Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

Overview

General Information

Sample URL:	http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html
Analysis ID:	1500176
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Misleading page title found

HTML page contains obfuscated javascript

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Submit button contains javascript call

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 2996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2264,i,18158099608120486582,3765129246842329535,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	Avira URL Cloud: detection malicious, Label: phishing
Source: http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/favicon.ico

Avira URL Cloud: Label: phishing

Phishing

Misleading page title found

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	Page Title: DocuSign Login - Enter your password to sign in
Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	Page Title: DocuSign Login - Enter your password to sign in
Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	Page Title: DocuSign Login - Enter your password to sign in
Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	Page Title: DocuSign Login - Enter your password to sign in

HTML page contains obfuscated javascript

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

HTTP Parser: (function(_0x55ea22,_0x53ecbc){var _0x875258=_0x55ea22();function _0x5717ac(_0x2d5147,_0x2fbfe1,_0x

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

HTTP Parser: Number of links: 0

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

HTTP Parser: Title: DocuSign Login - Enter your password to sign in does not match URL

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	HTTP Parser: On click: sendEmail()
Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	HTTP Parser: On click: sendEmail()

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	HTTP Parser: No <meta name="author".. found

Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:59517 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:50851 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /response_type.html HTTP/1.1Host: pub-5378e135058a4d2abb5385b53c4be7aa.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-5378e135058a4d2abb5385b53c4be7aa.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /response_type.html HTTP/1.1Host: pub-5378e135058a4d2abb5385b53c4be7aa.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev
Source: global traffic	DNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:43:30 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 8b9f94aeb97043f7-EWR

Source: chromecache_47.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_46.2.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_47.2.dr	String found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg
Source: chromecache_46.2.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 59523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59523
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/15@18/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2264,i,18158099608120486582,3765129246842329535,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2264,i,18158099608120486582,3765129246842329535,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	100%	Avira URL Cloud	phishing
http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://developers.cloudflare.com/r2/data-access/public-buckets/	0%	URL Reputation	safe
https://api.ipify.org/?format=json	0%	URL Reputation	safe
https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/favicon.ico	100%	Avira URL Cloud	phishing
https://logo.clearbit.com/	0%	Avira URL Cloud	safe
https://docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg	0%	Avira URL Cloud	safe
https://www.cloudflare.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d26p066pn2w0s0.cloudfront.net	13.32.27.44	true	false		unknown
pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev	104.18.3.35	true	false		unknown
www.google.com	142.250.186.68	true	false		unknown
api.ipify.org	104.26.12.205	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
docucdn-a.akamaihd.net	unknown	unknown	false		unknown
logo.clearbit.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	true		unknown
https://logo.clearbit.com/	false	Avira URL Cloud: safe	unknown
https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html	true		unknown
https://api.ipify.org/?format=json	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg	chromecache_47.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/favicon.ico	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.cloudflare.com/r2/data-access/public-buckets/	chromecache_46.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States		15169	GOOGLEUS	false
104.26.12.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false
104.18.3.35	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev	United States		13335	CLOUDFLARENETUS	false
104.18.2.35	unknown	United States		13335	CLOUDFLARENETUS	false
13.32.27.44	d26p066pn2w0s0.cloudfront.net	United States		7018	ATT-INTERNET4US	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
104.26.13.205	unknown	United States		13335	CLOUDFLARENETUS	false
172.217.16.196	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500176
Start date and time:	2024-08-28 00:42:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@17/15@18/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.184.206, 74.125.206.84, 34.104.35.123, 172.217.18.10, 2.21.72.133, 2.21.72.144, 142.250.186.74, 142.250.185.170, 216.58.212.170, 216.58.206.42, 172.217.16.202, 142.250.186.42, 142.250.185.138, 142.250.181.234, 142.250.186.106, 142.250.186.170, 216.58.206.74, 142.250.185.234, 142.250.185.202, 172.217.16.138, 142.250.184.234, 2.19.126.140, 2.19.126.135, 20.114.59.183, 2.19.126.137, 2.19.126.163, 192.229.221.95, 52.165.164.15, 13.95.31.18, 13.85.23.206, 20.242.39.171, 40.68.123.157, 216.58.206.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, docucdn-a.akamaihd.net.edgesuite.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, a1737.b.akamai.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27150
Entropy (8bit):	4.357340680151037
Encrypted:	false
SSDEEP:	384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3
MD5:	46DD133EE00DC1BAE5E4EEBA7B88432F
SHA1:	8AF86A4AC91CE48C062216FB94A6E1D57618A19B
SHA-256:	9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
SHA-512:	CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
Malicious:	false
Reputation:	low
URL:	https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (43589), with CRLF line terminators
Category:	downloaded
Size (bytes):	119774
Entropy (8bit):	5.275223652902517
Encrypted:	false
SSDEEP:	3072:PTA7VPukHsdNbDNIXaInzof7+qN1UbXA1GQ95GZM+O2:PTA7VGCsbbDNIBcz+qN1UbXA1zC6c
MD5:	6000538B14FC5D0DFEF73C0B12BCEB3F
SHA1:	21372C9333E57BBE0059E71C0E608C0B97868722
SHA-256:	24B1FE06F71D139D8630F0ED952463B8A55122416B813A981FD204597B96FAE0
SHA-512:	A6F52E27755498A9BE25F87B57419297350101335D490F87B79C996C60CDDC4989A3AF285BB8350FDC335F544DBE53EA08E5F9D092C816D192DD70FF26F16AF9
Malicious:	false
Reputation:	low
URL:	https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html
Preview:	<!DOCTYPE html> <html lang=en class=account-server>..<meta charset=utf-8>..<meta name=viewport content="initial-scale=1.0">..<title>DocuSign Login - Enter your password to sign in</title>....<style data-emotion=css data-single-filez-stylesheet=16>.account-server{height:100%}.site-content,#root{height:inherit}.account-server .site-content{background-color:#fff}.hide-accessible{position:absolute;width:0px;height:0px;left:-10000px}.ink-authentication{display:flex;flex-direction:column;min-height:100%}.ink-footer{flex-shrink:0}.ink-header{position:sticky;top:0;height:64px}.ink-body{background-color:#f7f6f7;overflow-y:auto;flex:1 0 auto}.ink-auth-main{padding:4rem 0;background-color:#fff;border:1px solid rgba(25,24,35,.1490196078);border-radius:.25rem}@media (max-width:1039px){.ink-body{background-color:#fff}.ink-auth-main{border:unset;border-radius:unset;padding:1.5rem 2rem}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}@media (min-width:600px) a

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.446439344671015
Encrypted:	false
SSDEEP:	3:YMb1gXMR4n:YMeXNn
MD5:	2E1E0B28D6E7522CB687E20D37BCD8AA
SHA1:	03D5EFE3719CAB433421C4D9BF6C73E0B8EB69E5
SHA-256:	124CE91528D8ACB894BDC980ABDDF035B38CDC64CE13F088D431E0B10D61FB24
SHA-512:	70BB31CA0F3907AB6B5860459643E422AAD6685F32D519C23E671CD46F29ABF2DB1F0C53E54313FF6FE7B54A75CDCA18A9232556B3273E6DB200BFCD22BA82BD
Malicious:	false
Reputation:	low
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"8.46.123.33"}

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HwT:QT
MD5:	344EB8D19F5C0A3435EF32FD9601F1FB
SHA1:	E082EB1D89D91CC1A25A1D510268E576109DA07E
SHA-256:	B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
SHA-512:	EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnPE5QKSGqd6hIFDc5BTHo=?alt=proto
Preview:	CgkKBw3OQUx6GgA=

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2544
Entropy (8bit):	4.082394839137138
Encrypted:	false
SSDEEP:	48:3B51f2CBBS9dRflogFJ5FJFipVHPW4OZJvlyPoLQzOd:3B51dBkFfmafuHGyeQzW
MD5:	440FE9F91FFEA5C808B75D74298423E7
SHA1:	C42C5C7B43EF49F1C1A3191EFD5624477E9CC549
SHA-256:	7C5E35B0C8299B8660A9C4F4393C7AF2CED0143540A1ECDF266D174B690B779B
SHA-512:	0483120687CB3130C1830A1FDBCCC82A2200D72552BE14FA3AE4B73899DE1576095B25C3B277B80206190580CA859F87CD38EEEB7AB29C1A49F79841B78D0068
Malicious:	false
Reputation:	low
URL:	https://docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg
Preview:	<svg width="114" height="24" xmlns="http://www.w3.org/2000/svg">. <g fill-rule="evenodd">. <path d="M7.35 15.897c3.586 0 4.987-2.184 4.987-5.933 0-3.743-1.638-6.352-4.882-6.352H3.827v12.285zM0 .341h7.933c5.04 0 8.28 4.064 8.28 9.623 0 3.061-1.03 5.75-3.01 7.413-1.396 1.155-3.212 1.817-5.585 1.817H0V.346zm27.274 12.101c0-2.635-1.239-4.426-3.423-4.426-2.216 0-3.428 1.79-3.428 4.426 0 2.64 1.207 4.41 3.428 4.41 2.184 0 3.423-1.77 3.423-4.41m-10.49 0c0-4.032 2.872-7.14 7.066-7.14 4.19 0 7.062 3.108 7.062 7.14 0 4.037-2.872 7.145-7.062 7.145-4.194 0-7.066-3.108-7.066-7.14m14.868-.005c0-4.032 2.635-7.14 6.752-7.14 3.501 0 5.67 2.026 6.142 4.956h-3.507a2.478 2.478 0 00-2.478-2.084c-2.163 0-3.27 1.659-3.27 4.268 0 2.562 1.028 4.274 3.218 4.274 1.448 0 2.477-.767 2.714-2.295h3.454c-.236 2.877-2.478 5.166-6.09 5.166-4.273 0-6.935-3.108-6.935-7.14m22.507 6.747v-1.58h-.084c-.924 1.238-1.98 1.947-3.88 1.947-3.003 0-4.693-1.921-4.693-4.877V5.67h3.56v8.41c0 1.58.713 2.452 2.241 2.452 1.69 0 2.72-

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.446439344671015
Encrypted:	false
SSDEEP:	3:YMb1gXMR4n:YMeXNn
MD5:	2E1E0B28D6E7522CB687E20D37BCD8AA
SHA1:	03D5EFE3719CAB433421C4D9BF6C73E0B8EB69E5
SHA-256:	124CE91528D8ACB894BDC980ABDDF035B38CDC64CE13F088D431E0B10D61FB24
SHA-512:	70BB31CA0F3907AB6B5860459643E422AAD6685F32D519C23E671CD46F29ABF2DB1F0C53E54313FF6FE7B54A75CDCA18A9232556B3273E6DB200BFCD22BA82BD
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.33"}

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	2544
Entropy (8bit):	4.082394839137138
Encrypted:	false
SSDEEP:	48:3B51f2CBBS9dRflogFJ5FJFipVHPW4OZJvlyPoLQzOd:3B51dBkFfmafuHGyeQzW
MD5:	440FE9F91FFEA5C808B75D74298423E7
SHA1:	C42C5C7B43EF49F1C1A3191EFD5624477E9CC549
SHA-256:	7C5E35B0C8299B8660A9C4F4393C7AF2CED0143540A1ECDF266D174B690B779B
SHA-512:	0483120687CB3130C1830A1FDBCCC82A2200D72552BE14FA3AE4B73899DE1576095B25C3B277B80206190580CA859F87CD38EEEB7AB29C1A49F79841B78D0068
Malicious:	false
Reputation:	low
Preview:	<svg width="114" height="24" xmlns="http://www.w3.org/2000/svg">. <g fill-rule="evenodd">. <path d="M7.35 15.897c3.586 0 4.987-2.184 4.987-5.933 0-3.743-1.638-6.352-4.882-6.352H3.827v12.285zM0 .341h7.933c5.04 0 8.28 4.064 8.28 9.623 0 3.061-1.03 5.75-3.01 7.413-1.396 1.155-3.212 1.817-5.585 1.817H0V.346zm27.274 12.101c0-2.635-1.239-4.426-3.423-4.426-2.216 0-3.428 1.79-3.428 4.426 0 2.64 1.207 4.41 3.428 4.41 2.184 0 3.423-1.77 3.423-4.41m-10.49 0c0-4.032 2.872-7.14 7.066-7.14 4.19 0 7.062 3.108 7.062 7.14 0 4.037-2.872 7.145-7.062 7.145-4.194 0-7.066-3.108-7.066-7.14m14.868-.005c0-4.032 2.635-7.14 6.752-7.14 3.501 0 5.67 2.026 6.142 4.956h-3.507a2.478 2.478 0 00-2.478-2.084c-2.163 0-3.27 1.659-3.27 4.268 0 2.562 1.028 4.274 3.218 4.274 1.448 0 2.477-.767 2.714-2.295h3.454c-.236 2.877-2.478 5.166-6.09 5.166-4.273 0-6.935-3.108-6.935-7.14m22.507 6.747v-1.58h-.084c-.924 1.238-1.98 1.947-3.88 1.947-3.003 0-4.693-1.921-4.693-4.877V5.67h3.56v8.41c0 1.58.713 2.452 2.241 2.452 1.69 0 2.72-

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 00:43:22.575172901 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 28, 2024 00:43:24.257581949 CEST	49735	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:24.257862091 CEST	49736	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:24.264235020 CEST	80	49735	104.18.3.35	192.168.2.4
Aug 28, 2024 00:43:24.264246941 CEST	80	49736	104.18.3.35	192.168.2.4
Aug 28, 2024 00:43:24.264333963 CEST	49735	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:24.264333963 CEST	49736	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:24.264517069 CEST	49736	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:24.271131992 CEST	80	49736	104.18.3.35	192.168.2.4
Aug 28, 2024 00:43:24.752881050 CEST	80	49736	104.18.3.35	192.168.2.4
Aug 28, 2024 00:43:24.782385111 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:24.782447100 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:24.782650948 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:24.782932043 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:24.782951117 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:24.796916008 CEST	49736	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:25.265198946 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.265494108 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.265512943 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.266535044 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.266644955 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.267654896 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.267719030 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.267848969 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.267855883 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.308407068 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.636571884 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.636630058 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.636670113 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.636672020 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.636683941 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.636728048 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.636733055 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.637140989 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.637198925 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.637200117 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.637208939 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.637238026 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.637697935 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.643003941 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.643038034 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.643049955 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.643054962 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.643111944 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.643125057 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.683336973 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.727011919 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727111101 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727140903 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727164984 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.727173090 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727219105 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.727225065 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727787971 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727829933 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.727835894 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727900982 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727926970 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727938890 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.727942944 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.727987051 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.728698969 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.728780985 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.728816032 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.728821993 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.728826046 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.728866100 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.728869915 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.729674101 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.729717970 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.729722977 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.729727983 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.729772091 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.729774952 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.729826927 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.729865074 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.729870081 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.730598927 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.730643988 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.730648994 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.769140959 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.769200087 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.769207001 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.809838057 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.817393064 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.817584038 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.817627907 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.817639112 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818128109 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818135023 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818181992 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.818186998 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818274021 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818310976 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818316936 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.818320990 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.818348885 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.819047928 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819093943 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.819101095 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819116116 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819144011 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.819149017 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819160938 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.819844961 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819884062 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819885015 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.819895029 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.819925070 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.820693016 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.820729971 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.820738077 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.820745945 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.820766926 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.821600914 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.821633101 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.821650028 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.821655035 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.821682930 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.822326899 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.822381020 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.822387934 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.822433949 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.822474003 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.822527885 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.823143959 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.823201895 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.908020973 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.908072948 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.908082008 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.908097029 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.908140898 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:25.908145905 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.908195019 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:25.908236027 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:26.244185925 CEST	49737	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:26.244206905 CEST	443	49737	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:26.444097996 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:26.444119930 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:26.444281101 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:26.444729090 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:26.444742918 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:27.092658997 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:27.092927933 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:27.092957020 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:27.093905926 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:27.093966007 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:27.191678047 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:27.191770077 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:27.240350008 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:27.240365028 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:27.293801069 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:27.992883921 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:27.992925882 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:27.993046999 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:27.993654013 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:27.993668079 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:28.069484949 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:28.069525003 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.069641113 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:28.073596001 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:28.073616028 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.504918098 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:28.549550056 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:28.675740957 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:28.675751925 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:28.679450035 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:28.679510117 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:28.726430893 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.726500988 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:28.729758024 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:28.729773045 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.730118990 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.773014069 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:28.820497990 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.991936922 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:28.992223024 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:28.994620085 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:28.994637966 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:28.999346018 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.999481916 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:28.999551058 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.008538008 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.008550882 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:29.010536909 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:29.010552883 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.010695934 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:29.011837006 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:29.011851072 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.034719944 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:29.051867962 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.051919937 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.052006006 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.052587032 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.052603006 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.107213020 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:29.107397079 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:29.107664108 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:29.181054115 CEST	49743	443	192.168.2.4	104.26.12.205
Aug 28, 2024 00:43:29.181075096 CEST	443	49743	104.26.12.205	192.168.2.4
Aug 28, 2024 00:43:29.218144894 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.218184948 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:29.218257904 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.218781948 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.218796015 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:29.271428108 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.271457911 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.271517992 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.272310972 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.272325039 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.637365103 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.638139009 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:29.638185978 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.638875008 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.639450073 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:29.639517069 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.639872074 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:29.680515051 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:29.746542931 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.761271000 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.761291981 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.762803078 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.762924910 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.793970108 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.815959930 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.816060066 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.816561937 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.816593885 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.817008972 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.817028046 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.817843914 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.817903996 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.870470047 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:29.870552063 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.871460915 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.920872927 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.921098948 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.922307014 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.922323942 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:29.924753904 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.924767017 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:29.925618887 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:29.927850008 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.927922010 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:29.928010941 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:29.933804035 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:29.965189934 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:29.980500937 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:30.019191980 CEST	49752	443	192.168.2.4	104.26.13.205
Aug 28, 2024 00:43:30.019227982 CEST	443	49752	104.26.13.205	192.168.2.4
Aug 28, 2024 00:43:30.068290949 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.068445921 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.068505049 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.068531036 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.068556070 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.068558931 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.068591118 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.068614006 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.068646908 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.068994999 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.069078922 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.069132090 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.069139957 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.069870949 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.069922924 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.069930077 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.073103905 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.073158026 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.073168039 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.121448994 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.144979954 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:30.145056009 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:30.145121098 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:30.146755934 CEST	49749	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:43:30.146779060 CEST	443	49749	184.28.90.27	192.168.2.4
Aug 28, 2024 00:43:30.155740976 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.155855894 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.155904055 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.155926943 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156002998 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156148911 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.156158924 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156316042 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156347990 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156362057 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.156369925 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156408072 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.156447887 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.156486988 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.159945965 CEST	49746	443	192.168.2.4	104.18.2.35
Aug 28, 2024 00:43:30.159965038 CEST	443	49746	104.18.2.35	192.168.2.4
Aug 28, 2024 00:43:30.259202957 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:30.259258986 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:30.259314060 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:30.270512104 CEST	49748	443	192.168.2.4	13.32.27.44
Aug 28, 2024 00:43:30.270546913 CEST	443	49748	13.32.27.44	192.168.2.4
Aug 28, 2024 00:43:36.985558033 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:36.985627890 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:36.985675097 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:36.991868973 CEST	49742	443	192.168.2.4	142.250.186.68
Aug 28, 2024 00:43:36.991883993 CEST	443	49742	142.250.186.68	192.168.2.4
Aug 28, 2024 00:43:39.624805927 CEST	80	49735	104.18.3.35	192.168.2.4
Aug 28, 2024 00:43:39.634110928 CEST	49735	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:39.718713999 CEST	50851	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:39.723617077 CEST	53	50851	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:39.723762989 CEST	50851	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:39.723846912 CEST	50851	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:39.728713989 CEST	53	50851	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:40.174268961 CEST	53	50851	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:40.181168079 CEST	50851	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:40.187735081 CEST	53	50851	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:40.187793970 CEST	50851	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:40.697030067 CEST	49723	80	192.168.2.4	199.232.214.172
Aug 28, 2024 00:43:40.704269886 CEST	80	49723	199.232.214.172	192.168.2.4
Aug 28, 2024 00:43:40.704329014 CEST	49723	80	192.168.2.4	199.232.214.172
Aug 28, 2024 00:43:40.917061090 CEST	49735	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:43:40.924257994 CEST	80	49735	104.18.3.35	192.168.2.4
Aug 28, 2024 00:43:42.187385082 CEST	59517	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:42.192228079 CEST	53	59517	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:42.192300081 CEST	59517	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:42.192331076 CEST	59517	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:42.197083950 CEST	53	59517	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:42.639585972 CEST	53	59517	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:42.639936924 CEST	59517	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:42.645071983 CEST	53	59517	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:42.645150900 CEST	59517	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:44:09.762913942 CEST	49736	80	192.168.2.4	104.18.3.35
Aug 28, 2024 00:44:09.767724037 CEST	80	49736	104.18.3.35	192.168.2.4
Aug 28, 2024 00:44:26.511337042 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:26.511379004 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:26.512677908 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:26.513855934 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:26.513870001 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:27.145971060 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:27.146337032 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:27.146361113 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:27.146673918 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:27.147042036 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:27.147097111 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:27.200442076 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:30.066375971 CEST	49724	80	192.168.2.4	199.232.214.172
Aug 28, 2024 00:44:30.072422981 CEST	80	49724	199.232.214.172	192.168.2.4
Aug 28, 2024 00:44:30.072469950 CEST	49724	80	192.168.2.4	199.232.214.172
Aug 28, 2024 00:44:37.068432093 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:37.069166899 CEST	443	59523	172.217.16.196	192.168.2.4
Aug 28, 2024 00:44:37.069327116 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:38.923311949 CEST	59523	443	192.168.2.4	172.217.16.196
Aug 28, 2024 00:44:38.923341036 CEST	443	59523	172.217.16.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 00:43:22.660123110 CEST	53	65383	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:22.678472996 CEST	53	58488	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:23.760358095 CEST	53	61623	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:24.246130943 CEST	63971	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:24.246500969 CEST	51843	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:24.256980896 CEST	53	51843	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:24.257122993 CEST	53	63971	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:24.756062031 CEST	59948	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:24.756207943 CEST	51185	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:24.767034054 CEST	53	59948	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:24.785346985 CEST	53	51185	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:26.241034985 CEST	61084	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:26.241547108 CEST	50551	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:26.253751040 CEST	53	63522	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:26.435743093 CEST	60672	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:26.436463118 CEST	57871	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:26.442459106 CEST	53	60672	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:26.443003893 CEST	53	57871	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:27.984560013 CEST	59145	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:27.985094070 CEST	59002	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:27.991343021 CEST	53	59145	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:27.991493940 CEST	53	59002	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:27.993139982 CEST	53	63087	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:29.007760048 CEST	51509	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:29.008074999 CEST	60849	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:29.015381098 CEST	53	60849	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:29.036066055 CEST	53	51509	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:29.220695972 CEST	53	51592	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:29.224046946 CEST	52683	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:29.224442959 CEST	55825	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:29.262154102 CEST	51105	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:29.262527943 CEST	57715	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:43:29.269164085 CEST	53	51105	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:29.269320011 CEST	53	57715	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:39.717957973 CEST	53	50855	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:41.639669895 CEST	138	138	192.168.2.4	192.168.2.255
Aug 28, 2024 00:43:41.986743927 CEST	53	50883	1.1.1.1	192.168.2.4
Aug 28, 2024 00:43:42.186899900 CEST	53	54291	1.1.1.1	192.168.2.4
Aug 28, 2024 00:44:01.024763107 CEST	53	60994	1.1.1.1	192.168.2.4
Aug 28, 2024 00:44:22.518213034 CEST	53	63047	1.1.1.1	192.168.2.4
Aug 28, 2024 00:44:23.534277916 CEST	53	53674	1.1.1.1	192.168.2.4
Aug 28, 2024 00:44:26.498648882 CEST	63579	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:44:26.498648882 CEST	60862	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:44:26.509922028 CEST	53	60862	1.1.1.1	192.168.2.4
Aug 28, 2024 00:44:26.509927034 CEST	53	63579	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 28, 2024 00:43:24.785425901 CEST	192.168.2.4	1.1.1.1	c241	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 28, 2024 00:43:24.246130943 CEST	192.168.2.4	1.1.1.1	0x2fde	Standard query (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:24.246500969 CEST	192.168.2.4	1.1.1.1	0xe4dd	Standard query (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev	65	IN (0x0001)	false
Aug 28, 2024 00:43:24.756062031 CEST	192.168.2.4	1.1.1.1	0x6414	Standard query (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:24.756207943 CEST	192.168.2.4	1.1.1.1	0x53da	Standard query (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev	65	IN (0x0001)	false
Aug 28, 2024 00:43:26.241034985 CEST	192.168.2.4	1.1.1.1	0x9ce9	Standard query (0)	docucdn-a.akamaihd.net	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:26.241547108 CEST	192.168.2.4	1.1.1.1	0x1298	Standard query (0)	docucdn-a.akamaihd.net	65	IN (0x0001)	false
Aug 28, 2024 00:43:26.435743093 CEST	192.168.2.4	1.1.1.1	0xa758	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:26.436463118 CEST	192.168.2.4	1.1.1.1	0x8edb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 28, 2024 00:43:27.984560013 CEST	192.168.2.4	1.1.1.1	0x1036	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:27.985094070 CEST	192.168.2.4	1.1.1.1	0xb98f	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Aug 28, 2024 00:43:29.007760048 CEST	192.168.2.4	1.1.1.1	0xec7b	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.008074999 CEST	192.168.2.4	1.1.1.1	0x7095	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Aug 28, 2024 00:43:29.224046946 CEST	192.168.2.4	1.1.1.1	0x5278	Standard query (0)	docucdn-a.akamaihd.net	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.224442959 CEST	192.168.2.4	1.1.1.1	0x745a	Standard query (0)	docucdn-a.akamaihd.net	65	IN (0x0001)	false
Aug 28, 2024 00:43:29.262154102 CEST	192.168.2.4	1.1.1.1	0xc933	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.262527943 CEST	192.168.2.4	1.1.1.1	0x58	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Aug 28, 2024 00:44:26.498648882 CEST	192.168.2.4	1.1.1.1	0x44f2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 28, 2024 00:44:26.498648882 CEST	192.168.2.4	1.1.1.1	0x582b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 28, 2024 00:43:24.257122993 CEST	1.1.1.1	192.168.2.4	0x2fde	No error (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:24.257122993 CEST	1.1.1.1	192.168.2.4	0x2fde	No error (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:24.767034054 CEST	1.1.1.1	192.168.2.4	0x6414	No error (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:24.767034054 CEST	1.1.1.1	192.168.2.4	0x6414	No error (0)	pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:26.267755032 CEST	1.1.1.1	192.168.2.4	0x1298	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:26.291805983 CEST	1.1.1.1	192.168.2.4	0x9ce9	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:26.442459106 CEST	1.1.1.1	192.168.2.4	0xa758	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:26.443003893 CEST	1.1.1.1	192.168.2.4	0x8edb	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 28, 2024 00:43:27.991343021 CEST	1.1.1.1	192.168.2.4	0x1036	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:27.991343021 CEST	1.1.1.1	192.168.2.4	0x1036	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:27.991343021 CEST	1.1.1.1	192.168.2.4	0x1036	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:27.991493940 CEST	1.1.1.1	192.168.2.4	0xb98f	No error (0)	api.ipify.org			65	IN (0x0001)	false
Aug 28, 2024 00:43:29.015381098 CEST	1.1.1.1	192.168.2.4	0x7095	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:29.036066055 CEST	1.1.1.1	192.168.2.4	0xec7b	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:29.036066055 CEST	1.1.1.1	192.168.2.4	0xec7b	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.44	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.036066055 CEST	1.1.1.1	192.168.2.4	0xec7b	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.14	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.036066055 CEST	1.1.1.1	192.168.2.4	0xec7b	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.129	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.036066055 CEST	1.1.1.1	192.168.2.4	0xec7b	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.77	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.248312950 CEST	1.1.1.1	192.168.2.4	0x5278	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:29.256040096 CEST	1.1.1.1	192.168.2.4	0x745a	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:29.269164085 CEST	1.1.1.1	192.168.2.4	0xc933	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.269164085 CEST	1.1.1.1	192.168.2.4	0xc933	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.269164085 CEST	1.1.1.1	192.168.2.4	0xc933	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:43:29.269320011 CEST	1.1.1.1	192.168.2.4	0x58	No error (0)	api.ipify.org			65	IN (0x0001)	false
Aug 28, 2024 00:43:36.994373083 CEST	1.1.1.1	192.168.2.4	0xd142	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:43:36.994373083 CEST	1.1.1.1	192.168.2.4	0xd142	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:44:26.509922028 CEST	1.1.1.1	192.168.2.4	0x582b	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:44:26.509927034 CEST	1.1.1.1	192.168.2.4	0x44f2	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev

api.ipify.org

logo.clearbit.com

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.18.3.35	80	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Aug 28, 2024 00:43:24.264517069 CEST	476	OUT	GET /response_type.html HTTP/1.1 Host: pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 28, 2024 00:43:24.752881050 CEST	532	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 27 Aug 2024 22:43:24 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Tue, 27 Aug 2024 23:43:24 GMT Location: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html Vary: Accept-Encoding Server: cloudflare CF-RAY: 8b9f948f49ce4235-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Aug 28, 2024 00:44:09.762913942 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	104.18.2.35	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:25 UTC	704	OUT	GET /response_type.html HTTP/1.1 Host: pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:43:25 UTC	284	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:43:25 GMT Content-Type: text/html Content-Length: 119774 Connection: close Accept-Ranges: bytes ETag: "6000538b14fc5d0dfef73c0b12bceb3f" Last-Modified: Mon, 15 Apr 2024 01:30:05 GMT Server: cloudflare CF-RAY: 8b9f94934d259e05-EWR
2024-08-27 22:43:25 UTC	1085	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 20 63 6c 61 73 73 3d 61 63 63 6f 75 6e 74 2d 73 65 72 76 65 72 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 53 69 67 6e 20 4c 6f 67 69 6e 20 2d 20 45 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 20 74 6f 20 73 69 67 6e 20 69 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 65 6d 6f 74 69 6f 6e 3d 63 73 73 20 64 61 74 61 2d 73 69 6e 67 6c 65 2d 66 69 6c 65 7a 2d 73 74 79 6c 65 73 68 65 65 74 3d 31 36 3e 2e 61 63 63 6f 75 6e 74 Data Ascii: <!DOCTYPE html> <html lang=en class=account-server><meta charset=utf-8><meta name=viewport content="initial-scale=1.0"><title>DocuSign Login - Enter your password to sign in</title><style data-emotion=css data-single-filez-stylesheet=16>.account
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 70 78 29 7b 2e 69 6e 6b 2d 62 6f 64 79 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 30 30 70 78 29 7b 2e 69 6e 6b 2d 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 7d 2e 69 6e 6b 2d 70 61 67 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 72 65 6d 7d 2e 69 6e 6b 2d 73 65 63 6f 6e 64 61 72 79 2d 62 Data Ascii: px){.ink-body{justify-content:center}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}.ink-page-title{margin-bottom:1rem}.ink-form-unit{margin-top:1.5rem}.ink-form-unit:first-child{margin-top:2rem}.ink-secondary-b
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 44 53 49 6e 64 69 67 6f 22 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 7d 2e 63 73 73 2d 37 30 71 76 6a 39 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 61 6c 69 67 Data Ascii: t-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}*,::after,::before{box-sizing:inherit}@font-face{font-family:"DSIndigo";font-style:normal;font-weight:400;}.css-70qvj9{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;-webkit-alig
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 63 73 73 2d 35 31 66 6f 6e 62 2d 48 45 41 44 45 52 5f 41 50 50 5f 44 45 53 43 52 49 50 54 49 4f 4e 5f 4e 4f 4e 5f 50 52 4f 44 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 72 67 62 61 28 31 37 2c 31 36 2c 32 35 2c 30 2e 36 29 20 73 6f 6c 69 64 20 32 70 78 3b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 38 70 78 7d 2e 63 73 73 2d 6a 79 34 79 36 70 2d 48 45 41 44 45 52 5f 42 41 52 5f 4d 49 44 44 4c 45 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 30 70 78 20 38 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 Data Ascii: r;align-items:center}.css-51fonb-HEADER_APP_DESCRIPTION_NON_PROD:focus{outline:rgba(17,16,25,0.6) solid 2px;outline-offset:8px}.css-jy4y6p-HEADER_BAR_MIDDLE{display:flex;-webkit-box-pack:center;justify-content:center;margin:0px 8px;-webkit-box-align:cente
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 6c 6f 72 3a 72 67 62 61 28 32 35 2c 32 34 2c 33 35 2c 30 2e 39 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 7d 2e 63 73 73 2d 6a 71 32 6e 75 76 3a 66 6f 63 75 73 7b 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 39 32 2c 32 31 31 29 7d 2e 63 73 73 2d 6a 71 32 6e 75 76 3a 66 6f 63 75 73 3a 6e 6f 74 28 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 29 7b 6f 75 74 6c 69 6e 65 3a 30 70 78 7d 2e 63 73 73 2d 6a 71 32 6e 75 76 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c Data Ascii: lor:rgba(25,24,35,0.9);-webkit-box-align:center;align-items:center;display:inline-flex;text-decoration:none;height:40px;line-height:40px}.css-jq2nuv:focus{color:rgb(0,92,211)}.css-jq2nuv:focus:not(:focus-visible){outline:0px}.css-jq2nuv:focus-visible{outl
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 7d 2e 63 73 73 2d 69 6d 6c 78 6f 72 7b 63 6f 6c 6f 72 3a 72 67 62 28 32 31 32 2c 34 31 2c 38 33 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 2e 63 73 73 2d 6b 30 30 38 71 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 63 73 73 2d 7a 75 66 77 67 6f 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 28 32 35 35 2c 32 35 35 2c 32 35 35 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 32 35 2c 32 34 2c 33 35 2c 30 2e 36 35 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 77 69 64 74 68 3a 31 30 30 25 3b 6f 75 74 6c 69 6e 65 3a 74 72 61 6e 73 70 61 72 65 6e 74 20 73 6f 6c 69 64 20 31 70 78 3b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 Data Ascii: }.css-imlxor{color:rgb(212,41,83);padding-left:8px;font-weight:600}.css-k008qs{display:flex}.css-zufwgo{display:flex;background:rgb(255,255,255);border:1px solid rgba(25,24,35,0.65);border-radius:2px;width:100%;outline:transparent solid 1px;outline-offset
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 74 68 3a 31 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 44 53 20 49 6e 64 69 67 6f 22 2c 44 53 49 6e 64 69 67 6f 2c 22 4e 65 75 65 20 48 61 61 73 20 47 72 6f 74 65 73 6b 22 2c 4e 65 75 65 48 61 61 73 47 72 6f 74 65 73 6b 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 6d 61 72 67 69 6e 3a 30 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 Data Ascii: th:1px;cursor:pointer;display:inline-flex;font-family:"DS Indigo",DSIndigo,"Neue Haas Grotesk",NeueHaasGrotesk,Helvetica,Arial,sans-serif;-webkit-box-pack:center;justify-content:center;letter-spacing:normal;margin:0px;overflow:visible;position:relative;te
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 3a 72 67 62 28 30 2c 31 30 35 2c 32 33 36 29 3b 6f 70 61 63 69 74 79 3a 30 2e 32 35 7d 2e 63 73 73 2d 31 6d 35 6f 39 32 75 3a 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 31 30 35 2c 32 33 36 29 3b 6f 70 61 63 69 74 79 3a 30 2e 32 35 7d 40 6d 65 64 69 61 20 28 68 6f 76 65 72 3a 6e 6f 6e 65 29 20 61 6e 64 20 28 70 6f 69 6e 74 65 72 3a 63 6f 61 72 73 65 29 7b 2e 63 73 73 2d 31 6d 35 6f 39 32 75 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 38 70 78 7d 7d 2e 63 73 73 2d 31 69 78 62 70 30 6c 7b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 7d 2e 63 73 73 2d 73 78 7a 68 71 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: :rgb(0,105,236);opacity:0.25}.css-1m5o92u:disabled:hover{background-color:rgb(0,105,236);opacity:0.25}@media (hover:none) and (pointer:coarse){.css-1m5o92u{min-height:48px}}.css-1ixbp0l{pointer-events:none}.css-sxzhqn{background:none;border:none;border-ra
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 73 73 2d 73 78 7a 68 71 6e 3a 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 72 67 62 28 31 35 33 2c 31 35 33 2c 31 35 33 29 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 73 73 2d 73 78 7a 68 71 6e 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 72 67 62 28 30 2c 32 32 2c 36 33 29 7d 40 6d 65 64 69 61 20 28 68 6f 76 65 72 3a 6e 6f 6e 65 29 20 61 6e 64 20 28 70 6f 69 6e 74 65 72 3a 63 6f 61 72 73 65 29 7b 2e 63 73 73 2d 73 78 7a 68 71 6e 7b 68 65 69 67 68 74 3a 34 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 38 70 78 7d 7d 2e 63 73 73 2d 31 6f 36 32 71 6f 36 2d 46 4f 4f 54 45 52 5f 43 4f 4e 54 41 Data Ascii: ;cursor:default;text-decoration:none}.css-sxzhqn:disabled:hover{color:rgb(153,153,153);text-decoration:none}.css-sxzhqn:visited{color:rgb(0,22,63)}@media (hover:none) and (pointer:coarse){.css-sxzhqn{height:48px;line-height:48px}}.css-1o62qo6-FOOTER_CONTA
2024-08-27 22:43:25 UTC	1369	IN	Data Raw: 55 54 54 4f 4e 20 62 75 74 74 6f 6e 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 30 70 78 20 30 70 78 20 36 70 78 7d 2e 63 73 73 2d 33 33 69 79 76 35 2d 46 4f 4f 54 45 52 5f 4c 41 4e 47 5f 53 45 4c 45 43 54 5f 49 4e 4b 5f 42 55 54 54 4f 4e 20 62 75 74 74 6f 6e 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 32 29 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 70 78 7d 2e 63 73 73 2d 31 32 62 6b 6a 32 74 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 Data Ascii: UTTON button{display:flex;font-size:10px;line-height:12px;margin-right:10px;min-height:inherit;padding:0px 0px 0px 6px}.css-33iyv5-FOOTER_LANG_SELECT_INK_BUTTON button span:nth-of-type(2){margin-top:-2px;margin-left:2px}.css-12bkj2t{-webkit-box-align:cent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 22:43:28 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=61018 Date: Tue, 27 Aug 2024 22:43:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	104.26.12.205	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:28 UTC	589	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:43:29 UTC	249	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:43:29 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8b9f94aa8f728cbf-EWR
2024-08-27 22:43:29 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d Data Ascii: {"ip":"8.46.123.33"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	104.18.2.35	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:29 UTC	579	OUT	GET /favicon.ico HTTP/1.1 Host: pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:43:30 UTC	180	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 22:43:30 GMT Content-Type: text/html Content-Length: 27150 Connection: close Server: cloudflare CF-RAY: 8b9f94aeb97043f7-EWR
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 73 76 67 20 3e 20 2e 65 79 65 2d 31 20 7b 0a 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 65 79 65 2d 31 20 33 73 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 73 76 67 20 3e 20 2e 65 79 65 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 65 79 65 2d 32 20 33 73 20 30 2e 36 73 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a Data Ascii: teX(0); } 100% { transform: translateX(0px); } } svg > .eye-1 { animation: eye-1 3s infinite; } svg > .eye-2 { animation: eye-2 3s 0.6s infinite; } h1 { font-siz
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 0a 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 34 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 31 34 20 32 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 0a 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: a > </p> </div> </section> <section> <svg width="414" height="212" viewBox="0 0 414 212" fill="none" xmlns="http://www.w3.org/2000/svg" >
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 32 2e 36 39 32 20 31 30 2e 32 33 34 37 48 31 32 36 2e 34 30 32 56 32 34 2e 30 33 34 35 48 31 32 32 2e 36 39 32 56 31 30 2e 32 33 34 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 38 35 2e 36 37 37 35 20 35 37 2e Data Ascii: 34C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC" /> <path d="M122.692 10.2347H126.402V24.0345H122.692V10.2347Z" fill="#0055DC" /> <path d="M85.6775 57.
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31 33 36 2e 31 37 36 20 31 31 33 2e 32 38 31 20 31 33 36 2e 37 30 34 20 31 31 34 2e 35 35 35 20 31 33 37 2e 36 34 33 20 31 31 35 2e 34 39 34 43 31 33 38 2e 35 38 32 20 31 31 36 2e 34 33 33 20 31 33 39 2e 38 35 36 20 31 31 36 2e 39 36 31 20 31 34 31 2e 31 38 34 20 31 31 36 2e 39 36 31 43 31 34 31 2e 38 34 32 20 31 31 36 2e 39 36 32 20 31 34 32 2e 34 39 34 20 31 31 36 2e 38 33 33 20 31 34 33 2e 31 30 33 20 31 31 36 2e 35 38 32 43 31 34 33 2e 37 31 31 20 31 31 36 2e 33 33 31 20 31 34 34 2e 32 36 34 20 31 31 35 2e 39 36 32 20 31 34 34 2e 37 Data Ascii: ll="#0055DC" /> <path d="M136.176 111.953C136.176 113.281 136.704 114.555 137.643 115.494C138.582 116.433 139.856 116.961 141.184 116.961C141.842 116.962 142.494 116.833 143.103 116.582C143.711 116.331 144.264 115.962 144.7
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31 31 33 2e 38 37 32 43 31 30 34 2e 30 31 38 20 31 31 34 2e 34 38 20 31 30 34 2e 33 38 37 20 31 31 35 2e 30 33 32 20 31 30 34 2e 38 35 33 20 31 31 35 2e 34 39 37 43 31 30 35 2e 33 31 39 20 31 31 35 2e 39 36 32 20 31 30 35 2e 38 37 32 20 31 31 36 2e 33 33 31 20 31 30 36 2e 34 38 31 20 31 31 36 2e 35 38 32 43 31 30 37 2e 30 38 39 20 31 31 36 2e 38 33 33 20 31 30 37 2e 37 34 31 20 31 31 36 2e 39 36 32 20 31 30 38 2e 33 39 39 20 31 31 36 2e 39 36 31 43 31 30 39 2e 37 32 38 20 31 31 36 2e 39 36 31 20 31 31 31 2e 30 30 31 20 31 31 36 2e 34 33 Data Ascii: h d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 113.872C104.018 114.48 104.387 115.032 104.853 115.497C105.319 115.962 105.872 116.331 106.481 116.582C107.089 116.833 107.741 116.962 108.399 116.961C109.728 116.961 111.001 116.43
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 38 2e 38 32 31 20 34 38 2e 39 35 31 36 43 31 30 34 2e 30 32 34 20 34 38 2e 39 35 31 36 20 31 30 30 2e 31 33 35 20 34 35 2e 30 36 32 37 20 31 30 30 2e 31 33 35 20 34 30 2e 32 36 35 35 43 31 30 30 2e 31 33 35 20 33 35 2e 34 36 38 34 20 31 30 34 2e 30 32 34 20 33 31 2e 35 37 39 35 20 31 30 38 2e 38 32 31 20 33 31 2e 35 37 39 35 43 31 31 33 2e 36 31 38 20 33 31 2e 35 37 39 35 20 31 31 37 2e 35 30 37 20 33 35 Data Ascii: 0055DC" stroke-width="2" stroke-miterlimit="10" /> <path d="M108.821 48.9516C104.024 48.9516 100.135 45.0627 100.135 40.2655C100.135 35.4684 104.024 31.5795 108.821 31.5795C113.618 31.5795 117.507 35
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 43 31 30 37 2e 37 31 37 20 33 38 2e 31 32 35 20 31 30 37 2e 32 37 34 20 33 39 2e 31 39 32 31 20 31 30 37 2e 32 37 31 20 34 30 2e 33 30 35 35 56 34 30 2e 33 30 35 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 38 34 2e 38 39 31 38 20 31 32 37 2e 35 38 31 48 31 36 34 2e 39 36 37 43 31 37 33 2e 33 34 35 20 31 32 37 2e 35 38 31 20 31 38 30 2e 31 33 37 20 31 33 34 2e 33 37 31 20 31 38 30 2e 31 33 37 20 31 34 32 2e 37 34 37 43 31 38 30 2e 31 33 37 20 31 35 31 2e 31 32 33 20 31 37 33 2e 33 34 35 20 31 35 37 2e 39 31 33 20 31 36 34 2e 39 36 37 20 31 35 37 2e 39 31 33 48 38 34 2e 38 39 Data Ascii: C107.717 38.125 107.274 39.1921 107.271 40.3055V40.3055Z" fill="#6ECCE5" /> <path d="M84.8918 127.581H164.967C173.345 127.581 180.137 134.371 180.137 142.747C180.137 151.123 173.345 157.913 164.967 157.913H84.89
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 2d 6d 6f 64 65 3a 20 6d 75 6c 74 69 70 6c 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 30 37 34 20 31 34 32 2e 38 33 31 43 31 30 33 2e 30 33 38 20 31 34 35 2e 33 39 35 20 31 30 34 2e 30 32 31 20 31 34 37 2e 38 36 39 20 31 30 35 2e 38 30 38 20 31 34 39 2e 37 30 39 43 31 30 37 2e 35 39 35 20 31 35 31 2e 35 34 39 20 31 31 30 2e 30 33 39 20 31 35 32 2e 36 30 33 20 31 31 32 2e 36 30 34 20 31 35 32 2e 36 34 31 43 31 31 35 2e 31 36 38 20 31 35 32 2e 36 30 33 20 31 31 37 2e 36 31 33 20 31 35 31 2e 35 34 39 20 31 31 39 2e 34 20 31 34 39 2e 37 30 39 43 31 32 31 2e 31 38 37 20 31 34 37 2e 38 36 39 20 31 32 32 2e 31 37 20 31 34 35 2e 33 39 35 20 31 32 32 2e 31 33 34 20 31 34 32 2e Data Ascii: -mode: multiply"> <path d="M103.074 142.831C103.038 145.395 104.021 147.869 105.808 149.709C107.595 151.549 110.039 152.603 112.604 152.641C115.168 152.603 117.613 151.549 119.4 149.709C121.187 147.869 122.17 145.395 122.134 142.
2024-08-27 22:43:30 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 38 37 2e 30 31 34 31 48 31 34 32 2e 31 37 37 56 39 31 2e 31 30 38 39 48 31 33 37 2e 30 38 37 56 38 37 2e 30 31 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 38 37 2e 30 31 34 31 48 31 33 34 2e 39 33 34 56 39 31 2e 31 30 38 39 48 31 32 39 2e 38 35 32 56 38 37 2e 30 31 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: fill="#0055DC" /> <path d="M137.087 87.0141H142.177V91.1089H137.087V87.0141Z" fill="#0055DC" /> <path d="M129.852 87.0141H134.934V91.1089H129.852V87.0141Z"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49752	104.26.13.205	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:29 UTC	349	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:43:29 UTC	217	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:43:29 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8b9f94afa9d60cbe-EWR
2024-08-27 22:43:29 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d Data Ascii: {"ip":"8.46.123.33"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	13.32.27.44	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:29 UTC	541	OUT	GET / HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:43:30 UTC	494	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Content-Length: 23 Connection: close Date: Tue, 27 Aug 2024 22:43:30 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Error from cloudfront Via: 1.1 0d5d2d408eb42296c7636196e25ef8a2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-C2 X-Amz-Cf-Id: MfY-oS1CUrnBtNTsx3C9ab6Y3raDdVr7fV-2i0ZBF69EIxQfLDBvSw==
2024-08-27 22:43:30 UTC	23	IN	Data Raw: 22 2f 22 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 64 6f 6d 61 69 6e 0a Data Ascii: "/" not a valid domain

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:43:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 22:43:30 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=64930 Date: Tue, 27 Aug 2024 22:43:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-27 22:43:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2996, Parent PID: 1800

General

Target ID:	0
Start time:	18:43:18
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4108, Parent PID: 2996

General

Target ID:	2
Start time:	18:43:20
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2264,i,18158099608120486582,3765129246842329535,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6448, Parent PID: 1800

General

Target ID:	3
Start time:	18:43:23
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-5378e135058a4d2abb5385b53c4be7aa.r2.dev/response_type.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly