c9 4e 47 8c ee c6 2c 61 ab b4 8d 7b b1 57 63 4b 11 0c 25 e7 0f d2 d5 db c1 ed 40 63 2e a2 cb c3 53 eb b9 68 55 3a 11 ee 96 62 65 93 24 ec 8d f1 96 95 eb 4a 45 66 ae 9f 27 1f b7 b6 1b 97 24 b1 e6 bf 60 6e 26 bd 55 4e c4 65 9c e1 b0 3d 5c ae c5 d1 f1 6a 21 4e 56 c1 ef 8e 6d 57 ac 69 ca dd 21 86 10 3d 04 8e 94 99 bb cb 9d 93 48 f3 ec 4b b4 e3 1e 80 f6 5b 2f 90 ab 30 77 db d5 2d 44 2e 1b Data Ascii: JFIF""%%424DD\""%%424DD\S"SMkRW4d"&&7\|bzj'v2`>UAo!h"g]:kXEsDxu60G:7,C[c~5,E'2aiZ YL9z+Tm`q!!UoHiG<"@FfnLSi~KdMu$E?_L-rshIl6uV4"c*hNG,a{WcK%@c.ShU:be$JEf'$`n&UNe=\j!NVmWi!=HK[/0w-D.
Feb 1, 2021 22:28:11.818223953 CET	669	OUT	GET /fonts/mem8YaGs126MiZpBA-UFUZ0dbck.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.882150888 CET	749	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: application/font-woff Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: W/"2de4-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 299604 cf-request-id: 0801180d5000009c3f599b5000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qyTBXVaC6AhvdxuX%2FAMJoSZPViZiAtehZsIsLFaxaKoF9qnOPsSULFs3NL338hPSUQp8Vu5OwZ6eKeYPpWjb1NQxzMymytfclo7wnRAORMq6fYIbHEw3n3nc1w%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2c21b079c3f-AMS Content-Encoding: gzip Data Raw: 32 64 64 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c b4 05 4c 9d 5d d0 ae fd 6c a4 b8 bb bb 7b d1 e2 ee 52 5c 8a bb bb bb 3b c5 5d 36 5e ac ec 42 71 2d ee 4e a1 b8 bb bb c3 c9 fb 7d 7f fe 93 9c 49 ae ac cc 24 b3 26 73 df c9 78 a9 48 4b 03 20 00 00 00 96 5d 00 e3 bf 57 26 0b 00 fd 6f e5 ff 0d 19 49 29 69 00 00 05 03 00 40 03 00 00 3d 28 13 c4 2b f3 55 45 1d 00 40 15 00 00 a0 ff 0f 04 00 b2 8c ba a6 38 00 80 5a 00 00 20 fc 0f fb 78 f7 08 15 75 b6 cf 00 00 9a 07 00 40 0f 00 00 e3 b0 2a f0 b6 99 83 89 33 00 40 b1 03 00 e0 06 00 40 a4 b6 e4 93 83 99 a7 3b 39 00 40 95 02 00 a0 0b 00 40 31 9a 12 7e a9 a5 b3 95 03 00 40 03 00 00 93 03 00 70 0d 81 26 4d 18 56 26 6e ce 00 00 97 f7 ff cf c5 01 a8 ac ec 7d 2c 01 00 ae 06 00 c8 9a 01 80 03 28 13 fc f8 65 6d 61 62 0e 00 74 e6 00 00 f0 fc 07 54 9b 99 b3 b5 b5 85 09 00 d0 fd d7 4b 06 00 00 35 ca f8 27 6d 6b 07 77 6f 00 a0 eb 00 00 90 2d 00 40 91 a7 6e 08 83 ed 9d cc 4c 00 80 81 1e 00 40 d8 ff 61 c1 ea 3c e1 60 e2 ed 0c 00 8c 82 00 00 90 ff 07 14 25 14 a2 a3 89 83 05 00 30 ea 03 00 70 06 00 a0 65 5a 7e b1 05 67 27 37 77 00 60 52 fc 5f 6d 60 45 a2 91 84 c8 9d 5d 2d 9c 01 80 f9 16 00 80 4b 00 00 21 48 34 67 94 7a 2f c3 f6 f4 60 00 e8 e8 30 bf 98 0b aa be 56 5c 71 a4 05 c4 18 43 e5 84 b0 66 b0 7c 67 2a 60 83 25 02 a0 a6 fe 13 ff 3f 47 10 01 64 00 f5 ff 33 e3 7f 73 5c 00 1f 00 d9 9b b8 3b 02 f0 ff d7 27 ef 65 33 63 cb a5 41 be 90 90 f4 90 10 0f dc 6a 0e 68 e8 12 c1 70 cb ae e1 a4 c1 c7 e4 b0 98 98 dc 84 84 ec f4 88 98 98 88 90 90 18 10 3c 1f 7e e1 9f 69 8e 7f d9 3d 21 11 62 aa f1 4a ef 60 78 09 24 19 36 f5 70 28 e8 1d ff 24 e2 38 b8 13 1e f2 b2 3f 7f 90 01 5e 5e a4 f2 ff fe e6 8a 6e 04 41 81 d0 61 0e 4c 38 f5 a9 56 69 4a d0 a9 07 d5 6c 1f 61 32 d1 f9 43 0c 87 6d 82 11 9d d7 cf 17 40 d0 1f 60 74 c9 2c d1 bc c3 a0 2b 86 d2 Data Ascii: 2ddb\L]l{R\;]6^Bq-N}I$&sxHK ]W&oI)i@=(+UE@8Z xu@3@@;9@@1~@p&MV&n},(emabtTK5'mkwo-@nL@a<`%0peZ~g'7w`R_m`E]-K!H4gz/`0V\qCf\|g`%?Gd3s\;'e3cAjhp<~i=!bJ`x$6p($8?^^nAaL8ViJla2Cm@`t,+
Feb 1, 2021 22:28:11.892924070 CET	779	OUT	GET /fonts/mem8YaGs126MiZpBA-UFVZ0d.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.949826002 CET	897	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Mon, 09 Nov 2020 15:03:18 GMT Vary: Accept-Encoding,User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 3188 cf-request-id: 0801180d9800009c3f54278000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XizWm1xzzVEYvuM%2Fh4DGCM4EZCHpNQMbF4pP2BRFPQVqOwsMBmPBzR8P%2FIUniBj6meKMdGV5Zq0gZigmrinsA12jNfQ7%2Fq1bE489eUEqC95GMVQ3kA2K596h2Q%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2c28b6a9c3f-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb 37 1b a1 76 0c ae Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd7v

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49733	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.467211008 CET	244	OUT	GET /images/volume.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.535330057 CET	257	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 875 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "36b-5ab1be1c1ca32" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300826 Accept-Ranges: bytes cf-request-id: 080117f86800000b4bd4995000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zYqTTLnN8r67caUROjn3guXzSYUyr5SUITqBWMegF%2BFDsKYXwfG4YhIe49O1G7xczuV9KDbvHEU5WcCihanPZv%2B%2F4eUQuU0HAn4LCNsOjTPe4bp4o6QTXHTafw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a0ac1a0b4b-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 01 03 00 00 00 66 bc 3a 25 00 00 00 06 50 4c 54 45 00 00 00 ff ff ff a5 d9 9f dd 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 03 13 49 44 41 54 68 de ec d5 cd 6d eb 30 10 04 60 11 3c f0 f2 00 76 f0 d8 42 2a 08 db ca 6d 5d 9a 4b 51 09 3e fa 20 68 12 2c 43 64 36 4b 51 81 81 e4 64 1e fc 23 7f 82 a8 19 52 5e 9e e3 39 9e e3 6f c7 bf 33 f0 ff 0c bc 9e 01 39 03 b8 cc 7f 0f b8 0e 8e d2 49 11 eb e0 2c 02 09 37 0f 22 81 8c bb 07 89 40 c1 e6 41 26 50 b1 7b 50 08 c8 08 54 02 00 3c 90 0b c5 00 5c 66 e1 45 c0 27 15 cf 40 82 b9 84 8f 32 c3 4c d2 47 59 18 08 7c 94 95 41 1d 00 b1 c0 67 0d 06 05 2e ca 60 40 f6 51 46 03 92 07 c9 80 e8 b3 ce e6 48 f0 a0 d8 23 3e eb 6a 81 cf 5a 2c 10 07 d0 40 5f de 95 ca 70 b3 8a 57 9d 92 05 91 40 6a c0 96 91 09 e4 55 bf db 32 0a 81 72 d3 dc 2c a8 04 ea 5d 81 6d 4b 08 c8 a6 73 b2 00 04 b0 b7 bb 32 77 49 20 00 1e 44 05 5c 3c 6c b2 89 40 1a 81 4c 20 6b 91 62 eb 2c 04 8a f6 54 2d a8 04 5a 4f d5 d6 29 04 44 41 b1 00 16 dc bf 83 d0 00 6f 9a 6c fa 8e 0c ca 00 24 06 59 6b 48 66 41 14 06 69 00 2a 6c d4 d0 57 02 c2 20 e8 c7 68 56 0c 3c 08 0c 42 07 b4 ab 02 af 98 c8 a0 f7 c4 20 39 b0 5a 90 19 b4 9e 94 51 0c 0c 74 57 59 50 2d c8 0e 08 81 17 05 77 fb 3c 00 81 b7 9e 32 81 c0 60 eb db 4e 01 78 28 08 fb f2 99 72 01 ae 03 10 db ae da 0f 41 42 07 79 0c f4 4f 61 06 4a ab 01 0a d6 01 a8 1f a0 65 94 c6 40 b0 ce 41 df 55 97 03 10 0c b8 79 a0 4b b5 45 10 47 40 53 9e 82 7c 0e 7a 46 7a 35 0f 52 07 eb 12 86 20 02 98 82 a0 20 1d 83 45 df ce 81 c6 35 06 a2 1b 77 02 f4 e9 d7 c1 f6 08 28 3d a3 43 a0 37 30 01 f9 0b c8 63 20 31 d8 3d a0 8c 0e 40 fc 29 d8 1e 05 14 c1 39 a8 13 20 bf 09 96 27 78 6f cf 8e 6d 1c 86 81 20 8a 92 60 a0 50 25 a8 14 96 c6 56 af 84 2b 40 c0 3a 70 62 92 82 5f 40 d8 70 20 c6 93 18 b0 76 e7 ff fd 99 40 fe 56 20 10 f0 df 7e 3d 80 8f d7 Data Ascii: PNGIHDRf:%PLTEtRNS@fIDAThm0`<vBm]KQ> h,Cd6KQd#R^9o39I,7"@A&P{PT<\fE'@2LGY\|Ag.`@QFH#>jZ,@_pW@jU2r,]mKs2wI D\<l@L kb,T-ZO)DAol$YkHfAilW hV<B 9ZQtWYP-w<2`Nx(rAByOaJe@AUyKEG@S\|zFz5R E5w(=C70c 1=@)9 'xom `P%V+@:pb_@p v@V ~=
Feb 1, 2021 22:28:06.535346031 CET	257	IN	Data Raw: 81 dc 05 96 27 8c 87 d8 3c 06 bb c0 e2 a4 d5 30 3f b1 0e b8 50 bc 92 bc d4 bc 16 bd 58 bd 9a bd dc 5d 0f 5c 30 5c 51 e6 92 f3 26 50 d1 82 54 b4 5c d5 5c f6 4a 74 75 91 85 f3 f9 ca 45 65 ed 28 39 ab f4 a6 50 6d 6e 2a de 55 d5 fd 50 f9 df e7 c0 c0 Data Ascii: '<0?PX]\0\Q&PT\\JtuEe(9Pmn*UP"&r`pNiv7auB}mE"Cq@XBlB,aBIUiCn -0S$IKK<ls&%^I-O<OSwOt
Feb 1, 2021 22:28:06.551517963 CET	260	OUT	GET /css/bootstrap-theme.min.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.615786076 CET	308	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 2877 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "5f64-5ab1be1c19b52-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f8bd00000b4b8818e000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QvGjJOE5tQ4rI1sRiSXNW7icO4O000EBCAQtd3Ab6Kj%2BKnkW2vVeiF37GqA%2FKi%2BugG%2FryN0sZ3TiyAmyJ%2FOJ5WUXv3GhO6jV7xlqZtR7hyFkOSNXF%2BVuSLXtaA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a12d7e0b4b-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6d 8f a3 38 12 fe 3e bf 82 d3 6a b4 dd ab 84 10 12 92 d0 a3 e9 3b dd ec 6a 35 d2 ee 7d b9 f9 70 d2 e9 3e 18 6c d2 dc 26 10 01 fd 32 d7 ea ff 7e 60 43 82 a1 8c ed 98 74 ef 48 33 68 a6 07 63 9e 2a bb ca 8f 5f aa e8 d9 4f 7f 79 67 fd 64 fd 3d 4d 8b bc c8 d0 c1 7a 58 d8 0b 7b 6d 5d dd 15 c5 e1 66 36 db 92 22 68 9e d9 61 ba bf ae 6a 7f 4a 0f 5f b3 78 7b 57 58 ae 33 9f 4f cb 7f d6 d6 97 c7 b8 28 48 36 b1 3e 27 a1 5d 55 fa 2d 0e 49 92 13 6c dd 27 98 64 d6 ef 9f bf 30 d0 bc 42 8d 8b bb fb a0 c2 9b 15 8f 41 3e 3b 8a 98 05 bb 34 98 ed 51 5e 42 cd 7e fb fc e9 97 7f fc f3 97 4a e4 ec dd bb 19 d3 f4 57 92 90 0c 15 15 6e 1e 27 5b ab b8 23 2d ed 3f dd e7 45 ba 8f ff 57 0a 3c 09 eb 34 61 86 d3 30 9f 95 cd 9c 85 4d ed d9 5f 63 fc 31 98 af 10 99 2f 7c c7 43 84 78 7e e0 2f 57 a1 b7 8c b0 e7 79 61 b8 71 c2 ba e9 49 14 6f ad 1c 3d 94 1a 14 a9 15 d2 7b fb bf 79 9a 58 28 c1 d6 a9 85 79 61 b7 9a 29 03 af da 38 1b c7 16 ab 4b db c2 0e 8a 64 8a 49 84 ee 77 c5 84 de 1c b2 78 8f b2 af ec 26 bf 0f 43 92 e7 ec 26 4e a2 94 fd ef 11 65 49 69 30 76 83 51 b2 25 d9 73 41 9e 8a 69 7e 87 70 fa 78 e3 58 d3 f9 e1 c9 72 ac 6c 1b a0 2b 67 42 2f db bd fe 30 7d 24 c1 1f 71 31 0d d2 a7 a6 6e 5c 36 a6 28 ab b6 5e 70 3d 6f d2 fc 75 ec b9 77 3d 61 8f ab bf 1c a2 b3 f6 ae 3f 8c 88 f5 d2 ee 8e 1b 14 16 f1 03 e1 7a 85 2b ab 3b 87 2b ab fa 88 2b a8 bb 8a 2b 63 3d c6 17 31 99 36 20 d3 06 64 da 5d 99 36 20 d3 ee cb ac 8b 9e 07 ec b0 28 3b c6 eb 76 ce dc 85 3b 5a 58 99 eb 49 1b c7 39 0a 76 04 f3 ed e2 4b 9b 96 f1 a5 b4 6d 7c 51 d3 3a be b4 6e 5f a7 90 c9 ff 77 53 fa 1f 4e 81 6e 71 ad 41 b7 b8 52 a1 5b 56 eb d0 2d 66 4a b4 4a a3 98 ec 70 d9 55 a7 22 8b 1b 71 a2 e7 cd 20 14 3d 6f c6 a5 e8 39 1d aa a2 87 cd e8 15 2a c7 06 34 e0 23 49 9a 90 0f 9d 7b ce d2 25 00 c2 Data Ascii: \m8>j;j5}p>l&2~`CtH3hc_Oygd=MzX{m]f6"hajJ_x{WX3O(H6>']U-Il'd0BA>;4Q^B~JWn'[#-?EW<4a0M_c1/\|Cx~/WyaqIo={yX(ya)8KdIwx&C&NeIi0vQ%sAi~pxXrl+gB/0}$q1n\6(^p=ouw=a?z+;+++c=16 d]6 (;v;ZXI9vKm\|Q:n_wSNnqAR[V-fJJpU"q =o94#I{%
Feb 1, 2021 22:28:06.615828037 CET	309	IN	Data Raw: 5b de 7f b9 b2 5a 71 ae ac 52 96 2b a8 15 e4 ca 98 52 75 11 47 36 47 25 da 03 aa 71 f4 00 85 7f 6c b3 b4 e4 ca 69 a9 cc 96 f4 55 ee 57 69 1a be 8b 13 82 b2 e9 36 43 38 26 49 71 55 a4 87 89 f5 43 14 45 96 53 fe 24 4e 75 59 73 c7 79 5f 0e 8d 1e 46 Data Ascii: [ZqR+RuG6G%qliUWi6C8&IqUCES$NuYsy_Fjze6v$,DE9Mkfr<\9LvUD;JF=nY\\|PGi,@YR>X??N,`T>~#$Vv9A1}*}9+')pP]
Feb 1, 2021 22:28:06.615860939 CET	310	IN	Data Raw: 24 36 b0 ce b9 c4 e6 6c aa 8b f6 b9 13 55 97 b6 6b a9 23 98 79 17 93 53 7b 17 93 a4 eb 60 0a aa 5e c2 c7 98 58 c0 c7 98 12 23 10 db c0 d7 06 50 5d a1 bb f1 34 07 39 1a 40 7b e0 a7 2b 2d 21 65 87 14 71 38 ad 0c dc 14 45 f1 13 c1 40 09 b3 d4 33 3f Data Ascii: $6lUk#yS{`^X#P]49@{+-!eq8E@3?>uGOw7t\o_iM/UVF;y_qp<HsU=U7\|:\fn+ce1SI+cYSP *oh J;uN%2
Feb 1, 2021 22:28:06.627325058 CET	317	OUT	GET /css/swiper.min.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.681122065 CET	384	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 2871 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "4562-5ab1be1c1aaf2-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f90700000b4b89ba2000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gx3HuFpt764mtdZOY9nfOMqQ8YAX44UhWVSsn6JudQT%2F1rGDaPIhEMZxupsTT18D8SD%2BuPLlIWSPdVAMi5YSZsB2uEOiaXNKLsxEQpGkunyliy89FJV1Ez3BPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a1aec00b4b-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 1c 6b 73 db 38 ee fb fe 0a 4d 6f 32 8d bb 96 23 c9 76 9a c8 73 9d dd 6b b7 33 37 d7 7e b9 db b9 ef b4 44 db dc c8 a2 86 94 e3 24 9e fc f7 03 1f 7a 93 b2 ec a6 b7 dd 69 db 26 92 01 10 04 01 10 e0 03 ee d5 9b 37 3f 39 6f 9c ff ec 49 86 99 33 9d cc 26 be f8 fc 99 f2 dc d9 d2 18 b3 14 1e 4b 92 60 27 a7 bb 68 e3 f0 84 00 d0 41 69 ec ac 18 da e2 3d 65 77 ce 9e e4 1b 67 83 58 bc 47 0c 3b 28 8a 70 82 19 ca 71 ec e4 0c a5 9c e4 84 a6 5c b0 15 3f 9b 3c cf c2 ab ab fd 7e 3f 21 31 4a d7 98 d1 c9 8e 5f 71 29 c1 55 41 f5 9e 66 8f 8c ac 37 b9 13 78 fe f5 d8 f9 6f 82 62 b2 25 cc f9 17 f4 93 a0 6d 46 62 22 e8 7e df 60 87 7c 28 d9 f4 74 50 70 fe 44 22 9c 72 90 6d 97 8a 91 7c fe e7 ef 05 e6 df 20 36 12 18 9a 86 ce 07 1c e1 ed 12 08 fc e9 58 ca 00 14 57 3f 4d 94 98 6e 44 d3 1c 91 14 b3 c3 16 b1 35 49 dd 04 af f2 10 ed 72 ba d0 00 29 bc 82 64 54 a9 20 64 38 41 39 b9 c7 0b 7a 8f d9 2a a1 fb 70 43 e2 18 a7 8b 27 97 80 30 0f a1 ff dc e9 c0 4d a9 bb 4a f0 c3 92 3e 38 05 52 1a e1 00 0c 50 1e 8a 8e 0d ad a0 83 9c 44 28 79 57 a0 f6 0c 65 f0 3c b8 7b bc bc 23 b9 0b fc 5c ca 08 4e f3 b0 a0 5d b8 5b fa 64 41 70 29 84 1b 13 86 23 39 96 88 26 bb 6d ba 28 d8 99 b1 46 e8 73 5b a4 ae 7e f6 24 ce 37 a1 ef 79 17 8b 0d 96 8a 94 ef a5 9a 16 31 e1 59 82 1e c3 da 68 2a 98 1e 45 0d c0 0b 15 76 1a 0a 78 09 94 1f 0a 4c e5 ba 6e c6 28 c8 99 57 ad 24 6e 45 d9 56 a9 cc 48 5a 22 14 1d 35 53 d1 06 2f 6e 61 c5 6b 54 26 8a 1a 8f 9a 79 39 79 22 e9 3a 14 4e 01 d6 94 2a 29 2d 6c c0 99 c1 06 df 82 c9 cf 28 89 9b ee 38 b6 39 5a 29 9b 92 12 2c 8c a7 f1 a5 37 86 bf a3 45 53 4b 46 0a 6a c2 5f ea d6 bc bf 71 1f d2 30 b0 ed 2e c9 09 a3 fb de 49 93 00 29 0f 25 69 96 e0 4a a3 1d b8 9e 32 82 47 28 7e 35 e7 4a 05 6e 7e 34 88 b5 62 18 bb 22 18 5b e5 aa f9 44 0e 51 32 5d bb ab 5d aa e6 9c 88 68 2e dd Data Ascii: ks8Mo2#vsk37~D$zi&7?9oI3&K`'hAi=ewgXG;(pq\?<~?!1J_q)UAf7xob%mFb"~`\|(tPpD"rm\| 6XW?MnD5Ir)dT d8A9zpC'0MJ>8RPD(yWe<{#\N][dAp)#9&m(Fs[~$7y1YhEvxLn(W$nEVHZ"5S/nakT&y9y":N*)-l(89Z),7ESKFj_q0.I)%iJ2G(~5Jn~4b"[DQ2]]h.
Feb 1, 2021 22:28:06.681164026 CET	385	IN	Data Raw: e5 1d 4f ed 21 e4 c3 e8 e8 20 b2 21 34 2a 66 86 9e 23 e2 e5 73 33 cc 35 b4 c6 37 8c a4 77 a1 57 aa 17 da a8 56 8b 26 de 12 41 3a a1 c6 e4 de c0 4d b5 19 f7 21 5b d1 58 f7 d2 18 40 6f 33 93 6f a1 84 ac d3 90 e7 88 e5 95 03 35 80 9a 58 c2 5c 92 e3 Data Ascii: O! !4f#s357wWV&A:M![X@o3o5X\-%>)Zdbuu[49YAN2C{f;"s=94@^g\JW$zNRv&rj0(RCy<rL7Yu^&C6{(&lz" @_EcP
Feb 1, 2021 22:28:06.681196928 CET	386	IN	Data Raw: 06 c3 45 45 91 5c 7b 95 62 48 ca ab 84 64 dd c5 0c ac 43 06 2d 09 c5 3a d0 c2 f4 50 56 ea dd 13 4e 96 89 a9 5e 44 34 3f ba 54 6c 48 a8 2a 46 4c 79 bf 7e 91 be 42 11 76 65 b7 24 11 47 44 ba 56 b0 bc 8a b7 e2 79 1f ba 07 d5 57 85 d8 1d e4 19 43 3e Data Ascii: EE\{bHdC-:PVN^D4?TlHFLy~Bve$GDVyWC>A=)CV2AkGk)27-z-[j2{(-D"/S' 8:xg9Q@Esfm_7x4qc1NvuSWwMZ*p%.
Feb 1, 2021 22:28:06.709913969 CET	424	OUT	GET /js/script.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.779022932 CET	516	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 1368 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "cce-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f96100000b4b9fa69000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6OKdvdqxuStfwYoei6SO4%2BNnKWNHrrY2I1kKxG%2FZlzZjhZNfvOXGDFMOrgHtYMLnPfkyHJr9dZ5r12IS%2Bqw60XaM%2FVd3w8QD8pugUCUA3N2e9agECsVvJh9f9Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a2281a0b4b-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 57 db 6e 1b 37 10 7d f7 57 b0 9b 20 59 c5 92 ad c4 6d d2 48 b2 80 58 71 ac 26 b2 eb fa 92 20 08 f2 c0 dd 1d 69 59 71 49 81 cb b5 23 17 79 e9 df 14 e8 27 f4 2d 7f d2 2f e9 0c c9 d5 cd 4e 8a 02 15 60 f3 68 38 73 e6 70 48 ce ae c6 95 4a ad d0 8a f1 d9 4c ce df e5 a0 0e 25 14 a0 ec e1 27 51 da 32 86 26 e3 4d a6 1a ec b7 2d 86 9f 2b 6e 98 65 fb ac 04 fb 93 b2 60 ae b8 8c c7 81 22 ae 9d e8 f3 eb 2f 15 98 79 0c 8d 1d 09 6a 62 73 d6 67 6d f6 e0 01 8b 79 dc 68 b2 54 02 37 0b 02 db 68 b8 b8 cf 94 68 eb f3 d6 fd 38 d3 69 45 22 1a 3b 06 78 36 bf 9d 62 d5 a5 d0 55 09 85 be 82 a5 1b ac 4a 81 9d 19 9f c0 7b d6 db 67 3f 90 84 fb 71 74 0f 3e 09 db 2a 74 c6 65 44 04 38 c6 51 99 eb eb 28 28 41 8d e4 e6 66 5a a9 d4 25 a0 5f 2a 45 3a bd 7b b9 5f e3 cc 45 06 5f e7 6c 25 95 b5 5a fd 0f d4 5b 9e fd 5f eb a6 e0 9a 9d 5f 8b 19 98 38 da 29 1d 68 a5 5a 59 2e 14 98 a8 b9 92 36 13 06 5c 6c 87 45 57 60 ac 48 31 79 73 31 2d b5 9e 75 d8 77 ed a5 85 57 56 cf 24 9f 77 d8 33 d8 5b 9a b5 92 f3 c3 4f b8 d3 8a 4b 0a f8 8f 82 6b 03 83 f5 4d 35 60 2b 83 56 d6 63 8f fd c1 02 3c 96 51 3b 62 db 0c 90 1a 7c 9e ad 75 12 be 56 59 3a cc 14 45 45 79 c9 2d 74 17 33 16 93 dd 49 a0 be 49 b0 5c b5 ab 35 ce c0 ce 04 ec 85 28 00 e3 5a ec 29 7c bf ee 62 d0 a5 bd 6e 92 68 7a 0a 7b 4b 2d 63 6d 58 2c c8 b1 cb 04 2e f7 39 0e db db ab 32 6a 29 1a 9d 8e b9 cd 77 0c 57 99 2e 30 e5 23 16 4b cc 6b 1a 58 15 d3 dd 50 b7 bd cf 74 93 65 2b fa 63 85 95 b3 71 86 ff 0d 4d 3f 6b b7 9b 28 c8 a3 45 f4 e7 e5 96 c7 77 57 c9 c6 7c b3 4c 54 0c f3 c1 a9 1b e3 d9 31 f1 a6 50 13 1a 45 e3 e3 7a 3d a8 db c8 6f 05 ca af 04 52 c9 20 e6 b4 01 43 5d 99 32 6e 50 15 a2 8e 3b 21 de 7e 2c 54 65 e1 ae 99 73 c0 5b 91 d1 cc 3a 29 95 f8 49 bb 8d 8e 2b 8a 7e 44 c3 a3 8d ca ef b2 Data Ascii: Wn7}W YmHXq& iYqI#y'-/N`h8spHJL%'Q2&M-+ne`"/yjbsgmyhT7hh8iE";x6bUJ{g?qt>teD8Q((AfZ%_E:{_E_l%Z[__8)hZY.6\lEW`H1ys1-uwWV$w3[OKkM5`+Vc<Q;b\|uVY:EEy-t3II\5(Z)\|bnhz{K-cmX,.92j)wW.0#KkXPte+cqM?k(EwW\|LT1PEz=oR C]2nP;!~,Tes[:)I+~D
Feb 1, 2021 22:28:06.779047966 CET	517	IN	Data Raw: 27 1b a1 54 e8 a8 67 4d bf 67 b3 3e a5 52 94 b4 b7 8b df c8 f2 f7 ef 7f 92 51 af 19 c9 22 6e 59 2c fe 3d 5c 58 de 61 c1 7b 02 5b 2a 2f cb fd 68 22 e7 b3 5c a0 78 b6 40 2d 3d 8d 58 69 e7 12 f6 a3 54 4b 6d 3a f7 1e bf 7c be f7 ea 55 37 ea f7 76 45 Data Ascii: 'TgMg>RQ"nY,=\Xa{[*/h"\x@-=XiTKm:\|U7vEy]p]rc?Z'[oc+&fMT1KyZotPEj1u[<EMDgs7NC2Y5<d$Mg,SV($h{ltB 7YTa
Feb 1, 2021 22:28:06.798444986 CET	528	OUT	GET /images/info-bg-2.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.850625038 CET	533	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 721 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "2d1-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9b200000b4b89bb5000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kjdCl1hQR%2BO5ZizhiMgPr1Jxq92IXksH2IIn%2F%2FyIe%2BR7ActBHh5s4rXZg%2FkFQazNrshsbQdw3s6X4T7M1Qr4DPm6BbCOAhZxUccmowcPfHnztfFODGwNhkVRiQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a2b9800b4b-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 02 66 49 44 41 54 78 01 ed db cb 4d c3 40 14 46 e1 31 62 15 9a 49 07 94 12 25 0d 50 02 74 00 25 a4 be 84 1e 0c 17 01 e2 91 77 6c cf e3 9c 6f e5 c5 2c 2c fd 47 9a d5 a4 24 ac cd 72 b6 ee 92 90 3e c7 5f 18 00 d0 d7 f8 f1 6d 00 30 3f c7 0f 06 00 f2 77 fc 60 00 10 bb c6 0f 06 00 b0 6f fc 60 00 8d 3b 34 7e b8 49 6a d6 eb f2 ee e5 d0 f8 c1 00 1a b5 5d cd 9e fa d4 3f 1c 3b e7 15 d0 a0 18 3f f5 e9 f1 94 b3 06 d0 98 73 c6 0f 06 d0 90 73 c7 0f 06 d0 88 4b c6 0f 06 d0 80 4b c7 0f 06 50 b9 6b c6 0f 06 50 b1 6b c7 0f 06 50 a9 21 c6 0f 06 50 a1 a1 c6 0f 06 50 99 21 c7 0f 06 50 91 a1 c7 0f 06 50 89 31 c6 0f 06 50 81 b1 c6 0f 06 50 b8 31 c7 0f 06 50 b0 b1 c7 0f 06 50 a8 29 c6 0f 06 50 a0 a9 c6 0f 06 50 98 29 c7 0f 06 50 90 a9 c7 0f 06 50 88 1c e3 07 03 28 40 ae f1 83 01 64 96 73 fc 60 00 19 e5 1e 3f f8 2e 20 a7 be bb 4f 99 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 dc 6d ca 6c bb ba 7b 4e 7d 9a 27 a0 2e f5 f3 3e e5 d5 a5 8c 36 cb d9 fa fd 07 16 49 d9 64 0b c0 f1 cb 90 25 00 c7 2f c7 e4 01 38 7e 59 26 0d c0 f1 cb 33 59 00 8e 5f a6 49 02 70 fc 72 8d 1e 80 e3 97 6d d4 00 1c bf 7c a3 05 e0 f8 75 18 25 00 c7 af c7 e0 01 38 7e 5d 06 0d c0 f1 eb 33 58 00 8e 5f a7 Data Ascii: PNGIHDR>apHYssRGBgAMAafIDATxM@F1bI%Pt%wlo,,G$r>_m0?w`o`;4~Ij]?;?ssKKPkPkP!PP!PP1PP1PP)PP)PP(@ds`?. Oml{N}'.>6Id%/8~Y&3Y_Iprm\|u%8~]3X_
Feb 1, 2021 22:28:06.850666046 CET	533	IN	Data Raw: 41 02 70 fc 7a 5d 1d 80 e3 d7 ed aa 00 1c bf 7e 17 07 e0 f8 6d b8 28 00 c7 6f c7 d9 01 38 7e 5b ce 0a c0 f1 db 73 72 00 8e df a6 93 02 70 fc 76 1d 0d c0 f1 db 76 30 00 c7 6f df de 00 1c 9f 61 67 00 8e cf f1 2f 00 c7 67 f9 15 80 e3 f3 7c 07 e0 f8 Data Ascii: Apz]~m(o8~[srpvv0oag/g\|L8>WloV^9IENDB`
Feb 1, 2021 22:28:06.974329948 CET	629	OUT	GET /images/person-bg-3.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:07.026364088 CET	637	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:07 GMT Content-Type: image/png Content-Length: 729 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "2d9-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117fa6300000b4ba6375000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QxABngXqPvUKF7VoHCInIw3Yc4rpCxAj3uWGmfJ9qbIQCaeZZpyofUncbZ0lG2tUiLtr%2BgF2lrToD38sScEZO39e9mGxox5HX6QmkAfdXWO%2BAx6DwU18PcSOGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a3dca20b4b-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 02 6e 49 44 41 54 78 01 ed db cb 4d 5d 31 14 40 d1 e3 54 90 06 1e 35 50 42 3a 49 0d a9 00 3a 48 5e d2 40 5a a0 02 aa a1 0b 84 e1 0c 90 10 02 de ef de eb cf de 7b 60 f9 27 79 b2 a6 2e 57 fb 7a 53 4b dc 86 21 2b 39 88 80 5b 79 9d 88 80 59 79 bb 10 01 af f2 7e 43 04 ac ca 47 9b 22 e0 54 3e 3b 10 01 a3 f2 d5 a1 08 e6 af 1c ba 20 82 b9 3b 08 20 13 c1 bc 1d 05 20 13 c1 9c 1d 0d 20 13 c1 7c 9d 04 20 13 c1 5c 9d 0c 20 13 c1 3c 9d 05 20 13 c1 1c 9d 0d 20 13 c1 f8 5d 04 20 13 c1 d8 5d 0c 20 13 c1 b8 2d 02 20 13 c1 98 2d 06 20 13 c1 78 2d 0a 20 13 c1 58 2d 0e 20 13 c1 38 ad 02 20 13 c1 18 ad 06 20 13 41 ff ad 0a 20 db ed eb ff 97 57 7e 86 75 d9 ea 00 32 11 f4 db 26 00 32 11 f4 d9 66 00 32 11 f4 d7 a6 00 32 11 f4 d5 e6 00 32 11 f4 53 13 00 99 08 fa a8 19 80 4c 04 ed 6b 0a 20 db fd ad bf a3 c6 75 00 2b 25 ae 6b c4 f7 68 58 73 00 e4 76 ff ea fd 0b fe 1f d1 b0 6f 61 e8 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 00 4f 00 f0 04 d0 b0 a7 c7 b8 8b c6 09 a0 61 0f bf ca 9f 52 e3 36 1a 56 c2 9a 77 b5 af 37 b5 b4 81 20 80 4e 6a 85 40 00 1d d5 02 81 00 3a 6b 6b 04 02 e8 b0 2d 11 08 a0 d3 b6 42 20 80 8e db 02 81 00 3a 6f 6d 04 02 18 a0 35 11 08 60 90 d6 42 20 80 81 5a 03 81 00 06 6b 69 04 02 18 b0 25 Data Ascii: PNGIHDR>apHYssRGBgAMAanIDATxM]1@T5PB:I:H^@Z{`'y.WzSK!+9[yYy~CG"T>; ; \| \ < ] ] - - x- X- 8 A W~u2&2f222SLk u+%khXsvoaOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOaR6Vw7 Nj@:kk-B :om5`B Zki%
Feb 1, 2021 22:28:07.026391983 CET	637	IN	Data Raw: 11 08 60 d0 96 42 20 80 81 5b 02 81 00 06 ef 52 04 02 98 a0 4b 10 08 60 92 ce 45 20 80 89 3a 07 81 00 26 eb 54 04 02 98 b0 53 10 08 60 d2 8e 45 20 80 89 3b 06 81 00 26 ef 10 02 01 00 fa 0a 81 00 20 7d 86 40 00 a0 3e 42 20 00 58 ef 11 08 00 d8 5b Data Ascii: `B [RK`E :&TS`E ;& }@>B X[CuR"x$>eIENDB`
Feb 1, 2021 22:28:11.354315996 CET	665	OUT	GET /js/youtubeUP.js HTTP/1.1 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 X-Requested-With: XMLHttpRequest Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.415302992 CET	667	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: application/javascript Content-Length: 824 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "710-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 6520 Accept-Ranges: bytes cf-request-id: 0801180b8200000b4ba581d000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p%2B1E6yqhjgpqQAbChah5y01FlR9S4TQn%2BTOXlgjGBCZRFKw1sZY1Fc99GpGFwy4ZMbXixJW1B9yeh1ScD8XAmQqZPpqavk4Z6lZGsx0F5cA8bRlBKce1uzDHqg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2bf3b330b4b-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 55 4d 8f d3 30 10 bd e7 57 18 81 e4 54 14 37 2c 5a 40 0d 1c 00 21 b1 07 96 15 14 a4 a5 aa 90 e3 4c 12 6f 5d 3b b2 9d 96 08 f2 df 19 a7 a5 5f 1b c8 25 19 bf 99 37 f3 66 c6 6d 44 f0 29 1a 2d bc 34 9a 18 7d 6b 9a 59 93 c1 55 61 f9 0a de dc 5c 7d 06 9e b7 f1 88 fc 8a c8 ee a9 15 6f c1 92 d7 44 c3 86 dc ce d8 4d 6f c7 b4 f5 5b 84 8e 8f 9c c3 b3 91 b9 af a6 84 3e 7f 71 49 c7 27 48 05 b2 ac 3c 42 cf 5e 26 67 d0 5a e6 60 ae 72 c4 be d6 65 f2 61 bd 7c e9 bf 9f fb 6c f3 7d e3 d6 4d cf 52 12 22 8c f6 d6 28 44 9e 8e cf a0 5c 3a 9e 29 58 66 53 92 9c 63 ca 98 7a 20 64 65 72 70 3e b3 5c e7 52 97 03 0e 16 d4 00 5b e1 06 0e 5d 65 36 52 17 66 00 e2 8d 37 41 d4 40 82 70 ac a4 f3 ff 6d 08 16 da 78 98 9e 05 77 a7 26 ac 41 fb 81 8e e1 43 8d ee e7 4d a7 fb 95 88 7b f7 d1 80 33 2a 01 3f 93 2b 30 8d 8f 8d de ae 41 1f 3e 26 17 49 92 8c d2 fb 31 5d 34 f4 dd f5 ae 5d 14 9d 6c e2 11 e1 49 11 8f 62 ca 9a fa 87 33 8d ce c7 0f d7 46 35 2b f8 d1 d4 74 c4 b0 5a 2a 94 14 4b 5c c1 7d fd f7 57 97 35 fa 23 b6 29 3e 2a f0 df 9c 05 cf e1 13 0a bc 3c 11 84 db e5 8c 02 a6 4c 19 d3 23 77 f4 e8 46 11 2a 39 6a cd a1 92 50 c8 ff 33 5d e9 7d a2 7e 6a 97 db 3e 4e 26 a4 45 2a bc 97 78 23 23 59 90 f8 01 ae 50 6e 36 73 7a 3b a3 0b 94 b8 e6 16 ef 22 5e ca 5f ca f0 ed 8e 26 e3 f0 09 78 85 92 2e ed ce 82 de 19 5d c8 f2 28 74 7b 10 08 68 65 9c c7 0d a0 95 f7 f5 74 32 d9 6c 36 6c 97 9d 09 b3 a2 7f c9 f0 ea ef 72 21 c9 c1 40 8a a7 e9 b1 e8 c0 af f0 74 be 48 d1 cb 86 79 a2 b5 77 28 30 3a f0 ed 18 20 47 bb c0 d9 74 04 94 03 d4 c3 ea c6 55 e8 96 76 5d ba 15 80 83 be 9d 7d 3e 27 3a 54 01 79 5f 44 61 2c 89 43 76 89 66 92 e2 eb 15 51 4c 81 2e 7d 85 d6 e3 c7 18 e1 6d 8b 29 e6 72 d1 67 14 dc 8b 8a c4 80 40 87 d9 90 0e e7 b8 ef cc 3e 93 08 25 fe 25 5f 12 a9 89 d8 Data Ascii: }UM0WT7,Z@!Lo];_%7fmD)-4}kYUa\}oDMo[>qI'H<B^&gZ`rea\|l}MR"(D\:)XfScz derp>\R[]e6Rf7A@pmxw&ACM{3?+0A>&I1]4]lIb3F5+tZK\}W5#)><L#wF9jP3]}~j>N&E*x##YPn6sz;"^_&x.](t{het2l6lr!@tHyw(0: GtUv]}>':Ty_Da,CvfQL.}m)rg@>%%_
Feb 1, 2021 22:28:11.415358067 CET	667	IN	Data Raw: 89 10 ac e2 ee d3 46 df 58 53 83 f5 6d bc 1c f5 65 6d 39 e6 cb 05 d2 08 7c a5 81 3e 44 73 3c c8 8d c0 25 d0 9e 09 6c 8e 87 f7 0a 82 15 53 27 ac ac 3d 2e 15 67 be ad 01 3d a9 87 9f 7e 72 c7 d7 7c 87 21 24 83 58 8a 43 7a 82 bf b3 25 78 5e cb 27 07 Data Ascii: FXSmem9\|>Ds<%lS'=.g=~r\|!$XCz%x^'Y0JtrU9NZ&w.zr.E\<;=gw.r@mq_iiYxoe"B4{/;N\u<Yyp1t ?
Feb 1, 2021 22:28:11.803062916 CET	668	OUT	GET /images/crypto-bg.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.862814903 CET	672	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: image/jpeg Content-Length: 198572 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "307ac-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300828 Accept-Ranges: bytes cf-request-id: 0801180d4000000b4b71935000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7WR7QT4TWxwpCYXOOlkLfscveFCaHDJKBit1KWgdL%2BPxtDxmUkKuqo8ZWF9kANRpoNe3NFBuUwnd3DFcORF7l8hiBjbsTnviHprWFuhfiIYFk%2F47FTuJWiDyyg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c20ac50b4b-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c 01 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c ff c2 00 11 08 02 a8 05 a0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 02 03 01 01 00 00 00 00 00 00 00 00 00 00 04 05 02 03 00 01 06 07 08 ff da 00 08 01 01 00 00 00 00 f8 d6 53 b2 cb 9c 09 bb 86 d6 99 42 ab 15 b3 b0 d4 66 9a d3 92 e9 fb 74 5c 14 00 e8 d7 9d 5c 6c 50 75 6b 1b c5 a7 17 26 4d 92 90 d4 51 22 25 6c cc e7 a3 9a cd ce 12 ba 35 ef 5a c9 4a 12 cc dc a7 bd 6e 16 47 5b dd b4 93 64 05 dc b7 96 3e f7 d6 1e 79 e4 e3 ee b9 d9 ab 49 ea fd 3b a7 5e a4 75 82 35 6d c9 2b 06 73 3e eb 59 f3 55 6f 4e 6f d3 33 0b e2 ca c2 65 5a 24 81 a9 40 2e 4a 23 eb 37 74 c2 8e 55 1d 6b 33 23 98 5c e7 61 a5 db 0b 48 0b 5b 72 bd 23 35 cd 70 d5 06 9a d7 90 eb 7b 74 3e 7f 48 1d 22 f3 ea d4 d4 99 28 0d a7 fc d8 27 3c 49 6b 70 e9 16 88 76 6d fc d2 19 99 bd c6 db 63 4e b3 37 99 64 73 27 64 e5 74 07 84 75 9b ba a2 2e ae 8d cb 32 6f 3d e5 9f 9e 79 50 f3 aa 57 30 ea bb 4e 96 a4 0a aa a8 6a 9e 74 5c 30 a3 ce 44 d7 51 c2 a2 b4 a2 26 e4 b2 d4 73 97 d0 49 e3 10 41 08 f8 05 d5 df a0 f5 a9 91 72 f1 ac aa 1a d6 6b 35 ac 2a 73 b4 8b 99 e5 c5 03 66 89 1e 90 6a 67 86 28 34 d6 fc 7f 5d db f3 fc 05 00 75 a9 4f aa bb 54 98 52 d0 c8 33 68 8b 70 97 7e 83 cf 8c 9a 8c 65 05 da d6 6f 35 bb ee 88 f0 de 66 f3 76 66 59 6d e7 5a 00 94 4a 11 9d 95 10 45 54 e6 f3 73 77 ee ad 3c fb cb 06 b3 18 75 3d 7b 15 80 8f 42 ec a6 a9 75 0f bc d5 ba cc ad 89 28 5a f3 b4 76 63 88 8b a6 bd c2 28 d0 00 Data Ascii: JFIF""%%424DD\""%%424DD\"SBft\\lPuk&MQ"%l5ZJnG[d>yI;^u5m+s>YUoNo3eZ$@.J#7tUk3#\aH[r#5p{t>H"('<IkpvmcN7ds'dtu.2o=yPW0Njt\0DQ&sIArk5*sfjg(4]uOTR3hp~eo5fvfYmZJETsw<u={Bu(Zvc(
Feb 1, 2021 22:28:11.862876892 CET	673	IN	Data Raw: cc d5 d3 d6 86 87 9f 12 a2 76 04 70 86 57 a2 0a 7a aa 39 2a f3 5a c2 67 3b af 25 b4 c8 3c 01 a0 7c 79 e8 c9 96 1a 9c d3 9a f1 fd 8f 75 cc f0 23 83 d6 a3 3e aa a6 03 84 97 0f b3 10 f4 4a 5d 73 b6 97 61 2a 68 27 5a a6 19 99 bd 6e fb e2 34 33 7b de Data Ascii: vpWz9Zg;%<\|yu#>J]sah'Zn43{f]}'28Ess\|h=awye6tsX^ cXmtb[r2UGY2Kq{)jbC[qr>tEQbjYoQrCURnozC+ Zw+$U
Feb 1, 2021 22:28:12.054270029 CET	1062	OUT	GET /images/success-li.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:12.109824896 CET	1065	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:12 GMT Content-Type: image/png Content-Length: 816 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "330-5ab1be1c1ca32" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300829 Accept-Ranges: bytes cf-request-id: 0801180e3b00000b4b92148000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4enU%2FXQRnJxHq9SfBH%2F9YQpZIyN8B60TMT6w78QCsfloXUFd2rvkWYx2QZPDTBVDWoRia2VC7qrBJsndqxKGmbLqZsqhHG7husCtHipXhfS77iPxsYzy%2FLKwjg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c39e610b4b-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 2a 00 00 00 24 08 06 00 00 00 ff c9 a8 2b 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 02 c5 49 44 41 54 78 01 c5 98 41 6e da 40 14 86 df 1b 20 24 b4 52 41 55 88 b2 4b 6f 10 96 5d 95 9c a0 e1 06 86 0b 94 ac ba 0c 9c a0 e9 01 5a 7c 83 d0 13 d0 1b 24 47 a0 ab 2a 85 0a 2f 2a ea 24 e0 d7 37 36 48 e0 0e 66 66 c0 f0 49 08 63 8f 35 bf 3d f3 cf ff 06 84 3d 33 72 8a c5 89 78 6a 02 e1 3b 44 ea 67 82 a0 5d 72 fd 7e bc 1d c2 9e 19 d4 0b 77 fc 75 3e ff 8d c0 62 89 2e e2 62 05 ec 91 61 fd c5 0d 2c 88 94 10 e0 d9 14 b1 f7 e0 14 2e 17 cf ef 4d e8 a0 51 68 11 d0 07 d5 35 29 56 20 dc 3e 70 9b f9 b9 bd 0c fd c0 79 59 05 0c 7a 3a 6d 03 84 f6 c9 d7 71 6b e7 42 47 ce 21 0f ad e8 11 c0 99 ee 3d 59 3a 28 ed 74 e8 a5 c3 4d 45 86 64 fc 57 3b 15 3a 15 8f 1d 53 91 3c 8f fb a5 2f fe 8f 2c ec 88 d0 3c 04 97 26 f7 48 91 53 5e aa e4 f1 4e e6 e8 af c6 51 13 09 3f 81 21 44 cf 95 b2 fb 7c 2f 8f 53 1f fa 91 93 3b b7 13 39 6d ce 45 4a 52 1d fa 99 c3 6f c1 14 0a 5a 65 f7 f1 f3 e2 a9 54 df a8 8d c3 b9 fd fd b1 eb b7 e3 e7 53 13 2a e3 d1 c6 e1 53 0a 6a aa 6b 19 48 81 41 14 7d 1f c1 0c 8f 1d fe f6 54 51 39 49 94 ae 97 06 98 40 ee bd 00 f2 f8 f3 ad b4 e2 66 15 b2 98 90 39 0d 86 04 04 b5 13 77 dc 5d 75 1d d7 75 b4 aa ec 52 31 33 cf 1d 0f 79 11 4c 60 f3 a8 e6 e5 4a a1 09 1d 79 fc c4 f5 a4 27 b6 c9 f0 48 24 dd 1c bb 7f af d6 35 13 8a 8e 54 6f a3 18 2f bb e2 4c 30 63 15 8f 7f 20 df d6 69 2b 22 91 7a c5 82 20 b8 56 89 8d cc 43 55 30 14 29 e3 f1 8d eb 79 3a ed c3 a1 1f 36 0a 1d ce 61 07 74 41 ea 66 83 7c bd c4 9d 6c 23 1e b5 ba 0c 37 57 f8 34 02 43 30 7c 23 78 65 e3 f0 28 1e 97 93 67 1d c2 07 df cc a1 f3 ce 20 da 2e 80 29 8a 78 d4 21 1c fa 41 fd 88 b7 05 58 85 b4 21 ea b2 c3 6b 16 77 46 66 Data Ascii: PNGIHDR$+pHYssRGBgAMAaIDATxAn@ $RAUKo]Z\|$G/$76HffIc5==3rxj;Dg]r~wu>b.ba,.MQh5)V >pyYz:mqkBG!=Y:(tMEdW;:S</,<&HS^NQ?!D\|/S;9mEJRoZeTSSjkHA}TQ9I@f9w]uuR13yL`Jy'H$5To/L0c i+"z VCU0)y:6atAf\|l#7W4C0\|#xe(g .)x!AX!kwFf
Feb 1, 2021 22:28:12.358663082 CET	1092	OUT	GET /fonts/glyphicons-halflings-regular.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:12.430607080 CET	1102	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:12 GMT Content-Type: application/font-woff Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: W/"5b80-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 299604 cf-request-id: 0801180f6c00000b4ba9277000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L%2BYQ0%2BidYoTaKzFbYhBwFXhDNfO04a4yTlRPohf55xDFno2IcOhpjzny11mKCxoaB7lCWwViUzv3CwpHdRaN0Em12B8pDBy06UJNI05ubzzN1%2F5a8BgOQBlaWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c57b180b4b-AMS Content-Encoding: gzip Data Raw: 35 61 61 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 94 53 70 25 0c b0 ad 77 38 71 26 b6 9d 89 27 b6 9d 89 8d 89 6d db b6 26 b6 6d 7b 62 73 c7 9a 38 d9 b1 9d 7d ea 3f e7 be dd ae fa 6a 55 57 bf f4 5a 55 dd 1e 8a 92 92 00 08 00 00 00 d0 0d 04 a0 fe a7 8d 7a ff d7 ff ff 25 29 a9 a6 00 00 40 68 01 00 00 c2 ff b0 a3 4f df 92 12 97 90 04 00 20 5c 01 00 00 09 00 00 20 85 10 07 40 2b aa 32 b3 01 00 10 a9 00 00 40 02 00 00 18 5a 74 da 44 99 d8 19 39 02 00 10 5b 00 00 e4 00 00 00 eb bc 51 7b 10 64 e2 ee 4a 0a 00 40 e7 00 00 00 e8 ff 85 16 f2 c5 c2 c8 c5 11 00 80 2e 00 00 00 70 ff 01 06 03 a0 2c 6c bd cc 01 00 e8 0a 00 40 01 07 00 48 2d f1 d3 1f 74 b0 34 33 32 05 00 94 07 00 00 00 3b 00 00 e0 84 51 60 5e b3 b4 34 33 02 00 94 1f fe df 7e 94 08 e2 d0 68 96 76 ae 9e 00 80 ca 77 00 00 42 11 00 80 72 5d 1c 23 35 b4 75 30 31 02 00 54 0d 01 00 48 1a 00 00 92 c5 e1 fd cf ac 9d 91 a7 23 00 a0 1e f9 9f 87 ff f5 61 0d 58 b3 37 b2 33 03 00 d4 2b 00 00 88 3c 00 00 aa a8 99 a1 20 db d1 c1 c5 15 00 d0 94 06 00 a0 19 01 00 84 85 ae e2 23 0e 0f 33 63 73 00 40 d7 13 00 00 c0 fe c7 10 ae 9a 12 00 f0 7f 29 4e 0b 14 cd fd a7 f3 ee 41 6e ff a7 2e e9 9e 1b 26 86 a6 86 86 ff a0 8c e1 61 bf 1b 1a 1b 9a 1a 9a 62 42 25 33 18 12 43 01 60 a4 01 b2 80 ff e6 e6 67 e6 39 03 03 93 03 83 d3 43 ae 41 41 41 64 08 a2 3f 99 8c 58 8c 37 20 0e a1 4a bf 07 c2 47 11 81 88 ae c6 fe 0d 14 dc 80 85 ee 83 c0 90 c2 6e e4 48 cb c2 46 92 94 54 08 48 b1 00 d6 34 44 24 00 00 e0 b9 71 99 2a 64 a9 2a 42 38 16 90 5e 62 a5 3a 3c fa 15 15 67 b7 db cb ce de 58 3b cf 80 e2 34 a9 24 17 42 ea b4 88 b4 a8 25 81 af df 44 0b 8d c9 06 0f 11 c1 54 0a ac 0c d1 6f 09 26 25 47 91 20 cc 11 6f 47 a8 2d ed dc b5 d2 17 07 16 ea c8 3e be f6 ea c1 a2 b5 76 71 bf fe 4b 99 bb ee f5 b8 be ca f6 e8 0f 8d cc 8a 1c 47 45 09 d2 Data Ascii: 5aacdSp%w8q&'m&m{bs8}?jUWZUz%)@hO \ @+2@ZtD9[Q{dJ@.p,l@H-t432;Q`^43~hvwBr]#5u01TH#aX73+< #3cs@)NAn.&abB%3C`g9CAAAd?X7 JGnHFTH4D$qdB8^b:<gX;4$B%DTo&%G oG->vqKGE
Feb 1, 2021 22:28:29.444690943 CET	2009	OUT	GET /images/favicon.png HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:29.503849030 CET	2011	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:29 GMT Content-Type: image/png Content-Length: 474 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "1da-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300842 Accept-Ranges: bytes cf-request-id: 080118522b00000b4bad234000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Py85W%2FSztSxv3H5Rz5e9KPqJ3kFC42zisL3O2xrNkx1wHZbTQkXEuvBGP%2FF5u13A2V0cl067vEachS1iohwr3vAPPVijGHcNDKOX371CY2pJjiWhz0YzYnYiGQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec3304cd50b4b-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 23 00 00 00 23 08 06 00 00 00 1e d9 b3 59 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 01 6f 49 44 41 54 78 01 ed 96 3f 4e c3 30 14 87 df 4b 3a a0 4c 6c 88 01 c9 dc 80 1b 34 dc 24 fc 6b 3a 51 98 e9 10 a4 36 1d 91 b8 00 b9 02 37 e0 08 bd 01 91 40 4a d8 98 10 03 c8 3c 8b 56 4a 5b c5 b5 9b 38 75 a5 7c 4b 12 eb 59 f9 24 3f ff 6c 84 1a 38 7a e4 af f4 60 50 81 30 8b c1 01 0b 10 22 61 3e de be cc 5c 44 b0 55 99 a2 88 a0 03 26 e0 90 02 c2 8b ac a4 9f c5 7e 2f 1f b3 e2 98 19 19 12 79 bb c6 33 59 c9 65 e0 25 54 c7 8a 63 56 34 f0 9c 56 a6 0c ab 64 3a 94 9e 5c 67 02 55 df bf 0f 30 02 03 b4 cb 54 86 91 9c e9 65 23 3f 3c f7 9e 64 35 c8 79 57 04 92 54 86 7a 62 4a 8f e7 d9 e7 3e 22 0c 40 83 ff 88 9f 30 7a 0d e4 95 b8 32 b2 22 43 3f 9f 52 7a 46 e2 9d 3d 70 f6 eb aa cb 2c 9f 35 ba d4 d6 33 55 45 04 b5 f4 0c 89 a4 61 36 82 aa d4 22 33 9c dc 9d 0e a1 3a 6d ce 94 b1 db a1 d7 cf e3 ee 55 e0 45 3a 73 0e 92 2f a5 7a 2d 99 d9 f6 f5 29 af 7c d0 23 52 29 52 5e a6 3a 72 64 1d 4a 32 4d 88 80 8a 4c 53 22 02 69 cf a4 b7 98 5e 04 7b c7 3f a0 8e 0b ee 0d 22 d7 3a 5c 95 64 04 87 c9 77 0a 1a 7c 04 de 27 c2 66 d8 9d 33 2a 17 23 19 c8 e1 04 36 64 41 46 fd 62 64 06 67 51 a4 99 5d 03 32 19 1b 44 04 8e 2d 22 82 3f c7 96 77 41 63 54 3c 14 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR##YpHYssRGBgAMAaoIDATx?N0K:Ll4$k:Q67@J<VJ[8u\|KY$?l8z`P0"a>\DU&~/y3Ye%TcV4Vd:\gU0Te#?<d5yWTzbJ>"@0z2"C?RzF=p,53UEa6"3:mUE:s/z-)\|#R)R^:rdJ2MLS"i^{?":\dw\|'f3*#6dAFbdgQ]2D-"?wAcT<IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49740	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.531080008 CET	256	OUT	GET /images/info-bg-1.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.612381935 CET	281	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 731 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "2db-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f8ad00000b47848e3000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lnjlFpVo%2Fn7qd5igK1oX1cFgO5Jn9lqd6qnJ3rzpMPvqtBy%2F9FOpp%2BJNjghVOBJbfaH5fZbHRAoQMh%2F3HUMaQmUJjp028GjNXlb32VA0O6nMT6LwDvE9XZDj8w%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a10c8f0b47-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 02 70 49 44 41 54 78 01 ed d8 db 51 1c 31 14 06 61 ad cb 61 d8 c1 38 14 47 80 1d 01 90 01 10 01 a1 10 02 39 40 00 44 c0 b0 07 0a 8a eb b2 97 d1 e8 48 dd df c3 d4 bc ff 5d a5 92 56 bf 2f a6 a9 08 69 bd fc c9 8f 22 a4 18 ff f6 68 75 6a 00 40 cf e3 c7 bf 01 c0 bc 1e 3f 18 00 c8 fb f1 83 01 40 7c 36 7e 30 00 80 af c6 0f 06 30 b8 4d e3 07 03 18 d8 77 e3 07 03 18 d4 36 e3 07 03 18 d0 b6 e3 07 03 18 cc 2e e3 07 03 18 c8 ae e3 07 03 18 c4 3e e3 07 03 18 c0 be e3 07 03 e8 dc 21 e3 07 03 e8 d8 a1 e3 07 03 e8 d4 1c e3 07 03 e8 d0 5c e3 07 03 e8 cc 9c e3 07 03 e8 c8 dc e3 07 03 e8 44 8d f1 83 01 74 a0 d6 f8 c1 00 92 ab 39 7e 30 80 cc ee cb 59 cd f1 83 01 64 75 5f 2e 6f fe ad fe 97 ca 0c 20 a3 a7 f1 ff 96 05 18 40 36 0b 8e 1f 0c 20 93 85 c7 0f 06 90 45 83 f1 83 01 64 d0 68 fc 60 00 ad 35 1c 3f fc 2c ad 4d e5 6e fd bd 2e 44 53 b9 5e e2 aa b7 49 f3 00 a6 f5 f8 eb c7 8e 3f 45 4d 78 04 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 65 08 e0 aa a8 99 a6 01 4c 53 39 b9 3d 5a 9d 16 35 d3 2c 00 c7 cf a1 49 00 8e 9f c7 e2 01 38 7e 2e 8b 06 e0 f8 f9 2c 16 80 e3 e7 b4 48 00 8e 9f 57 f5 00 1c 3f b7 aa 01 38 7e 7e d5 02 70 fc 3e 54 09 c0 f1 fb 31 7b 00 8e df 97 59 03 70 fc fe cc Data Ascii: PNGIHDR>apHYssRGBgAMAapIDATxQ1aa8G9@DH]V/i"huj@?@\|6~00Mw6.>!\Dt9~0Ydu_.o @6 Edh`5?,Mn.DS^I?EMxeLS9=Z5,I8~.,HW?8~~p>T1{Yp
Feb 1, 2021 22:28:06.612420082 CET	282	IN	Data Raw: 16 80 e3 f7 69 96 00 1c bf 5f 07 07 e0 f8 7d 3b 28 00 c7 ef df de 01 38 fe 18 f6 0a c0 f1 c7 b1 73 00 8e 3f 96 9d 02 70 fc f1 6c 1d 80 e3 8f 69 ab 00 1c 7f 5c df 06 e0 f8 63 db 18 80 e3 8f ef cb 00 1c 9f e1 d3 00 1c 9f e3 43 00 8e cf f2 26 00 c7 Data Ascii: i_};(8s?pli\cC&yp\|_q,.VIENDB`
Feb 1, 2021 22:28:06.634859085 CET	318	OUT	GET /css/stylesheet.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.695949078 CET	396	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 1238 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "6d02-5ab1be1c1aaf2-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f91300000b472e985000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g7wxw1yOJr6tsFOOHvupS5b%2BYAJvb1mGylifBI%2BqApyy8fCbLgXJGJJJ0HeqiSzG6yggnV0%2F%2FfuWB2kOCmj66kjdswGjsVC84XCUT%2Bj2tfLXZT9djs3TND%2FaFw%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a1be180b47-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 9b 5d 6f 9b 48 14 86 ef f3 2b b8 73 d2 2d f1 cc 18 ec 90 de 14 30 74 a3 38 aa f2 e1 ad 7a 55 51 8c 1d 1a 8c bb 36 de 24 5e ed 7f ef c0 d0 34 d9 04 05 46 ea 9c e1 e3 c6 e8 78 1c e4 3c ef 01 1e 9d 4c fa 6f 14 ff 7e 1d 46 51 e8 ab c1 5d a2 bc e9 ef bd 9f af e2 44 9d 7b 7e a0 fc bb a7 28 79 b5 0c a3 fb 63 a5 77 b1 fa ba 4a 56 bd 77 3f 17 36 c9 7d 14 1c 2b 61 e2 d1 33 3c bc 7b 1b 84 8b eb e4 58 c1 08 3d bc 37 0b 37 df 23 8f 9e e3 6b b4 f2 6f d2 b7 37 6b ff 58 a1 85 17 ed e7 e7 55 ae ae c3 58 39 c9 4e d6 3b 78 fb 74 51 4d 17 7f ad 6d d7 d1 fe e1 61 3f 3d f7 a6 7f ea 7e 0c ed f8 6f 67 6b 10 77 8d cf b6 3a 3e 5f 3b 3b 34 9b 7c 89 77 87 b7 ab f9 9c 1c d0 6f b1 5e 7a c9 7e 2f 2b 7b 07 e9 37 d8 c6 a1 bf 9a 05 ea da 8b 17 f4 b7 98 fe 81 b4 21 52 91 4e dc b7 b4 c0 f6 11 52 e9 cb 51 5a 10 64 69 d9 71 ec 20 95 8c dd ec 13 e6 50 43 aa 39 34 b2 c2 75 88 a3 d2 17 f7 dd de 7f 7b fd 5f 5c 9b c5 f4 9c 83 29 a2 4c 35 3d 83 84 34 23 2d 0c cc 0a 2b 2d ac ac 20 18 0f 73 72 8b 75 10 dc 34 af 1d 6f 2b a3 c3 2e 45 87 5d d7 7d 0c a6 59 50 ce aa f7 d3 60 44 bb 66 f0 00 e5 9f 30 48 62 6f 19 6c 82 66 91 39 aa 4e 06 23 a2 d2 97 41 76 71 61 4c 31 61 cc ae 34 4c 8e 68 41 0c 56 0c d3 62 98 17 66 fa 31 33 ff 98 e9 d2 c2 42 d9 ed cf a1 2b d8 71 0d 76 fb 33 ad 9c 77 e4 25 61 dc bc ab 53 e3 c1 4d d1 11 8d dd d8 88 6e 30 6a 28 a3 e6 32 6a 04 e5 f4 e8 43 83 22 cc 8b 31 2d 6c 37 bf eb 65 69 11 9b 3e 78 88 3d 62 8f 95 11 a1 8f 95 d1 43 87 67 c4 9b 45 db 9c 4d 6e 2b b1 46 29 6b c4 b0 22 3c c8 db 55 4f fb 5d 67 fd 4e 2c 8b a6 61 d9 ac b0 87 ec 38 36 f3 a3 cd d8 a3 34 88 61 9e ce 48 cb 03 61 8b 98 10 76 34 f2 27 92 c1 b2 a1 0b f9 51 67 0f 7a f6 35 e8 7d 79 fc bf 67 fd 6f b8 2c 06 55 83 9a a4 3f 57 98 54 b6 5a 1c d5 b7 a7 51 5d 7d 33 2f fd 81 bd b9 3a 8d cc Data Ascii: ]oH+s-0t8zUQ6$^4Fx<Lo~FQ]D{~(ycwJVw?6}+a3<{X=77#ko7kXUX9N;xtQMma?=~ogkw:>_;;4\|wo^z~/+{7!RNRQZdiq PC94u{_\)L5=4#-+- sru4o+.E]}YP`Df0Hbolf9N#AvqaL1a4LhAVbf13B+qv3w%aSMn0j(2jC"1-l7ei>x=bCgEMn+F)k"<UO]gN,a864aHav4'Qgz5}ygo,U?WTZQ]}3/:
Feb 1, 2021 22:28:06.695987940 CET	397	IN	Data Raw: 86 79 14 3c 57 95 87 ab 2c 2e 05 8f 8f 54 c7 27 c2 a7 e0 c1 e8 1c 7d 25 ca a9 e0 e9 60 0e 3a b5 f6 2a 78 e4 88 0b 79 7d dd 0a 9e f8 d0 de 9c 77 7a 55 26 2b ad 6a 56 45 29 15 07 74 f3 34 a0 3b f7 64 77 e2 9e 56 d3 5f f9 7d 0a 00 e4 19 0f 48 59 04 Data Ascii: y<W,.T'}%`:xy}wzU&+jVE)t4;dwV_}HYSc 1QOv"WPGY0riGvCJ2`Id@#pI>/m&w#ieYaVbaZTk-Y$,h,244I4N&eTN*
Feb 1, 2021 22:28:06.705363035 CET	410	OUT	GET /js/swiper.min.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.761780977 CET	487	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 23631 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "17a38-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f95500000b47809fa000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R4TrpABydf%2FE%2Fkli54qkYlWtu7t57tf9T5qd5SGu9EVd9ETMYkAE54j9W9W9Rm3XQbujidpGor%2B7%2FYbmev%2BiF8CGmTbe9hVYuJokRiSmIoVxGTvh3RcChC2Ebw%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a22f560b47-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd fb 77 db c8 91 28 fc 7b fe 0a 09 7b 57 03 88 20 45 da 33 49 86 14 c4 e3 c7 4c c6 27 f6 d8 77 e4 64 ac 28 ba 39 10 d9 92 10 93 00 03 80 92 65 91 f7 6f ff aa aa df 8d 06 49 79 66 b2 bb f7 7c 9b 1d 8b e8 77 57 57 57 57 57 d7 e3 e8 f0 f0 77 7b 87 7b a7 77 d9 82 95 7b 4f 7b 5f f7 06 f8 fd a6 a8 ea bd 79 31 65 65 0e 7f 2e b3 19 db ab 8b e5 e4 66 af 9a 65 90 b8 97 e6 d3 bd ab 32 9d b3 bb a2 fc b8 77 97 d5 37 7b 37 69 39 bd 4b 4b b6 97 4e 26 6c c6 ca b4 66 d3 bd ba 4c f3 2a ab b3 22 af b0 59 fc ef a6 ae 17 c3 a3 a3 bb bb bb 5e 36 4d f3 6b 56 16 bd 65 75 54 d1 08 8e 64 a9 17 c5 e2 be cc ae 6f ea bd 27 fd c1 ef e3 bd bf ce d2 69 36 cf ca bd 3f 43 3f b3 74 be c8 a6 19 96 7b 7f c3 f6 b2 97 aa 99 0d 1d c8 96 5f 67 13 96 57 30 b6 65 8e 33 79 f3 ea bd cc f9 09 86 9d 62 4e 91 0f f7 5e b2 09 9b 5f 42 81 c1 d3 98 c6 00 25 8e 7e b7 7f b5 cc 27 38 9d 30 7a 08 96 15 db ab ea 32 9b d4 c1 48 a6 ef b1 90 45 0f ac 77 95 f7 f8 8c 12 55 23 8d 1e 6e d3 72 af 1a 95 ac 5e 96 58 b2 be c9 aa a8 c7 d2 c9 4d 68 b4 8b 85 58 92 b3 bb bd 9a 4a c4 69 34 aa 56 ab b0 4a 58 b4 8e e2 6a bd c6 12 69 5c eb a6 59 9c 45 0f 6a 08 25 0e 41 74 f2 26 ad 6f 7a 57 b3 a2 c0 c4 b5 2a a2 fb b9 ec 2d 52 58 c8 aa 97 2e eb 62 31 4b ef e3 14 d2 68 99 ab 1e fb 57 78 d9 4b a1 ca 2d 7b 05 d0 fa 14 8d d2 5e 5a d7 65 18 4c d3 3a ed f2 19 76 65 cd 20 3a 38 08 59 b2 b9 c8 6a d5 e8 31 8a 2f d5 ef f7 d9 9c 15 cb fa d5 34 a9 58 2d 3e 4c e0 a8 ca 30 a5 c5 18 46 77 95 7d 7a 0d 3f 43 6c e4 1f 34 ec 1f d9 a7 9a 3e d9 3c ab c3 a0 c8 9f c9 ce e3 cb 28 1a 5e f6 b2 ea bb 7c 3a ce 54 9f a7 f0 e7 6d fe 3a ad ea 31 cc 1c 3e 64 85 30 1a 86 b2 d5 f7 45 d8 6f 6f 34 dc ad f3 75 6c 2e 42 01 eb 56 0b a4 48 d2 90 f5 ea b4 bc 66 75 34 ca ae c2 fd 0a 86 Data Ascii: w({{W E3IL'wd(9eoIyf\|wWWWWWw{{w{O{_y1ee.fe2w7{7i9KKN&lfL"Y^6MkVeuTdo'i6?C?t{_gW0e3ybN^_B%~'80z2HEwU#nr^XMhXJi4VJXji\YEj%At&ozW-RX.b1KhWxK-{^ZeL:ve :8Yj1/4X->L0Fw}z?Cl4><(^\|:Tm:1>d0Eoo4ul.BVHfu4
Feb 1, 2021 22:28:06.761799097 CET	489	IN	Data Raw: 19 d6 51 04 bf 03 44 b2 fc 3a 48 92 fa 7e c1 8a ab bd 3a aa 92 0a 01 c1 f2 1a 0b 8d d8 0c 50 11 4a d6 bd 1c f6 ec 7b 28 c5 9b cd 24 ae e9 d2 2e be 31 40 af 87 34 81 b6 61 f1 b2 a4 46 14 cb c6 f5 f0 b6 c8 a6 7b fd 35 34 da df 4f a0 b7 19 cb af eb Data Ascii: QD:H~:PJ{($.1@4aF{54OHwVa=.]N\DcVq%0_SQ~gQbUdx:oT}@$.5,gScje~l6}UuKET\|QW78K1tY
Feb 1, 2021 22:28:06.761811972 CET	490	IN	Data Raw: f4 00 c9 f4 d7 7d 20 cf 7f ec f7 81 4d eb 03 8d e8 03 5d e8 c7 05 f0 35 bc 91 60 0a 9c 75 36 03 e6 78 0f 99 e4 12 28 3e 4f 89 e2 80 26 f1 92 cd ea 54 67 77 59 4f 27 1f 0d 9e f4 ad 72 67 2d 05 cf 1a 25 3f c8 92 99 5d f2 83 28 99 c2 71 21 8a c0 95 Data Ascii: } M]5`u6x(>O&TgwYO'rg-%?](q!>Y??{g^Rg&V0)s0MS"ze9jUD X0~Wrp?:QjYeac5\P*<~G)AO(
Feb 1, 2021 22:28:06.761828899 CET	491	IN	Data Raw: 86 6f c4 b1 66 57 57 d9 5d 41 91 ec 6c 31 33 57 84 6d e7 77 b9 50 5e 14 7b b9 5c 00 26 28 d1 82 af fc 54 16 b1 6b 12 46 ce bc 35 6e 79 96 db c5 c6 c6 45 61 04 af af 1c ee 20 b7 bd b6 b2 7a c0 46 2d 5c 4b 5f 61 dc 2b 6e c3 6d 65 75 c3 bc d6 1d 67 Data Ascii: ofWW]Al13WmwP^{\&(TkF5nyEa zF-\K_a+nmeugk"DLMC<[QX-%NZ<;Q]%^&<Yk SCwieGD\|dg0g#Zug<-.*8tG2W8Fihm`V`
Feb 1, 2021 22:28:06.761850119 CET	493	IN	Data Raw: 0e 13 aa 36 34 a4 9b 25 7b 13 40 fe 40 75 13 d0 58 49 cf f7 0b 58 03 6c 5e d5 0f 91 de 16 f9 f5 4f ef 5f 27 41 f7 8e ac 12 ba c8 ea d1 00 04 81 95 dd 57 dc 88 a5 9d 0b c4 d5 fa 82 11 cd 97 b3 3a 2b 81 8f c2 96 a7 ec 36 9b b0 5e 9a 4f 4b b8 a8 7e Data Ascii: 64%{@@uXIXl^O_'AW:+6^OK~"F+HY)~2?n5}?o>!eTYcPCy6G,A\|~[yfVRb&W~PzyA"C8K<5V
Feb 1, 2021 22:28:06.761867046 CET	494	IN	Data Raw: ee cb 44 cc 8d 6f a2 75 90 c3 2d 13 71 7c e9 c8 17 51 5a 4a f8 ef 5d 3c c4 59 bc c0 36 a6 b3 ec 01 73 29 f4 38 50 ff 60 28 12 f8 a9 18 5a af be a6 66 3d d9 b4 95 61 11 21 40 8b 24 e4 64 cd 87 cf d8 35 e0 c0 61 1a 79 f6 34 66 6e eb 20 f6 1c 46 bc Data Ascii: Dou-q\|QZJ]<Y6s)8P`(Zf=a!@$d5ay4fn F]dvb0E,Xa@~pGO:JVS.GOZrqPpmOIB-@:e"PLpbqwm_`Z:36Q'QB6/E(Z\$
Feb 1, 2021 22:28:06.762813091 CET	496	IN	Data Raw: c8 38 87 09 a3 06 a4 93 89 4d fc 6d 76 4d 82 3c d5 fa bf c2 72 b7 6a 68 ba 26 9c 1b 6d 04 95 df 06 49 68 3a 9a 9b d8 ef 42 24 ea a1 d3 f7 b0 ec 0c da 60 b4 a9 25 ed 59 44 b4 43 76 4d f2 32 b7 61 dc 7c 5f 16 09 75 7c 94 c7 b3 a4 88 17 c9 60 e4 51 Data Ascii: 8MmvM<rjh&mIh:B$`%YDCvM2a\|_u\|`QY$EsDm1/0::\|f+0yz%u%o^8*{K?Qm2 fA}!WRe+dy0 _oOZEB=}lc>2
Feb 1, 2021 22:28:06.762830973 CET	497	IN	Data Raw: 9a cf d9 34 e3 b7 6c 9d 19 89 4b 9a da 61 d6 c0 bd 23 6a 8d 75 a7 94 32 42 b3 51 db d1 4e 7b a3 1b 43 d7 29 7d 0a ab 69 47 93 cb db b6 d0 5a 71 1e ec 3c 36 94 24 a6 75 75 53 c2 1a e5 b2 f6 5b a9 66 e2 6b 4b b1 4b 87 dd 68 f0 18 75 82 c1 d3 5b 4d Data Ascii: 4lKa#ju2BQN{C)}iGZq<6$uuS[fkKKhu[MV^0%NQC$O8e5+iiMQ7S4s.v]@m,m6~pbho<&QDJ-V`@h2vc' R(ODW'vQ
Feb 1, 2021 22:28:06.763897896 CET	498	IN	Data Raw: 34 ef 83 32 cd fb c0 bd ba 3c d0 29 08 4b a7 07 7e de f4 a4 c6 e7 06 3b 93 4f 20 b8 88 eb 6c ce 86 df ad a3 f8 51 ed 48 b0 41 4b 12 3a b2 ad d0 f0 d8 8d 6c 7d 84 47 07 ca 90 c2 88 bb 68 71 94 de 5e b5 a9 df bd 8a e8 7a 68 dc 0f d1 9e ff 4b ae 87 Data Ascii: 42<)K~;O lQHAK:l}Ghq^zhKMNy7C7tuj\|?j:SGnXIAOs{Snx.l} kuO'#\|x9~/9S;B6sGh\6Vs[cuq}=sx`0h#P-,(B}KX%
Feb 1, 2021 22:28:06.772281885 CET	512	OUT	GET /js/custom.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.829329014 CET	531	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 523 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "543-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f99800000b472f11f000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=izi6DVeIrev84tM429XsMMqOY2jZUD%2BVcRZqRD1fHlU612Cpjsx3FxZA89vI31kro6HhvlhLft6qI0VnDoIjpdbbsRoCfy8t7tD2D6QtOCAJjVJMaECgW9Lwjw%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a2885e0b47-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 53 4d 6f d3 40 10 bd e7 57 58 6e 21 b6 54 6c 17 48 85 68 03 42 e2 c0 a5 82 03 3d 50 45 8a d6 de b1 bd cd ae 67 b5 bb ae 95 b6 f9 ef 8c e3 55 9a 0f 82 90 10 62 4f 7e e3 e7 99 37 ef ad 47 01 9d d3 68 9c d4 78 0f e6 95 42 ce e4 38 1e 50 54 b6 4d e1 04 36 51 fc 38 0a fc e9 b9 1a 75 ab e7 45 6b 1d 2a 22 db 1a bb 28 de 30 fa b3 1a 60 4f 2e 24 5a 98 e7 ad 73 d8 10 b9 90 a2 58 fc 69 e7 5a 70 f0 9d 57 cf 03 44 19 71 b8 17 05 24 0a 73 21 89 11 3c 3d 05 be 24 34 e3 3b 05 d6 70 83 82 6a bb 0a 1f 77 d0 69 14 9e 2c 9d 96 6c 09 26 8c 13 a6 35 34 3c 0a af 84 aa 02 6b 8a e9 2c 14 8a 55 60 53 6d 40 22 e3 60 e6 3f b0 75 6d 0e 49 25 ca 59 18 08 4e 1c a6 a9 38 0b 3f 84 f1 e5 5e f7 7d 7f 0d 28 c2 d1 01 2f 24 b9 4e ac 3d 5a 0b 29 ac 8d c6 39 ba de 8e b3 f1 c5 e4 c5 78 ef 93 34 3d ae bd 34 4c 41 d0 09 ee 6a 12 37 b9 c8 48 67 0d a2 aa 1d c1 37 e7 13 82 c3 6e b5 73 da be 4f d3 ae eb 92 a5 5f ab 40 95 82 ca 81 a7 b7 5f 3f b9 eb b7 ed c3 e7 87 eb 8f aa 75 30 cd 5e 32 a5 2f 59 eb b0 1f 3a 3d 5f c3 02 1b 67 50 5a 0f b9 b0 2c 97 b0 c8 3d 5b 22 6a ff 8a 3c 00 eb 72 43 c1 88 a6 f2 45 b2 d5 33 fb db 24 9a 12 3d ec 47 48 61 dd 74 4b 06 09 5f ef 96 a3 a1 24 68 81 7e 33 26 25 76 65 2b a5 2d 0c 40 43 55 4a e2 2a 1d 5c 38 88 c4 82 fb 2e 14 d0 b2 bf bc 8b 3e b5 93 75 a2 9b 8b 78 90 d6 3f f5 fd 46 57 d9 97 fb c5 3b 77 9b fd 4f df b7 64 fc a5 ef ab b3 d7 59 96 c5 c1 73 61 f3 04 d2 c2 ce 2f 49 e6 e6 c8 97 db be 52 7f a1 9d b7 ee ce a6 de b1 9b 6f c9 9d ed 47 ce d2 81 b1 97 f5 f0 87 fc b6 d9 b1 1c 86 1d e6 4c 8b a3 fd 57 a3 d1 4f 84 0a cc 70 43 05 00 00 Data Ascii: SMo@WXn!TlHhB=PEgUbO~7GhxB8PTM6Q8uEk"(0`O.$ZsXiZpWDq$s!<=$4;pjwi,l&54<k,U`Sm@"`?umI%YN8?^}(/$N=Z)9x4=4LAj7Hg7nsO_@_?u0^2/Y:=_gPZ,=["j<rCE3$=GHatK_$h~3&%ve+-@CUJ\8.>ux?FW;wOdYsa/IRoGLWOpC
Feb 1, 2021 22:28:06.832020998 CET	531	OUT	GET /images/ft.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.892652988 CET	554	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 2281 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "8e9-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9d500000b473733f000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zC1BsXoSJyXEt7c1ICcy5wwwhkquG4rR0xWPi29ShNhg6wbFE3BvkfpWet0Jw%2BDLfzsxBK0IeVUayq63ElSL%2FY0IsCsqUrtZnFxOukmUYK0%2BVIp5hlf8HYRL6A%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a2e9640b47-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a9 00 00 00 17 08 06 00 00 00 70 15 6f 2a 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 7e 49 44 41 54 78 01 ed 9a 75 8c 1f 45 14 c7 bf 1c a5 02 14 28 2e a5 14 0b 04 82 17 2b 34 c1 dd 8b 6b 81 16 77 28 90 00 a1 84 e0 c1 dd 0b 04 48 80 00 0d 52 dc dd dd a5 48 70 2b 50 b9 d2 52 de 87 79 9b 9b 9b 9b fd ed ef da fb a7 c9 7e 93 6f ee b7 bb 33 b3 6f df bc 79 ef cd 9b 93 6a d4 a8 51 a3 46 8d 1a 35 6a d4 a8 51 a3 46 43 cc 64 9c bf 89 76 e3 8c 13 8d f3 64 9e 4d 36 76 8b ae ff 30 4e ca b4 9b c3 d8 33 ba 9e 6a fc 59 79 b4 18 fb 1b bf 28 79 3e 97 b1 bb ff 9e 62 fc 35 d3 66 e6 8c bc e3 9c 31 d0 c1 f2 c6 15 15 be e3 23 e3 ab 2e df b2 7e 9d ca 5e c8 ff 9b bf 3f 87 95 8d 6f 7b 3b 65 de 39 b7 cb 98 e2 e7 92 3e 29 d0 d1 2c 3e 56 15 98 a3 7f d5 a6 b3 18 ff 28 7c 77 31 0e ef 6e 55 35 ba bb 0c 45 9f c9 2e 4f 15 90 63 52 66 ac 35 8d 0b 18 3f 33 be 63 ec 61 5c 48 6e 03 3b 1a df f4 17 3d 6e bc c8 79 89 f1 2e e3 5f c6 33 8c bd 8c 5b 1b 1f f4 b6 3f 18 f7 37 0e 34 ee 69 1c ed f7 9f 55 c7 09 05 cb 18 0f 34 8e 35 de 68 dc 42 e5 58 df f8 be 82 71 e4 b0 96 f1 24 05 23 99 60 dc 36 d3 66 56 e3 96 c6 db 8d 3f 1a f7 53 30 ba 18 43 8d af 19 6f 70 d9 76 35 1e 63 bc d7 78 a1 f1 51 6f 87 11 1f 60 fc c9 bf f1 56 05 5d cc aa 3c 7a 1b c7 18 d7 2d 79 ce e4 ae 61 3c 47 61 d2 a6 fa ef 1d 8c b3 a9 39 f0 2d cc 0d 13 7a 9f 71 94 f1 7b 85 45 f3 b8 5f 3f ad e0 5c ae 32 f6 35 ee ab a0 d7 a9 de 0f 9d 30 2f 9b 19 6f 53 9b b1 2d 58 f1 ee 85 15 16 3b ed 47 1a 07 2b cc d5 de 3e 6e 61 4b 57 45 bc ce f8 ba f1 4b b5 5f 58 e8 e1 45 e3 e5 c6 a3 8d 17 7b bb 7b 8c c7 c5 2f 3d cc 07 3e 3c 23 10 06 71 6e 74 3d 50 6d 13 15 63 76 e3 cb fe 8c 0f ce 79 09 80 42 57 54 63 dc e1 e3 0c ae 68 b7 81 c2 24 8f f5 Data Ascii: PNGIHDRpo*pHYssRGBgAMAa~IDATxuE(.+4kw(HRHp+PRy~o3oyjQF5jQFCdvdM6v0N3jYy(y>b5f1#.~^?o{;e9>),>V(\|w1nU5E.OcRf5?3ca\Hn;=ny._3[?74iU45hBXq$#`6fV?S0Copv5cxQo`V]<z-ya<Ga9-zq{E_?\250/oS-X;G+>naKWEK_XE{{/=><#qnt=PmcvyBWTch$
Feb 1, 2021 22:28:11.835696936 CET	670	OUT	GET /fonts/mem8YaGs126MiZpBA-UFWp0dbck.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.892971992 CET	780	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Mon, 09 Nov 2020 15:03:18 GMT Vary: Accept-Encoding,User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2601 cf-request-id: 0801180d6100000b4739a1f000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TqAq%2FFF6JypWGJT7ORhNPG3ytLh9IDxb182vJE5jDwlkTrQPKfxv3dxFS055lKgbt8Rptk0iXANbXC8JANTN4ZDaFqIHMr6sjMneGx3B9TFYevF2njvXYLuNlA%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c239040b47-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb 37 1b a1 76 0c ae bd 10 18 db Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd7v
Feb 1, 2021 22:28:11.929297924 CET	842	OUT	GET /images/preloader.gif HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.997762918 CET	1021	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: image/gif Content-Length: 2391 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "957-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300691 Accept-Ranges: bytes cf-request-id: 0801180dcd00000b472f31d000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vF75%2BfNmSeshisdJwWyIEdoj9Ybj7Ml%2Fm6t1VNy6707JEAd0OmpWOHHmQ8rPfX1rKjD25bXVuYkHhxYR8C774jxZu9zJPchcNn%2Ft2O08JJr5a6iGybftYOTp%2Bg%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c2db120b47-AMS Data Raw: 47 49 46 38 39 61 12 02 04 01 91 03 00 27 3a 99 47 a9 d6 58 a7 d3 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 0a 00 03 00 2c 00 00 00 00 12 02 04 01 00 02 ff 9c 8f a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 0b c7 f2 4c d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 c4 a2 f1 88 4c 2a 97 cc a6 f3 09 8d 4a a7 d4 aa f5 8a cd 6a b7 dc ae f7 0b 0e 8b c7 e4 b2 f9 8c 4e ab d7 ec b6 fb 0d 8f cb e7 f4 ba fd 8e cf eb f7 fc be ff 0f 18 28 38 48 58 68 78 88 98 a8 b8 c8 d8 e8 f8 08 19 29 39 49 59 69 79 89 99 a9 b9 c9 d9 e9 f9 09 1a 2a 3a 4a 5a 6a 7a 8a 9a aa ba ca da ea fa 0a 1b 2b 3b 4b 5b 6b 7b 8b 9b ab bb cb db eb fb 0b 1c 2c 3c 4c 5c 6c 7c 8c 9c ac bc cc dc ec fc 0c 1d 2d 3d 4d 5d 6d 7d 8d 9d ad bd cd dd ed fd 0d 1e 2e 3e 4e 5e 6e 7e 8e 9e ae be ce de ee fe 0e 1f 2f 3f 4f 5f 6f 7f 8f 9f af bf cf df ef ff 0f 30 a0 c0 81 04 0b 1a 3c 88 30 a1 c2 85 0c 1b 3a 7c 08 31 a2 c4 89 14 2b 5a bc 88 31 a3 c6 8d ff 1c 3b 7a fc 08 32 a4 c8 91 24 4b 9a 3c 89 32 a5 ca 95 2c 5b ba 7c 09 33 a6 cc 99 34 6b da bc 89 33 a7 ce 9d 3c 7b fa fc 09 34 a8 d0 a1 44 8b 1a 3d 8a 34 a9 d2 a5 4c 9b 3a 7d 0a 35 aa d4 a9 54 ab 5a bd 8a 35 ab d6 ad 5c bb 7a fd 0a 36 ac d8 b1 64 cb 9a 3d 8b 36 ad da 32 00 da ba 7d 0b d7 ed 03 01 01 ea da bd 8b 57 80 80 b9 78 fb de d5 bb 56 4c dc c1 83 1b e8 f5 8b 58 ef 5e 06 87 11 f7 55 1c 18 0c e1 c9 72 19 3b 4e bc 78 01 dd cb 7e 33 47 e6 42 99 72 03 ce 89 47 93 f6 fb d9 4b e8 c9 a6 4f ff 6d ed da 6e ea 2e ab 09 c3 76 0d 98 41 6c bc b3 41 d7 8e 7b 1b 77 70 d7 bd b7 fc 06 ae 7b 77 5d cf 09 94 cb 2e 9e e5 38 dc e1 a4 99 23 70 5e 17 7a 74 e9 95 17 38 cf ed 1d bb 76 2c dc bb 2b c0 6e fd 00 f6 00 e3 af 94 6f 4b 9d 73 7a 03 eb db 5b 79 0f 20 fe e5 f9 03 ea db fb a7 82 9f 7e 98 09 e8 d8 7f 00 be 47 60 67 09 a2 66 a0 14 01 26 a7 1c 7f fe 35 08 c5 83 e1 45 b8 60 5f Data Ascii: GIF89a':GX!NETSCAPE2.0!,HLLJjN(8HXhx)9IYiy:JZjz+;K[k{,<L\l\|-=M]m}.>N^n~/?O_o0<0:\|1+Z1;z2$K<2,[\|34k3<{4D=4L:}5TZ5\z6d=62}WxVLX^Ur;Nx~3GBrGKOmn.vAlA{wp{w].8#p^zt8v,+noKsz[y ~G`gf&5E`_

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49739	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.549617052 CET	258	OUT	GET /images/ceo2.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.610434055 CET	263	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/jpeg Content-Length: 22253 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "56ed-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300825 Accept-Ranges: bytes cf-request-id: 080117f8ba00001ed21e23f000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Alrzh0gYvvBPnJcirZr7p6V6l2BDfQvgRMNZJ4P9dCrmbSO9aR4tZ5Y7dLNgcjqV%2BpvjMv1iwCRpSKR4QHz259bbMvwHOocDFr%2BR5Jgs6Z%2BNBfXhp%2BjHpSkRvw%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a12ced1ed2-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c 01 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c ff c2 00 11 08 01 7b 01 68 03 01 22 00 02 11 01 03 11 01 ff c4 00 1d 00 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 05 06 04 07 02 03 08 01 00 09 ff da 00 08 01 01 00 00 00 00 ec 08 36 26 62 e6 82 48 3c cf f6 94 36 78 a7 00 19 23 29 24 3d 86 24 4b 70 01 4e aa 19 18 57 35 0d 99 38 b4 78 64 95 4a 91 f7 10 36 14 81 85 57 92 58 9c 76 c1 47 7e 18 41 3f c9 8c 0a 42 9c 44 64 dc 08 1b ea 41 13 cb cc 89 84 d2 98 cd 05 92 92 58 a4 82 c0 2c 7c 57 e7 84 4d 2e dd 32 0a 7d 89 16 6a 19 49 44 2b 4a 36 9f 16 d3 d3 96 c8 07 b4 b9 45 60 31 af 1f af a6 ed 0e 6d 4b 7e e9 4d 60 ac 8c 86 4e 5e 40 30 d3 0b 15 47 bd 24 10 d9 88 47 e1 8a 77 c8 cb 4f 5d 9b 64 ba 2b 6d 38 1c f8 13 48 e7 8f 01 f6 bd d8 62 5b 20 4b 27 21 b3 41 d7 e7 9c f4 c7 46 77 5d 20 a2 68 87 3f 06 6d 14 99 8a 2a a7 e8 73 4a b4 46 21 6c eb e7 10 cc 31 08 28 9f e0 f8 cf a1 2c 8c c7 4c 00 86 79 ca 1e 94 97 41 45 92 e7 6e a2 ad c0 ca 91 06 8c e7 cf d2 93 69 5f 1c 5b 66 5c 63 4c 36 c2 32 7a 21 1d 90 da 00 59 39 0d 98 01 0c eb 9c 28 c9 6e a2 c9 25 93 9d 59 6f ab 22 84 49 96 a7 fa 36 6d 1e 71 a1 cc 2b 66 d1 4c 15 8a 61 24 96 c8 6c 60 2c 8c 86 ce 07 5f 1b 74 89 ad 15 d4 61 14 63 53 2a 0f 92 d3 11 e7 4d 89 d8 76 c2 17 a7 03 b0 81 3a 94 58 b0 a2 a9 c4 66 e0 54 0d 93 98 d9 a2 2b b3 2e f1 3e 42 74 18 59 24 94 da f0 ed 5a df 43 c0 6a 51 eb 3b 3d 12 61 d0 ec 2b 46 91 08 c9 86 55 24 d1 1c b7 2a 3c 6c 06 7b Data Ascii: JFIF""%%424DD\""%%424DD\{h"6&bH<6x#)$=$KpNW58xdJ6WXvG~A?BDdAX,\|WM.2}jID+J6E`1mK~M`N^@0G$GwO]d+m8Hb[ K'!AFw] h?msJF!l1(,LyAEni_[f\cL62z!Y9(n%Yo"I6mq+fLa$l`,_tacSMv:XfT+.>BtY$ZCjQ;=a+FU$*<l{
Feb 1, 2021 22:28:06.610500097 CET	265	IN	Data Raw: 14 39 ee 3a 24 22 b9 0d 30 a1 3a 70 f8 34 21 4a 3c 75 84 5b ad 18 eb b3 06 87 1f 04 69 08 ae 50 08 a1 99 21 99 15 bb 1f 15 93 f1 10 30 3b 30 b5 7e 74 5b 38 2c 66 32 d7 f4 75 81 57 20 ed ea 3b 2d ae bc 2c 78 4b 12 f1 b4 12 9f 41 2c 8a 60 9e d9 0b Data Ascii: 9:$"0:p4!J<u[iP!0;0~t[8,f2uW ;-,xKA,`FkW$rYkj,[<c\|1(AXRWFCBSR^Zng5QM)F>U8Tj2($qUi}dC*"QipIP<a`ml$}T#
Feb 1, 2021 22:28:06.610539913 CET	266	IN	Data Raw: 31 c1 c1 4b 00 df 6f f2 b8 2f b7 5f b9 7b a3 40 b6 fd 3e c2 bd ef 56 0c d6 a9 4e 91 8d 5d 5e 15 22 4d ae 58 3b 3e fd d3 ea 0a 8d 25 3e df fa b3 64 59 c3 76 95 4c 48 eb d7 b3 48 e8 de 9c 36 26 5f 5f 19 68 f9 62 8f e8 38 e8 16 bf 3e eb 7f 27 bd fc Data Ascii: 1Ko/_{@>VN]^"MX;>%>dYvLHH6&__hb8>'Yaj8AWaV>zJUU):eodeqZ4,bQTZ}}IufNv)H%II4ZPk%{fJ`B>^%6_4e,IE;?h<
Feb 1, 2021 22:28:06.610579967 CET	267	IN	Data Raw: e2 aa df 20 69 ca f7 0f 22 a1 9a 52 45 e5 7f d4 a6 39 d6 dc aa c9 24 68 e1 91 c3 c8 aa 49 a6 73 b5 95 e7 fb 45 5d d9 7b 45 56 4b 2b 6f 96 57 8f 27 15 42 e9 a4 02 f3 3c ff 00 68 a9 db 26 5d 25 78 f9 a8 25 a9 0e 3e d9 e7 cd c5 49 51 3b 5b b9 54 b5 Data Ascii: i"RE9$hIsE]{EVK+oW'B<h&]%x%>IQ;[Tr8;?i5 uS.]%IQ0Y_)%}Sg:?T5gy$owO,3i>jT]rFa*)+?ecTZ\@5Wh;.YvjY)q>!(d&6VB]
Feb 1, 2021 22:28:06.610620022 CET	269	IN	Data Raw: 6d 0c d8 9b b0 bc 2e a1 ee 2f 32 c9 2b 9f 6d 5b 0b 58 eb fd 49 01 49 49 06 16 fa 8c 36 12 ef 79 9e 3c db b9 a7 71 e6 13 28 73 d8 b7 ac b9 bf ea a5 83 24 4f 86 57 b1 d3 ba 37 31 ad f8 dc 48 b6 ca 6a 62 31 80 19 18 e1 63 1e df 96 cb a2 d8 94 d8 b5 Data Ascii: m./2+m[XIII6y<q(s$OW71Hjb1ci3>6YFU=-CUI{o@8#>'L>O4VUnTDu4tU)+S57d;_;!j\@"e-TlM,.y'+m3>];k2
Feb 1, 2021 22:28:06.610670090 CET	270	IN	Data Raw: a9 60 ca 54 2d bc e4 14 c8 c6 54 63 6e 64 63 19 55 63 6c 55 3c 43 20 55 b5 f8 76 1a 0b eb 6a e3 8a c2 f6 27 8a de 43 55 59 d2 d8 a5 8c 37 0e 8d e3 37 fb 49 05 ac 3c 02 e8 b4 9e bf 43 8c f5 ae 25 d2 d5 bc 12 77 d5 81 43 52 e9 03 99 2e 95 11 1c 92 Data Ascii: `T-TcndcUclU<C Uvj'CUY77I<C%wCR.U]TGwuvAl>kl,Vhrvnm[\|cU-ja%Mas{jx(lOXbS*/)zCeQ;(Gd~S;(%SYKIuUDq
Feb 1, 2021 22:28:06.610714912 CET	272	IN	Data Raw: 75 4f 97 d9 1f 25 53 d9 2a 99 c1 b3 1b a6 ca 2c 9d 3b 42 75 53 2e a3 97 36 c9 ee d3 55 53 30 e4 a9 ea 32 f2 46 b1 b6 e6 9b 58 d5 25 40 21 63 f2 5a 8c 81 f1 b8 0f a6 aa 69 4b 5c b1 26 f5 d1 b8 82 a2 93 d6 28 62 71 ed 33 81 df 2f 44 68 32 c2 e5 5f Data Ascii: uO%S,;BuS.6US02FX%@!cZiK\&(bq3/Dh2_[)8#`eaS7NN[#TUS~K)~w]0rh{K\9/mJ2W]d9T2R_ N9ly]yB4Ae<>f>cf3
Feb 1, 2021 22:28:06.610753059 CET	273	IN	Data Raw: dd 52 34 59 d5 0f ec b3 6f cd ff 00 65 24 9d 6b c9 e4 ae ae 56 be 82 e5 52 6f 19 50 1d 47 92 e4 9a eb 79 21 67 70 9f 91 5f e4 f6 66 b7 12 ac a6 90 71 be 9a ed 77 e5 70 b8 55 22 cd ba a4 71 79 42 15 d4 23 4c 17 aa 0e e5 ea 83 b9 56 01 11 54 f0 09 Data Ascii: R4Yoe$kVRoPGy!gp_fqwpU"qyB#LVTtF)('+^dJe3K M,&HW?TU::k:abOiuyzSkCrtSJS}9#Dl;YT7MH)_ h[+{]Omc)zCB*]>h^
Feb 1, 2021 22:28:06.610797882 CET	274	IN	Data Raw: 52 a8 9b 33 48 54 fd 6d b5 72 25 c3 9a 8d ef 50 b1 f2 11 75 d2 58 fa ba 98 5f ff 00 c7 b7 ff 00 62 aa 58 00 e2 dc aa 86 e5 25 4c 6e 35 4e 16 51 49 9f 0d a1 d0 01 ea 91 68 39 68 15 63 7b 45 0d d3 4e 8a 21 cc aa 97 66 36 08 0d 87 f0 a7 ed 3d bc c0 Data Ascii: R3HTmr%PuX_bX%Ln5NQIh9hc{EN!f6=@Y.j?G97\|R76<nrX,LNv[uOAC)dMfueLW*vlcMT\(ZlhtF\~g\|
Feb 1, 2021 22:28:06.610840082 CET	276	IN	Data Raw: 4e f8 1e 58 ff 00 91 ef 54 fb bd bf 3f 41 0a de 82 6c 9c fe e5 67 14 d8 8d d3 98 e2 61 0d 69 2e bd ac 35 3a a9 a9 6a 69 9a 0c f0 3d 80 f3 73 6c 11 54 91 0a 8a ba 78 0e cf 91 a0 f9 21 59 48 c8 01 7b 46 8a 1a 61 54 04 a7 dd f2 09 b1 b5 83 2b 46 88 Data Ascii: NXT?Algai.5:ji=slTx!YH{FaT+FbvNx+~4V)J}D$S2\vPO8B-abw(I_/@Z8c,Mbx5Kh7n3Jk7]]&O@n [z+e1*
Feb 1, 2021 22:28:06.611896038 CET	279	IN	Data Raw: a5 f3 2e 5e b9 d6 38 43 41 03 a6 7e c2 c3 45 1e 15 3c cf 06 be ae c7 fd d4 5c 44 79 f2 09 d8 7b e9 9d 2d 2d 38 26 5c db f8 0e f2 b0 ca 4f 53 91 d3 c8 fc d3 11 6d 36 6a 6c ae 76 81 a4 95 8c dc cb 28 78 b1 1a 11 e4 a7 8f 74 e8 d5 ac a6 98 42 c2 f3 Data Ascii: .^8CA~E<\Dy{--8&\OSm6jlv(xtBPKMf.')4fm]5\4rXd(!{Hn]`Ogr/L/q)\|O-*?GkS7l\laDAQknnQt0](;(rK>)fn=u
Feb 1, 2021 22:28:06.618474007 CET	317	OUT	GET /css/font-awesome.min.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.671838045 CET	343	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 6663 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "7160-5ab1be1c1aaf2-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f90000001ed2159e0000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8EY%2FoWdTR8YlyrSNA%2FIByzv9ioLSuVVtxv3U3EGIA4xpUkW4itlCfv6uELAA9n5xOfFvs6WPkkxNwdKeiDOg3Kat12NBLFT%2FuJaclH357eDqVTAer9CzbZPNWQ%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a19ded1ed2-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 5d 5d 8f e4 b8 75 7d f7 af a8 ec c2 99 19 a3 ab b7 a8 fa ee 81 83 8d 13 18 30 60 23 0f f6 43 1e 02 04 94 44 55 71 5a 12 b5 94 d4 dd 35 83 f9 ef 21 25 5e 8a aa 3e 94 f7 61 1f b2 58 ec 76 93 47 14 45 5e de 2f 1e b2 7f fa c3 bf fc 6e f5 87 d5 ea cf aa ee 56 ff fe 2a 5a 55 89 d5 ee f1 f0 b8 5d a5 b7 d5 cf 39 7f 11 17 5e e7 b7 d5 7a 75 ed ba e6 e9 a7 9f 0a 83 e4 23 f0 51 2a 53 fe 73 50 32 b4 f5 57 99 89 ba 15 b1 47 7e 2a 5d fd 47 fb d2 a7 d5 df ff f2 d7 d5 7f fd f9 af 2b f6 c8 1e 56 ff f1 f7 bf 3f ad fe f6 97 7f 50 23 9f 4c 8b 3f 0d 6f 58 17 3c 13 df dc 4f 95 2c 6f 4f 1f ec f3 ae cf 1f 3e b7 3a 7b ea 75 f9 f1 c3 e3 e3 f0 c2 36 7c ed fa 55 a4 f6 d7 ff 65 8f 42 75 1f 3e fd 3a b4 c5 fe 28 45 21 df fe f5 e5 8f c3 a0 7c f8 b4 2a 94 ae 78 f7 f1 83 a8 52 91 e7 22 5f ab 46 d4 dd ad 11 1f 3e 3d fc f3 16 5f 55 51 24 41 2b ee f7 5f f9 e4 dd 83 bf ea b9 ae 0b 1f eb 74 2f 7e 75 67 db 97 cb 8f 41 b9 16 97 be e4 3a 68 cd 00 cc 58 0e 73 f2 2a e4 e5 da 3d d5 b6 a6 1c 8b da ee 56 0a 57 f2 fd b1 e0 df 72 d9 36 25 bf 3d c9 ba 94 b5 58 a7 a5 ca 9e 07 a8 03 ad e6 ff 63 bb e6 ed 27 b6 0a 66 d9 b5 2b bf 0a d3 c6 55 68 d9 7d ee c4 5b b7 d6 a2 ce cd 6f f5 e5 89 f7 9d fa 6c 3f e0 59 1a 39 19 d0 95 52 dd 75 a8 ab 3b c9 4b c9 5b 91 7f 5e 57 ea eb 5a b5 6f f7 98 8b e6 b7 36 e3 a5 b0 1d 5e 97 97 6f d3 1b d9 e3 d6 fd 23 aa cf c3 07 5c c7 6f 7e 3c ee 4d c9 8b d0 9d 34 4f ae cd 2b 2e f5 d3 9a ed 7f 3f b4 91 bc 05 6d 24 a2 1a 0a b7 61 e1 d6 15 ee c2 c2 9d 2b dc 87 85 7b 57 58 bc 7e 7b 95 79 77 35 7d 4a 4e fb 23 db 25 67 d3 83 61 28 c6 b7 9b b5 d3 09 3d 60 fb f2 5b c3 f3 dc 7c dc ba 14 45 f7 b4 f9 5c 71 7d 91 f5 f8 5b f2 68 1e 1e 9a 18 3e aa 75 b3 b6 b6 32 62 66 a5 16 ae 8d 7f 2b e5 b7 46 b5 b2 93 aa 7e d2 a2 e4 9d 7c 71 63 14 54 f0 b4 55 65 df 89 cf 43 db eb 59 e3 63 Data Ascii: ]]u}0`#CDUqZ5!%^>aXvGE^/nVZU]9^zu#QSsP2WG~]G+V?P#L?oX<O,oO>:{u6\|UeBu>:(E!\|xR"_F>=_UQ$A+_t/~ugA:hXs*=VWr6%=Xc'f+Uh}[ol?Y9Ru;K[^WZo6^o#\o~<M4O+.?m$a+{WX~{yw5}JN#%ga(=`[\|E\q}[h>u2bf+F~\|qcTUeCYc
Feb 1, 2021 22:28:06.679609060 CET	371	OUT	GET /js/bootstrap.min.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.730611086 CET	464	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 9929 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "91dc-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f93b00001ed2bfa6a000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FTj88yvzzj8V6UxljqPIO2hwfsOFB6STlJ3ve8X0inYwXS5sMNBxPlsSdWzXqG%2BJyuT4kADHHvocgU%2BR6gzDoxeeSw85aOLywRF%2BD3UrzXxoy0XEUAhCRtAxrA%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a1fecd1ed2-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 5b 7b db c6 95 ef fd 15 24 e2 a5 81 10 a4 28 3b 6e 1a d0 30 3f c7 76 77 bd 9b 26 d9 d8 69 bf 5d ad da 42 e4 48 9c 04 02 58 00 94 ec 88 ec 6f df 73 e6 7e 03 29 b9 dd bc ec 8b 44 00 73 3d 73 ee e7 cc cc c9 e7 c3 df 0c 3e 1f 7c 5d d7 5d db 35 c5 66 70 f3 74 fa 74 fa e5 20 5e 77 dd 26 3b 39 b9 22 dd 85 fc 36 5d d6 d7 09 96 7e 55 6f 3e 36 f4 6a dd 0d 9e cc 4e 4f 27 f0 e7 cb c1 fb 5b da 75 a4 49 07 6f ab e5 14 0b 7d 43 97 a4 6a c9 6a b0 ad 56 a4 19 fc e1 ed 7b de 68 8b ad d2 6e bd bd c0 f6 4e ba db 8b f6 44 75 71 72 51 d6 17 27 d7 45 0b 4d 9d 7c f3 f6 d5 9b 6f df bd c1 2e 4f 7e f3 9b 13 3e d2 7f 25 15 69 8a 0e db 6d 69 75 35 e8 d6 c4 18 fd ab 6d db d5 d7 f4 17 e8 50 77 e6 4c e1 64 55 2f db 13 98 e6 c9 52 96 3e 59 d0 55 7e 71 fa db 82 9c 3e fd 6a f6 ac 20 e4 d9 57 17 5f 7d f1 db e5 b3 2f 2e 57 cf 9e 3d 5b 2e 7f 37 5b 8a a9 57 97 f4 6a d0 16 37 30 82 ae 1e 2c d9 f3 f4 a7 b6 ae 06 45 b5 1a e8 19 b6 dd d4 98 e6 b1 c6 d9 1c e9 65 1c 21 b4 2e 69 45 56 51 9e 77 1f 37 a4 be 1c fc f4 9f 5b d2 7c 4c ba 75 53 df 0e 2a 72 3b 78 d3 34 75 13 47 6a da 8f db c1 bf 17 37 c5 bb 65 43 37 dd a0 21 7f db d2 86 b4 a2 5e 94 cc c7 97 db 6a d9 d1 ba 8a bb e4 2e da b6 64 00 d5 e8 b2 8b e6 37 45 33 20 79 37 bd ac a6 3f fd 0d 4b 4f db 4d 49 bb 38 1a 44 c9 d9 ec 5c 3e 4d a1 11 18 1c 81 57 cf 9f 8c 46 e4 ec f4 fc f9 57 bb dd 69 9e e3 ab d1 e8 2b fc 71 7a 8e 5f 9e 9c 3f 3f dd ed f0 f5 8b a7 9f 3a e4 c1 0d 69 5a 18 ee e0 74 fa d5 f4 74 50 37 83 35 60 1b 22 d7 c5 b6 1b 94 f5 2d 2c 6f b7 2e 2a 55 ee 8b 28 d9 c7 02 4c 69 ff 6c e5 87 01 89 49 72 d7 90 6e db 54 d0 10 6d a7 a4 58 ae 63 55 2f b9 43 b8 d0 bc 8b f1 63 92 56 39 9d ae 8a ae 88 a3 8b 76 5a 94 a4 e9 00 1e d5 6e e7 bd 85 92 38 d9 9a d7 4b d2 08 7b ae ae f4 52 92 Data Ascii: =[{$(;n0?vw&i]BHXos~)Ds=s>\|]]5fptt ^w&;9"6]~Uo>6jNO'[uIo}CjjV{hnNDuqrQ'EM\|o.O~>%imiu5mPwLdU/R>YU~q>j W_}/.W=[.7[Wj70,Ee!.iEVQw7[\|LuSr;x4uGj7eC7!^j.d7E3 y7?KOMI8D\>MWFWi+qz_??:iZttP75`"-,o.U(LilIrnTmXcU/CcV9vZn8K{R
Feb 1, 2021 22:28:06.736515999 CET	475	OUT	GET /js/jquery.validate.min.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.793642998 CET	520	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 7320 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "58a0-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f97700001ed22aa0d000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mbSGGTZmV4Hwmh7s3rVhDx6oxEk4N9B2M%2F3nf5rBMUsaErCrs0GniLl8y9WscvuUFrS0wwJlYBAg7dajsJxt1Blk6ilhvXOea%2FwuYjy8%2B7nOwPLkY1YgX986ZA%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a25fb31ed2-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3c db 96 db 36 92 ef fb 15 14 27 23 13 16 9a 92 da 97 24 94 69 8d c7 f1 9c c9 9e c4 c9 c6 9e 9d 73 46 52 76 41 12 94 d8 96 c4 1e 92 72 db 23 69 3f 6b 7f 60 7f 6c ab 70 23 48 91 76 7b 76 93 e3 b4 48 5c 0a 85 42 a1 6e 28 70 fc 70 e0 dc fc db 81 17 1f 9d 7f 67 db 2c 61 55 96 ef 9d 9f b7 87 75 b6 77 ae 9c f7 53 7f fa c4 9f c0 d3 f5 f8 fa f1 f8 7a 32 7d fa 2f ce 43 67 53 55 b7 c1 78 7c f3 77 ec f8 de f4 f3 f3 62 3d c6 fa 97 f9 ed c7 22 5b 6f 2a c7 8b 89 83 bd 9c 7f fd 9f ff 2e f6 ce df 18 4f 53 5e f0 62 e6 fc 90 c5 7c 5f f2 c4 f9 f1 fb b7 ce c3 f1 bf 0c d2 c3 3e 46 28 1e 23 47 57 bf b8 61 58 7d bc e5 79 ea 24 3c cd f6 7c 38 94 bf 3e db 25 73 f9 e8 2d 5c 89 88 bb a2 8c 04 6e 1e dd f0 b8 aa 3b ee f2 e4 b0 85 8e f2 d7 e7 1f 6e f3 a2 2a e7 cd d7 90 79 05 ff fb 21 2b b8 a7 a1 11 12 30 4f d2 86 9c 3d 1b 3b 06 bd 2a be 4f 3c e6 a7 7b 7a 54 04 e0 81 69 13 91 63 96 7a 83 6a 93 95 fe 96 ef d7 d5 86 14 bc 3a 00 01 de e7 59 e2 45 c3 61 e4 27 3c 3a ac 87 c3 bb 6c 9f e4 77 7e 9c ef cb 1c b1 54 0f fe 1d 2b f6 9e fb 3a 07 18 fb b5 53 f2 2d cc 89 27 d4 89 d9 fe 41 e5 e8 21 a9 23 e1 62 9b bd 6c eb 03 e2 b3 f7 ac 70 e2 90 f9 d0 86 79 88 c6 62 b2 a2 ae ea 95 17 2e 99 29 7c e2 79 1c 88 06 3e ab aa c2 73 f7 b9 06 ed 52 fb 85 d0 38 dc f3 3b 87 f9 06 88 17 51 05 99 d0 fe 91 68 0c 5d fd 92 57 15 e0 56 fa 30 bb 43 b4 cb aa e1 50 8e 0a c4 72 e3 6d 16 bf f3 ad 71 03 d9 c6 a5 36 41 2d 20 b2 fa cf 6c 9f 6c 79 01 90 62 55 f2 c7 43 55 e5 fb 30 f2 2b 56 ac 79 05 68 89 41 88 bf 61 e5 cb 2d 2b 4b 18 8b ed 63 be 75 89 e8 25 5f de 88 be e1 60 42 28 ae 8e 33 19 84 a1 ee 28 89 92 e6 c5 ce a6 45 67 e7 33 a1 66 46 12 1d 6b 4a f6 44 f4 b3 93 78 e4 88 0b 95 50 6e 96 a3 67 92 f3 d6 1c 01 83 04 90 74 9f 65 fb db 43 e5 20 a7 87 0f 36 59 Data Ascii: <6'#$isFRvAr#i?k`lp#Hv{vH\Bn(ppg,aUuwSz2}/CgSUx\|wb="[o.OS^b\|_>F(#GWaX}y$<\|8>%s-\n;ny!+0O=;*O<{zTiczj:YEa'<:lw~T+:S-'A!#blpyb.)\|y>sR8;Qh]WV0CPrmq6A- llybUCU0+VyhAa-+Kcu%_`B(3(Eg3fFkJDxPngteC 6Y
Feb 1, 2021 22:28:06.802999020 CET	529	OUT	GET /images/time.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.856698990 CET	542	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 1821 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "71d-5ab1be1c1ca32" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9b700001ed2cf19e000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8jXQGG%2BXTgGVoPwDNL0Kl4eJ1QkeVBdhpzj697ZqmMmqd9Oo45%2F03FgjT4cUS6qpBVzv6S3%2BBsFBDq4NKRd4Eur4z57oKb%2FYVb5vMYyiQJhFvn2qoT06Mk5NDw%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a2b88a1ed2-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 5f 00 00 00 25 08 06 00 00 00 24 f5 35 52 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 b2 49 44 41 54 78 01 ed 9a 4b 6f 5b 45 14 c7 c7 76 12 e7 d9 ba b4 a9 9b 92 87 4b 4c 69 dc 02 91 02 84 82 da 06 0a 45 82 f2 10 52 85 58 b1 63 c7 a7 e0 23 b0 43 82 05 0b 16 b4 12 50 d4 b2 28 a8 ed 02 5a 29 2a 0f 01 4d 9c 26 38 49 f3 68 9a 84 c6 e4 fd 70 cc ef 58 f7 9a f1 f5 b5 63 37 b5 6b 4b f7 2f d9 f3 9e 3b f3 9f 99 33 e7 9c 7b 95 72 e0 c0 81 03 07 0e 1c 14 1c 2e 33 d2 de de be 37 16 8b bd a1 0a 80 78 3c 7e 97 be af 79 3c 9e 77 b7 a8 37 37 3a 3a 7a 2e 53 39 63 6c 91 31 d2 4f 78 68 68 e8 b2 da 06 02 81 c0 07 04 d5 c3 c3 c3 9f ca a3 ed ea 1c 3c 78 70 cf ea ea ea 5b ea c1 a1 6f 64 64 e4 9a 99 a8 30 23 4c aa 96 e0 55 55 00 b8 5c ae fe b1 b1 b1 8b 7e bf ff bc a4 6b 6b 6b df 83 e8 a3 66 39 f1 4f 56 56 56 86 a8 17 cf d6 0f 63 0c 11 1c 5f 5f 5f ef 6e 6e 6e be 4e 9f cb ea 3e 00 f1 01 82 d7 24 1e 0c 06 2f 0c 0e 0e 8e d9 d5 6b 68 68 88 42 fe f7 1b 1b 1b 9e 8a 8a 8a b7 19 df 8b 6a 1b 60 9e 6e 82 74 f2 05 9b 9b 9b 5f 56 55 55 45 b2 75 c0 40 e4 74 74 9a 69 b7 db 7d 8e 5f 38 5b 1b c8 3a 24 cf 9e 9a 9a ba 2b e9 b6 b6 b6 25 26 92 2c 87 d4 05 b3 2c 1b 68 d3 cc 04 e4 99 5e 92 42 c4 0f ea 3e 40 3f a7 a5 1f c1 da da 5a 1b 81 2d f9 37 6e dc 58 27 98 94 38 eb b5 a0 97 31 86 cf f8 dd a1 1f 17 bc 09 a9 09 72 25 2d 8f d0 f3 58 38 97 84 e0 51 bd 8f 14 f2 21 61 80 5d 30 a0 b2 80 41 a4 ac 3e c4 de 06 7f 65 6b 03 d9 ad ea 01 80 09 04 cd 38 13 39 49 20 a2 27 96 47 17 2a 14 0a d5 2f 2d 2d 75 69 fd c8 d8 7e 52 79 82 79 f7 31 ef 89 7c da 1c 38 70 e0 94 9e 76 ab 32 41 67 67 a7 0f f2 f5 9d d3 d6 da da 7a 48 e5 09 76 fa eb 04 5e 33 4d 9f 4d aa 48 e0 59 6b 7a 3a 49 be d7 eb 9d 25 98 Data Ascii: PNGIHDR_%$5RpHYssRGBgAMAaIDATxKo[EvKLiERXc#CP(Z)M&8IhpXc7kK/;3{r.37x<~y<w77::z.S9cl1Oxhh<xp[odd0#LUU\~kkkf9OVVVc___nnnN>$/khhBj`nt_VUUEu@tti}_8[:$+%&,,h^B>@?Z-7nX'81r%-X8Q!a]0A>ek89I 'G/--ui~Ryy1\|8pv2AggzHv^3MMHYkz:I%
Feb 1, 2021 22:28:06.863653898 CET	544	OUT	GET /images/person-bg-1.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.931488991 CET	609	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 731 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "2db-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9f700001ed2e018f000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sAYMCrl%2FnAYxn2vFAd02vLFbvlsyoMq4iP0h7rWt%2FkJDaf0k1WU8ldUSWf8IJ%2FRPGvVoclHjg6YS3aw3JXCW7WjeBCaMLWO987uwyCRuvj3wnuxmm6kG%2BMi7mw%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a329871ed2-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 02 70 49 44 41 54 78 01 ed d8 db 51 1c 31 14 06 61 ad cb 61 d8 c1 38 14 47 80 1d 01 90 01 10 01 a1 10 02 39 40 00 44 c0 b0 07 0a 8a eb b2 97 d1 e8 48 dd df c3 d4 bc ff 5d a5 92 56 bf 2f a6 a9 08 69 bd fc c9 8f 22 a4 18 ff f6 68 75 6a 00 40 cf e3 c7 bf 01 c0 bc 1e 3f 18 00 c8 fb f1 83 01 40 7c 36 7e 30 00 80 af c6 0f 06 30 b8 4d e3 07 03 18 d8 77 e3 07 03 18 d4 36 e3 07 03 18 d0 b6 e3 07 03 18 cc 2e e3 07 03 18 c8 ae e3 07 03 18 c4 3e e3 07 03 18 c0 be e3 07 03 e8 dc 21 e3 07 03 e8 d8 a1 e3 07 03 e8 d4 1c e3 07 03 e8 d0 5c e3 07 03 e8 cc 9c e3 07 03 e8 c8 dc e3 07 03 e8 44 8d f1 83 01 74 a0 d6 f8 c1 00 92 ab 39 7e 30 80 cc ee cb 59 cd f1 83 01 64 75 5f 2e 6f fe ad fe 97 ca 0c 20 a3 a7 f1 ff 96 05 18 40 36 0b 8e 1f 0c 20 93 85 c7 0f 06 90 45 83 f1 83 01 64 d0 68 fc 60 00 ad 35 1c 3f fc 2c ad 4d e5 6e fd bd 2e 44 53 b9 5e e2 aa b7 49 f3 00 a6 f5 f8 eb c7 8e 3f 45 4d 78 04 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 65 08 e0 aa a8 99 a6 01 4c 53 39 b9 3d 5a 9d 16 35 d3 2c 00 c7 cf a1 49 00 8e 9f c7 e2 01 38 7e 2e 8b 06 e0 f8 f9 2c 16 80 e3 e7 b4 48 00 8e 9f 57 f5 00 1c 3f b7 aa 01 38 7e 7e d5 02 70 fc 3e 54 09 c0 f1 fb 31 7b 00 8e df 97 59 03 70 fc fe cc Data Ascii: PNGIHDR>apHYssRGBgAMAapIDATxQ1aa8G9@DH]V/i"huj@?@\|6~00Mw6.>!\Dt9~0Ydu_.o @6 Edh`5?,Mn.DS^I?EMxeLS9=Z5,I8~.,HW?8~~p>T1{Yp
Feb 1, 2021 22:28:06.969326973 CET	627	OUT	GET /images/83.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:07.025993109 CET	632	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:07 GMT Content-Type: image/jpeg Content-Length: 14653 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "393d-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300825 Accept-Ranges: bytes cf-request-id: 080117fa5d00001ed2cf1b1000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gMMkYUEFSKFX7tbbWb1JXeTimbEVFjkA8vPuPgEWULYXAi882fz%2BXAIloR0dVp1EtQR%2FzKoBhb%2BkGSBoXqpfYVwfOeOIMzDgVMIktwI5ur1ylVRL0wTQ1orYTw%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a3cb421ed2-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c 01 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c ff c2 00 11 08 00 da 01 53 03 01 22 00 02 11 01 03 11 01 ff c4 00 1d 00 00 01 04 03 01 01 00 00 00 00 00 00 00 00 00 00 06 00 04 05 07 01 03 08 02 09 ff da 00 08 01 01 00 00 00 00 ec 5d b9 22 90 58 49 7a 58 4b 11 bb de 61 a8 55 2f 6f 58 8d c4 df 8c 81 ee d9 58 ea 7c db 7b 40 d8 cf 5b 88 bb 2b 2f 65 76 2c 30 dc e9 2c 43 55 30 15 c9 6d 9f 65 3a 61 5c bf 2a 9b c3 76 61 61 de 6a 68 17 33 c3 6c 76 b0 d1 b1 cf 7c 6f 71 95 85 85 9c e1 85 11 42 81 78 a9 33 d6 bd a3 25 a3 d4 7c 63 c7 9b 19 d2 11 02 9a 0b ec 48 4a 16 19 84 04 d5 95 d7 f2 3b d2 49 63 1e bc 73 f7 2b 86 22 c3 76 dc f3 d9 5d 5f 23 9d 60 11 da dd 46 d5 7a e6 7c 17 ca ec 03 a2 87 58 18 74 25 c7 3a e5 2c 2c ac 64 37 e7 bd 06 55 d7 76 4b cc 8f f3 27 5e 5d 3e f4 c4 c0 46 d4 c1 11 4c cd 4a 09 3c ba 8b a7 22 21 4c ef 8b cd e2 49 2c a4 de 87 f9 ab 19 d5 f6 8c c4 bc ae 2b 6a f7 a2 65 88 74 8b b0 13 a5 87 21 c9 2c 82 12 1f 62 e1 4c b5 5f e7 f6 87 ad 79 f4 92 59 8d e4 7e 1f df d5 76 44 86 5b 53 16 77 31 f4 99 bc f3 10 28 79 a6 93 ee 28 d7 b7 59 89 54 35 2b 50 32 e9 d3 6b 0e 3d a1 43 d5 84 bc 8b 71 b5 0f 57 5f 16 cd 52 6b 79 73 ed f7 58 c6 5e f9 8a 8b f4 f3 59 ec c8 2f 2f 74 ad aa f5 a0 2f 31 06 d9 76 cf 45 c1 c9 90 ee c6 52 69 5a f1 c5 09 5d 74 9f 87 96 1d fe ee 54 47 8f 3b 04 23 cb d2 68 d0 9b 04 b2 33 93 ae cb d5 87 81 3a 08 28 c2 d0 eb c6 92 19 58 49 42 53 3c 69 47 0b 75 55 fe fb c9 3a 8f 2a a5 ba Data Ascii: JFIF""%%424DD\""%%424DD\S"]"XIzXKaU/oXX\|{@[+/ev,0,CU0me:a\vaajh3lv\|oqBx3%\|cHJ;Ics+"v]_#`Fz\|Xt%:,,d7UvK'^]>FLJ<"!LI,+jet!,bL_yY~vD[Sw1(y(YT5+P2k=CqW_RkysX^Y//t/1vERiZ]tTG;#h3:(XIBS<iGuU:
Feb 1, 2021 22:28:11.811512947 CET	668	OUT	GET /fonts/mem8YaGs126MiZpBA-UFWJ0dbck.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.866496086 CET	686	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: application/font-woff Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: W/"51d8-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 299604 cf-request-id: 0801180d4900001ed209345000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VhZbgd9Gbl5ZqRd1OijQsG%2B2acmtDS0ePbQsTI6FfwQOmqzSaOXbdrQjGJFFv60F%2FNiESu%2FF6x1D3O0I6JgD2NSBD%2BJY4aa%2BEEhUcym5tijlXje0pP8XG5Gn9A%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2c20e851ed2-AMS Content-Encoding: gzip Data Raw: 35 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 94 03 8c 2e 80 ae a0 ff b1 6d db 3a 63 db b6 71 c6 b6 6d db 36 ce d8 b6 6d db b6 ad cd bd ef 65 37 d9 26 5f 9a 22 6d d3 26 75 93 17 13 03 00 01 00 00 80 e2 1a 00 e9 3f 3a 08 14 00 f4 3f 9e ff 5f c4 45 44 c5 00 00 20 7f 00 00 40 fc 1f 80 fa 81 60 c5 15 e4 95 01 00 a0 62 00 00 80 f8 5f b0 00 b0 e2 ca aa 42 00 00 50 13 00 00 c0 fe 0f d6 d1 ce 21 f2 ca 0c 4c 00 00 d0 1c 00 00 50 03 00 00 fa c1 c0 41 bb 46 36 06 f6 00 00 30 25 00 00 d0 04 00 00 c6 68 f3 a8 b3 46 ae ce 84 00 00 70 f0 ff fa 0a 11 64 31 8b 4d ed cd 6c 00 00 e0 3d 00 00 34 13 00 80 68 f2 35 68 41 32 33 70 b2 07 00 20 bc ff 6f 5f 34 00 89 99 b5 87 29 00 00 11 0d 00 08 3a 01 00 66 f1 3a 6e 21 15 e6 26 06 c6 00 80 e4 7f c6 67 fb 0f c0 1d 46 f6 e6 e6 26 06 00 80 24 07 00 00 20 00 00 00 a4 70 53 e0 95 e6 36 ce ee 00 80 a4 06 00 00 cc 01 00 80 d8 7b af 2a 33 5a db 19 19 00 00 d2 f1 00 00 50 d7 7f 70 02 8a be b6 31 70 b7 07 00 64 65 00 00 00 e1 7f 00 76 05 86 b6 35 b0 31 01 00 64 ad 01 00 c0 35 00 00 b4 41 ce 25 b8 62 6f e7 e4 0c 00 c8 e9 00 00 c0 d1 00 00 a4 14 b4 02 9e 9e bd a3 89 3d 00 a0 70 06 00 00 ee 00 00 20 28 e1 d6 d4 e2 ff 6e 1a f6 7f 17 0c 0c 00 01 00 00 20 00 20 00 15 60 19 00 04 d8 04 6c fd 37 fe 1f a0 01 b0 00 f8 ff cd fb 1f 1b 1d 80 09 00 b2 36 70 b6 05 40 fe bf 1b b9 6f 18 e9 9b ae 8f 70 04 04 a4 04 04 b8 a0 57 32 82 80 14 f1 04 9b f6 8c c5 8f bc 25 04 45 44 64 c5 c4 64 a4 84 44 44 84 04 04 44 00 61 61 72 81 73 33 73 d4 91 d6 41 37 8e ff a2 18 98 ef 9f 99 44 2a e8 eb 67 23 24 1a dd eb 6f 83 17 a3 62 a6 03 f1 f6 c1 ec fe a7 2e ec 18 10 b8 3f 00 11 6c fe af ac 80 84 2e bd 40 a9 a4 80 73 c2 19 30 9a a4 a0 4b 5e 8c 0d 63 28 05 95 22 ba 64 88 02 4a ad 4a 68 b1 33 ac 0c 6d d5 16 8f c7 35 fd fc 02 33 53 98 0d 4f d7 Data Ascii: 5189\.m:cqm6me7&_"m&u?:?_ED @`b_BP!LPAF60%hFpd1Ml=4h5hA23p o_4):f:n!&gF&$ pS6{3ZPp1pdev51d5A%bo=p (n `l76p@opW2%EDddDDDaars3sA7Dg#$ob.?l.@s0K^c("dJJh3m53SO
Feb 1, 2021 22:28:11.884208918 CET	757	OUT	GET /fonts/mem8YaGs126MiZpBA-UFW50dbck.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.939999104 CET	873	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Mon, 09 Nov 2020 15:03:18 GMT Vary: Accept-Encoding,User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2601 cf-request-id: 0801180d9200001ed2fab23000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8B5YLTPKymLfIG1%2F5EDpbRxPjVbJbBfeUf1YpHC3SA6FOVYM%2FKoi7XXSr%2BbtAcaackDFq%2B4yvtqPsjhyrt3HlZ8hvts2cDjG7NZqArblaI6DD3cs1A1V4%2B%2Bupg%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2c28fb21ed2-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49738	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.549916029 CET	259	OUT	GET /images/form-bg-2.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.611341000 CET	277	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 456 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "1c8-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300826 Accept-Ranges: bytes cf-request-id: 080117f8ba00004c6155a08000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=90AhAfjK4V3A4MLma8Hhcx8oLBLXGqU%2F3hPaZkV%2FqC1wlHU3w1PbDGk3V9EDVQQl0m3x0NOSYn9WypbFUJRhv%2F6T6XTPAca7lqpvHa8xfmSIA0disE4zCZU0%2Fw%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a12a484c61-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 29 00 00 00 29 08 06 00 00 00 a8 60 00 f6 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 01 5d 49 44 41 54 78 01 ed 98 31 4b c3 40 14 c7 ff 17 c4 41 28 16 c1 41 45 2a 2e 5d fb 31 b4 83 b8 39 e8 a0 8b 59 9c 14 9c eb a0 9b 4b c1 41 5d 2a 38 39 15 27 dd fc 08 3a 2b 92 8a 52 a1 20 75 51 28 ea 33 37 08 29 b6 c1 86 ff c5 0b dc 6f 09 bc 23 e1 c7 dd bd cb 7b a7 60 80 e9 aa 08 88 78 c8 00 4e 92 85 93 64 91 09 c9 21 a4 4f 5d 14 ae a3 01 25 28 85 8f c5 7e 2f a4 2e f9 e5 a1 fe b4 a1 4e a2 b1 a9 aa ac 7a 31 92 6e 4f b2 70 92 2c 9c 24 0b 27 c9 c2 49 b2 c8 46 81 d1 5a 1b a1 f6 23 0a 12 94 3b 0d 34 87 0b 60 41 9f 49 81 9a 39 be 9d c3 44 28 ca c2 c8 72 4f 76 1e c0 14 35 b6 27 99 a2 46 13 87 25 6a 3c bb 7f 44 73 1f ed 36 12 92 ca 11 a4 45 8f ee e6 f3 b9 cf 57 24 21 b6 7d 08 cf a6 40 89 04 20 50 7c bb c1 fe fd 12 d6 8b 17 03 cf 68 ac 64 d8 20 d5 c6 6b ef 3b a0 71 a9 bf 8a 41 71 bf 45 16 4e 92 85 8a 2b 30 74 b1 20 f0 02 18 e6 6a b4 9c df 9c 3d 2b f5 1b 57 ec 2a 28 29 e7 63 2b a8 14 0e 7b 8e 59 b3 dc 0b 2f a7 a8 34 fc 9e 63 56 ed 49 2d ba f5 b8 fd 2b 6e 5d e2 2c b7 0e e0 37 f7 ba 62 56 66 b7 ff bc db 25 6a ed 11 14 15 fd 8f 4b d4 3f a3 45 35 df ff a2 67 43 60 1e ab 4f 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR))`pHYssRGBgAMAa]IDATx1K@A(AE.]19YKA]89':+R uQ(37)o#{`xNd!O]%(~/.Nz1nOp,$'IFZ#;4`AI9D(rOv5'F%j<Ds6EW$!}@ P\|hd k;qAqEN+0t j=+W*()c+{Y/4cVI-+n],7bVf%jK?E5gC`OIENDB`
Feb 1, 2021 22:28:06.615943909 CET	311	OUT	GET /images/crypto-bg5.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.670517921 CET	322	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/jpeg Content-Length: 65544 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "10008-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300823 Accept-Ranges: bytes cf-request-id: 080117f8fc00004c6169aa1000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UNrBhDFc%2FONeYlxMBC6988oW9LOoO6aEe1K5aqBUt7okQN5BrxJIp5Wb6t4EehFEjde9xF07nQel6m9xYc3zyFK6iO%2BCPfHOCRGfxIM%2FswmfrWD6hHg8SxHI9w%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a19bb34c61-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c 01 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c ff c2 00 11 08 00 ff 05 a0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff da 00 08 01 01 00 00 00 00 fc b5 6e 64 6d 1b 46 fb 29 66 c2 fc 42 31 4d 17 34 1d 55 41 95 b3 81 01 b9 b1 19 01 c9 6e 87 1a c2 33 2e bd 6d 16 57 c3 cf d0 f5 d9 9e 67 15 69 9a 17 d1 fa 20 1a d8 18 b8 eb 08 56 16 9e 31 82 f6 fe 91 f9 30 d5 6e ab 3d 95 93 d5 ef 45 5b b4 99 62 8e 79 e1 a8 40 c7 7a 2c 94 cd 69 6f a9 7d 62 03 27 af a2 5d 70 ad 40 0c d7 3a 48 e5 1f d0 9f d1 78 95 f1 09 b2 7f 33 6d 1c 69 02 f6 63 7f cc 31 6c fd 36 34 2b 85 90 bc d8 9a 3e a0 5d d3 73 bb 7d bc ec c1 5a f0 7a 6a ef 3b 45 73 ac fb e7 4c 34 29 ec 3c a0 66 3c da 39 21 bb e7 d4 f5 fb 18 69 f9 e5 f8 ae 21 9c 88 fb ba e7 73 67 d0 b2 0f 03 e7 c1 c3 ab 35 52 2a cf ab f6 19 c9 28 00 d8 13 28 38 98 52 ad d8 3b 65 9e 8e 45 00 58 50 6f 47 e6 a8 d9 ab d6 8a 93 54 eb e6 0e 76 95 54 7d 63 db ab 5c f4 6c c8 9d 6e b3 93 e8 f0 50 5c 55 ea 8a b6 7d 7f 48 ba 31 98 8b 7b 9a a8 e5 47 53 d0 34 03 a2 63 b6 4d 4e f3 f7 5a fa bb 9a 71 41 8c 14 d8 bd 75 19 ce 0a 35 77 b1 f4 16 9c 8c 91 b1 a1 a4 ee c7 d0 0f f3 ec 05 9a a5 07 4c a5 99 4e 91 dc d6 df a7 35 bc 2f 91 15 47 da d8 f1 0f 9b 67 d5 62 67 ae 12 f5 6c 47 33 ac 96 6c 76 8d f2 fb a3 ac e2 2c 08 5d bf 94 26 4d 4a d6 d6 ad 09 a0 c7 65 ae fc 2b c2 21 81 68 a7 67 4d 3a b4 67 60 99 99 11 48 ac f2 f5 Data Ascii: JFIF""%%424DD\""%%424DD\"ndmF)fB1M4UAn3.mWgi V10n=E[by@z,io}b']p@:Hx3mic1l64+>]s}Zzj;EsL4)<f<9!i!sg5R*((8R;eEXPoGTvT}c\lnP\U}H1{GS4cMNZqAu5wLN5/GgbglG3lv,]&MJe+!hgM:g`H
Feb 1, 2021 22:28:06.670569897 CET	323	IN	Data Raw: 38 69 10 ee 7d cc f3 fe 5d f6 59 45 1f 6c b5 e6 4e 62 93 55 14 00 7d ad 69 57 0d fd 55 98 b8 da 7b d4 5b cc 67 2c 6d 0e 4e f9 4c f9 24 c9 e8 37 19 75 e7 3c ff 00 9e 5e 4e ba a1 92 20 da 14 9b 3b a3 bd 2c e4 f8 cc e1 98 fb 19 fe 80 79 fa fe 6d ed Data Ascii: 8i}]YElNbU}iWU{[g,mNL$7u<^N ;,ym.@F<k2Z,^V{cK_/zhVEbTC+@;m0%kdh:b/tr%h399qFYJS*.Wt}j^v^ui3P$CSjU<t
Feb 1, 2021 22:28:06.670613050 CET	324	IN	Data Raw: ae 53 e8 6c 63 d6 d1 6a 4f 6a 33 99 61 5e e8 db 8e 60 35 70 c0 c9 5a 13 5b 1b a8 52 28 98 bb 53 36 b7 a0 ba e0 ac 6c 0c 95 45 ec b8 5d a5 f4 34 57 49 40 8a c7 93 6f fa 26 71 80 b2 6a ce b7 a5 d3 3a 1e 53 2f ba fa 56 d6 f4 64 85 7c f6 75 0a e7 a1 Data Ascii: SlcjOj3a^`5pZ[R(S6lE]4WI@o&qj:S/Vd\|u=')vD2#ZmOI^1YyZmTZiDhfYM!%JY9%D4`5N^#\|UALZttd^osx!KB?cG5<p-K0/T
Feb 1, 2021 22:28:06.670867920 CET	326	IN	Data Raw: a7 57 43 b0 e8 55 40 62 b7 e6 95 73 5f 0a e5 53 57 22 b3 73 b4 94 d8 f9 e6 00 fa 63 a3 a3 ab d3 d1 0d 34 20 40 74 f3 0d 2a b5 00 3e 79 23 88 1e a8 2b 68 bc 52 96 2d 62 2d d7 ba fb 4d ee ec da a3 c9 c2 5c 50 6b 3b b5 ac be 33 f2 b0 a1 c6 74 77 bd Data Ascii: WCU@bs_SW"sc4 @t>y#+hR-b-M\Pk;3twL~uLvcZYp QZ5<z>tpd'^}=L1?Q^\!80;=^6Cg=~0uV&EbtT3\pjPb/[s<[j[
Feb 1, 2021 22:28:06.670917034 CET	327	IN	Data Raw: 8b bf d0 e8 6b 76 1d 33 41 62 79 8d 37 80 c7 2c 1c 6a 6d 25 a5 87 63 40 ee aa cb 2e eb 96 51 4c 4e b3 21 8b ba 5e 0d b6 b0 16 12 d8 7c d6 97 98 94 a5 f4 76 67 c3 9c da ce 57 2f a1 ab 73 7a 1d ad 6b a5 59 96 68 eb 7b 79 79 85 2d cf a0 9b 57 29 61 Data Ascii: kv3Aby7,jm%c@.QLN!^\|vgW/szkYh{yy-W)anp\|Ej M]jd:[s^nZVPVy[Rut6Y/60rNpmkWkAKW:XU:Rv<Vxy~coU
Feb 1, 2021 22:28:06.670958996 CET	329	IN	Data Raw: 75 b3 84 29 c8 28 fc fe 4a cb 65 2e 03 cf fd af 50 15 3d 01 04 d9 02 41 0d 1f cc bc db 7b eb 33 8f 60 38 a7 ba 38 df 52 74 a8 38 c4 25 59 29 cc 30 06 c7 22 32 34 49 e4 12 12 66 10 f5 77 40 e9 92 67 0e 21 f3 f0 39 dd b8 f4 2b ae 2c 1a 9c 35 7f a2 Data Ascii: u)(Je.P=A{3`88Rt8%Y)0"24Ifw@g!9+,5j87[(\[!jI<O0DC3SSXE-4,JAl.,sUg0aU-w:5cEEA=^})N/E$-frF6t6%/*^$
Feb 1, 2021 22:28:06.670998096 CET	330	IN	Data Raw: b8 46 78 5b 30 45 42 d1 6b 03 de e0 38 0d 92 66 cf 93 b6 04 fe f7 05 f5 92 61 9a 8e 66 a3 d5 53 61 27 01 28 03 96 3c 47 79 65 bc f8 d4 7c c4 24 c6 ff 00 d6 a6 6d f0 ab 35 21 9a 6d 1b 5e d2 fd 0f 61 77 24 b6 e0 9e 9d 89 e5 98 b6 46 32 3f 90 e3 f1 Data Ascii: Fx[0EBk8fafSa'(<Gye\|$m5!m^aw$F2?p!8X~EM[`b!3=33(7[JmG}%z[U_S3>n.3um,pRR-,w*1QROKQR(UtPI
Feb 1, 2021 22:28:06.671037912 CET	332	IN	Data Raw: cf 6d c1 60 42 2e 53 77 8e d1 1c d5 db 24 77 5c 15 65 c3 e0 88 15 b2 a0 93 2f e5 6b 3f e1 6b 5b 4b 4a 52 45 89 64 7a 01 fc 5c 10 79 e9 b8 88 0a 98 52 14 86 b3 f0 bc 07 25 68 b1 ab 6b 41 58 68 b0 56 2d 34 e9 1a ea 6d b8 68 d3 4f db b7 ea 68 b6 ba Data Ascii: m`B.Sw$w\e/k?k[KJREdz\yR%hkAXhV-4mhOhn7]z4qjmT%e=!6&x8c=10%X&#xt'8pHu;b~ec$J+W{Knx,Eo<-!`wIxNaPJ
Feb 1, 2021 22:28:06.671078920 CET	333	IN	Data Raw: 08 aa c1 eb e9 a6 ff 00 74 09 ea 37 95 0a 7e df ef ad 39 7a ae a6 0e 18 66 ff 00 fc 6a 46 9c 75 a1 0b ab 08 54 8e 0e 25 78 66 50 70 98 13 c7 cf 09 a6 76 45 b6 0d 0b 36 d1 3b 6d 5e 93 54 93 e5 72 db 7b 9a 98 5b f3 c6 a5 9b e9 b4 6c 36 3e ed b3 68 Data Ascii: t7~9zfjFuT%xfPpvE6;m^Tr{[l6>h'B@ \^[mvaBfa[j==o3cctM-h=C4!*+Yy_n]eHN3;vO5%J>z1D<Sbx]mI2`9A$
Feb 1, 2021 22:28:06.671117067 CET	334	IN	Data Raw: f7 2b 52 ce a8 29 4e cd 61 26 b2 eb 2d b4 f7 17 f2 11 86 18 f5 d3 e3 b1 5e d7 50 ca c1 ba d2 db 2d 43 34 b6 8d 3d b9 63 fa a1 fe 0f fa 86 a5 a3 dd 6b fe 47 30 56 e7 d7 d3 5d ec f6 11 4f 98 ec 2e 0c d4 90 cc 08 87 9a d4 f4 a1 c2 3e d7 b1 1a a7 64 Data Ascii: +R)Na&-^P-C4=ckG0V]O.>di-effL3*mcjtdcG[y[h8iGC`pr5BViA HDc1#~CJepwI[Fvz)1}{)u-vG5:fJ.,
Feb 1, 2021 22:28:06.671758890 CET	340	IN	Data Raw: 27 51 4c fa 60 2d b4 bc cf b8 4e 25 ba bf 84 ee 36 73 19 f3 c4 56 2b 99 82 c6 55 49 f5 2a d3 84 87 0a 32 c2 d3 fc 73 09 96 4b db 68 a6 6e 0d ee e5 65 09 90 79 8a 98 f6 ab cc c4 f8 c4 6b 3e 14 58 c8 72 ae a2 f5 ee d4 1b 04 18 ea 43 b6 12 b6 24 4b Data Ascii: 'QL`-N%6sV+UI*2sKhneyk>XrC$K6$]?gDO#4g56cf[dm(uUgv"}OX;hG^491ht;%fw8)kzMMJYnB;\|sb~wdff;q7
Feb 1, 2021 22:28:06.732220888 CET	469	OUT	GET /js/getdetector.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.790937901 CET	519	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 171 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "d8-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f97200004c6143a68000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FbNXjpf%2BMVeROTbLox4RayArOxnIvq06HD%2FFwZ8XwzQzt%2FkwnbGJ6mO2yYD5%2Bi3KkJs4EOGYIdh%2F%2Fm3EMUU4DBD5EaVtOiSj4VIu1mniJqu%2B50gREbUX2yC86w%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a25dcd4c61-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 65 8d c1 0a c2 30 10 44 ef 7e c5 82 d2 24 0a 41 cf 12 3c 79 17 af 35 42 a8 5b 2d a4 5b d9 36 b6 60 fb ef 36 b5 9e 9c c3 0e 2c 8f 37 2b 1d d8 9f 1c bb 12 0c e4 81 b2 a6 a8 48 92 2b 51 bd 17 30 e6 e5 18 18 eb e0 9b 7a 24 08 5b 38 e3 fd d8 3d a5 48 2f 87 c4 0a d8 40 a4 c7 12 46 a6 d7 64 69 d7 4a 28 8d 1d 66 b2 2d e8 56 b5 da 57 99 8b 5a fd 60 cc d5 7e d2 16 39 c8 59 6b 0c 05 ef e7 b9 18 c6 26 30 41 fc 7e e1 61 ba e8 6b fc 83 66 47 ba b3 d0 f7 b0 fd f1 c3 07 1d 83 e9 d4 d8 00 00 00 Data Ascii: e0D~$A<y5B[-[6`6,7+H+Q0z$[8=H/@FdiJ(f-VWZ`~9Yk&0A~akfG
Feb 1, 2021 22:28:06.800487041 CET	529	OUT	GET /images/forbes.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.852546930 CET	539	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 1655 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "677-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9b500004c6111a95000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dfEzB9ryGcrSWJdvyVisjC0oMNP7n5hdhOEtdY6VnXCYkHWjeYMgdTkDnE7s7qAIn76scuNHkswEiOtvH6IHmFAAifSjWmyMfFsT5jJNBhh9j6vQ52%2Fho7AQ%2Fg%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a2bee54c61-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 50 00 00 00 16 08 06 00 00 00 57 10 1b dc 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 0c 49 44 41 54 78 01 ed 59 dd 51 e3 48 10 ee 19 73 d8 f0 b2 be 08 56 44 80 c9 c0 17 c1 9a ab 02 ff bc 60 22 00 22 00 22 00 22 c0 f7 e2 1f b6 ea 60 23 c0 1b 01 26 02 bc 11 9c f7 05 d8 ba f5 f4 7d 3d 92 ac 91 2c fc 0b cb cb 7d 55 2a 6b 46 a3 51 77 4f ff 5b 95 2b 95 4b 5a 02 9d 76 7b 9f 7e 11 76 76 76 0a 99 4c a6 60 58 6d 2a 45 05 66 33 b8 ea 74 b6 e9 1d b1 42 5a df 90 31 25 22 55 1f 7b aa d4 80 98 07 ce 38 8f 71 3e b1 ea cd 05 58 a9 54 8a ac f4 19 be 5d 60 4b 46 48 8e ea d2 3b 43 85 37 bb e5 ea 35 08 2b b9 0f 59 51 fd aa d5 fa cb 9d 03 33 75 26 75 8c 5b 4f c6 9d 76 4b a5 6d 5c 2a 95 f2 b9 5c 2e df 6e b7 fb f4 4a 28 57 aa b7 f8 29 46 33 dc 85 05 fc 41 0b 60 5e fa c0 b7 97 b6 76 25 bc d1 8a bf 40 30 71 01 12 8d bd 80 4d 1a b5 5a ad 37 64 ba 4d 6a 23 e6 0b 43 63 0e 48 e9 92 68 2e 43 63 c1 74 5e 18 c5 7d 23 79 18 21 61 f8 29 8a 59 ca ef 55 a7 b5 e5 33 b7 7e c8 c4 7b a2 f5 f8 3d b4 ef 6a 05 6b e1 22 2d 88 b1 7d 41 3f e8 13 4e bb d0 82 fd a4 80 ac e6 8b b2 28 55 18 ad b5 56 69 7a 21 3f da 59 df 9f 91 0e 6a 36 9b 3d 66 3a 77 e7 aa d5 ea e1 d0 f0 9d b8 02 f8 a6 73 68 e6 c6 5a 76 75 03 8f ba 98 2b 2a a6 46 b9 5a 3d 0b d7 8b 36 95 ab b5 7f 40 e0 03 ae 4b 68 ff a1 f8 35 61 72 35 bb 76 0b 26 7d 2d 07 e1 4a 88 06 94 31 df 69 41 c8 e1 66 73 6b 77 c1 be f4 e3 e9 71 43 11 6f 58 81 80 3e a1 43 04 16 ae af 54 6a 27 98 b3 1a cf 86 1b 3f 9e 9f 7e 97 f5 3e df 96 9f 13 59 37 12 e0 70 38 1c d0 1c 58 cf ad 5e 44 1f ab d4 0d 93 15 0e 3e 30 b8 6a b7 4f e5 be d1 68 0c f0 d1 c8 47 32 1d 86 42 84 80 61 7a dc 48 ee 9b 5d 5b 3f 11 41 3a 53 fd 4e b3 f9 85 96 80 68 39 0e f7 9a 02 b7 63 e0 9a Data Ascii: PNGIHDRPWpHYssRGBgAMAaIDATxYQHsVD`""""`#&}=,}UkFQwO[+KZv{~vvvL`XmEf3tBZ1%"U{8q>XT]`KFH;C75+YQ3u&u[OvKm\\.nJ(W)F3A`^v%@0qMZ7dMj#CcHh.Cct^}#y!a)YU3~{=jk"-}A?N(UViz!?Yj6=f:wshZvu+FZ=6@Kh5ar5v&}-J1iAfskwqCoX>CTj'?~>Y7p8X^D>0jOhG2BazH][?A:SNh9c
Feb 1, 2021 22:28:06.861535072 CET	544	OUT	GET /images/20.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.915054083 CET	560	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/jpeg Content-Length: 61254 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "ef46-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9f300004c6112a85000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qz9D%2FNowBMBqgeVKGZ8GWl%2BsPsL5VhWTNCYtlDS9dTRK1gYJPH5ByyJ7l82fZuj4YY0uA%2F3Eo9RLysPhkbQqz%2F7bSiafP%2BnWbXZurIS2tkT3YJdfpLNyyhK6gw%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2a31ffc4c61-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff c0 00 11 08 00 da 01 53 03 01 11 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 Data Ascii: JFIFHHCCS}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Feb 1, 2021 22:28:11.831080914 CET	670	OUT	GET /fonts/mem8YaGs126MiZpBA-UFVp0dbck.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.887049913 CET	763	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive last-modified: Mon, 09 Nov 2020 15:03:18 GMT vary: Accept-Encoding,User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2601 cf-request-id: 0801180d5d00004c6133082000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2VxSdxmI5qYGLKoiksrgtn%2FMSCzej18RxvaEMp%2FH8ywr3khoUYwnkR%2BvNIRUzy2fabaIZ58VKOdTQU2nqx8dIL1aOOP7qgnvBUsSWjJ93q6HaUhmH6iIiIszIA%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2c22a704c61-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb 37 1b a1 76 0c ae Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd7v
Feb 1, 2021 22:28:11.903270006 CET	788	OUT	GET /fonts/glyphicons-halflings-regular.eot HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.956778049 CET	912	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Mon, 09 Nov 2020 15:03:18 GMT Vary: Accept-Encoding,User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2602 cf-request-id: 0801180da300004c612e082000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=on73Lgi3SHywCEX9x0RiZ7uuVHZi6Gu8IGntqYh%2Bhh3zQGQcduod3FyVsRhNZ5vgRS0QdX%2FS8PNmimb9%2B4%2BX0nb0%2BJVJyeQOLlBtTqJTYaY3khWv%2BFVIW%2FdeyQ%3D%3D"}],"max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 61aec2c29bb24c61-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49737	172.67.207.131	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:06.550206900 CET	259	OUT	GET /css/bootstrap.min.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.613508940 CET	286	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 19813 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "1d9d1-5ab1be1c19b52-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f8bb00004c1fbc995000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UfrnIfn%2FourBYeoRq2FXMQdx0nVZRjMAsRVrtYGvX55yMmt5iqfLn6D1K9qzvJpCtMYtoEkfA9a9UDh5Sv4MgC7g6%2Bx1ysKIvOpCmC5b6R%2BYF7wscOKkipQZog%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a12dfc4c1f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 8f eb b8 91 e8 f7 fd 15 de 13 0c 66 4e 8e ed 23 cb af 76 37 a6 ef ee cd 2e 76 03 6c f2 e5 e6 c3 02 93 c1 85 2c c9 6d 65 64 cb 91 e4 f3 18 5f ef 6f bf 7c 8a c5 62 91 92 dd 3d 83 04 48 7a f7 4c 37 59 2c 16 ab 8a 55 64 89 2c 7e fc ed 3f ff d3 e8 b7 a3 ff 5d 55 6d d3 d6 c9 69 f4 69 3e 9d 4f d7 a3 ef f6 6d 7b 7a fc f8 f1 25 6f b7 ba 6e 9a 56 87 f7 1c fa 77 d5 e9 6b 5d bc ec db 51 1c cd 66 13 f6 cf 7a f4 a7 cf 45 db e6 f5 78 f4 fb 63 3a e5 40 ff 55 a4 f9 b1 c9 b3 d1 f9 98 e5 f5 e8 0f bf ff 93 44 da 70 ac 45 bb 3f 6f 39 be 8f ed e7 6d f3 b1 eb e2 e3 b6 ac b6 1f 0f 49 c3 50 7d fc af df ff ee df ff f8 7f fe 9d 77 f9 f1 9f fe e9 a3 a4 f4 3f f2 63 5e 27 2d c7 db 14 c7 97 51 bb cf 01 f5 bf 3b 37 6d 75 28 7e 66 1d 9a ce d0 10 3e 66 55 da 7c 64 c3 fc 98 6a e8 8f ff ab c8 be df ce 56 49 3e 9b 6f a2 65 92 e7 cb cd 76 b3 58 a5 cb c5 2e 5b 2e 97 69 fa 10 a5 6a e8 c7 5d f1 32 6a 92 4f 8c 82 b6 1a a5 e2 ef e9 5f 9a ea 38 4a 8e d9 c8 8c b0 69 a7 60 98 7d c8 f9 18 3f be 8d 2c 56 bf b4 2c 18 9d a3 63 55 1f 92 92 b1 6e 9a 36 0d 27 34 9a ce 47 ff 4f 60 56 9d b1 bf 00 ea 63 9e 56 65 d2 7c b4 db fd f6 e3 be 3d 94 97 5d 75 6c 27 bb e4 50 94 5f 1f 9b e4 d8 4c 9a bc 2e 76 4f 93 43 33 69 f3 2f ed a4 61 f0 93 24 fb 0b 13 d7 e3 2c 8a be 79 9a 7c ce b7 3f 15 2d 5d 7b dd 56 d9 d7 cb 21 a9 5f 8a e3 63 74 4d ea b6 48 cb 7c 9c 34 45 96 8f b3 bc 4d 8a b2 19 33 a1 a5 c9 a9 2d aa 23 ff f5 5c e7 e3 1d 1b 37 e3 d9 3e 4f 32 fe 9f 97 ba 3a 9f c6 87 a4 38 8e 0f f9 f1 3c 3e 26 9f c6 4d 9e 8a 16 cd f9 c0 d0 7f bd 64 45 73 2a 93 af 8f 8c 51 e9 4f d7 e4 9c 15 d5 38 4d 8e 9f 92 66 7c aa ab 97 3a 6f 9a f1 27 d6 6b d5 41 16 c7 b2 38 e6 13 d1 e0 e9 53 ce 49 4b ca 09 63 c8 cb f1 71 9b 34 39 af 95 88 1e 8f 55 fb dd 0f 4c bd da ba 2a 9b 1f df 77 28 8e d5 31 7f da e7 5c e4 Data Ascii: }kfN#v7.vl,med_o\|b=HzL7Y,Ud,~?]Umii>Om{z%onVwk]QfzExc:@UDpE?o9mIP}w?c^'-Q;7mu(~f>fU\|djVI>oevX.[.ij]2jO_8Ji`}?,V,cUn6'4GO`VcVe\|=]ul'P_L.vOC3i/a$,y\|?-]{V!_ctMH\|4EM3-#\7>O2:8<>&MdEsQO8Mf\|:o'kA8SIKcq49ULw(1\
Feb 1, 2021 22:28:06.613548040 CET	287	IN	Data Raw: 6c 74 3f ec 8b 2c cb 8f 3f 8e db fc c0 aa db dc 82 bb 26 97 6d 92 fe c4 c7 72 cc 26 4c 02 55 fd c8 44 7b 6c 4e 49 9d 1f db 6b f2 98 b0 11 7d 62 cc 79 dc 57 8c 9c 4b 75 6e 39 09 9c 6d db 6d fd 43 5b b4 65 fe e3 65 5b d5 8c 27 93 6d d5 b2 e9 f2 38 Data Ascii: lt?,?&mr&LUD{lNIk}byWKun9mmC[ee['m8;}e<nLSgIk;ZE^3UD'-jF 7]$ME)Op<0q7gFJo5NUSp=9cS['t87+yQqxQalj>I=L}_8weQuK+
Feb 1, 2021 22:28:06.613585949 CET	289	IN	Data Raw: 7a 19 b9 d0 9f 8b 8c f6 39 4b 5b 36 22 d6 32 29 f3 1d 8d 39 26 80 d3 9c ef c4 49 f0 39 01 5e 7b c9 5e 10 d0 3c 66 58 ec 48 5f be 5c 3a 73 9f 04 5b 21 5b 96 f1 5d a3 77 84 d8 f2 09 68 3f cd 68 a1 c0 b6 4b dc fa 4f 44 4c 91 6c 80 96 67 45 da 9e 6b Data Ascii: z9K[6"2)9&I9^{^<fXH_\:s[![]wh?hKODLlgEkrjl)9RHZXCK}-!l++l&jD~!6`\|N[yps42C;8^L3mySROXof;"$s#V$,\A
Feb 1, 2021 22:28:06.613622904 CET	290	IN	Data Raw: c6 a9 4c 0e 24 d3 51 c4 21 63 13 dd 17 6f 88 51 bc e1 54 bc bc 7c e5 a1 5f ca ee c4 28 e0 d0 a4 45 c3 16 d6 e4 14 47 d1 86 6d d1 a6 15 b9 28 8d 51 a8 61 db 52 5f 54 31 d4 97 2d a9 45 08 ea 2b a5 e4 51 94 d8 c3 f8 0b 35 ab 1d a8 fa bc a5 04 1d 47 Data Ascii: L$Q!coQT\|_(EGm(QaR_T1-E+Q5G'Gl]AZZ{Q#p5$,<"vl1s6P^fdl>UMGuAw(&+a}?rO7EB&joV'Zzbw
Feb 1, 2021 22:28:06.613671064 CET	292	IN	Data Raw: 55 c9 66 b1 58 c4 1a a5 ac b3 31 aa 32 0b e1 c3 62 be 9c 2f ae d3 ed 0b 96 8a 58 70 39 13 a0 93 95 69 d0 75 02 8a 64 1f 6e 73 2d 32 06 aa 05 e6 02 65 bb 5d 94 3d c8 3e b0 e4 40 91 af 8f 74 96 c7 db b9 e8 43 08 90 e8 60 93 67 3b 35 08 4b 92 fa 6f Data Ascii: UfX12b/Xp9iudns-2e]=>@tC`g;5KodFHXnCB;] I_b2<%/og`=a<0\|@/viv>YGpkl%2V%j'KLXHfbO=g5kY
Feb 1, 2021 22:28:06.613713026 CET	293	IN	Data Raw: 0a 2c 92 c0 1a 08 2c 71 c0 0a 06 2c 50 c0 fa 03 2c 2f c0 ea 01 ae 0d a0 df 17 3e dd f1 77 b2 14 fb 3b d1 ce eb ef 44 0f 5e 7f c7 49 c1 fe 8e 53 ea f5 77 7c 44 5e 7f c7 47 8e fd 1d 67 8c d7 df 71 06 7a fd 1d 67 34 f6 77 5c 0e 5e 7f c7 87 ea f3 77 Data Ascii: ,,q,P,/>w;D^ISw\|D^Ggqzg4w\^w*@N8NW;;]w4tu\|;;QC:r^^N`cz>@w@3}@zwH3}7
Feb 1, 2021 22:28:06.613749981 CET	295	IN	Data Raw: 6a 23 2f 22 52 5a 83 6a 80 d2 a0 1a a0 33 3e 6c 4e 0d d0 18 1a 9b 2a a6 f4 c5 ad d1 d2 75 6b 30 36 57 59 dc 1a 8c 8d 64 a8 bc dd e9 55 15 eb c6 a7 57 53 fa a1 2c 90 5e 3d b1 58 19 c6 44 ae 4b b6 69 da 69 09 48 5d d3 3d 92 3c f9 a2 4e d8 9b 43 cd Data Ascii: j#/"RZj3>lN*uk06WYdUWS,^=XDKiiH]=<NC4}2(9fL,bZOZoBwUn:C #%26<46N#`lHw! G$3m7!;[[vnjoni[^7r\\5\|!`0\n
Feb 1, 2021 22:28:06.613789082 CET	296	IN	Data Raw: c2 46 85 cd 29 d7 0a 75 5a 67 34 e5 19 50 e5 32 71 6c 57 68 fc 6a 35 60 d5 a9 05 ac 0d af 5c 3c 05 da 2d 09 c9 16 54 ad bd af 80 15 f6 52 82 68 a4 97 ee 81 b6 16 08 ca e6 6d d3 68 87 4c ac f0 98 84 ff e5 c3 91 01 8a c8 b0 9d cc 2e 7e 17 5d 63 1e Data Ascii: F)uZg4P2qlWhj5`\<-TRhmhL.~]c^7vzNhdt'fBrU'M\xKmPKTR{-KMc@%$Eh5ZJOd1$s'<q5v^*jkXK!s]SjJn
Feb 1, 2021 22:28:06.613826036 CET	297	IN	Data Raw: dc 45 99 8d 7e 80 75 21 71 65 cb 87 e5 2c b6 71 41 85 d5 b4 f6 eb ec 20 76 dd 48 03 d4 4e 9b 92 7e 63 83 92 ef 10 c8 09 91 0c b5 3a 7e a9 12 b6 c7 46 de 6f 7e 6e d0 0f c9 ba 01 fa f1 3a 99 06 4c 91 46 46 59 23 55 37 d8 20 f9 45 46 9a 25 17 7d d8 Data Ascii: E~u!qe,qA vHN~c:~Fo~n:LFFY#U7 EF%}"e=&GT3\|ze/DbD-L7(~p\|"Q%ikyJBD06p'$c@Jbv%18%DXJFDEEGLtT:F"PTwdt+
Feb 1, 2021 22:28:06.613890886 CET	299	IN	Data Raw: 42 e4 a1 fb d7 b9 fe 12 22 c1 04 93 6f 89 17 eb 55 0e 61 79 c4 8d 38 b8 04 52 6f 3b 2b 0a d1 62 a8 cb bd de ad 71 02 38 a2 91 c2 02 46 65 bb 33 af 9f f3 af 2a 9e 91 b4 d1 52 16 3c 82 e7 7d 84 d4 4b 0e 44 6b 10 79 c1 b1 d7 24 6a 07 8d 23 8c c7 eb Data Ascii: B"oUay8Ro;+bq8Fe3*R<}KDky$j#EJIvZqkxBTYC/~^#u_Iqq7Hs"(;4-2OSZMI;hX oe64gx!KDIZi(yB
Feb 1, 2021 22:28:06.614020109 CET	303	IN	Data Raw: 80 af 30 58 b7 0f e0 fd b5 79 d4 4f 4e 4f 57 fd 24 5e ac eb 0a 36 33 3c 28 f5 9b aa 28 58 65 a1 98 81 05 05 47 b1 ad f9 a3 f6 20 be d0 45 9a 96 2a d2 14 fa b4 1e 83 e7 eb 96 11 a0 4c a0 05 2b 0f 53 e6 8f 4e d9 8d 45 e8 c4 5e 3d f4 31 fd d9 68 e6 Data Ascii: 0XyONOW$^63<((XeG E*L+SNE^=1h5v`CF.B2E>,E'o6ACr/vZix6xpovR]?&\rtRU"m9\|4mkH[+NsrHXo_(lA?
Feb 1, 2021 22:28:06.627927065 CET	318	OUT	GET /css/style.css HTTP/1.1 Accept: text/css, / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.680192947 CET	375	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: text/css Content-Length: 8663 Connection: keep-alive Last-Modified: Fri, 24 Jul 2020 08:26:11 GMT ETag: "bc28-5ab2bb9bcfb1b-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f90800004c1fd397b000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pWcm%2BT9%2Bsdq4fvGqor%2BIibderRFTxhlpa7Hl76eIVEwasUNhMsqFCvmacS5K3ItjgeTbs8caeD4MdSXIN6nDyv8I6RZVGov%2BdgSi1sYechtT9TmVmwFXvb4QoQ%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a1af5b4c1f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d d9 72 e4 48 6e cf d6 57 d0 a3 50 4c 6b 2c d6 b0 78 d4 21 85 3b 76 f6 98 f0 83 9f fc e4 0d 87 43 c1 22 b3 54 9c 66 91 b5 24 4b dd 1a 85 fe dd 79 9f 48 92 52 ab 67 0f 6f 57 eb 22 f3 40 22 91 00 12 40 22 17 fb ba 3a 85 45 dd 16 9f c2 cf 5d 7e 3a a1 6e 51 d4 28 ef f6 d5 97 db 7c 3f a0 ee e6 62 31 56 66 87 f6 6d 87 c0 42 23 f5 79 b5 e0 f9 22 c0 ff 8a b6 19 50 33 dc 06 df 05 df dd d1 27 65 d5 9f ea fc e9 36 18 f2 5d 8d 2e 5e 2e c6 81 18 e9 88 be 12 fd 90 f2 b7 c1 ae 1d 0e a4 c9 5d 5b 3e b1 17 7b 0c 40 b8 cf 8f 55 8d bb fc af 16 17 68 ef 68 a7 4d fe 48 be c2 5f ce fd 50 ed 2b 54 7e ac ab 8f 39 6f ee d4 f6 d5 50 b5 cd 6d d0 a1 3a 1f aa 47 34 52 e7 76 df 16 e7 fe c6 fb fa d0 3e 4a 38 77 79 f1 e9 a1 6b cf 4d 19 16 6d dd 62 90 87 2e 6f fa 53 de 61 2c 8d f4 f1 71 f1 97 73 3b 20 07 bc 7c d7 b7 f5 79 40 0c b7 35 da 63 54 47 ec 8f a1 3d c9 df db 53 5e 54 c3 93 fc fb 73 55 0e 87 db 20 89 4e 5f d8 83 03 aa 1e 0e 83 fe e4 94 97 65 d5 3c dc 06 99 78 e2 c2 7e b9 4c 8a 68 97 f3 d7 6d 57 a2 2e ec f2 b2 3a f7 b7 c1 52 d6 13 85 f7 fb 3d 1d e1 6e 68 c2 fe 5c 14 a8 ef 19 6e 6e 02 e3 19 45 a7 0f 5d 97 7f fa fd 6a 19 fd 74 27 5b 3a 75 d5 31 ef 9e 6e f3 82 4c d3 0d f4 50 4e 90 fe 0a 7a 36 3e 53 97 59 5e 2c b3 dc 3b 4b 0b d6 9b 3d 59 12 f7 4b 5c 73 f1 98 d7 55 19 9e f2 be 0f eb 7c 87 ea 89 19 55 50 e0 fe 7f fe 09 7f 7e d6 b1 8d 1b 3d 7d 09 70 85 aa c4 af 7f 8e a2 e4 0f e2 f5 97 b0 af 7e a5 13 c8 27 06 3f 62 ef 7e 0d ab a6 44 5f 6e 83 ed 76 bb d2 68 25 95 73 af 91 c8 32 8a ae ee 14 e0 c5 01 15 9f 02 1d 72 39 bb db 28 8e 96 c1 bf 56 c7 53 db 0d 79 33 b8 64 14 c4 92 26 dc 05 c6 01 41 5f 86 10 f7 f4 80 df 10 6a 76 da 33 d6 f3 7f e6 64 35 cb c7 fd f0 54 a3 db a0 69 bb 63 5e 6b cf 3f 73 e2 76 5e 60 0c e1 f2 cb 58 40 55 57 0d 0a c5 52 58 4a 74 60 da 78 a8 Data Ascii: =rHnWPLk,x!;vC"Tf$KyHRgoW"@"@":E]~:nQ(\|?b1VfmB#y"P3'e6].^.][>{@UhhMH_P+T~9oPm:G4Rv>J8wykMmb.oSa,qs; \|y@5cTG=S^TsU N_e<x~LhmW.:R=nh\nnE]jt'[:u1nLPNz6>SY^,;K=YK\sU\|UP~=}p~'?b~D_nvh%s2r9(VSy3d&A_jv3d5Tic^k?sv^`X@UWRXJt`x
Feb 1, 2021 22:28:06.719790936 CET	444	OUT	GET /js/index.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.776611090 CET	515	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 168 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "128-5ab1be1c1ca32-gzip" Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f96600004c1fbd90a000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P9rL3F2Gaz9GmY845UFae1pUg0VCWl66w7XOfrkTO%2Fk2woUZybGnN5tULGu1r0v9NS59f4M3jVb8GX7KZrwXY19o2rYDcKrCUOrSrnM%2BOggdo%2BIMfOy2xWOAKw%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a2392b4c1f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 8e 41 0a c2 30 10 45 f7 3d c5 80 85 26 d0 06 dd ea d6 23 78 81 34 4e 48 70 9a 29 cd b4 20 e2 dd 4d ab 0b 3d 80 1f 66 31 9f ff 3e bf 56 cd 2e d9 c5 31 75 07 a0 08 b6 d1 c6 51 74 37 e5 e7 e4 24 72 52 a8 e1 51 41 11 9a 71 c2 05 93 9c d1 db 99 44 e9 d3 e6 d7 aa 09 32 50 0b 3d 5f ef 85 b7 29 0e 56 50 7d b0 55 d9 4d 4c 74 e1 f1 58 d2 12 62 36 c1 e6 a0 0d 7b 9f b1 14 19 e1 71 0b 3f 4b e7 7a 55 29 35 6f aa eb 25 41 0b 5f 5f f7 ff 95 6a af 7f f6 bc 00 ac b4 0b a3 28 01 00 00 Data Ascii: A0E=&#x4NHp) M=f1>V.1uQt7$rRQAqD2P=_)VP}UMLtXb6{q?KzU)5o%A__j(
Feb 1, 2021 22:28:06.780579090 CET	518	OUT	GET /js/commonJs.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.851824045 CET	534	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: application/javascript Content-Length: 3746 Connection: keep-alive last-modified: Tue, 03 Nov 2020 08:17:10 GMT etag: "307e-5b32f7d4c9791-gzip" vary: Accept-Encoding,User-Agent content-encoding: gzip Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 4302 Accept-Ranges: bytes cf-request-id: 080117f9a000004c1febb4b000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iOBiOQhdkEv8p2EoGvQPChH2yLQpvcJtHllIMkwUH0WYyoMRwWorbtGEnjqdyEgDaGAJGw3oz83sDK4JeChrdYnrKBhLqtX4tftUhfAt90bwb%2B8mm45it5zQVA%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a29a274c1f-AMS Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 5b 5b 6f 1b c7 15 7e 37 e0 ff b0 11 8c 90 8c 15 8a 7b df 8d a2 d8 b3 33 3b 45 1f 7a 41 da 3c b4 92 6c d0 d2 4a 66 4c 91 02 2f 8d 5d 47 40 12 a7 37 04 48 5e fa 43 1c c7 46 dc 38 4e fe 02 f9 8f 7a ce 77 b8 bc 88 b2 45 c5 0e da a2 84 f5 ed 9e 39 33 e7 3a 73 66 b8 5c 6f 5e be 74 a5 ba df dd 1b 1e 15 9d 41 ad de 2b 9a fb f7 aa 07 c3 ce de a0 d5 ed 54 6b f7 2f 5f ba 7c c9 a1 cf c6 86 33 fa e7 e8 87 d1 d7 a3 87 a3 47 a3 67 e3 af 46 4f 46 df 3b a3 1f a9 e9 d9 e8 89 33 7a 34 fe 94 5a be 19 3d 1e 3d 74 f6 86 bd 1e 49 bb 39 ec b5 6f ae f2 11 0d 7f 6a f6 9c 4e f3 a8 f8 a0 d7 76 b6 9c 8f 5a 9d fd ee 47 f5 76 77 af c9 96 d4 6f 77 fb 83 4d e9 38 6f ef 01 75 ab 56 0e ba bd a3 4a ad de 3c 3e 2e 98 7c b7 d5 39 1e 0e 9c c1 bd e3 62 6b ed 76 6b 7f bf e8 ac 41 f4 d6 da 9c 69 6b a4 b1 3d a4 b6 8a 73 75 aa f8 aa 53 59 7b ef dd 0d 08 78 af 52 2b 7d cf 7f 6d 5e ea fe c5 3d be 7c e9 a4 b6 c9 17 0e ec e3 99 64 92 fb 7c f4 94 23 fa 94 6e 7e 1c 3f 18 7f 46 cc 47 64 18 1a be 23 dd 0f 46 8f 89 70 c6 5f 8e 3f 19 3d 63 1b 1e d2 cd c3 d1 f7 a3 27 e3 cf e8 8e 7a af 68 c3 34 cf 4e b5 e6 4c 33 3d 6d 3c 2c 06 bf 2b 9a bd bd db bf 6d f6 28 3c 83 a2 d7 97 7e ce e4 c3 19 3b ee 1d f5 07 bd 33 12 d6 c7 d0 7a 7f 78 8b f8 55 b7 b6 39 1b d7 2b 06 c3 5e a7 1c fa c6 96 d3 19 b6 db ce 9b 6f ce b5 ac ad 39 d7 9c 41 af d9 e9 73 6e 7f df 55 fd 7e 77 4f f5 7a cd 7b 55 e9 54 73 de 71 ee 9f 4c 84 9e 2c d9 7e f6 d0 52 c1 b2 17 ec 61 9f bc 98 8a 9c f3 af d9 63 ff 64 68 bd 7f dc 6e 0d aa 6b 6f ae cd 3b 44 8a 9c 2a ba b7 a8 67 63 93 2e ef 4e 46 d6 db 45 e7 70 70 9b 9a ae 5e 5d 50 5b 2a 18 1c 1d 4f 15 d0 cd 76 6b b7 d4 b1 b5 a0 83 3f 62 e6 b6 0c d9 6e ec ee d2 b0 fd 62 af bb 5f 7c f0 fe 2f 75 f7 e8 b8 db a1 59 58 9d f0 dd dd f9 f1 27 cb f1 87 b4 d3 21 5c 08 Data Ascii: [[o~7{3;EzA<lJfL/]G@7H^CF8NzwE93:sf\o^tA+Tk/_\|3GgFOF;3z4Z==tI9ojNvZGvwowM8ouVJ<>.\|9bkvkAik=suSY{xR+}m^=\|d\|#n~?FGd#Fp_?=c'zh4NL3=m<,+m(<~;3zxU9+^o9AsnU~wOz{UTsqL,~Racdhnko;Dgc.NFEpp^]P[Ovk?bnb_\|/uYX'!\
Feb 1, 2021 22:28:06.858474970 CET	543	OUT	GET /images/cnn.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:06.912246943 CET	557	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:06 GMT Content-Type: image/png Content-Length: 2031 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "7ef-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300824 Accept-Ranges: bytes cf-request-id: 080117f9f000004c1fd0b3e000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C2F6HJKG56GDRt94qgDrxC0zg08KYuNykI5QA0lzCdLtgb1bMTJs0PKtKcQ%2Fw25afy1OIDUWYwYNN5IcTuaa0QKLf2uPnHz3lP46J0MIx5w7UkNU49vf8QfFkw%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a31b6f4c1f-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 38 00 00 00 1a 08 06 00 00 00 e2 e2 9f 23 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 84 49 44 41 54 78 01 ad 58 09 70 8d 57 14 fe 5e bc ac 44 04 41 56 c2 a8 9d 34 c1 68 6a 6a e9 54 8a 56 a7 63 ec 5a 5b 8b 1a 6a a9 3d c5 d8 26 96 d6 be 9b 41 3b 1a eb 74 18 a3 8c b6 8c 7d 0b 4a a8 a9 2d 21 64 91 c8 42 12 11 ef e5 f5 bb f7 bd fb f2 27 f2 de ff 42 be f9 ef dc ed 3f ff 3d e7 9e 73 cf 3d e7 37 c0 09 2c 80 e1 0a d0 95 cd cf d8 ee c4 ba 89 01 a8 c3 da a8 7d 8f 63 e3 a3 80 f5 a2 7d 0d a8 65 06 a6 b0 f9 15 4b 30 e7 f2 49 7b ae 04 58 d5 11 f8 cb d9 7a b7 f9 ed 02 e0 07 8b 95 b6 01 69 73 59 9f 66 7f 49 07 e0 52 45 34 e4 6f 32 e7 57 88 76 c0 b8 71 a8 3b 7a 34 6e 47 44 d8 e7 8d 8e 16 4b 00 ba b1 2c e3 22 ed 6d 42 e8 e2 3a 10 f2 1a 38 c4 a6 7d 05 2e ee cf aa b7 1b 10 73 19 98 40 46 37 55 44 7b 15 68 48 e1 8e b3 d9 58 b3 56 5d 96 2f d9 ff 94 f3 7d 23 81 23 a8 24 dc ca 0f dc 20 43 14 2c 9e cd e3 4a 38 57 61 02 e2 a0 11 ae 1c 8c fc de 7a 7e bf 79 45 93 dc 88 5f 58 35 76 40 eb 4d 0b f8 9d 42 06 a1 92 28 23 a0 d0 40 31 70 96 cd 41 da f1 9a dd bb 23 7c d7 2e b4 49 4a c2 fb f9 f9 88 2c 2a 2a 53 22 58 fe 01 de 23 93 43 15 4d 60 6c 2c 22 72 72 d0 f2 e6 4d 78 36 6a 64 5f ef 15 b0 a6 3c 13 b4 bd 0e a4 ed a2 fa 41 0b 17 22 22 37 17 2d ae 5e 85 7b 48 88 1a f6 a2 90 0b f0 b6 02 0a cd 99 ac 26 d2 42 8d d5 ea d3 07 ad ef dd 43 93 43 b4 ba 92 12 a4 c5 c5 e1 41 ff fe b8 db ab 57 99 f2 5f 97 2e 42 03 4d 15 9d 47 58 18 82 16 2d c2 e3 a9 53 61 4a 4f 47 c3 6d db ec 0b 52 8b 9f f0 dc c4 68 99 d0 d2 d6 88 8e 96 9b f3 68 cc 18 b9 66 d8 c6 8d da 57 47 5d b6 fa 04 97 61 3f 83 dc d9 9f 0c 9a 85 82 17 2c 40 83 39 73 90 be 6c 19 32 96 2e 85 29 3b db e1 47 c4 99 29 02 7c 3d d5 47 eb d4 91 75 Data Ascii: PNGIHDR8#pHYssRGBgAMAaIDATxXpW^DAV4hjjTVcZ[j=&A;t}J-!dB'B?=s=7,}c}eK0I{XzisYfIRE4o2Wvq;z4nGDK,"mB:8}.s@F7UD{hHXV]/}##$ C,J8Waz~yE_X5v@MB(#@1pA#\|.IJ,**S"X#CM`l,"rrMx6jd_<A""7-^{H&BCCAW_.BMGX-SaJOGmRhhfWG]a?,@9sl2.);G)\|=Gu
Feb 1, 2021 22:28:06.971087933 CET	627	OUT	GET /images/person-bg-2.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:07.023672104 CET	630	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:07 GMT Content-Type: image/png Content-Length: 721 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "2d1-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300825 Accept-Ranges: bytes cf-request-id: 080117fa6000004c1fcd9ec000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6EuWWgurpVevaW9eXDvxwGdhwVYNkWktNRMDciw2QFtvkJID%2F%2FPWtP81I7XY%2FubDdC6AU8vHjTAxwEegjKdsuJFQbGRG3g04QcveHNnW0ycVd8R2ekgx26BUUA%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2a3cd304c1f-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 02 66 49 44 41 54 78 01 ed db cb 4d c3 40 14 46 e1 31 62 15 9a 49 07 94 12 25 0d 50 02 74 00 25 a4 be 84 1e 0c 17 01 e2 91 77 6c cf e3 9c 6f e5 c5 2c 2c fd 47 9a d5 a4 24 ac cd 72 b6 ee 92 90 3e c7 5f 18 00 d0 d7 f8 f1 6d 00 30 3f c7 0f 06 00 f2 77 fc 60 00 10 bb c6 0f 06 00 b0 6f fc 60 00 8d 3b 34 7e b8 49 6a d6 eb f2 ee e5 d0 f8 c1 00 1a b5 5d cd 9e fa d4 3f 1c 3b e7 15 d0 a0 18 3f f5 e9 f1 94 b3 06 d0 98 73 c6 0f 06 d0 90 73 c7 0f 06 d0 88 4b c6 0f 06 d0 80 4b c7 0f 06 50 b9 6b c6 0f 06 50 b1 6b c7 0f 06 50 a9 21 c6 0f 06 50 a1 a1 c6 0f 06 50 99 21 c7 0f 06 50 91 a1 c7 0f 06 50 89 31 c6 0f 06 50 81 b1 c6 0f 06 50 b8 31 c7 0f 06 50 b0 b1 c7 0f 06 50 a8 29 c6 0f 06 50 a0 a9 c6 0f 06 50 98 29 c7 0f 06 50 90 a9 c7 0f 06 50 88 1c e3 07 03 28 40 ae f1 83 01 64 96 73 fc 60 00 19 e5 1e 3f f8 2e 20 a7 be bb 4f 99 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 9c 01 c0 19 00 dc 6d ca 6c bb ba 7b 4e 7d 9a 27 a0 2e f5 f3 3e e5 d5 a5 8c 36 cb d9 fa fd 07 16 49 d9 64 0b c0 f1 cb 90 25 00 c7 2f c7 e4 01 38 7e 59 26 0d c0 f1 cb 33 59 00 8e 5f a6 49 02 70 fc 72 8d 1e 80 e3 97 6d d4 00 1c bf 7c a3 05 e0 f8 75 18 25 00 c7 af c7 e0 01 38 7e 5d 06 0d c0 f1 eb 33 58 00 8e 5f a7 41 02 70 fc Data Ascii: PNGIHDR>apHYssRGBgAMAafIDATxM@F1bI%Pt%wlo,,G$r>_m0?w`o`;4~Ij]?;?ssKKPkPkP!PP!PP1PP1PP)PP)PP(@ds`?. Oml{N}'.>6Id%/8~Y&3Y_Iprm\|u%8~]3X_Ap
Feb 1, 2021 22:28:11.829966068 CET	669	OUT	GET /fonts/mem8YaGs126MiZpBA-UFWZ0dbck.woff HTTP/1.1 Accept: / Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Origin: http://de.gewinncode.zulole28.vip Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.891124010 CET	772	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Mon, 09 Nov 2020 15:03:18 GMT Vary: Accept-Encoding,User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2601 cf-request-id: 0801180d5c00004c1fcdbff000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZP%2B4EbVXdpNzTQXPPmPBbxI6dS2kjTDuUdnkFTVPshmgfgrxSJprvkq%2BlrOwMRXTlgtus6%2FfRhJ2fYr0PX2lMqVPtZEKMw2Gm%2Bjx3F0ycUq%2BfyczuA2RSiu%2BwA%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c2285c4c1f-AMS Content-Encoding: gzip Data Raw: 31 62 35 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5d dd 6e dc 38 96 be ee 3c c5 89 7a 66 62 03 f5 ef a4 3b ed 9f ea 4d 27 4e e2 ee c4 e9 8d 9d 0e 26 37 06 4b 3a 92 18 53 a4 86 a4 aa 62 ef 0e b0 d8 97 d8 9b 05 f6 26 58 60 80 b9 ee ab 5c 8d df 64 9e 64 71 48 a9 4a 55 56 95 cb 8e 7b 32 d8 06 3a 29 49 e4 21 79 78 78 7e 3e 1e 32 bb 77 9f bc 7a 7c fc c7 9f f7 21 b5 99 18 de d9 a5 bf 80 47 7b 41 aa 32 0c 86 77 ee ec a6 c8 a2 e1 1d 00 80 dd 0c 2d 83 30 65 da a0 dd 0b 0a 1b b7 1f 06 f5 4f 92 65 b8 17 8c 39 4e 72 a5 6d 00 a1 92 16 a5 dd 0b 26 3c b2 e9 5e 84 63 1e 62 db 3d b4 80 4b 6e 39 13 6d 13 32 81 7b fd 4e af 81 54 84 26 d4 3c b7 5c c9 1a b5 e3 14 e1 69 61 0b 8d f0 2a 86 c7 85 d6 28 c3 33 38 30 f0 1c 35 56 64 2c b7 02 87 cf 70 c2 a5 0c 55 84 bb 5d ff c6 7f 15 5c 9e 82 46 b1 17 f0 90 88 a7 1a e3 bd 80 67 2c 41 d3 8d d9 98 de 76 72 99 04 60 cf 72 2c bf 74 e9 05 f1 a4 eb 99 72 67 77 a4 a2 b3 e1 1d 4f 32 e2 63 08 05 33 66 2f c8 54 c4 04 c4 2c c2 00 b4 12 34 12 ce 84 22 6a 6c c4 65 84 1f f6 82 76 3f 70 8c c6 0f dc b6 5d 85 b2 e7 8d c4 da 15 81 92 9c 0a 8b 0c a5 ad 55 59 ac 96 6b 14 aa 88 50 b7 73 95 17 79 30 dc ed 46 7c bc bc bc 6f a6 64 f2 02 dd e6 b2 c4 04 d4 0d 45 5d f1 51 61 ad 92 25 fb fc 43 50 d5 0f 85 32 18 40 c4 2c 6b 47 dc 64 7c 4a 34 00 a6 39 6b 0b 36 a2 b9 79 ec ca 0d 77 4d ce a4 ff 90 f2 28 42 b9 17 58 5d 60 30 bc f8 af dd 2e 7d 1b ee 76 7d 0b 4b fa 92 0e aa 96 2d 7e b0 ed 10 a5 45 0d ee 77 c4 64 82 1a fc 88 9c 84 04 60 ec 19 31 39 56 d2 b6 dd ef 6d a9 74 c6 c4 8e 7b 33 41 9e a4 76 7b a4 44 b4 13 2a a1 f4 b6 4e 46 1b 83 fb 83 d6 37 ad c1 e6 4e 30 7c fb e8 f5 f1 fe 21 1c 1d ec c3 e1 ab c7 cf ef ee 76 d3 c1 b2 8e 6d 35 74 6c da 81 8c e9 84 cb b6 55 f9 f6 83 fc c3 4e f9 38 52 d6 aa cc bd 21 d6 58 ad 64 32 7c 81 06 25 1c 71 84 88 a3 69 c1 08 c7 4a bb e7 04 53 94 77 77 bb 65 41 d8 ed a6 5b 4d b2 d0 3c c7 24 e0 cb 66 b8 56 58 ab c9 92 52 8b 25 43 25 da 59 d4 7e 30 1d 64 ce a2 88 cb 64 bb Data Ascii: 1b5b]n8<zfb;M'N&7K:Sb&X`\ddqHJUV{2:)I!yxx~>2wz\|!G{A2w-0eOe9Nrm&<^cb=Kn9m2{NT&<\ia(3805Vd,pU]\Fg,Avr`r,trgwO2c3f/T,4"jlev?p]UYkPsy0F\|odE]Qa%CP2@,kGd\|J49k6ywM(BX]`0.}v}K-~Ewd`19Vmt{3Av{DNF7N0\|!vm5tlUN8R!Xd2\|%qiJSwweA[M<$fVXR%C%Y~0dd
Feb 1, 2021 22:28:11.931597948 CET	851	OUT	GET /images/crypto-bg3.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://de.gewinncode.zulole28.vip/?session=9271bfc154b847c597dca7f0a9db88e4&aff_id=225&fpp=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: de.gewinncode.zulole28.vip Connection: Keep-Alive Cookie: __cfduid=d4d1cb2ed74191f8157d0b5b1fa03ae8a1612214886
Feb 1, 2021 22:28:11.983288050 CET	981	IN	HTTP/1.1 200 OK Date: Mon, 01 Feb 2021 21:28:11 GMT Content-Type: image/jpeg Content-Length: 72875 Connection: keep-alive Last-Modified: Thu, 23 Jul 2020 13:32:03 GMT ETag: "11cab-5ab1be1c1ba92" Vary: User-Agent, Accept-Encoding Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 300828 Accept-Ranges: bytes cf-request-id: 0801180dbf00004c1fae8f3000000001 Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kAOBZ7UienmjRCii9h7JTKEMyd1IjQpU7GYIRsmc8l84WrRKFFTgn6U8ZBzxptS6Bk29vkdzMyYz0xf91MtnMLkMC5RDLuq6O8m4oMzxKIXcvoT%2BSvek3QYeww%3D%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 61aec2c2ca554c1f-AMS Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c 01 04 04 04 04 04 04 04 04 04 04 06 06 05 06 06 08 07 07 07 07 08 0c 09 09 09 09 09 0c 13 0c 0e 0c 0c 0e 0c 13 11 14 10 0f 10 14 11 1e 17 15 15 17 1e 22 1d 1b 1d 22 2a 25 25 2a 34 32 34 44 44 5c ff c2 00 11 08 02 31 05 a0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 ff da 00 08 01 01 00 00 00 00 f8 a2 49 d2 15 9f 53 15 35 e9 c9 1e a4 1a 54 29 ec e3 b3 a4 c5 9f 47 3e e5 23 57 1e fc 79 89 d1 c1 92 eb 77 b0 cd bc fb 89 67 98 e8 e3 a3 16 be 04 8b 05 9b f5 34 b9 e0 9a 6d 7e 65 a0 08 a3 51 06 88 88 aa 08 0b 62 ba 2b 9c 20 d1 5f 24 b3 57 64 44 af 85 8d 05 05 00 00 2d d2 50 00 01 40 01 00 00 10 00 74 da 5d 3e a8 98 5c ed 18 e9 c9 32 42 b6 34 b1 d3 5a 9c b1 6b 57 d1 87 3a 4b 99 3d 2e 24 fa 39 f6 f3 9b b5 91 a0 cc c4 e8 eb e4 4b 66 f6 21 b5 9f 71 2c f3 1d 24 54 a1 d6 c1 91 8d 9a d4 b6 f9 d4 26 9f 5b 9a 68 00 83 44 44 41 15 04 05 36 27 c6 68 8d 01 55 f3 4a 8c 4a c1 62 58 21 00 00 00 01 5f 18 00 82 80 22 82 0a 00 00 00 2c da 3d 3e a2 a6 17 3b 46 3a b2 4c 42 b3 69 e4 a6 a5 37 c7 ad 5f a2 b1 9f 86 f3 63 16 6d 1c fb 99 ad d9 c9 d1 8f 35 3a 2a f9 32 5a bb 8a 9b 59 f7 0b 1c cf 47 15 18 b5 b0 26 85 26 b2 dd 8e 65 ab 2c da fc d3 45 41 a0 83 44 41 00 00 35 27 c5 10 05 24 96 64 63 63 60 8f b0 b0 44 00 0a 20 00 3d 80 00 00 00 02 2a 80 00 00 0b 36 97 4f a8 a9 85 ce 51 8e b4 b2 91 13 69 e4 26 ad 37 c7 ad 07 41 66 9e 3c 76 b5 30 64 bf 42 e5 08 b6 32 b4 62 ce 6f 45 5f 26 5b 37 b1 13 6a 85 b2 cf 33 d1 47 46 1d 7c 09 eb 13 58 6e ae 35 52 59 b5 f9 a6 a2 22 80 d1 06 83 55 00 14 2c 3a b0 22 be 5b 0f Data Ascii: JFIF""%%424DD\""%%424DD\1"IS5T)G>#Wywg4m~eQb+ _$WdD-P@t]>\2B4ZkW:K=.$9Kf!q,$T&[hDDA6'hUJJbX!_",=>;F:LBi7_cm5:2ZYG&&e,EADA5'$dcc`D =6OQi&7Af<v0dB2boE_&[7j3GF\|Xn5RY"U,:"[

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	8.208.92.142	80	192.168.2.3	49729	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 1, 2021 22:28:35.746458054 CET	2166	IN	HTTP/1.0 408 Request Time-out Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 1, 2021 22:27:47.194583893 CET	67.199.248.11	443	192.168.2.3	49719	CN=bit.ly, O="Bitly, Inc.", L=New York, ST=New York, C=US, SERIALNUMBER=4627013, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Aug 05 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Tue Aug 10 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.194583893 CET	67.199.248.11	443	192.168.2.3	49719	CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.196939945 CET	67.199.248.11	443	192.168.2.3	49718	CN=bit.ly, O="Bitly, Inc.", L=New York, ST=New York, C=US, SERIALNUMBER=4627013, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Aug 05 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Tue Aug 10 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.196939945 CET	67.199.248.11	443	192.168.2.3	49718	CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.554049969 CET	67.199.248.15	443	192.168.2.3	49722	CN=*.bitly.com, O="Bitly, Inc.", L=New York, ST=New York, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Aug 10 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 18 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.554049969 CET	67.199.248.15	443	192.168.2.3	49722	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.559807062 CET	67.199.248.15	443	192.168.2.3	49721	CN=*.bitly.com, O="Bitly, Inc.", L=New York, ST=New York, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Aug 10 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 18 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:27:47.559807062 CET	67.199.248.15	443	192.168.2.3	49721	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:03.589143038 CET	67.199.248.15	443	192.168.2.3	49727	CN=*.bitly.com, O="Bitly, Inc.", L=New York, ST=New York, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Aug 10 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 18 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 1, 2021 22:28:03.589143038 CET	67.199.248.15	443	192.168.2.3	49727	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		37f463bf4616ecd445d4a1937da06e19
Feb 1, 2021 22:28:17.307341099 CET	216.58.207.162	443	192.168.2.3	49747	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Jan 05 13:07:00 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 30 14:06:59 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:17.307341099 CET	216.58.207.162	443	192.168.2.3	49747	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:17.307809114 CET	216.58.207.162	443	192.168.2.3	49748	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Jan 05 13:07:00 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 30 14:06:59 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:17.307809114 CET	216.58.207.162	443	192.168.2.3	49748	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:27.926961899 CET	172.217.168.225	443	192.168.2.3	49758	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:27.926961899 CET	172.217.168.225	443	192.168.2.3	49758	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:27.933222055 CET	172.217.168.225	443	192.168.2.3	49759	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 1, 2021 22:28:27.933222055 CET	172.217.168.225	443	192.168.2.3	49759	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Memory Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5800 Parent PID: 792

Function Logs

General

Start time:	22:27:44
Start date:	01/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7045d0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: iexplore.exe PID: 4760 Parent PID: 5800

Function Logs

General

Start time:	22:27:45
Start date:	01/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5800 CREDAT:17410 /prefetch:2
Imagebase:	0xbc0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Show Windows behavior

Network Activities

Show Windows behavior

Process Token Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://bit.ly/39kvkUX

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5800 Parent PID: 792

General

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Directory Queried

Volume Information Queried

Device IO

Section Activities