Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E

Overview

General Information

Sample URL:https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E
Analysis ID:1500941
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
Detected suspicious crossdomain redirect

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2192,i,10110161044368454811,7874456063879550184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1ESlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://l4wjyimk.zone.investir-sur-mesure.fr/previewAvira URL Cloud: Label: malware
Source: https://l4wjyimk.zone.investir-sur-mesure.fr/?_js=_1Avira URL Cloud: Label: malware
Source: https://l4wjyimk.zone.investir-sur-mesure.fr/?_r=Avira URL Cloud: Label: malware
Source: http://l4wjyimk.zone.investir-sur-mesure.fr/favicon.icoAvira URL Cloud: Label: malware
Source: https://l4wjyimk.zone.investir-sur-mesure.fr/favicon.icoAvira URL Cloud: Label: malware
Source: http://l4wjyimk.zone.investir-sur-mesure.fr/preview/HTTP Parser: No favicon
Source: http://l4wjyimk.zone.investir-sur-mesure.fr/preview/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: trk.pmifunds.com to http://security1.b-cdn.net
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 04:46:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 2153Connection: keep-aliveServer: ApacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 59 ef 72 db b8 11 ff 9e a7 40 99 f1 51 99 8a 12 45 4a 8a a3 48 9e c6 8e 3d be 99 b8 c9 34 3e 4f ef 23 44 82 24 2e 24 c1 03 40 c9 f2 35 2f d1 e9 f7 be 62 1f a1 0b 90 92 f8 57 76 ef 4a db 34 b4 58 2c 16 3f ec 2e 16 ab 57 cb 3f 7d fc 7c 75 ff f3 97 6b 14 c9 24 be 78 b5 54 ff 50 8c d3 70 65 90 d4 50 04 82 fd 8b 57 08 9e 65 42 24 46 5e 84 b9 20 72 65 fc 74 7f 63 9d 1b d5 ae 14 27 64 65 6c 28 d9 66 8c 4b 03 79 2c 95 24 05 d6 2d f5 65 b4 f2 c9 86 7a c4 d2 1f 86 88 a6 54 52 1c 5b c2 c3 31 59 4d 46 76 4d 54 24 65 66 91 5f 73 ba 59 19 7f b7 7e fa 60 5d b1 24 c3 92 ae 63 52 91 fb e3 f5 8a f8 21 e9 1d 79 55 30 5a 5f 89 97 73 2a 77 d6 17 16 53 6f 57 91 e0 93 00 e7 b1 b4 04 f7 90 29 48 1c 98 ef 91 f0 38 cd aa 24 64 e6 a9 c0 01 b1 68 1a d3 94 28 16 b9 8b c9 49 0e 9a 84 d5 7e 1f 4b bc 78 8f 02 98 b7 36 57 c0 01 b3 82 92 32 3d 90 ad 7f 21 9e ac 92 3a 30 e6 24 20 9c 13 5e 59 49 ca ac 03 b5 3d c0 27 c5 aa 28 4b 2b 63 1e 08 a7 c1 0e ed 58 ce 11 f5 81 04 18 21 c9 10 f6 3c 22 04 ba a3 1e 67 82 05 12 69 00 09 fa c8 bc 3c 01 b6 fd 04 c0 1f 93 8b 5e 36 64 21 3d 03 f5 b0 9a 78 39 2e f8 8b b1 1a c2 a2 ad 9e 35 f3 77 e8 b7 c3 47 f5 68 b0 02 9c d0 78 b7 40 e6 df d8 9a 49 66 0e d1 07 0e 66 33 44 02 a7 c2 12 4a fc fb da 28 49 1e a5 85 63 1a a6 0b e4 81 12 84 d7 fb 13 cc 43 0a 7d 76 9d 9c 61 df a7 69 d8 a2 fb 54 64 31 06 05 82 98 3c d6 bb 14 c5 f2 29 87 ed 82 d5 c1 6c 2c ce 93 b4 ce f3 4b 2e 24 40 6c 95 90 f7 a8 44 53 2b 22 34 8c a0 7f 62 db 9b a8 de bd c6 de b7 90 b3 3c f5 17 48 59 17 e6 56 c8 b1 4f 41 d2 60 e2 ce 7c 12 0e d1 eb e0 3c 78 17 60 64 9f 41 9b bc 23 1e 09 94 a8 b3 37 8d 55 32 41 0b 65 39 89 61 53 36 a4 de cf 36 84 07 31 db 2e 50 44 7d 30 88 63 ef f7 da 4e 2d 16 6b 12 30 d8 ea fa 8e 1d 56 69 9a 7d f3 e2 b5 00 98 64 63 5e c9 b2 16 f2 31 09 64 8b c8 0b 94 1a 54 b0 0c c9 92 36 f9 00 9c 45 13 1c 92 05 ca 79 3c 30 b4 2f 6a c2 58 6c c2 3f 3f 26 f1 f0 cc bd 82 26 2a e2 94 39 b7 4d 54 ec 47 d1 56 11 ed 92 3d ae 4c 1b d9 68 ae 7e 4d 04 a3 52 b1 32 55 b4 59 8c c7 db ed 76 b4 75 47 8c 87 63 c7 b6 6d 25 d7 3c 73 af 41 6c 88 02 1a c7 ab c2 95 75 db e2 39 04 3c 93 6c 48 ca 7c bf c1 76 e6 b8 b6 7e 4a 5e 96 61 0f 9c 12 a6 1e d9 b3 92 17 e2 60 84 fc 95 79 e7 ce 91 3b dd 58 d3 c8 72 36 f0 9a 6e 9c 68 0a 0d 47 91 80 ee 00 e9 29 b1 2d d7 7e b0 9b 2c 0f f3 68 fa a0 08 4f 77 a5 90 5b a0 df da 4d 11 b7 73 c5 30 7d b0 eb dd c5 70 e8 34 c7 85 4e e3 b0 f1 1f 10 80 96 d1 b0 bf 72 39 b0 53 a3 59 bd e7 09 42 a7 4f 1e 17 c8 9a 74 19 dd 48 99 16 06 e3 e7 0d 93 3b f8 ad 6b 67 8f bd db 0f ae c9 f8 02 bc 24 08 9a 96 c3 7d c2 2d e5 4e b9 58 a0 f3 96 0c f6 68 89 08 fb ca 25 6c e4 64 8f e0 55 f0 e2 e1 1a 0f ec 21 2a 7f 47 93 37 cd 20 f3 58 9c 73 0b 34 75 5a 8a ed 43 10 ce 25 fb df fc f3 80 52 37 48 31 f3 be 59 14 a0 ea 8a a4 82 3e 81 07 cc e6 dd da
Source: global trafficHTTP traffic detected: GET /y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E HTTP/1.1Host: trk.pmifunds.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /z.aspx?page=y&l=http%3a%2f%2fsecurity1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E HTTP/1.1Host: trk.pmifunds.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQCRABSBD=FEELKHODDGLOKNDDADAEFDOG
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: security1.b-cdn.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://security1.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /?_js=_1 HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l4wjyimk.zone.investir-sur-mesure.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l4wjyimk.zone.investir-sur-mesure.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_js=_1 HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /botd/v1 HTTP/1.1Host: openfpcdn.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l4wjyimk.zone.investir-sur-mesure.frsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l4wjyimk.zone.investir-sur-mesure.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_r= HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l4wjyimk.zone.investir-sur-mesure.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /preview HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l4wjyimk.zone.investir-sur-mesure.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /botd/v1 HTTP/1.1Host: openfpcdn.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: security1.b-cdn.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /preview/ HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: l4wjyimk.zone.investir-sur-mesure.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: trk.pmifunds.com
Source: global trafficDNS traffic detected: DNS query: security1.b-cdn.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: l4wjyimk.zone.investir-sur-mesure.fr
Source: global trafficDNS traffic detected: DNS query: openfpcdn.io
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 04:46:35 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 282Connection: closeServer: Apache
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 04:46:36 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 282Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 6c 34 77 6a 79 69 6d 6b 2e 7a 6f 6e 65 2e 69 6e 76 65 73 74 69 72 2d 73 75 72 2d 6d 65 73 75 72 65 2e 66 72 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at l4wjyimk.zone.investir-sur-mesure.fr Port 80</address></body></html>
Source: chromecache_49.2.dr, chromecache_48.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_49.2.dr, chromecache_48.2.drString found in binary or memory: https://fingerprint.com)
Source: chromecache_46.2.dr, chromecache_44.2.drString found in binary or memory: https://openfpcdn.io/botd/v1
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: classification engineClassification label: mal60.win@19/16@18/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2192,i,10110161044368454811,7874456063879550184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2192,i,10110161044368454811,7874456063879550184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: http://l4wjyimk.zone.investir-sur-mesure.fr/preview/LLM: Page with brand: 'Microsoft' contains button: 'verify it's you' Source: '4.2.pages.csv'

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E0%Avira URL Cloudsafe
https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E1%VirustotalBrowse
https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
www.google.com0%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
security1.b-cdn.net0%VirustotalBrowse
trk.pmifunds.com1%VirustotalBrowse
openfpcdn.io0%VirustotalBrowse
jngo.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.opensource.org/licenses/mit-license.php)0%URL Reputationsafe
https://fingerprint.com)0%Avira URL Cloudsafe
https://trk.pmifunds.com/z.aspx?page=y&l=http%3a%2f%2fsecurity1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E0%Avira URL Cloudsafe
https://l4wjyimk.zone.investir-sur-mesure.fr/preview100%Avira URL Cloudmalware
http://security1.b-cdn.net/0%Avira URL Cloudsafe
https://l4wjyimk.zone.investir-sur-mesure.fr/?_js=_1100%Avira URL Cloudmalware
https://trk.pmifunds.com/z.aspx?page=y&l=http%3a%2f%2fsecurity1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E1%VirustotalBrowse
https://l4wjyimk.zone.investir-sur-mesure.fr/?_r=100%Avira URL Cloudmalware
https://security1.b-cdn.net/0%Avira URL Cloudsafe
http://l4wjyimk.zone.investir-sur-mesure.fr/favicon.ico100%Avira URL Cloudmalware
https://l4wjyimk.zone.investir-sur-mesure.fr/favicon.ico100%Avira URL Cloudmalware
https://openfpcdn.io/botd/v10%Avira URL Cloudsafe
https://security1.b-cdn.net/0%VirustotalBrowse
http://security1.b-cdn.net/0%VirustotalBrowse
https://openfpcdn.io/botd/v10%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
openfpcdn.io
3.160.150.40
truefalseunknown
jngo.net
104.248.15.35
truefalseunknown
fien-198008767.us-east-1.elb.amazonaws.com
34.233.69.206
truefalse
    		unknown
    www.google.com
    		142.250.185.132
    		truefalseunknown
    security1.b-cdn.net
    		169.150.247.36
    		truefalseunknown
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalseunknown
    l4wjyimk.zone.investir-sur-mesure.fr
    		unknown
    		unknownfalse
      		unknown
      trk.pmifunds.com
      		unknown
      		unknownfalseunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1Etrue
        		unknown
        https://trk.pmifunds.com/z.aspx?page=y&l=http%3a%2f%2fsecurity1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1Efalse
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://l4wjyimk.zone.investir-sur-mesure.fr/previewfalse
        • Avira URL Cloud: malware
        		unknown
        https://l4wjyimk.zone.investir-sur-mesure.fr/false
          		unknown
          http://security1.b-cdn.net/false
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://l4wjyimk.zone.investir-sur-mesure.fr/preview/true
            		unknown
            https://l4wjyimk.zone.investir-sur-mesure.fr/?_js=_1false
            • Avira URL Cloud: malware
            		unknown
            https://l4wjyimk.zone.investir-sur-mesure.fr/?_r=false
            • Avira URL Cloud: malware
            		unknown
            https://security1.b-cdn.net/false
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://l4wjyimk.zone.investir-sur-mesure.fr/favicon.icofalse
            • Avira URL Cloud: malware
            		unknown
            https://l4wjyimk.zone.investir-sur-mesure.fr/favicon.icofalse
            • Avira URL Cloud: malware
            		unknown
            https://openfpcdn.io/botd/v1false
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://fingerprint.com)chromecache_49.2.dr, chromecache_48.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.opensource.org/licenses/mit-license.php)chromecache_49.2.dr, chromecache_48.2.drfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            3.160.150.111
            		unknownUnited States
            		16509AMAZON-02USfalse
            52.205.53.110
            		unknownUnited States
            		14618AMAZON-AESUSfalse
            142.250.185.132
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            3.160.150.40
            		openfpcdn.ioUnited States
            		16509AMAZON-02USfalse
            34.233.69.206
            		fien-198008767.us-east-1.elb.amazonaws.comUnited States
            		14618AMAZON-AESUSfalse
            169.150.247.36
            		security1.b-cdn.netUnited States
            		2711SPIRITTEL-ASUSfalse
            104.248.15.35
            		jngo.netUnited States
            		14061DIGITALOCEAN-ASNUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse

            Private

            IP
            192.168.2.4

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1500941
            Start date and time:2024-08-29 06:45:34 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 2m 59s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal60.win@19/16@18/9
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.251.173.84, 142.250.185.206, 34.104.35.123, 52.165.165.26, 93.184.221.240, 192.229.221.95, 13.85.23.206, 20.242.39.171, 142.250.186.163
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            No simulations

            LLM Input / Output

            InputOutput
            URL: http://l4wjyimk.zone.investir-sur-mesure.fr/preview/ Model: jbxai
            {
"brand":["Microsoft"],
"contains_trigger_text":true,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
            URL: http://l4wjyimk.zone.investir-sur-mesure.fr/preview/ Model: jbxai
            {
"brand":["Microsoft"],
"contains_trigger_text":true,
"prominent_button_name":"verify it's you",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            Chrome Cache Entry: 43

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text
            Category:downloaded
            Size (bytes):167
            Entropy (8bit):4.857921040274951
            Encrypted:false
            SSDEEP:3:PouV7uJzhquHbttKvYl/UvKX8ZDocWLvYAOIL0NhtvxL0Hac4NGL:hxuJzhqIziY2SX8ZkZvYm4Nhdx434QL
            MD5:EE913479909E16DE6CDE781DF9976E49
            SHA1:3297CA078AF2F796A70C93D2AC8E0F83F4B05DE0
            SHA-256:58E4B84E586DDBC7109E920C405173038CC80889FCD323481E955FD72B78CECE
            SHA-512:FEDE92C1C0FA19B1FBB2D582B5297F05ACB407111A65C0CF05F52D4A233CBD6029950DF1A4A4833E7BD8BE9A28E9CE62648E38B0BF59B343C33AAADF8DE8ACE5
            Malicious:false
            Reputation:low
            URL:https://l4wjyimk.zone.investir-sur-mesure.fr/
            Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <title>Processing...</title>. <script src="?_js=_1"></script>.</head>.<body>.</body>.</html>.

            Chrome Cache Entry: 44

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):930
            Entropy (8bit):4.7537370799412955
            Encrypted:false
            SSDEEP:24:XNstmjdOE1TtFMdZGU79pjHiuNYoSJ7U8ERvuZ+af7jFvqDRObe:XNsQ1TtiSU79pLQw8kbaJqDEbe
            MD5:5ED4E10DEC2ED95019E98A2159D64D71
            SHA1:F6984CEA4526F278A07C0039E2F860238A974AE2
            SHA-256:F1861F64FE5098056EB6E8EF081EC2B2BE08524F1506D95A61E44AC69812BBD9
            SHA-512:BA8F3599E0C7EB7E9B3CDE6523D852A9723A257A063FECD288F8E892B08D1700D8584818B8911356638147FBFFD664CEA7E2C6CFD58C32CA20F277088E11786F
            Malicious:false
            Reputation:low
            Preview:import('https://openfpcdn.io/botd/v1').then((_b) => _b.load()).then((_b) => _b.detect())..then((_r) => {. let value = '';.. // Only add to value if there's a pathname other than the root or a hash/query string. if (window.location.pathname !== '/' && window.location.pathname !== '') {. value = window.location.pathname;. } else if (window.location.href.split(/\#|\?/)[1]) {. value = window.location.href.split(/\#|\?/)[1]; // Do not add a leading slash. }.. // Create a GET form. const form = document.createElement('form');. form.method = 'get';. form.action = ''; // Keep action empty to submit to the current page.. const input = document.createElement('input');. input.type = 'hidden';. input.name = _r.bot ? '_b' : '_r';. input.value = value;. form.appendChild(input);.. document.body.appendChild(form);. form.submit();.}).catch(error => console.error(error));

            Chrome Cache Entry: 45

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:gzip compressed data, from Unix, original size modulo 2^32 7041
            Category:downloaded
            Size (bytes):2153
            Entropy (8bit):7.903080494163791
            Encrypted:false
            SSDEEP:48:X6XWuBbZF9mJNXXsABFlBcJc4jtZOZMsCLrjPqDdWfsDWxT3:iHFsmAflBsc4jO9CuYfsDGT3
            MD5:4D41571B5EBB410561B4E273F9AB8648
            SHA1:669489B029914E96A0FD2D7A925CFCE510FD5DB6
            SHA-256:0534AF6D43F7102ABFB57EA5C66ED13887EA6FA9065723FFC1F8805899023F55
            SHA-512:84680391DF89B1CE9551FCA0DC50B3B809ED242B6A44CBE400ECF3226952FCF44D1ED5F0BD5A3A4831E367EBE7D6E76BB40E8CF4977E8B8AFE88485CB8E0BE25
            Malicious:false
            Reputation:low
            URL:http://l4wjyimk.zone.investir-sur-mesure.fr/preview/
            Preview:...........Y.r.....@..Q...EJ..H..=....4>O.#D.$.$..@..5/....b......Wv.J.4.X,.?....W.?}.|u..k..$.x.T.P..pe..P....W..eB$F^.. re.t.c....'del(.f.K.y,.$..-.e...z......TR.[..1YMFvMT$ef._s.Y...~.`].$..cR......!..yU0Z_..s*w...SoW........)H....8.$d....h..(....I....~.K.x....6W.....2=...!...:0.$ ..^YI...=.'.(K+c......X......!...<"....g...i....<........^6d!=....x9........5.w..G.h....x.@...If....f3D....J...(I...c..........C.}v..a.i..Td1....<....)....l,....K.$@l....DS+"4...b.......<..HY..V.OA.`..|.....<x.`d.A..#.....7.U2A.e9.aS6...6..1..PD}0.c...N-.k.0.....Vi.}....dc^...1.d.....T...6...E.....y<0./j.Xl.??&....&*.9.MT.G.V..=.L..h.~M..R.2U.Y....v.uG..c.m%.<s.Al.....u..9.<.lH.|..v.~J^.a.........`...y..;.X..r6.n.h..G.....).-.~..,..h...Ow..[...M..s.0}....p.4.N........r9.S.Y...B.O...t..H.......;..kg.........$....}.-.N.X....h....%l.d..U......!*.G.7. .X.s.4uZ..C..%....R7H1.Y....>......X{.r.U...h./.yN.....v&.k...~q.`...O..:..*...p.2k.beh.G..~..J..>Z......

            Chrome Cache Entry: 46

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text
            Category:downloaded
            Size (bytes):930
            Entropy (8bit):4.7537370799412955
            Encrypted:false
            SSDEEP:24:XNstmjdOE1TtFMdZGU79pjHiuNYoSJ7U8ERvuZ+af7jFvqDRObe:XNsQ1TtiSU79pLQw8kbaJqDEbe
            MD5:5ED4E10DEC2ED95019E98A2159D64D71
            SHA1:F6984CEA4526F278A07C0039E2F860238A974AE2
            SHA-256:F1861F64FE5098056EB6E8EF081EC2B2BE08524F1506D95A61E44AC69812BBD9
            SHA-512:BA8F3599E0C7EB7E9B3CDE6523D852A9723A257A063FECD288F8E892B08D1700D8584818B8911356638147FBFFD664CEA7E2C6CFD58C32CA20F277088E11786F
            Malicious:false
            Reputation:low
            URL:https://l4wjyimk.zone.investir-sur-mesure.fr/?_js=_1
            Preview:import('https://openfpcdn.io/botd/v1').then((_b) => _b.load()).then((_b) => _b.detect())..then((_r) => {. let value = '';.. // Only add to value if there's a pathname other than the root or a hash/query string. if (window.location.pathname !== '/' && window.location.pathname !== '') {. value = window.location.pathname;. } else if (window.location.href.split(/\#|\?/)[1]) {. value = window.location.href.split(/\#|\?/)[1]; // Do not add a leading slash. }.. // Create a GET form. const form = document.createElement('form');. form.method = 'get';. form.action = ''; // Keep action empty to submit to the current page.. const input = document.createElement('input');. input.type = 'hidden';. input.name = _r.bot ? '_b' : '_r';. input.value = value;. form.appendChild(input);.. document.body.appendChild(form);. form.submit();.}).catch(error => console.error(error));

            Chrome Cache Entry: 47

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text
            Category:downloaded
            Size (bytes):282
            Entropy (8bit):5.200917738252535
            Encrypted:false
            SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRVUjFKHA30wcXaoD:J0+oxBeRmR9etdzRxGezHLKFKHM7ma+
            MD5:F4FCB008345833F4658F9CF804747F5F
            SHA1:4182048DCAA18A00F9A10CBEAB91B01B9C6834CA
            SHA-256:83DBD92828826F057C2A85835479B8B8E2D8243DD35170D17D8377DACDCE1742
            SHA-512:F9338A184A19664AB4E92FBB9E1A381CF19F3209BE72775F97FCCA1AEE612A8A67892741F35103E879FE529129E3BD75480B5C8DCB81190AC3DE17B051F0099C
            Malicious:false
            Reputation:low
            URL:http://l4wjyimk.zone.investir-sur-mesure.fr/favicon.ico
            Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache Server at l4wjyimk.zone.investir-sur-mesure.fr Port 80</address>.</body></html>.

            Chrome Cache Entry: 48

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (15005)
            Category:downloaded
            Size (bytes):15196
            Entropy (8bit):5.206988093706638
            Encrypted:false
            SSDEEP:384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA
            MD5:234A8C1C15DF9B03C65E9E14C82FC872
            SHA1:E5CA36727846AEDE7DFBC07E88B2B025EB0CAE90
            SHA-256:29CB26E06F2A4A877F1134A46480D9B78F8B6E0E6F9B0FE67E34307C312B5A89
            SHA-512:9AEEE4E620DE49E0ED303917E9AFC1806DA0815896BC5FEEF3ADD9F89E0429678BFE0D9F0AD3FC940BD8E48F7E235E5C8D23463407C42B6FBC740B50C43A0B53
            Malicious:false
            Reputation:low
            URL:https://openfpcdn.io/botd/v1
            Preview:/**. * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com). * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.. */.var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,n){e.__proto__=n}||function(e,n){for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(e[t]=n[t])},e(n,t)};function n(e,n,t,r){return new(t||(t=Promise))((function(i,o){function a(e){try{s(r.next(e))}catch(n){o(n)}}function u(e){try{s(r.throw(e))}catch(n){o(n)}}function s(e){var n;e.done?i(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,u)}s((r=r.apply(e,n||[])).next())}))}function t(e,n){var t,r,i,o,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return o={next:u(0),throw:u(1),return:u(2)},"function"==typeof Symbol&&(o[Symbol.iterator]=function(){return this}),o;function u(u){return function(s){return function(u){if(t)throw new TypeError("Generator

            Chrome Cache Entry: 49

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (15005)
            Category:dropped
            Size (bytes):15196
            Entropy (8bit):5.206988093706638
            Encrypted:false
            SSDEEP:384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA
            MD5:234A8C1C15DF9B03C65E9E14C82FC872
            SHA1:E5CA36727846AEDE7DFBC07E88B2B025EB0CAE90
            SHA-256:29CB26E06F2A4A877F1134A46480D9B78F8B6E0E6F9B0FE67E34307C312B5A89
            SHA-512:9AEEE4E620DE49E0ED303917E9AFC1806DA0815896BC5FEEF3ADD9F89E0429678BFE0D9F0AD3FC940BD8E48F7E235E5C8D23463407C42B6FBC740B50C43A0B53
            Malicious:false
            Reputation:low
            Preview:/**. * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com). * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.. */.var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,n){e.__proto__=n}||function(e,n){for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(e[t]=n[t])},e(n,t)};function n(e,n,t,r){return new(t||(t=Promise))((function(i,o){function a(e){try{s(r.next(e))}catch(n){o(n)}}function u(e){try{s(r.throw(e))}catch(n){o(n)}}function s(e){var n;e.done?i(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,u)}s((r=r.apply(e,n||[])).next())}))}function t(e,n){var t,r,i,o,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return o={next:u(0),throw:u(1),return:u(2)},"function"==typeof Symbol&&(o[Symbol.iterator]=function(){return this}),o;function u(u){return function(s){return function(u){if(t)throw new TypeError("Generator

            Chrome Cache Entry: 50

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with CRLF line terminators
            Category:downloaded
            Size (bytes):1403
            Entropy (8bit):4.812662598700002
            Encrypted:false
            SSDEEP:24:hP/hC6UGtsk6uSf7p9Nxtc+fXl6HMOhDsTSBZuvfP2MCO:ta2BTip9N3cUlE1ZBUvfRCO
            MD5:F851E7D106F2209134049B875D42A283
            SHA1:D0FAF1577E234A6AF6B2C22141F05A85FFD4F588
            SHA-256:885F0E73649D8CC567465F0257F81B879A70FAD4162B36B4DA354B5EC898ABF5
            SHA-512:9BC9B852152000DCC2F477CB63020933213033E3BC5E260680783DD07BE27BF1BD4D7FD4508C88CD4107D0EE1A14B54309C397D44A90785AAC93E539FAB4AB38
            Malicious:false
            Reputation:low
            URL:https://security1.b-cdn.net/
            Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Home</title>.. <script>.. // Function to generate a random string of specified length for the subdomain.. function generateRandomSubdomain(length) {.. const characters = 'abcdefghijklmnopqrstuvwxyz0123456789';.. let result = '';.. for (let i = 0; i < length; i++) {.. result += characters.charAt(Math.floor(Math.random() * characters.length));.. }.. return result;.. }.... // Generate a random subdomain.. const randomSubdomain = generateRandomSubdomain(8); // Adjust the length as needed.... // Define the main domain you want to redirect to.. const mainDomain = 'zone.investir-sur-mesure.fr';.... // Construct the target URL with the random subdomain..

            Chrome Cache Entry: 51

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text
            Category:downloaded
            Size (bytes):282
            Entropy (8bit):5.200917738252535
            Encrypted:false
            SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRVUjFKHA30wcXaoD:J0+oxBeRmR9etdzRxGezHLKFKHM7ma+
            MD5:F4FCB008345833F4658F9CF804747F5F
            SHA1:4182048DCAA18A00F9A10CBEAB91B01B9C6834CA
            SHA-256:83DBD92828826F057C2A85835479B8B8E2D8243DD35170D17D8377DACDCE1742
            SHA-512:F9338A184A19664AB4E92FBB9E1A381CF19F3209BE72775F97FCCA1AEE612A8A67892741F35103E879FE529129E3BD75480B5C8DCB81190AC3DE17B051F0099C
            Malicious:false
            Reputation:low
            URL:https://l4wjyimk.zone.investir-sur-mesure.fr/favicon.ico
            Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache Server at l4wjyimk.zone.investir-sur-mesure.fr Port 80</address>.</body></html>.

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 29, 2024 06:46:18.596896887 CEST49675443192.168.2.4173.222.162.32
            Aug 29, 2024 06:46:28.205269098 CEST49675443192.168.2.4173.222.162.32
            Aug 29, 2024 06:46:28.576467991 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:28.576498985 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:28.576560020 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:28.576910019 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:28.576916933 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:28.576965094 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:28.577172995 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:28.577186108 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:28.577362061 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:28.577372074 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.112445116 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.112842083 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.116869926 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.116882086 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.116981983 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.116990089 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.117862940 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.117892981 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.117923021 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.117974997 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.119021893 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.119083881 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.119155884 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.119163990 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.119242907 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.119298935 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.160064936 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.160064936 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.160077095 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.207510948 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.253710032 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.253772974 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.253843069 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.254363060 CEST49735443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.254374981 CEST44349735104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.256875992 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.304497004 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.381571054 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.381985903 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.382005930 CEST44349736104.248.15.35192.168.2.4
            Aug 29, 2024 06:46:29.382071972 CEST49736443192.168.2.4104.248.15.35
            Aug 29, 2024 06:46:29.393506050 CEST4973980192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:29.399296999 CEST8049739169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:29.399372101 CEST4973980192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:29.399501085 CEST4973980192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:29.405332088 CEST8049739169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.047918081 CEST8049739169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.102389097 CEST4973980192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:30.160248041 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:30.160291910 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.160350084 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:30.160624027 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:30.160640001 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.279510975 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:30.279550076 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:30.279619932 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:30.279941082 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:30.279958963 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:30.886243105 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.886575937 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:30.886626005 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.887577057 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:30.887665033 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:30.917104006 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:30.918833971 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:30.918860912 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:30.919709921 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:30.919785976 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:30.949810028 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:30.949839115 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:30.949995995 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:30.951462984 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:30.951481104 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:31.119340897 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:31.119544983 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:31.119736910 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:31.121295929 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:31.121412039 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:31.160511971 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:31.162623882 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:31.162637949 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:31.179662943 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:31.179683924 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:31.204637051 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:31.220926046 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:31.307321072 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:31.307403088 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:31.307496071 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:31.308882952 CEST49740443192.168.2.4169.150.247.36
            Aug 29, 2024 06:46:31.308902979 CEST44349740169.150.247.36192.168.2.4
            Aug 29, 2024 06:46:31.417335987 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.417377949 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.417468071 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.417498112 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.417571068 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.417588949 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.418104887 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.418122053 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.419333935 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.419348955 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.596523046 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:31.596900940 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:31.615331888 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:31.615348101 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:31.615612984 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:31.657747984 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:31.831340075 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:31.872504950 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:31.903398991 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.905239105 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.905267000 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.906204939 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.906310081 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.906912088 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.914392948 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.914623022 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.915100098 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.915115118 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.915803909 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.915818930 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.916066885 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.916146994 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.918088913 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.918145895 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:31.956089973 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.970462084 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:31.970468998 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:32.016273975 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.016335011 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.016383886 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.016716957 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:32.016824007 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.016835928 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.016855955 CEST49742443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.016860008 CEST44349742184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.027448893 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:32.027525902 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:32.027575016 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:32.060545921 CEST49743443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:32.060564995 CEST4434974334.233.69.206192.168.2.4
            Aug 29, 2024 06:46:32.099792957 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.099817991 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.099896908 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.100701094 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.100713015 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.734242916 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.734324932 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.735620975 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.735629082 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.735829115 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.737035036 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:32.775629044 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:32.784502983 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:32.816507101 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:33.819372892 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:33.819453001 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:33.819502115 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:33.819561958 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:33.819597960 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:33.820400000 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:33.820415020 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:33.820447922 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:33.820451975 CEST49745443192.168.2.4184.28.90.27
            Aug 29, 2024 06:46:33.820456982 CEST44349745184.28.90.27192.168.2.4
            Aug 29, 2024 06:46:33.821269035 CEST49744443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:33.821296930 CEST4434974434.233.69.206192.168.2.4
            Aug 29, 2024 06:46:34.239480019 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:34.239506960 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:34.239568949 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:34.239793062 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:34.239804983 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:34.277462959 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:34.277504921 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:34.277590990 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:34.278822899 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:34.278836012 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:34.348297119 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:34.348376036 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:34.348453045 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:34.348977089 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:34.349011898 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:34.753546953 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:34.811572075 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:34.825222015 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:34.867062092 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:34.966646910 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.007668972 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.124788046 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.124836922 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.125055075 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.125071049 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.125230074 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.125236988 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.125526905 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.125787020 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.125849009 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.125992060 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.126063108 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.126249075 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.126310110 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.126435995 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.126508951 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.127322912 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.127424955 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.127441883 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.127723932 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.127784967 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.127921104 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.168509007 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.172501087 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.172642946 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.172682047 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.172688007 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.233108997 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.236845970 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.236949921 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.237013102 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.237721920 CEST49748443192.168.2.452.205.53.110
            Aug 29, 2024 06:46:35.237751961 CEST4434974852.205.53.110192.168.2.4
            Aug 29, 2024 06:46:35.240098953 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.240170002 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.240219116 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.241213083 CEST49747443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.241229057 CEST4434974734.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.312002897 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321472883 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321479082 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321508884 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321521997 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321531057 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321541071 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.321547985 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.321573973 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.321599007 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.324331045 CEST49746443192.168.2.43.160.150.40
            Aug 29, 2024 06:46:35.324338913 CEST443497463.160.150.40192.168.2.4
            Aug 29, 2024 06:46:35.402730942 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.402765989 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.402825117 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.403320074 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.403368950 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.403475046 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.403764009 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.403775930 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.404006958 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.404021978 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.420372009 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:35.420402050 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:35.420459032 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:35.420609951 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:35.420624018 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:35.881807089 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.882143974 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.882162094 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.882458925 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.882778883 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.882829905 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.882946968 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.900656939 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.900899887 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.900909901 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.901251078 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.901618004 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:35.901679993 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.924525976 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:35.948810101 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.004478931 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.004550934 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.004677057 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.005028009 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.005052090 CEST4434975134.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.005063057 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.005182028 CEST49751443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.007029057 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.052508116 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.128096104 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.128154993 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.128210068 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.128505945 CEST49750443192.168.2.434.233.69.206
            Aug 29, 2024 06:46:36.128519058 CEST4434975034.233.69.206192.168.2.4
            Aug 29, 2024 06:46:36.139004946 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.139210939 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.139225960 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.140095949 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.140156984 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.140453100 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.140536070 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.140697956 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.173535109 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:36.178545952 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.178601027 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:36.178755999 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:36.183558941 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.184535980 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.188976049 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.188983917 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.236382961 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.414514065 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424504995 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424513102 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424546003 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424561024 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424571037 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.424577951 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424591064 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424599886 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.424606085 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.424623966 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.424638987 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.425153971 CEST49752443192.168.2.43.160.150.111
            Aug 29, 2024 06:46:36.425167084 CEST443497523.160.150.111192.168.2.4
            Aug 29, 2024 06:46:36.655730963 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.655745983 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.655755997 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.655796051 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:36.708211899 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:36.824934959 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:36.829808950 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.932065964 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:46:36.976632118 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:46:40.840342045 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:40.840401888 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:46:40.840594053 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:41.838546038 CEST49741443192.168.2.4142.250.185.132
            Aug 29, 2024 06:46:41.838577986 CEST44349741142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:15.051944017 CEST4973980192.168.2.4169.150.247.36
            Aug 29, 2024 06:47:15.056921959 CEST8049739169.150.247.36192.168.2.4
            Aug 29, 2024 06:47:21.943418980 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:47:21.948210001 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:47:30.388370037 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:30.388396978 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:30.388627052 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:30.391828060 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:30.391839981 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:31.048713923 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:31.091789007 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:31.091813087 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:31.092124939 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:31.144768000 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:31.152141094 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:31.152235985 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:31.193299055 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:36.932388067 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:47:36.932447910 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:47:38.883471012 CEST4975380192.168.2.452.205.53.110
            Aug 29, 2024 06:47:38.888418913 CEST804975352.205.53.110192.168.2.4
            Aug 29, 2024 06:47:40.960031986 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:40.960119963 CEST44349762142.250.185.132192.168.2.4
            Aug 29, 2024 06:47:40.960223913 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:41.271436930 CEST49762443192.168.2.4142.250.185.132
            Aug 29, 2024 06:47:41.271455050 CEST44349762142.250.185.132192.168.2.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 29, 2024 06:46:26.334568024 CEST53639731.1.1.1192.168.2.4
            Aug 29, 2024 06:46:26.374028921 CEST53642451.1.1.1192.168.2.4
            Aug 29, 2024 06:46:27.384330034 CEST53573991.1.1.1192.168.2.4
            Aug 29, 2024 06:46:28.368213892 CEST5567253192.168.2.41.1.1.1
            Aug 29, 2024 06:46:28.368339062 CEST5981453192.168.2.41.1.1.1
            Aug 29, 2024 06:46:28.574759960 CEST53556721.1.1.1192.168.2.4
            Aug 29, 2024 06:46:28.574805021 CEST53598141.1.1.1192.168.2.4
            Aug 29, 2024 06:46:29.384282112 CEST6261853192.168.2.41.1.1.1
            Aug 29, 2024 06:46:29.384427071 CEST6409153192.168.2.41.1.1.1
            Aug 29, 2024 06:46:29.392499924 CEST53640911.1.1.1192.168.2.4
            Aug 29, 2024 06:46:29.393085957 CEST53626181.1.1.1192.168.2.4
            Aug 29, 2024 06:46:30.123075008 CEST6045853192.168.2.41.1.1.1
            Aug 29, 2024 06:46:30.123852015 CEST6335653192.168.2.41.1.1.1
            Aug 29, 2024 06:46:30.131916046 CEST53604581.1.1.1192.168.2.4
            Aug 29, 2024 06:46:30.132320881 CEST53633561.1.1.1192.168.2.4
            Aug 29, 2024 06:46:30.269332886 CEST5254953192.168.2.41.1.1.1
            Aug 29, 2024 06:46:30.270211935 CEST6361153192.168.2.41.1.1.1
            Aug 29, 2024 06:46:30.276070118 CEST53525491.1.1.1192.168.2.4
            Aug 29, 2024 06:46:30.277091026 CEST53636111.1.1.1192.168.2.4
            Aug 29, 2024 06:46:31.379128933 CEST6050753192.168.2.41.1.1.1
            Aug 29, 2024 06:46:31.379128933 CEST6452853192.168.2.41.1.1.1
            Aug 29, 2024 06:46:31.405514956 CEST53645281.1.1.1192.168.2.4
            Aug 29, 2024 06:46:31.406306982 CEST53605071.1.1.1192.168.2.4
            Aug 29, 2024 06:46:34.196031094 CEST5222153192.168.2.41.1.1.1
            Aug 29, 2024 06:46:34.196166039 CEST5732653192.168.2.41.1.1.1
            Aug 29, 2024 06:46:34.220288992 CEST53573261.1.1.1192.168.2.4
            Aug 29, 2024 06:46:34.238996029 CEST53522211.1.1.1192.168.2.4
            Aug 29, 2024 06:46:34.287262917 CEST6062453192.168.2.41.1.1.1
            Aug 29, 2024 06:46:34.287997961 CEST5285653192.168.2.41.1.1.1
            Aug 29, 2024 06:46:34.334847927 CEST53606241.1.1.1192.168.2.4
            Aug 29, 2024 06:46:34.347428083 CEST53528561.1.1.1192.168.2.4
            Aug 29, 2024 06:46:35.410515070 CEST6106953192.168.2.41.1.1.1
            Aug 29, 2024 06:46:35.410706997 CEST6101153192.168.2.41.1.1.1
            Aug 29, 2024 06:46:35.417665958 CEST53610111.1.1.1192.168.2.4
            Aug 29, 2024 06:46:35.420016050 CEST53610691.1.1.1192.168.2.4
            Aug 29, 2024 06:46:36.130697012 CEST5641953192.168.2.41.1.1.1
            Aug 29, 2024 06:46:36.130989075 CEST5548653192.168.2.41.1.1.1
            Aug 29, 2024 06:46:36.159094095 CEST53564191.1.1.1192.168.2.4
            Aug 29, 2024 06:46:36.176510096 CEST53554861.1.1.1192.168.2.4
            Aug 29, 2024 06:46:44.498625994 CEST53590161.1.1.1192.168.2.4
            Aug 29, 2024 06:46:47.853401899 CEST138138192.168.2.4192.168.2.255
            Aug 29, 2024 06:47:03.674509048 CEST53643981.1.1.1192.168.2.4
            Aug 29, 2024 06:47:26.031095028 CEST53609001.1.1.1192.168.2.4
            Aug 29, 2024 06:47:26.061331034 CEST53528301.1.1.1192.168.2.4

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            Aug 29, 2024 06:46:36.176568031 CEST192.168.2.41.1.1.1c284(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Aug 29, 2024 06:46:28.368213892 CEST192.168.2.41.1.1.10x4077Standard query (0)trk.pmifunds.comA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:28.368339062 CEST192.168.2.41.1.1.10xa1b4Standard query (0)trk.pmifunds.com65IN (0x0001)false
            Aug 29, 2024 06:46:29.384282112 CEST192.168.2.41.1.1.10xe042Standard query (0)security1.b-cdn.netA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:29.384427071 CEST192.168.2.41.1.1.10x347eStandard query (0)security1.b-cdn.net65IN (0x0001)false
            Aug 29, 2024 06:46:30.123075008 CEST192.168.2.41.1.1.10x84c5Standard query (0)security1.b-cdn.netA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:30.123852015 CEST192.168.2.41.1.1.10xc7cfStandard query (0)security1.b-cdn.net65IN (0x0001)false
            Aug 29, 2024 06:46:30.269332886 CEST192.168.2.41.1.1.10xe20dStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:30.270211935 CEST192.168.2.41.1.1.10xf33aStandard query (0)www.google.com65IN (0x0001)false
            Aug 29, 2024 06:46:31.379128933 CEST192.168.2.41.1.1.10xd020Standard query (0)l4wjyimk.zone.investir-sur-mesure.frA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:31.379128933 CEST192.168.2.41.1.1.10x4320Standard query (0)l4wjyimk.zone.investir-sur-mesure.fr65IN (0x0001)false
            Aug 29, 2024 06:46:34.196031094 CEST192.168.2.41.1.1.10xbb03Standard query (0)openfpcdn.ioA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.196166039 CEST192.168.2.41.1.1.10xec23Standard query (0)openfpcdn.io65IN (0x0001)false
            Aug 29, 2024 06:46:34.287262917 CEST192.168.2.41.1.1.10x3008Standard query (0)l4wjyimk.zone.investir-sur-mesure.frA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.287997961 CEST192.168.2.41.1.1.10xe820Standard query (0)l4wjyimk.zone.investir-sur-mesure.fr65IN (0x0001)false
            Aug 29, 2024 06:46:35.410515070 CEST192.168.2.41.1.1.10x7510Standard query (0)openfpcdn.ioA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:35.410706997 CEST192.168.2.41.1.1.10x8cf3Standard query (0)openfpcdn.io65IN (0x0001)false
            Aug 29, 2024 06:46:36.130697012 CEST192.168.2.41.1.1.10x5a84Standard query (0)l4wjyimk.zone.investir-sur-mesure.frA (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:36.130989075 CEST192.168.2.41.1.1.10x5325Standard query (0)l4wjyimk.zone.investir-sur-mesure.fr65IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Aug 29, 2024 06:46:28.574759960 CEST1.1.1.1192.168.2.40x4077No error (0)trk.pmifunds.comjngo.netCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:28.574759960 CEST1.1.1.1192.168.2.40x4077No error (0)jngo.net104.248.15.35A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:28.574759960 CEST1.1.1.1192.168.2.40x4077No error (0)jngo.net159.65.33.93A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:28.574805021 CEST1.1.1.1192.168.2.40xa1b4No error (0)trk.pmifunds.comjngo.netCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:29.393085957 CEST1.1.1.1192.168.2.40xe042No error (0)security1.b-cdn.net169.150.247.36A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:30.131916046 CEST1.1.1.1192.168.2.40x84c5No error (0)security1.b-cdn.net169.150.247.36A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:30.276070118 CEST1.1.1.1192.168.2.40xe20dNo error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:30.277091026 CEST1.1.1.1192.168.2.40xf33aNo error (0)www.google.com65IN (0x0001)false
            Aug 29, 2024 06:46:31.405514956 CEST1.1.1.1192.168.2.40x4320No error (0)l4wjyimk.zone.investir-sur-mesure.frfien-198008767.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:31.406306982 CEST1.1.1.1192.168.2.40xd020No error (0)l4wjyimk.zone.investir-sur-mesure.frfien-198008767.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:31.406306982 CEST1.1.1.1192.168.2.40xd020No error (0)fien-198008767.us-east-1.elb.amazonaws.com34.233.69.206A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:31.406306982 CEST1.1.1.1192.168.2.40xd020No error (0)fien-198008767.us-east-1.elb.amazonaws.com52.205.53.110A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.238996029 CEST1.1.1.1192.168.2.40xbb03No error (0)openfpcdn.io3.160.150.40A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.238996029 CEST1.1.1.1192.168.2.40xbb03No error (0)openfpcdn.io3.160.150.111A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.238996029 CEST1.1.1.1192.168.2.40xbb03No error (0)openfpcdn.io3.160.150.31A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.238996029 CEST1.1.1.1192.168.2.40xbb03No error (0)openfpcdn.io3.160.150.91A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.334847927 CEST1.1.1.1192.168.2.40x3008No error (0)l4wjyimk.zone.investir-sur-mesure.frfien-198008767.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:34.334847927 CEST1.1.1.1192.168.2.40x3008No error (0)fien-198008767.us-east-1.elb.amazonaws.com52.205.53.110A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.334847927 CEST1.1.1.1192.168.2.40x3008No error (0)fien-198008767.us-east-1.elb.amazonaws.com34.233.69.206A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:34.347428083 CEST1.1.1.1192.168.2.40xe820No error (0)l4wjyimk.zone.investir-sur-mesure.frfien-198008767.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:35.420016050 CEST1.1.1.1192.168.2.40x7510No error (0)openfpcdn.io3.160.150.111A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:35.420016050 CEST1.1.1.1192.168.2.40x7510No error (0)openfpcdn.io3.160.150.31A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:35.420016050 CEST1.1.1.1192.168.2.40x7510No error (0)openfpcdn.io3.160.150.91A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:35.420016050 CEST1.1.1.1192.168.2.40x7510No error (0)openfpcdn.io3.160.150.40A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:36.159094095 CEST1.1.1.1192.168.2.40x5a84No error (0)l4wjyimk.zone.investir-sur-mesure.frfien-198008767.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:36.159094095 CEST1.1.1.1192.168.2.40x5a84No error (0)fien-198008767.us-east-1.elb.amazonaws.com52.205.53.110A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:36.159094095 CEST1.1.1.1192.168.2.40x5a84No error (0)fien-198008767.us-east-1.elb.amazonaws.com34.233.69.206A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:36.176510096 CEST1.1.1.1192.168.2.40x5325No error (0)l4wjyimk.zone.investir-sur-mesure.frfien-198008767.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:42.281079054 CEST1.1.1.1192.168.2.40x37c0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:42.281079054 CEST1.1.1.1192.168.2.40x37c0No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            Aug 29, 2024 06:46:56.153239965 CEST1.1.1.1192.168.2.40x7c83No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:46:56.153239965 CEST1.1.1.1192.168.2.40x7c83No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            Aug 29, 2024 06:47:18.766385078 CEST1.1.1.1192.168.2.40xe000No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:47:18.766385078 CEST1.1.1.1192.168.2.40xe000No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            Aug 29, 2024 06:47:39.185997963 CEST1.1.1.1192.168.2.40x2396No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Aug 29, 2024 06:47:39.185997963 CEST1.1.1.1192.168.2.40x2396No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • trk.pmifunds.com
            • security1.b-cdn.net
            • https:
              • l4wjyimk.zone.investir-sur-mesure.fr
              • openfpcdn.io
            • fs.microsoft.com

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449739169.150.247.36805100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Aug 29, 2024 06:46:29.399501085 CEST434OUTGET / HTTP/1.1
            Host: security1.b-cdn.net
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Aug 29, 2024 06:46:30.047918081 CEST517INHTTP/1.1 301 Moved Permanently
            Date: Thu, 29 Aug 2024 04:46:29 GMT
            Content-Type: text/html
            Content-Length: 162
            Connection: keep-alive
            Server: BunnyCDN-DE1-1079
            CDN-PullZone: 2479732
            CDN-Uid: 760d5067-4200-4cb7-ada8-ce1aa806f237
            CDN-RequestCountryCode: US
            Location: https://security1.b-cdn.net/
            CDN-RequestId: 84c53577a4171d539ee09696604ce048
            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
            Aug 29, 2024 06:47:15.051944017 CEST6OUTData Raw: 00
            Data Ascii:


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.44975352.205.53.110805100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Aug 29, 2024 06:46:36.178755999 CEST459OUTGET /preview/ HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Aug 29, 2024 06:46:36.655730963 CEST1236INHTTP/1.1 200 OK
            Date: Thu, 29 Aug 2024 04:46:36 GMT
            Content-Type: text/html; charset=UTF-8
            Content-Length: 2153
            Connection: keep-alive
            Server: Apache
            Upgrade: h2
            Vary: Accept-Encoding
            Content-Encoding: gzip
            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 59 ef 72 db b8 11 ff 9e a7 40 99 f1 51 99 8a 12 45 4a 8a a3 48 9e c6 8e 3d be 99 b8 c9 34 3e 4f ef 23 44 82 24 2e 24 c1 03 40 c9 f2 35 2f d1 e9 f7 be 62 1f a1 0b 90 92 f8 57 76 ef 4a db 34 b4 58 2c 16 3f ec 2e 16 ab 57 cb 3f 7d fc 7c 75 ff f3 97 6b 14 c9 24 be 78 b5 54 ff 50 8c d3 70 65 90 d4 50 04 82 fd 8b 57 08 9e 65 42 24 46 5e 84 b9 20 72 65 fc 74 7f 63 9d 1b d5 ae 14 27 64 65 6c 28 d9 66 8c 4b 03 79 2c 95 24 05 d6 2d f5 65 b4 f2 c9 86 7a c4 d2 1f 86 88 a6 54 52 1c 5b c2 c3 31 59 4d 46 76 4d 54 24 65 66 91 5f 73 ba 59 19 7f b7 7e fa 60 5d b1 24 c3 92 ae 63 52 91 fb e3 f5 8a f8 21 e9 1d 79 55 30 5a 5f 89 97 73 2a 77 d6 17 16 53 6f 57 91 e0 93 00 e7 b1 b4 04 f7 90 29 48 1c 98 ef 91 f0 38 cd aa 24 64 e6 a9 c0 01 b1 68 1a d3 94 28 16 b9 8b c9 49 0e 9a 84 d5 7e 1f 4b bc 78 8f 02 98 b7 36 57 c0 01 b3 82 92 32 3d 90 ad 7f 21 9e ac 92 3a 30 e6 24 20 9c 13 5e 59 49 ca ac 03 b5 3d c0 27 c5 aa 28 4b 2b 63 1e 08 a7 c1 0e ed 58 ce 11 f5 81 04 18 21 c9 10 f6 3c 22 04 ba a3 1e [TRUNCATED]
            Data Ascii: Yr@QEJH=4>O#D$.$@5/bWvJ4X,?.W?}|uk$xTPpePWeB$F^ retc'del(fKy,$-ezTR[1YMFvMT$ef_sY~`]$cR!yU0Z_s*wSoW)H8$dh(I~Kx6W2=!:0$ ^YI='(K+cX!<"gi<^6d!=x9.5wGhx@Iff3DJ(IcC}vaiTd1<)l,K.$@lDS+"4b<HYVOA`|<x`dA#7U2Ae9aS661.PD}0cN-k0Vi}dc^1dT6Ey<0/jXl??&&*9MTGV=Lh~MR2UYvuGcm%<sAlu9<lH|v~J^a`y;Xr6nhG)-~,hOw[Ms0}p4Nr9SYBOtH;kg$}-NXh%ldU!*G7 Xs4uZC%R7H1Y>X{rUh/yNv&k~q`O:*p2kbehG~J>ZFo^ [TRUNCATED]
            Aug 29, 2024 06:46:36.655745983 CEST224INData Raw: 4f a0 dd 62 81 54 d4 3a e9 30 ad 91 27 01 d1 9d db 12 e8 99 dd 08 d7 90 3b 08 a5 6f c6 68 fb 8c d4 c7 ba 4f 3c c6 71 e1 20 6d d5 0e 47 75 bb 4b 72 c8 16 4a cf 6a 82 07 ee eb 8a 13 d8 2f 22 75 2a be 60 07 de ce 67 9e d7 25 28 60 4c b6 24 94 06 a0
            Data Ascii: ObT:0';ohO<q mGuKrJj/"u*`g%(`L$Oi+DTal)c?(nl9J|i`ubQ'=Lm1Nh#!\6\NG~:QPkQgj}\lb")2=]w?dk
            Aug 29, 2024 06:46:36.655755997 CEST911INData Raw: 84 87 23 22 7f f9 46 76 fa 5a 24 0a b1 75 64 ec 33 f4 5b e1 ce 90 7f 42 e0 e4 4c 62 49 06 36 64 c1 6f de 57 a4 a8 47 25 c0 9d dc ee bc c5 7f 6c bd 8e 59 c8 1a b3 ee cf f2 96 9f ee d1 69 f7 1c 6c b6 b8 12 5a 6b 75 38 d7 59 c0 76 24 dc 8d e2 fd 75
            Data Ascii: #"FvZ$ud3[BLbI6doWG%lYilZku8Yv$u%;*Y {t<[N[N6'c$+k^'5TIO;}NOg9M(qXxEtt=/<+~W[`\vx_sN+iQyjX&S~WbN}a
            Aug 29, 2024 06:46:36.824934959 CEST361OUTGET /favicon.ico HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Aug 29, 2024 06:46:36.932065964 CEST451INHTTP/1.1 404 Not Found
            Date: Thu, 29 Aug 2024 04:46:36 GMT
            Content-Type: text/html; charset=iso-8859-1
            Content-Length: 282
            Connection: keep-alive
            Server: Apache
            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 6c 34 77 6a 79 69 6d 6b 2e 7a 6f 6e 65 2e 69 6e 76 65 73 74 69 72 2d 73 75 72 2d 6d 65 73 75 72 65 2e 66 72 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at l4wjyimk.zone.investir-sur-mesure.fr Port 80</address></body></html>
            Aug 29, 2024 06:47:21.943418980 CEST6OUTData Raw: 00
            Data Ascii:


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449735104.248.15.354435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:29 UTC751OUTGET /y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E HTTP/1.1
            Host: trk.pmifunds.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:29 UTC475INHTTP/1.1 302 Object moved
            X-Powered-By: Express
            date: Thu, 29 Aug 2024 04:46:29 GMT
            content-type: text/html
            content-length: 253
            connection: close
            cache-control: private,private, must-revalidate, max-age=0
            pragma: no-cache
            location: z.aspx?page=y&l=http%3a%2f%2fsecurity1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E
            server: Microsoft-IIS/8.5
            set-cookie: ASPSESSIONIDQCRABSBD=FEELKHODDGLOKNDDADAEFDOG; path=/
            x-frame-options: SAMEORIGIN
            2024-08-29 04:46:29 UTC253INData Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 6f 62 6a 65 63 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 7a 2e 61 73 70 78 3f 70 61 67 65 3d 79 26 61 6d 70 3b 6c 3d 68 74 74 70 25 33 61 25 32 66 25 32 66 73 65 63 75 72 69 74 79 31 2e 62 2d 63 64 6e 2e 6e 65 74 26 61 6d 70 3b 6a 3d 33 37 35 36 33 34 36 30 34 26 61 6d 70 3b 65 3d 33 30 32 38 26 61 6d 70 3b 70 3d 31 26 61 6d 70 3b 74 3d 68 26 61 6d 70 3b 44 36 45 42 45 30 43 43 45 42 42 37 34 43 45 31 39 31 35 35 31 44 36 45 45 36 35 33 46 41 31 45 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 0a
            Data Ascii: <head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="z.aspx?page=y&amp;l=http%3a%2f%2fsecurity1.b-cdn.net&amp;j=375634604&amp;e=3028&amp;p=1&amp;t=h&amp;D6EBE0CCEBB74CE191551D6EE653FA1E">here</a>.</body>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449736104.248.15.354435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:29 UTC822OUTGET /z.aspx?page=y&l=http%3a%2f%2fsecurity1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E HTTP/1.1
            Host: trk.pmifunds.com
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            Cookie: ASPSESSIONIDQCRABSBD=FEELKHODDGLOKNDDADAEFDOG
            2024-08-29 04:46:29 UTC363INHTTP/1.1 302 Found
            X-Powered-By: Express
            date: Thu, 29 Aug 2024 04:46:29 GMT
            content-type: text/html; charset=utf-8
            content-length: 143
            connection: close
            cache-control: private,private, must-revalidate, max-age=0
            pragma: no-cache
            location: http://security1.b-cdn.net
            server: Microsoft-IIS/8.5
            x-aspnet-version: 4.0.30319
            x-frame-options: SAMEORIGIN
            2024-08-29 04:46:29 UTC143INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 65 63 75 72 69 74 79 31 2e 62 2d 63 64 6e 2e 6e 65 74 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://security1.b-cdn.net">here</a>.</h2></body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449740169.150.247.364435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:31 UTC662OUTGET / HTTP/1.1
            Host: security1.b-cdn.net
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:31 UTC644INHTTP/1.1 200 OK
            Date: Thu, 29 Aug 2024 04:46:31 GMT
            Content-Type: text/html
            Content-Length: 1403
            Connection: close
            Vary: Accept-Encoding
            Server: BunnyCDN-DE1-1079
            CDN-PullZone: 2479732
            CDN-Uid: 760d5067-4200-4cb7-ada8-ce1aa806f237
            CDN-RequestCountryCode: US
            Cache-Control: public, max-age=2592000
            Last-Modified: Wed, 28 Aug 2024 09:18:59 GMT
            CDN-StorageServer: DE-382
            CDN-FileServer: 886
            CDN-ProxyVer: 1.04
            CDN-RequestPullSuccess: True
            CDN-RequestPullCode: 206
            CDN-CachedAt: 08/28/2024 23:45:28
            CDN-EdgeStorageId: 1079
            CDN-Status: 200
            CDN-RequestId: bf048a603fecfdece4a24bde740f9e7f
            CDN-Cache: HIT
            Accept-Ranges: bytes
            2024-08-29 04:46:31 UTC1403INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2f
            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Home</title> <script> //


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449742184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-08-29 04:46:32 UTC467INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=190222
            Date: Thu, 29 Aug 2024 04:46:31 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.44974334.233.69.2064435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:31 UTC704OUTGET / HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: cross-site
            Sec-Fetch-Mode: navigate
            Sec-Fetch-Dest: document
            Referer: https://security1.b-cdn.net/
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:32 UTC195INHTTP/1.1 200 OK
            Date: Thu, 29 Aug 2024 04:46:31 GMT
            Content-Type: text/html; charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            Server: Apache
            Upgrade: h2
            Vary: Accept-Encoding
            2024-08-29 04:46:32 UTC173INData Raw: 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 72 6f 63 65 73 73 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 3f 5f 6a 73 3d 5f 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
            Data Ascii: a7<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Processing...</title> <script src="?_js=_1"></script></head><body></body></html>
            2024-08-29 04:46:32 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449745184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:32 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-08-29 04:46:33 UTC515INHTTP/1.1 200 OK
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=190174
            Date: Thu, 29 Aug 2024 04:46:32 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-08-29 04:46:33 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.44974434.233.69.2064435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:32 UTC564OUTGET /?_js=_1 HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: */*
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: script
            Referer: https://l4wjyimk.zone.investir-sur-mesure.fr/
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:33 UTC200INHTTP/1.1 200 OK
            Date: Thu, 29 Aug 2024 04:46:32 GMT
            Content-Type: text/javascript;charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            Server: Apache
            Upgrade: h2
            Vary: Accept-Encoding
            2024-08-29 04:46:33 UTC937INData Raw: 33 61 32 0d 0a 69 6d 70 6f 72 74 28 27 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 66 70 63 64 6e 2e 69 6f 2f 62 6f 74 64 2f 76 31 27 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 6c 6f 61 64 28 29 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 64 65 74 65 63 74 28 29 29 0a 2e 74 68 65 6e 28 28 5f 72 29 20 3d 3e 20 7b 0a 20 20 20 20 6c 65 74 20 76 61 6c 75 65 20 3d 20 27 27 3b 0a 0a 20 20 20 20 2f 2f 20 4f 6e 6c 79 20 61 64 64 20 74 6f 20 76 61 6c 75 65 20 69 66 20 74 68 65 72 65 27 73 20 61 20 70 61 74 68 6e 61 6d 65 20 6f 74 68 65 72 20 74 68 61 6e 20 74 68 65 20 72 6f 6f 74 20 6f 72 20 61 20 68 61 73 68 2f 71 75 65 72 79 20 73 74 72 69 6e 67 0a 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 20 21
            Data Ascii: 3a2import('https://openfpcdn.io/botd/v1').then((_b) => _b.load()).then((_b) => _b.detect()).then((_r) => { let value = ''; // Only add to value if there's a pathname other than the root or a hash/query string if (window.location.pathname !
            2024-08-29 04:46:33 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.44974734.233.69.2064435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:35 UTC628OUTGET /favicon.ico HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: image
            Referer: https://l4wjyimk.zone.investir-sur-mesure.fr/
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:35 UTC164INHTTP/1.1 404 Not Found
            Date: Thu, 29 Aug 2024 04:46:35 GMT
            Content-Type: text/html; charset=iso-8859-1
            Content-Length: 282
            Connection: close
            Server: Apache
            2024-08-29 04:46:35 UTC282INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 6c 34 77 6a 79 69 6d 6b 2e 7a 6f 6e 65 2e 69 6e 76 65 73 74 69 72 2d 73 75 72 2d 6d 65 73 75 72 65 2e 66 72 20 50 6f 72 74 20 38
            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at l4wjyimk.zone.investir-sur-mesure.fr Port 8


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            8192.168.2.44974852.205.53.1104435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:35 UTC367OUTGET /?_js=_1 HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: */*
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: cors
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:35 UTC200INHTTP/1.1 200 OK
            Date: Thu, 29 Aug 2024 04:46:35 GMT
            Content-Type: text/javascript;charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            Server: Apache
            Upgrade: h2
            Vary: Accept-Encoding
            2024-08-29 04:46:35 UTC937INData Raw: 33 61 32 0d 0a 69 6d 70 6f 72 74 28 27 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 66 70 63 64 6e 2e 69 6f 2f 62 6f 74 64 2f 76 31 27 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 6c 6f 61 64 28 29 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 64 65 74 65 63 74 28 29 29 0a 2e 74 68 65 6e 28 28 5f 72 29 20 3d 3e 20 7b 0a 20 20 20 20 6c 65 74 20 76 61 6c 75 65 20 3d 20 27 27 3b 0a 0a 20 20 20 20 2f 2f 20 4f 6e 6c 79 20 61 64 64 20 74 6f 20 76 61 6c 75 65 20 69 66 20 74 68 65 72 65 27 73 20 61 20 70 61 74 68 6e 61 6d 65 20 6f 74 68 65 72 20 74 68 61 6e 20 74 68 65 20 72 6f 6f 74 20 6f 72 20 61 20 68 61 73 68 2f 71 75 65 72 79 20 73 74 72 69 6e 67 0a 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 20 21
            Data Ascii: 3a2import('https://openfpcdn.io/botd/v1').then((_b) => _b.load()).then((_b) => _b.detect()).then((_r) => { let value = ''; // Only add to value if there's a pathname other than the root or a hash/query string if (window.location.pathname !
            2024-08-29 04:46:35 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            9192.168.2.4497463.160.150.404435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:35 UTC590OUTGET /botd/v1 HTTP/1.1
            Host: openfpcdn.io
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            Origin: https://l4wjyimk.zone.investir-sur-mesure.fr
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: */*
            Sec-Fetch-Site: cross-site
            Sec-Fetch-Mode: cors
            Sec-Fetch-Dest: script
            Referer: https://l4wjyimk.zone.investir-sur-mesure.fr/
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:35 UTC698INHTTP/1.1 200 OK
            Content-Type: text/javascript; charset=utf-8
            Content-Length: 15196
            Connection: close
            Server: CloudFront
            Access-Control-Allow-Origin: *
            Cross-Origin-Resource-Policy: cross-origin
            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Date: Thu, 29 Aug 2024 03:00:08 GMT
            Cache-Control: public, max-age=593952, s-maxage=11307
            ETag: "5co2cnhGrt59+8B+iLKwJesMrpA"
            Vary: Accept-Encoding
            X-Cache: Hit from cloudfront
            Via: 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront)
            X-Amz-Cf-Pop: FRA60-P7
            Alt-Svc: h3=":443"; ma=86400
            X-Amz-Cf-Id: hBtBfkToJqGx61UlCeUdgdTwKdA0A3I8AB09mFcFXMitsW7cW77vhw==
            Age: 8878
            2024-08-29 04:46:35 UTC15196INData Raw: 2f 2a 2a 0a 20 2a 20 46 69 6e 67 65 72 70 72 69 6e 74 20 42 6f 74 44 20 76 31 2e 39 2e 31 20 2d 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 46 69 6e 67 65 72 70 72 69 6e 74 4a 53 2c 20 49 6e 63 2c 20 32 30 32 34 20 28 68 74 74 70 73 3a 2f 2f 66 69 6e 67 65 72 70 72 69 6e 74 2e 63 6f 6d 29 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 28 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 29 20 6c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d
            Data Ascii: /** * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com) * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license. */var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            10192.168.2.44975134.233.69.2064435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:35 UTC726OUTGET /?_r= HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: navigate
            Sec-Fetch-Dest: document
            Referer: https://l4wjyimk.zone.investir-sur-mesure.fr/
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:35 UTC199INHTTP/1.1 307 Temporary Redirect
            Date: Thu, 29 Aug 2024 04:46:35 GMT
            Content-Type: text/html; charset=UTF-8
            Content-Length: 0
            Connection: close
            Server: Apache
            Upgrade: h2
            Location: /preview


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            11192.168.2.44975034.233.69.2064435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:36 UTC729OUTGET /preview HTTP/1.1
            Host: l4wjyimk.zone.investir-sur-mesure.fr
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: navigate
            Sec-Fetch-Dest: document
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Referer: https://l4wjyimk.zone.investir-sur-mesure.fr/
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:36 UTC236INHTTP/1.1 301 Moved Permanently
            Date: Thu, 29 Aug 2024 04:46:36 GMT
            Content-Type: text/html; charset=iso-8859-1
            Content-Length: 346
            Connection: close
            Server: Apache
            Location: http://l4wjyimk.zone.investir-sur-mesure.fr/preview/
            2024-08-29 04:46:36 UTC346INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 34 77 6a 79 69 6d 6b 2e 7a 6f 6e 65 2e 69 6e 76 65 73 74 69 72 2d 73 75 72 2d 6d 65 73 75 72 65 2e 66 72 2f 70 72 65 76 69 65 77 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72
            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://l4wjyimk.zone.investir-sur-mesure.fr/preview/">here</a>.</p><hr><addr


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            12192.168.2.4497523.160.150.1114435100C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-08-29 04:46:36 UTC343OUTGET /botd/v1 HTTP/1.1
            Host: openfpcdn.io
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: */*
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: cors
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-08-29 04:46:36 UTC698INHTTP/1.1 200 OK
            Content-Type: text/javascript; charset=utf-8
            Content-Length: 15196
            Connection: close
            Server: CloudFront
            Access-Control-Allow-Origin: *
            Cross-Origin-Resource-Policy: cross-origin
            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Date: Thu, 29 Aug 2024 03:00:08 GMT
            Cache-Control: public, max-age=593952, s-maxage=11307
            ETag: "5co2cnhGrt59+8B+iLKwJesMrpA"
            Vary: Accept-Encoding
            X-Cache: Hit from cloudfront
            Via: 1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
            X-Amz-Cf-Pop: FRA60-P7
            Alt-Svc: h3=":443"; ma=86400
            X-Amz-Cf-Id: IJyGlBMYTpmmwf1k_dhYhuotDmDXyHViqxyXdyafrPJnzxTpkgn_4g==
            Age: 8879
            2024-08-29 04:46:36 UTC15196INData Raw: 2f 2a 2a 0a 20 2a 20 46 69 6e 67 65 72 70 72 69 6e 74 20 42 6f 74 44 20 76 31 2e 39 2e 31 20 2d 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 46 69 6e 67 65 72 70 72 69 6e 74 4a 53 2c 20 49 6e 63 2c 20 32 30 32 34 20 28 68 74 74 70 73 3a 2f 2f 66 69 6e 67 65 72 70 72 69 6e 74 2e 63 6f 6d 29 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 28 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 29 20 6c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d
            Data Ascii: /** * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com) * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license. */var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:00:46:22
            Start date:29/08/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:00:46:24
            Start date:29/08/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2192,i,10110161044368454811,7874456063879550184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:00:46:27
            Start date:29/08/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly