Edit tour

Linux Analysis Report
https://airmarkcomponents.com/

Overview

General Information

Sample URL:	https://airmarkcomponents.com/
Analysis ID:	1501760
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Queries the installed Ubuntu/CentOS release

Reads the 'hosts' file potentially containing internal network hosts

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501760
Start date and time:	2024-08-30 12:43:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://airmarkcomponents.com/
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Detection:	CLEAN
Classification:	clean2.lin@0/73@26/0

Warnings

Excluded IPs from analysis (whitelisted): 172.217.16.163, 142.251.37.3, 104.85.248.81, 104.85.248.88
Excluded domains from analysis (whitelisted): a19.dscg10.akamai.net, ciscobinary.openh264.org, fonts.gstatic.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, snippets.cdn.mozilla.net, www.gstatic.com
Report size exceeded maximum capacity and may have missing behavior information.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: /home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F
VT rate limit hit for: http://crl.pki.goog/gsr2/gsr2.crl0?
VT rate limit hit for: http://wiki.ubuntu.com
VT rate limit hit for: https://airmarkcomponents.com/moc.stnenopmockramria.
VT rate limit hit for: https://cdnstatic.check-tl-ver-108-a.com/ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ
VT rate limit hit for: https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=
VT rate limit hit for: https://github.com/
VT rate limit hit for: https://qltuh.algiedideneb.com
VT rate limit hit for: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3
VT rate limit hit for: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js

Process Tree

system is lnxubuntu1

exo-open (PID: 4734, Parent: 4674, MD5: 39c5fa78f1cb3d950b9944f784018d3a) Arguments: exo-open https://airmarkcomponents.com/

exo-open New Fork (PID: 4741, Parent: 4734)

exo-open New Fork (PID: 4742, Parent: 4741)

exo-helper-1 (PID: 4742, Parent: 1656, MD5: c27a648e34ba5ce625d064af015be147) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser https://airmarkcomponents.com/

exo-helper-1 New Fork (PID: 4749, Parent: 4742)

sensible-browser (PID: 4749, Parent: 4742, MD5: a5909f49ad9c97574d2b4c49cc24905d) Arguments: /bin/sh /usr/bin/sensible-browser https://airmarkcomponents.com/

x-www-browser (PID: 4749, Parent: 4742, MD5: 42b33a4578e4a51d8a5d1010c466a9d7) Arguments: /bin/sh /usr/bin/x-www-browser https://airmarkcomponents.com/

x-www-browser New Fork (PID: 4754, Parent: 4749)

which (PID: 4754, Parent: 4749, MD5: unknown) Arguments: /bin/sh /usr/bin/which /usr/bin/x-www-browser

firefox (PID: 4749, Parent: 4742, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox https://airmarkcomponents.com/

firefox New Fork (PID: 4773, Parent: 4749)

firefox New Fork (PID: 4777, Parent: 4749)

firefox New Fork (PID: 4791, Parent: 4749)

lsb_release (PID: 4791, Parent: 4749, MD5: 18cba7de7bfedd0d9f027bd1c54cc2b2) Arguments: /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

firefox New Fork (PID: 4811, Parent: 4749)

dbus-launch (PID: 4811, Parent: 4749, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr

firefox New Fork (PID: 4887, Parent: 4749)

firefox New Fork (PID: 4888, Parent: 4887)

firefox (PID: 4887, Parent: 4749, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab

firefox New Fork (PID: 4963, Parent: 4749)

firefox New Fork (PID: 4964, Parent: 4963)

firefox (PID: 4963, Parent: 4749, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab

firefox New Fork (PID: 5001, Parent: 4749)

firefox New Fork (PID: 5004, Parent: 5001)

firefox (PID: 5001, Parent: 4749, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58566 version: TLS 1.2

Source: /usr/lib/firefox/firefox (PID: 4749)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: airmarkcomponents.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730 HTTP/1.1Host: qltuh.algiedideneb.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/trls.js HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/style.css?v=5 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/css,/;q=0.1Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/main.js?v=3 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shared-js/assets/static-pl.js?v=4 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/corner.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5 HTTP/1.1Host: cdnstatic.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/apple-touch-icon.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/favicon-16x16.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ HTTP/1.1Host: cdnstatic.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-aliveCookie: __psu=5bae6dc6-cff2-4d35-8c46-e4e147c7e338
Source: global traffic	HTTP traffic detected: GET /sw-707a7d0735647f53a9228ce50d13ab46.js HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brService-Worker: scriptConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: c6kBy8Q962evQN09480c7A==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: m+gHMIH+bM+IXrbp144tUg==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: gzH4mgj0m04q25/HFLUzOQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: 2m+e3cL0QOajGC13MGedSQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: mG0Ahy8ERvDWimCnq72XWQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket

Source: global traffic	DNS traffic detected: DNS query: airmarkcomponents.com
Source: global traffic	DNS traffic detected: DNS query: qltuh.algiedideneb.com
Source: global traffic	DNS traffic detected: DNS query: qltuh.check-tl-ver-108-a.com
Source: global traffic	DNS traffic detected: DNS query: cdnstatic.check-tl-ver-108-a.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://airmarkcomponents.com
Source: 3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F.34.dr, F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	String found in binary or memory: https://airmarkcomponents.com/
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://airmarkcomponents.com/moc.stnenopmockramria.
Source: F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	String found in binary or memory: https://airmarkcomponents.com/predictor::seen1
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: 3D18B3B7E73CB9205101A761EB49BAE007D291B0.34.dr	String found in binary or memory: https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=
Source: 8F43299B2BBC180803AAE2295F17077D2C87FC5E.34.dr, 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff21
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://github.com/
Source: 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://js.streampsh.top
Source: 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com
Source: 3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com($
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, A9DB122571F6E7BBF5B17F0B73306BED943AF492.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=31
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, 3897E273C86B69E7EC90C667F04ACC4F68CD01F9.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=51
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, A32D31641179C3E5616066431ABEF74C58BB525A.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js1
Source: 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr, 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 44884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44870
Source: unknown	Network traffic detected: HTTP traffic on port 44878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35930
Source: unknown	Network traffic detected: HTTP traffic on port 44874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58566
Source: unknown	Network traffic detected: HTTP traffic on port 35928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33986
Source: unknown	Network traffic detected: HTTP traffic on port 33980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39214
Source: unknown	Network traffic detected: HTTP traffic on port 44872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39208
Source: unknown	Network traffic detected: HTTP traffic on port 43828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43828
Source: unknown	Network traffic detected: HTTP traffic on port 43826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44878
Source: unknown	Network traffic detected: HTTP traffic on port 43824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44894
Source: unknown	Network traffic detected: HTTP traffic on port 43820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44874
Source: unknown	Network traffic detected: HTTP traffic on port 58566 -> 443

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58566 version: TLS 1.2

Source: classification engine

Classification label: clean2.lin@0/73@26/0

Source: /usr/bin/exo-open (PID: 4734)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/bin/exo-open (PID: 4734)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xdefaults-ubuntu	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mime.types	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mozilla/firefox/5zxot757.default/storage/permanent/chrome/.metadata-v2	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mailcap	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-v2-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/cache/.padding	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Directory: /home/james/.drirc	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4811)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4887)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4963)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5001)	Directory: /home/james/.Xauthority	Jump to behavior

Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/cache/.padding	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-v2-tmp	Jump to behavior

Source: /usr/bin/exo-open (PID: 4734)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4811)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4887)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4963)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5001)	Queries kernel information via 'uname':	Jump to behavior

Source: /usr/lib/firefox/firefox (PID: 4791)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Hide Artifacts	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Hidden Files and Directories	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://airmarkcomponents.com/	0%	Avira URL Cloud	safe
https://airmarkcomponents.com/	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
push.services.mozilla.com	0%	Virustotal	Browse
cdnstatic.check-tl-ver-108-a.com	1%	Virustotal	Browse
qltuh.check-tl-ver-108-a.com	2%	Virustotal	Browse
prod.balrog.prod.cloudops.mozgcp.net	0%	Virustotal	Browse
airmarkcomponents.com	0%	Virustotal	Browse
qltuh.algiedideneb.com	1%	Virustotal	Browse
d228z91au11ukj.cloudfront.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://push.services.mozilla.com/	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
http://www.debian.org	0%	Avira URL Cloud	safe
http://www.debian.org/gro.naibed.www.	0%	Avira URL Cloud	safe
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730	0%	Avira URL Cloud	safe
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com	0%	Avira URL Cloud	safe
http://www.ubuntu.com	0%	Avira URL Cloud	safe
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.	0%	Virustotal		Browse
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/apple-touch-icon.png	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/sw-707a7d0735647f53a9228ce50d13ab46.js	0%	Avira URL Cloud	safe
http://www.debian.org	0%	Virustotal		Browse
http://www.debian.org/gro.naibed.www.	0%	Virustotal		Browse
http://wiki.ubuntu.com/moc.utnubu.ikiw.	0%	Avira URL Cloud	safe
http://www.ubuntu.com	0%	Virustotal		Browse
https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-	0%	Avira URL Cloud	safe
https://pki.goog/repository/0	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/favicon-16x16.png	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js1	0%	Avira URL Cloud	safe
https://answers.launchpad.net/ubuntu/	0%	Avira URL Cloud	safe
http://www.ubuntu.com/moc.utnubu.www.	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com	2%	Virustotal		Browse
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5	0%	Avira URL Cloud	safe
https://answers.launchpad.net/ubuntu/	0%	Virustotal		Browse
https://pki.goog/repository/0	0%	Virustotal		Browse
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5	0%	Avira URL Cloud	safe
https://js.streampsh.top	0%	Avira URL Cloud	safe
https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-	0%	Virustotal		Browse
https://airmarkcomponents.com	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=31	0%	Avira URL Cloud	safe
https://airmarkcomponents.com/predictor::seen1	0%	Avira URL Cloud	safe
https://airmarkcomponents.com	0%	Virustotal		Browse
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire	0%	Avira URL Cloud	safe
https://answers.launchpad.net	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com($	0%	Avira URL Cloud	safe
https://js.streampsh.top	3%	Virustotal		Browse
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=51	0%	Avira URL Cloud	safe
http://www.ubuntu.com/moc.utnubu.www.	0%	Virustotal		Browse
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire	0%	Virustotal		Browse
https://github.com/	0%	Avira URL Cloud	safe
https://qltuh.algiedideneb.com	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png	0%	Avira URL Cloud	safe
http://wiki.ubuntu.com	0%	Avira URL Cloud	safe
https://answers.launchpad.net	0%	Virustotal		Browse
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41	0%	Avira URL Cloud	safe
https://cdnstatic.check-tl-ver-108-a.com/ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js	0%	Avira URL Cloud	safe
http://crl.pki.goog/gsr2/gsr2.crl0?	0%	Avira URL Cloud	safe
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei	0%	Avira URL Cloud	safe
https://airmarkcomponents.com/moc.stnenopmockramria.	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3	0%	Avira URL Cloud	safe
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=	0%	Avira URL Cloud	safe
https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
airmarkcomponents.com	3.224.72.48	true	false	0%, Virustotal, Browse	unknown
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	0%, Virustotal, Browse	unknown
cdnstatic.check-tl-ver-108-a.com	188.114.96.3	true	false	1%, Virustotal, Browse	unknown
push.services.mozilla.com	34.107.243.93	true	false	0%, Virustotal, Browse	unknown
d228z91au11ukj.cloudfront.net	18.165.183.111	true	false	0%, Virustotal, Browse	unknown
qltuh.check-tl-ver-108-a.com	188.114.97.3	true	false	2%, Virustotal, Browse	unknown
qltuh.algiedideneb.com	104.21.22.55	true	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/apple-touch-icon.png	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/sw-707a7d0735647f53a9228ce50d13ab46.js	false	Avira URL Cloud: safe	unknown
https://airmarkcomponents.com/	false		unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/favicon-16x16.png	false	Avira URL Cloud: safe	unknown
https://push.services.mozilla.com/	false	URL Reputation: safe	unknown
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png	false	Avira URL Cloud: safe	unknown
https://cdnstatic.check-tl-ver-108-a.com/ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.debian.org	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.debian.org/gro.naibed.www.	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com	places.sqlite-wal.34.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.ubuntu.com	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://wiki.ubuntu.com/moc.utnubu.ikiw.	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-	3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pki.goog/repository/0	cert9.db-journal.34.dr, cert9.db.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://answers.launchpad.net/ubuntu/	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js1	3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	false	Avira URL Cloud: safe	unknown
http://www.ubuntu.com/moc.utnubu.www.	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://js.streampsh.top	3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://airmarkcomponents.com	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=31	3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	false	Avira URL Cloud: safe	unknown
https://airmarkcomponents.com/predictor::seen1	F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://answers.launchpad.net	places.sqlite-wal.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com($	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=51	3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	false	Avira URL Cloud: safe	unknown
https://github.com/	webext.sc.lz4.tmp.34.dr	false	Avira URL Cloud: safe	unknown
https://qltuh.algiedideneb.com	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
http://wiki.ubuntu.com	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41	3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	places.sqlite-wal.34.dr	false	URL Reputation: safe	unknown
http://crl.pki.goog/gsr2/gsr2.crl0?	cert9.db-journal.34.dr, cert9.db.34.dr	false	Avira URL Cloud: safe	unknown
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
https://airmarkcomponents.com/moc.stnenopmockramria.	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1	3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	false	Avira URL Cloud: safe	unknown
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=	3D18B3B7E73CB9205101A761EB49BAE007D291B0.34.dr	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
104.21.22.55	qltuh.algiedideneb.com	United States	13335	CLOUDFLARENETUS	false
188.114.97.3	qltuh.check-tl-ver-108-a.com	European Union	13335	CLOUDFLARENETUS	false
188.114.96.3	cdnstatic.check-tl-ver-108-a.com	European Union	13335	CLOUDFLARENETUS	false
18.165.183.111	d228z91au11ukj.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
3.224.72.48	airmarkcomponents.com	United States	14618	AMAZON-AESUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/home/james/.cache/dconf/user

Download File

Process:	/usr/lib/firefox/firefox
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	93B885ADFE0DA089CDF634904FD59F71
SHA1:	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:	B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:	false
Reputation:	low
Preview:	.

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3897E273C86B69E7EC90C667F04ACC4F68CD01F9

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	21265
Entropy (8bit):	6.164076841004113
Encrypted:	false
SSDEEP:	384:HBMOj0lUpGO1uuom2yveyBvlAEuuom2yveyBvlAv:HBMOj0KpGFuom2yveoAZuom2yveoAv
MD5:	B9B0DB00D75E0B811BB44A2DC97FD26C
SHA1:	4BD70B826024133CCA8EA2B8016F210B771AA0D3
SHA-256:	558FF255740982A6D9A93869988C6CFE2EA2146CF020546CA2A3F6FBD4CBC274
SHA-512:	4A473713176FEC0AF812E0268572399B475231CF0F5F0763882B0CC739DC75BF778B462893D08B243490FCAEE1E66AC42695F19B7749BC048B4B42D47F75CF88
Malicious:	false
Reputation:	low
Preview:	.qIk5bq,body,html{height:100%;width:100%}#body,#rShadow{position:absolute;left:0;right:0}#body,#rBodyBox,#rShadow{position:absolute}#body,#rHeadBox{top:0}.d8UNtF,.fXc8jQ{text-align:center}@font-face{font-family:Roboto;font-style:normal;font-weight:300;src:local("Roboto Light"),local("Roboto-Light"),url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc4.woff2) format("woff2");unicode-range:u+0000-00ff,u+0131,u+0152-0153,u+02bb-02bc,u+02c6,u+02da,u+02dc,u+2000-206f,u+2074,u+20ac,u+2122,u+2191,u+2193,u+2212,u+2215,u+feff,u+fffd}@font-face{font-family:Roboto;font-style:normal;font-weight:300;src:local("Roboto Light"),local("Roboto-Light"),url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format("woff2");unicode-range:u+0400-045f,u+0490-0491,u+04b0-04b1,u+2116}@font-face{font-family:Roboto;font-style:normal;font-weight:500;src:local("Roboto Medium"),local("Roboto-Medium"),url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2) form

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F

Download File

Process:	/usr/lib/firefox/firefox
File Type:	370 sysV executable not stripped
Category:	dropped
Size (bytes):	7020
Entropy (8bit):	6.0333603889604195
Encrypted:	false
SSDEEP:	192:M+bw9V9Sg4vh+bw9V9Sg4vEfbaI8j3qZpSl:N8j9UM8j9UETaId+
MD5:	D7F9E2F35B369C4E8A69F67B29952D82
SHA1:	CE3B91920F72C3E7BC28DC99BDC635BD51CB907D
SHA-256:	AA1FF1EA185A89E61C3107C1D1255544A966818A828EE0159EAB4E1A1FA3722C
SHA-512:	BC70A835FE2B9C5310007B6322B9FDF829753A7B8B9FD37B4D4A8D3A981A17BA5F7BA9A321041BE35736E6FBC1E0F6AE684D0C5CB12EC1DAD983BE11472E953B
Malicious:	false
Reputation:	low
Preview:	].DG........f..f..GD.X............:https://airmarkcomponents.com/.necko:classified.1.strongly-framed.0.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWnMIIFozCCA4ugAwIBAgISBPTPjaNTfUNPt8iUFyI1W1JOMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwODI5MTA0NDIxWhcNMjUwODI5MTA0NDIxWjAgMR4wHAYDVQQDExVhaXJtYXJrY29tcG9uZW50cy5jb20wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQDi58Hmewzi/9YpBkPtdkFCceWBkUv4objRc0zXqPErYdYHRHjQLndUq/AKxqUeE2v7gyZ2FMn6IyeddBGG/lxSCXxZLJVKqhZUrULq8YFUTmvksmaKVs0mtDzlzOTzyIEezyOI5UxLGNUrC3tfYNzlkoFRDkWnrUlj+WgPymlXe8oTCp55Pl42Jum9bplVp2OAg81IJCZfwIxElmiKaZJS0pisDp3lW49SZ1SSV5UsPFhUCt3bHKjw1+3KJEYcHTFLEyGXhfnQeWxZVStJA9FuKEr8kUKRnBIi1yZyWaF9HTY8m6NaXzDiDFIq6xxdVUu1tt6K15U3S3/tz7pzo

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3D18B3B7E73CB9205101A761EB49BAE007D291B0

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.484295629744289
Encrypted:	false
SSDEEP:	6:4tItU+oc5OZI5lCYDDQHMnWLx2+iBPiwCGub7SYEq1z0OZIQRGS6FK+Aetn:4ay+Z5OWlCuhWdxmsXoOISgKWtn
MD5:	187872097041218FC7A42615FD278D12
SHA1:	2413752F9547B398B555FE8942EE115BCB00EAA6
SHA-256:	FA73479482F5DCB90A72AAEAF14D57ABC876DFC9D3962B64668B76B7F3035415
SHA-512:	76B376B6273B05BF577F64C9DBC97A0A0A84B3A8E15BD3CF889F70FFD316C53E1327926B41BFEEA4CD1C1BDE965ED094F52FF1B7D87A634B906B780DB695D897
Malicious:	false
Reputation:	low
Preview:	(p~.........f..f..GD.[.......$....:https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5.necko:classified.1.....

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	19606
Entropy (8bit):	6.174513216403816
Encrypted:	false
SSDEEP:	384:yZW45uuom2yveyBvlAmuuom2yveyBvlAV:yUuom2yveoAruom2yveoAV
MD5:	157B425992087CD355D1385397EFF39C
SHA1:	F4C68FA2344B0AD3ECCA46D969588B96721E6AA5
SHA-256:	03820804305D7C9C316ECE6D012F94744E0170A10FEAF79A922D6A4FF3559CDF
SHA-512:	EF557AF5819D146DD0EC052B8953F4C248F1A29C828EEBB7C68A4DC3E31374E954B477C9EEB5CF3CD40C1A90943B5DC55CA9B36988770A15024B0F25B027A14E
Malicious:	false
Reputation:	low
Preview:	(function () {.. // Redirect When JS not loaded.... // Uncomment to use regular redirect without ssp.. // const trafficBack = 'https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-{reason}';.. // const trafficBackTrack = false;.... // Uncomment to use redirect through ssp.. const trafficBack = '{js_domain}/ps/tb?reason={reason}&sm={sm}&sub_id={sub_id}&click_id={click_id}&nrid={nrid}';.. const trafficBackTrack = true;.... // Options for workarounds.. const edg = true;.. const fullscreen = true;.. const defaultTimeout = 180;.. // ServiceWorkerJS fixed name (only for appspot landings).. const sw = '';.... // Use CDN static for JS.. const useCdnStatic = true;.. const cdnStaticPrefix = 'cdnstatic';.. const defaultJSDomain = 'https://js.streampsh.top';.... function getParameterByName(name, url = window.location.href) {.. name = name.replace(/[\[\]]/g, '\\$&');.. let regex = new RegExp('[?&]' + name + '(=([^&#]*)\|&\|#\|$)'),.. r

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3FE38C9C3C92A20A0349E3495766F11D3CA2EC60

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	25737
Entropy (8bit):	6.105720022933816
Encrypted:	false
SSDEEP:	768:K29xyuXS1iuom2yveoApL6uom2yveoApL81T:Txq1iuomT2oaL6uomT2oaLk
MD5:	51CCEE90285A0142D7C5652883E5BE5F
SHA1:	D9011E1141816D0E1BE63613CEE401F2E39FB35E
SHA-256:	858C79777DF7E52AF74F662D5D684C2371FC4D0150F451330D589244828AD1EC
SHA-512:	0F95CA4801628F5FFF6F06EF3DF91673DC06057E8793094C9DB0C5F21BF52473BA9FA67D90CC1BE4EAF8EB40607E47BF7787F12AF9AB625156D55A2698043854
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>..<html lang="en">.<head>.<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>.<meta content="f44d21508bd5bb1ec12d623b9e5f3510" name="pushsdk"/>.<title id="title">9c93ab72-b0cb-4706-96bf-9f5be09e507a</title>.<meta content="IE=edge" http-equiv="X-UA-Compatible"/>.<meta content="width=device-width,height=device-height,initial-scale=1,minimum-scale=1" name="viewport"/>.<script src="assets/trls.js"></script>.<link as="style" href="assets/style.css?v=5" rel="stylesheet"/>.<link href="assets/apple-touch-icon.png" rel="apple-touch-icon" sizes="180x180"/>.<link href="assets/favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/>.<link href="assets/favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/>.<link color="#5bbad5" href="assets/safari-pinned-tab.svg" rel="mask-icon"/>.<link href="assets/favicon.ico" rel="shortcut icon"/>.<meta content="#da532c" name="msapplication-TileColor"/>.<meta content="#ffffff" name="theme-color"/>.</head>.<body>.<div

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	7634
Entropy (8bit):	6.062802589677963
Encrypted:	false
SSDEEP:	192:4ZyurjaB4nyurjaB4gfbaI8j3qD7p37ps:4ZyureCnyureCgTaIdDNa
MD5:	63239619581E93A9F3A27E456E426F97
SHA1:	AD5C1F6DE6A1321A0DE2D72D18B6B08B1D88F8C8
SHA-256:	15B6AABC791AA5371EEDFF1B4462118C99BB2F45745C08A033FD465F766E5898
SHA-512:	034ED3D2B1E16CCC030F49AE592B7276CCAA3379D860F84F773C8CEA31F54880A414FEE9E481BA7471D6E169BF5B0FD6A3BFE734A917A3E06168FDA90304CB1D
Malicious:	false
Reputation:	low
Preview:	`l.P........f..f..GD.X............:https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/.necko:classified.1.strongly-framed.0.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWVMIIFkTCCA3mgAwIBAgISA2hPYr0LPOttuGxmTxZdewiAMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwODI5MTA0NDIyWhcNMjUwODI5MTA0NDIyWjAcMRowGAYDVQQDDBEqLmNkbi5tb3ppbGxhLm5ldDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAOLnweZ7DOL/1ikGQ+12QUJx5YGRS/ihuNFzTNeo8Sth1gdEeNAud1Sr8ArGpR4Ta/uDJnYUyfojJ510EYb+XFIJfFkslUqqFlStQurxgVROa+SyZopWzSa0POXM5PPIgR7PI4jlTEsY1SsLe19g3OWSgVEORaetSWP5aA/KaVd7yhMKnnk+XjYm6b1umVW

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8F43299B2BBC180803AAE2295F17077D2C87FC5E

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	113
Entropy (8bit):	5.091308054895191
Encrypted:	false
SSDEEP:	3:Kxli0HzhhW/XufDnZqcdAqsKTQKUEVIjYll/l:KDtU/uNpdAxIfllt
MD5:	365358615582BF184CB1E7B2D8E27698
SHA1:	48531FAB1421536BEB59B96C686A20EBD2F1F2AB
SHA-256:	AF79A24F6E97EE6FC88C9B7B8597B9A76B93817E42945B50A6069E27D5EF0B03
SHA-512:	6CAE6162578A4AE24B57780244B024DE76F1ABA140C36EAA7E87E9CF84AA965CB27F50CF1E7A4A1894A7ECAEDBEE7291FDCF383C7DB13CA41B092A26E1C2EB23
Malicious:	false
Reputation:	low
Preview:	n.Iw........f..f..GD.[.......H....a,:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2.....

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A32D31641179C3E5616066431ABEF74C58BB525A

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	27957
Entropy (8bit):	6.5040683250407785
Encrypted:	false
SSDEEP:	768:7DbhrCXmW8bhe+uom2yveoA8uom2yveoA6:7VCXm7NuomT2oVuomT2o5
MD5:	88505949240CE98D3E7BC95D6795460D
SHA1:	C0A72470BACE1A0993F63C91050D8071803245DF
SHA-256:	41D0AA05ECF442A4D23801C4800BACAB24E87F945CE2C984F0D6BE06D8FF24D6
SHA-512:	0712BF074A9FBE070D90FD0DB14A42553C554F77DA4413FEB1277CA41D4B54F51ED27DA5F00C7C53EEA9269070C811D914ABD0A333FAEF943983FA19E89F0DC1
Malicious:	false
Reputation:	low
Preview:	var translation = {.. source: {.. title: 'Click "Allow"',.. text1: 'Press the "Allow" button to verify you\'re human!'.. },.. en: {.. title: 'Click "Allow"',.. text1: 'Press the "Allow" button to verify you\'re human!'.. },.. ar: {.. title: ".... .....",.. text1: '.... ... "......" ...... .... ... ....... .....!'.. },.. az: {.. title: '".caz. verin" d.ym.sini bas.n',.. text1: '.nsan oldu.unuzu t.sdiql.m.k ...n ".caz. verin" d.ym.sini bas.n!'.. },.. be: {.. title: '......... "........."',.. text1: '......... ...... ".........", ... ..........., ... .. .......!'.. },.. bn: {.. title: "...... ... ..... ....",.. text1: ".... .... .... .. ....... .... ....

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A9DB122571F6E7BBF5B17F0B73306BED943AF492

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	20529
Entropy (8bit):	6.175628841519545
Encrypted:	false
SSDEEP:	384:oiLo2LLoyfQ7nzruuom2yveyBvlAQfmuuom2yveyBvlAQfd:/sgsyDuom2yveoAQfruom2yveoAQfd
MD5:	FEE1EF12A0AA2B54E70D7D96453CA9D4
SHA1:	B79DB1EC7A9DADFBE23414A6D72072E52F2E5CCF
SHA-256:	AD9C9AA488186CF88A164B1324617EB2B0C4B56CC3319AFFC436FDDF9378B6B5
SHA-512:	7AD5CA15223C00A5C77C42D59D3B81D4775006BEB69E7782C88A952ADCF38D02B293FB3D5430C64F397DE4D6F4470C69B94FC8EC79CB252D7B132A92211012D6
Malicious:	false
Reputation:	low
Preview:	document.addEventListener("DOMContentLoaded",(function(){I(),setInterval((function(){I()}),5e3);var e=document.getElementById("armLeft"),t=document.getElementById("armRight"),s=document.getElementById("eyeNormal"),i=document.getElementById("eyeBlink"),d=document.getElementById("rHeadBox"),m=document.getElementById("mouth1"),a=document.getElementById("mouth2"),n=document.getElementById("mouth3"),c=document.getElementById("rBodyBox"),o=!1;setInterval((function(){o?(c.classList.remove("rAnim"),d.classList.remove("rAnim"),o=!1):(c.classList.add("rAnim"),d.classList.add("rAnim"),o=!0)}),4e3),setInterval((function(){setTimeout((function(){s.classList.add("hide"),i.classList.add("showBlock")}),0),setTimeout((function(){s.classList.remove("hide"),i.classList.remove("showBlock")}),300)}),5e3);var l,r,L=0;function u(){clearInterval(l),clearTimeout(r),L=0,document.getElementById("mouth1").classList.remove("hide"),document.getElementById("mouth2").classList.remove("hide"),document.getElementById("

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	15179
Entropy (8bit):	6.0641491801248035
Encrypted:	false
SSDEEP:	384:hSFyureCnyureCgTaIdK1+k1+PSFyureCnyureCgTaIdK1+k1+F:hSFyure2yure7a8D9PSFyure2yure7as
MD5:	1B18BCD16F8DFDA7809758987F31F66D
SHA1:	790C284152FBFAAB82DC8F6A76716A72AE622ECB
SHA-256:	88E1F873EB5E554F95EF7CA9A8E600442D1633FAE2BBC4758D08BF96746634FB
SHA-512:	2BDC7644FCED160FE22E5901D80FEF682057E0960353D27B5E614918A23165BC4B49A08FD24C21FCDC446E701FFE53E1451E7712625DE4F654C33FE0B8BD440E
Malicious:	false
Reputation:	low
Preview:	{}...<?6........f..f..GD.Yf.\...S....:https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWVMIIFkTCCA3mgAwIBAgISA2hPYr0LPOttuGxmTxZdewiAMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwODI5MTA0NDIyWhcNMjUwODI5MTA0NDIyWjAcMRowGAYDVQQDDBEqLmNkbi5tb3ppbGxhLm5ldDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAOLnweZ7DOL/1ikGQ+12QUJx5YGRS/ihuNFzTNeo8Sth1gdEeNAud1Sr8ArGpR4Ta/uDJnYUyfojJ510EYb+XFIJfFkslUqqFlStQurxgVROa+SyZopWzSa0POXM5PPIgR7PI4jlTEsY1SsLe19g3OWSgVEORaetSWP5aA/KaVd7yhMKnnk+XjYm6b1umVWnY4CDzUgkJl/AjESWaIppklLSmKwOneVbj1JnVJJXlSw8WFQK3dscqPDX7cokRhwdMUsTIZeF+dB5bFlVK0kD0W4oSvyRQpGc

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/F044322FA5BF290DD59313620194059BDC3D6C98

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.648884791159378
Encrypted:	false
SSDEEP:	3:880HV+hiNRD/8tb9vX3XDksOGKoQAKKKlVX8sX3u+llln:ChROlXDAGKbFqsHHl/n
MD5:	D61674916D946AFE628A53D5355432D8
SHA1:	B9D1CC6CA12EFF1063B05B05F1985A7B868951D6
SHA-256:	918E7FB4AAB11D9BBA63AD6D526E6729CE1FDA3E9193D8356DE3D23ED68F12EF
SHA-512:	9608BB901F0053B21B783F3130E7AA10080B9B5ECCC9EB5E009368B7F889865F13CB3F0ED94DDA5898441DA527E6C3A1F37C963F379274723286B5C22912F636
Malicious:	false
Reputation:	low
Preview:	...........f..f..GD.X.......1....~predictor-origin,:https://airmarkcomponents.com/.predictor::seen.1.....

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B

Download File

Process:	/usr/lib/firefox/firefox
File Type:	PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	16028
Entropy (8bit):	6.2007850875309725
Encrypted:	false
SSDEEP:	384:P1uuom2yveyBvlA02xuuom2yveyBvlA02S:Psuom2yveoAiuom2yveoAQ
MD5:	EF3244F4A3764CDFC3D0CB80EEBB2B83
SHA1:	412405C25D9709A491873E41906D161DBABC1F23
SHA-256:	D872E0809082BD5DCF257F3E971F17E4473B212AE79565843BFE9663B95F5D71
SHA-512:	A08122F9C715E93D14A501BA5EF869874DFFF0D9B9A4F9860F11D9EA7DD4BA28B9AB957B489388FF64183DC095B1AB39070A3D64432EC63B516547B980C63F98
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,...,.....)Z.3...<PLTE..........................................................e!J.....tRNS...2..U... .w..D%.0k......IDAT8..7..@.....2....+..3z*...GMn..........w.......x..4.7....7.7.l.l.l.......=.=.A.M.M.M.M.M.n.o.o.orm.}.+.\...J.=OC....Ku.R.Z..#.<.d.......IEND.B`....&.Q........f..f..GD.Zf..E...C....:https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWcMIIFmDCCA4CgAwIBAgIQMxVYei43ECQTAUs8oNVnLzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDgyOTEwNDQyNFoXDTI1MDgyOTEwNDQyNFowITEfMB0GA1UEAxMWY2hlY2stdGwtdmVyLTEwOC1hLmNvbTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAOL

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.59524688231097
Encrypted:	false
SSDEEP:	3:VUystlMl3YLLLLLLLLLLLZ69kHrRbXq6Eeqy8A5ljGR9:ek3klm7eQA5Nq
MD5:	D886A47C89D9C49C795DA345BC236990
SHA1:	59E863E0D2B4E428D8C738D48FA0F6F7BAC36849
SHA-256:	A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
SHA-512:	8B5A117BC33463F181458F0A99C14657B365CE2A7695DB346D2D086109176AD019DBD5A5F34F09DC3438E6C89CA93D83875DAA6D463EB06D995A2523FE51A5ED
Malicious:	false
Reputation:	low
Preview:	;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......5...8........G...r.E...&Y...Z.;O.C.X....Y9.H...]..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	71044
Entropy (8bit):	7.773438541966354
Encrypted:	false
SSDEEP:	1536:y2skugLebjn9aAt7UGSrqAv4IqISIPP9xubG:ycLAj9aAtY4AwIaIdxF
MD5:	60985C9439E7E254CA4EAD41AD1EFF32
SHA1:	184C8B3263D678D854F7B05FC41FDD3267A46FD6
SHA-256:	5DA0A3FFC814575410D0F58D9647944AF4EB0809BE9E3475CD96B94DC2B14B56
SHA-512:	6894ABAAD1B68CC8844D088832EEC9B5048E68190D8B330A8564D04330022F19A0ACFCFE7B15A0E4F90B8C84538DBF2FF4DA00DA80B5046F6F739A3C0A35B73D
Malicious:	false
Reputation:	low
Preview:	;.1..............................-.\....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../.-.\...z+...m....S..5..6..H.e..B...-.\.7n....~<.g94...f....\.~..s[.s..-.\.Yo..V..}B1.1k.........oS...y%..-.\.q#..QD.:..",=(.....l.......7.O..-.\....q.......A-@..R.,.m.....4.-.\......AS..F...b.. .V....o.Rs.3.-.\...ua...`...-.#,..{....D..RI....-.\..'.Y.....<~..H.(.).}...7...#w..-.\.+...g..K.A6...a....$.'....45.-.\.N...P......o.}4.<......'.@py....-.\.U.......V.yb...n......E.>.....-.\.Y..(.xZ..}...aFfuj.x.......@..-.\.h}...W@hC..6.B\|xoU/VY.p.....4..-.\...#...g.T..<BwH.t...4..#.jN:...-.\..Z7.15.J@h...Q..x....k.?.{..B.-.\...KJ..M....\._..mx'.........-.\..p..i...W.H..JQ.y\\|3vD.~.).f..-.\..w...MEL.{..I.>Bm..O.....E._A..-.\...U....X..3.}..,.>..c."9o.<.-.\...C.....8u..H.....a..j..Xb..n..-.\..mR......D..qD#...w....f.O.?...-.\.Sx..W......v.>7v...>..g.{..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	7648
Entropy (8bit):	7.734433994790214
Encrypted:	false
SSDEEP:	192:9R3/tArlx3czyJ7ALpZ8X7WIisGQchKjmD9ls6ZqOgC:Lvarn3czxLDuliuyD9lLZ7F
MD5:	0E8FE60CCD7E9B4C32589A5743A95302
SHA1:	190F3BC536C9489C707AE31DA32BF86947EA5D78
SHA-256:	2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
SHA-512:	0AF17BD91464F26072F42BACFBB6BA72E68FA07B9D5801A92B14624CC51EBD00AB127272CECD8DF6FE650FE07BF170FD6422D70C2E8CD8F9AD94BC11548446BD
Malicious:	false
Reputation:	low
Preview:	;.1.............................f/Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........T..]..h...........t.V..@..'.f/Y.hy..../..s:....@R$.Q...w..V...f/Y..Y..1...c./!>O.3!..2...f L.x.6f/Y..&F.}......ez.N.R..j....3.;.if/Y....t.J....b.n...5aL...../...f/Y.dm....5.S.k...y+.....T.....Q>f/Y..-..nj.p..z....g...^T......f/Y...`.t9..(...@..'..u.8v%.d..^.f/Y...Z>Z_.b.[).B!/..U.W.y!.G.u..f/Y..@..WG...PAG.I=tsO.......`.N.f/Y.f?..G....;.c.`X....z....j...K\|f/Y.j....A-'v...].]-.....Q..L.4.Jf/Y.{a...!.-#...7.b..\h.4.~..=.ff/Y..{B.7...Bx.K..@.v...76."..hf/Y..;..Q.......!.<...Bd9I.....Mf/Y.B..mFYTJ..5..yj".T.........f/Y. ..'.',1...D......".L/......e.Yf/Y.!W..C..W$........8h.A..Nr;}mf/Y.[..6n.ZkJ.....2........xn..f/Y..,..8n..-E.....s.\|.N..2..Z..f/Y....C.EI....21w.l...Q.p ....f..f/Y.K....J..+.C:...v1...jo.7......f/Y.C."..c.].,@.....u.}.....~

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	82744
Entropy (8bit):	7.772258239877141
Encrypted:	false
SSDEEP:	1536:RXoNNS+GqTr4HlEGVibr7rF5HlwU67HJxPU659kHvfrk++:RYfSAr4FRibr7rhojLPb5sU
MD5:	04824A1F92353F43EBB9E7F74B7476FD
SHA1:	C2636E8FFA8A5256D7D1F21E147101356E783114
SHA-256:	B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
SHA-512:	92914B56FB2BDCDDCC1BEE2BF4DC98420CF0B923D380BB889C8A6EBC333D74EA4DDCA915218BEA0E729782C4904983424F1DE15BE7087C5A5338AED7319A03E5
Malicious:	false
Reputation:	low
Preview:	;.1.............................a.!Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../a.!Z....Nt.HO5..... ..UM..7<....a.!Z...R..Cl.&/ZM....L...n..9.k.7<.a.!Z...z+...m....S..5..6..H.e..B..a.!Z.Yo..V..}B1.1k.........oS...y%.a.!Z.a{.{..>...M.3....[.THR..>...a.!Z.b.K#.... ..!D.n...}...#k..N..a.!Z.q#..QD.:..",=(.....l.......7.O.a.!Z....q.......A-@..R.,.m.....4a.!Z...Z....]..v..M.&.t...C.D.PA.h..a.!Z......AS..F...b.. .V....o.Rs.3a.!Z...ua...`...-.#,..{....D..RI...a.!Z..'.Y.....<~..H.(.).}...7...#w.a.!Z.N...P......o.}4.<......'.@py...a.!Z.U.......V.yb...n......E.>....a.!Z.V..<.>>....r..In+....v. :L.~..a.!Z.Y..(.xZ..}...aFfuj.x.......@.a.!Z.h}...W@hC..6.B\|xoU/VY.p.....4.a.!Z...#...g.T..<BwH.t...4..#.jN:..a.!Z..Z7.15.J@h...Q..x....k.?.{..Ba.!Z..p..i...W.H..JQ.y\\|3vD.~.).f..a.!Z..)Z.ns.@......O..F...c.9[x.pa.!Z...U....X..3.}..,.>..c."

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	268
Entropy (8bit):	4.291717925117119
Encrypted:	false
SSDEEP:	3:VUystlnlftwLLLLLLLLLLLg2qaXlY0WsLhxrbxq4Y0g42Vv:eziqaXlYfaNbg42Vv
MD5:	C921D8E98FA01B4F303481E112202E92
SHA1:	9D23B452AD0D06C355477CF70E3AA5D0ADFE6278
SHA-256:	4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
SHA-512:	D06422752562AFD1F8B94FF09FC9460BE58E07A84FC537FB6B56B1551C37DB7E56CB7932CC2D27D2FFE2CBAB6EC85BDDA6778F2E812E69E5193FCD6BC77066F2
Malicious:	false
Reputation:	low
Preview:	;.1.............................Q..Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......C..8.r..M.'j....-...~.B........Q..Y_.P..........X+.s.........cWn..Q..Y........g.,.}t.!

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.6124882616213143
Encrypted:	false
SSDEEP:	3:VUystlMl3YLLLLLLLLLLLpRy5Ae28XzWvhSSz17Sn:ekeU5AezzWvhSSZ7S
MD5:	6F85BC4B2ECB49E26B0BD83A821065D0
SHA1:	4DF430B4D63605E41855DBCB3837A189D4CC7604
SHA-256:	C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
SHA-512:	AE7688D501A1F59D4C247ED57BA0547F6376748AF57F554BA1B6DE0EF358ED5868721886BAF94813979B3A9968EC330CE11C41767E4AF42DB413EFC9556C2E22
Malicious:	false
Reputation:	low
Preview:	;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......U...f.....aJ.-.....b..rE..{....C.X...U.K..yP.SQS.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	4.70325744277424
Encrypted:	false
SSDEEP:	3:VUystlCwLLLLLLLLLLLPaueiydb1Vf/cMLkBR53B2mZ6C6duKZ/PfuSv+/rI4:e9MHk5xaCQuWGjI4
MD5:	BA0009932844173BC8F9AF264229DF24
SHA1:	C8F6956FA86F4E9CF71599B735E28860245AE4B5
SHA-256:	66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
SHA-512:	582D7F28F41E6A7A5F882D15EC1F48D0BE57DC63E1A0D6E6A8BBD442A3AC27E38E0C3FDB3E1C30F416C41649391AFDE61F8079844B61A4995E0AB34D6CC8E745
Malicious:	false
Reputation:	low
Preview:	;.1...............................yZ....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......#...).=..HZE.E.........9N..u3.....yZ..?\.I.u...Mk..<.......Ly......yZ.J...t...{.6w..y.m......Xj..yZ.w....m .U-.mCL.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	3580
Entropy (8bit):	7.671891447828382
Encrypted:	false
SSDEEP:	96:kvmXn/rUKZuGD5fR3TNQCTBl0VyCt9wrEZRg5n:kunoKpD553BQ3t9OEzun
MD5:	D6ACF2573E12AFDD7939568804D3FCC1
SHA1:	5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E
SHA-256:	5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
SHA-512:	1F72C01AA332A6E3FC5F966ED2B12534653BCACF2DC242850877961CC4C16AC3BD1846939D56EA6E230A71F336F4B37F67E0070DDDB66D57BB51526DE52819CA
Malicious:	false
Reputation:	low
Preview:	;.1.....................^..........W....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............p.....a.....J.B..gZ.........W....+.O..!l$...K...aP....C.5......W..;..t7p.'..qR..,....x..lP..Z...W.1.[.8..^...x.T)..}.Uj2.t..._.B...W.......1.f\|....;.m..i...........W.Q....";...'N..o>....UD..........W.Um..Uz"K...H`."e..\|...'...L...v...W.B...`..r{@...J.^....@r...B....W.}..A.......@..A.G.q...@.5.....W Iod}..zVD../xY..p..h.Z.`i&......W$HWYI.;.~..m.~..5....`.$.J.....W)w.\...t.'[!....#...G~]..CS>.@{...W$.u..%.H4....p\\|..v..)...........W4.8....g.iQE...t.....z.X....N.....W5Feb).<@3Z._..f...e.y.....u.....W6;.')..K.0.b9G.2.n........eP.d.....W6]Y1_A]xZM.L./ozM1S^.a.s....P.H...W77......Oc......g.R....d9F.9.sY...W8.....[.-..............@.?.......W9.R,.j<.G..{.<.,.8..hW.V"../....W<...#5../......@ij...8%0.gX..6...W?.......V..Z\.)..P...w.f...-...W@....c.m.I...G.q.H.R.E.. .

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	333988
Entropy (8bit):	7.7734168827853685
Encrypted:	false
SSDEEP:	6144:Cl/mBoixkKBn/Hd+os1p8vuG3SI7AT6/GIUegPF+8wkyyXDvo7TYwTS:4/FiHBn/9+o9GG3SID+IUey+ryXDOTYr
MD5:	845BEDB718B8941F643BB988F640E141
SHA1:	DB9BC33A9C9FF6E6D3651710DC1AC8D387759D24
SHA-256:	5083D014CC7E8CFB15D4803429A9AB5FA397E1010CE66D0C8B8215C7FC3C6FDE
SHA-512:	96B64D39DC9B4E137D5BB93FD7EF18ABAB3D956C2819C1E569B5E9971AEC465B4EA084058F7F7C1B9012F52AC61189C6D3CF07AD47D2015D372754096FA03349
Malicious:	false
Reputation:	low
Preview:	;.1.....................8$.......-.\....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............TV8.1..h@)..N.5.J..._.:BcT.-.\..a...'&.k.$..#.Y... -..W..(.-.\.".`....T..../[..A3..FI.rN<%N.".-.\.#<.k.+^5Q..k..jMY>.tj+.e....J.-.\.,.3b.E9ZC.j..N..l&3.XS.~b...B.-.\.-.s.vf^..9)#x<{.Y...<....z....-.\.?Yj...br4...........J.Z!......-.\.M...+.UJ.)..r..{.t.....f..B.-.\.R2."..'..k..9/z..`7d..#BmeN.j.-.\.T.........}i.<............y.-.\.U.6..."P'/.....J.....>j.E....O.-.\.b.&.-1.....7..[.UOS.W....=..R.-.\.m.#..,..D.&._^.jy.i...p.....hO.-.\.p...RrKJR.U..c"bG7.y.5..YU......-.\.t.L3..e...\.^.;2.......E...fB..-.\....a.):.;rk...U..P.....^..?.KV..-.\....'..>.$.B...3}...T.....E+.....-.\..H.K(.!.A.....(.....H...D..-.\...&q......Y.m4.D.'..S~..w.......-.\..(......7......h.5..P........4.-.\..=#.u@.9.-21.*.x....Gs....^.Ep.-.\..L..m.'..%.;..[.......z.DVn:.-.\.....8?.....h....q....!.j.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367009024331335
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLVtFKAuB079M3Xs/phm:eksMFKy9M3XIQ
MD5:	E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:	C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:	7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367009024331335
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLVtFKAuB079M3Xs/phm:eksMFKy9M3XIQ
MD5:	E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:	C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:	7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3293711760593867
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLaJPKcZrl3LcC5rY+HVl7sAVZwn:eksbQa3Lz5JPgAVen
MD5:	051FB32DECE757BA112AC36DC72E3A91
SHA1:	A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:	ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3293711760593867
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLaJPKcZrl3LcC5rY+HVl7sAVZwn:eksbQa3Lz5JPgAVen
MD5:	051FB32DECE757BA112AC36DC72E3A91
SHA1:	A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:	ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3683561037768297
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLJnawdSW+vmhnki/0Bn:eksSajWQji0
MD5:	3675254E341DF799D4307C1F59109185
SHA1:	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:	9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3683561037768297
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLJnawdSW+vmhnki/0Bn:eksSajWQji0
MD5:	3675254E341DF799D4307C1F59109185
SHA1:	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:	9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.302539208701039
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLOW4xUO0f0iI8hE1R73sBKD:eks3pf+8RABy
MD5:	3D1CE5E50208F0CB3B979186043A548F
SHA1:	10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:	AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8\|..d.\|..{

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.302539208701039
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLOW4xUO0f0iI8hE1R73sBKD:eks3pf+8RABy
MD5:	3D1CE5E50208F0CB3B979186043A548F
SHA1:	10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:	AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8\|..d.\|..{

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	272
Entropy (8bit):	3.9834161156862735
Encrypted:	false
SSDEEP:	3:VUylllvl2lll1lCLLLLLLLLLLLQ0ZIn39lAN6r3Zzk9uYs/wPMuiC:rUiU3gNAigr/wMC
MD5:	95F28EDE25C301301F25FBBD9A3C56EC
SHA1:	80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:	C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:	false
Reputation:	low
Preview:	;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	272
Entropy (8bit):	3.9834161156862735
Encrypted:	false
SSDEEP:	3:VUylllvl2lll1lCLLLLLLLLLLLQ0ZIn39lAN6r3Zzk9uYs/wPMuiC:rUiU3gNAigr/wMC
MD5:	95F28EDE25C301301F25FBBD9A3C56EC
SHA1:	80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:	C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:	false
Reputation:	low
Preview:	;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.4079994338327437
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLYdIVDdSxcEtY4NL/n:eksdWdSxc3wn
MD5:	65E942614EEE70680464AC4BE75019FC
SHA1:	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:	55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.4079994338327437
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLYdIVDdSxcEtY4NL/n:eksdWdSxc3wn
MD5:	65E942614EEE70680464AC4BE75019FC
SHA1:	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:	55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367107760120435
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLge3nZsRusljWFgm:eks5EsRRQB
MD5:	A5695CC64D77967232B0C1344C6E72B3
SHA1:	B0F151A5292D4B796668B242BF896FDBB5A24B67
SHA-256:	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
SHA-512:	C09F56E91B41D01375C458A6CCC3FC0CEDC18696AEC5D7A2520C51905F4D9BC660F3AD28E69D64B3814AEB3279AFC686794C986F0FA6212463F3AAC850D40019
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......^......R..U:N......LgY.u.l..H.Z....N?^c.d...].1. b

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367107760120435
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLge3nZsRusljWFgm:eks5EsRRQB
MD5:	A5695CC64D77967232B0C1344C6E72B3
SHA1:	B0F151A5292D4B796668B242BF896FDBB5A24B67
SHA-256:	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
SHA-512:	C09F56E91B41D01375C458A6CCC3FC0CEDC18696AEC5D7A2520C51905F4D9BC660F3AD28E69D64B3814AEB3279AFC686794C986F0FA6212463F3AAC850D40019
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......^......R..U:N......LgY.u.l..H.Z....N?^c.d...].1. b

/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	87413
Entropy (8bit):	6.216836533049614
Encrypted:	false
SSDEEP:	1536:X5vK21wGeN4Z/tC3TY4gO3qONwt1Tbt4/xGJEIQiXdk992f6mwSO+lx:XZK2GGeN4cLFqxyiC906mpOY
MD5:	DF89BE985389E4CFF234BACF93EF65A6
SHA1:	FDAC3EC5074F8CA56F91D34E62029D8519C40DCA
SHA-256:	DBC40950F843FDE9FC2CF0632224D8F3C6A6E0D647786891387998F0CDA94645
SHA-512:	1B7E911713D0C976EBF518AE2969C38C78BD1D687F610738530C8929C83997A62B880DC17B6D254203236E86F5849758BC68E9C48E648450DC5C33A2C5E39441
Malicious:	false
Reputation:	low
Preview:	mozJSSCLz40v001...............................manifests ....S..... ...formautofill@mozilla.orgH...(.21.0=..`.....Qen-US..s.........qapiNamew.1.....S..... ..dependenci$..(...(."id.......x........p..application... ....Rgecko...............strict_max_versionU....,..(./in(....P..update_urlA.....P..X...0.cauthor'.C........browser_specific_setting.....3...0..descript...P.{homepag..3...@..........S..... ..name.......cForm A..C......dshort_.....3... ..e...... ..backgrounH..... ..persistent......`....ss.............B...`..3.o.z.-.e.x.t.e.n.s.i.o.n.:././.5.0.d.7.6.b.8.e.-.8.d.3.b.-.4.7.5.7....5.1.6.-.c.d.6.6.5.8....c.7.4.5./.b.a.c.k.g.r.o.u.n.d...j.......S........content_....... ..ecurity_policy'..H..develope[.....x.Shidde....X.'icq..P..incognitt.....spanning....minimum_chromeN..}..P...(.\opera'.C....(..o...al_permiss....... ..0.As_uiq.....(..G...(...h...web_accessible_resourc............_overrid)....3........(ac.....scommand..$..p..devtools_pag........qomnibox.....;agem..`....nsideba........?ur

/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 1426 bytes
Category:	dropped
Size (bytes):	638
Entropy (8bit):	6.058376992808135
Encrypted:	false
SSDEEP:	12:vkIb3bQPnkKNuN7Xnwutjp/Ai8AXyIF9nfvER9lyNinNii1ABHM6+ztbuEv2Ge:v5r4mNrnwunjR9filyNIii2sdVL7e
MD5:	C03070F8A39B68E1DF90C197530147B8
SHA1:	CA5D078F9FE04FA46AF10505F930F1F67DEA4314
SHA-256:	FB1ABAC28102E4FD1F7CD97C8B4135681C9BD4BA0EF1517895B278DB52BF5256
SHA-512:	26F8A7162835574D22C0AF33AD8F1EE1F1C24F473FD54C835D8DD512C0F26B4F30EBC9F0AE2DE6C8CA3EA92D0402867271B3CA29197B6ED141527EC4FA8200B6
Malicious:	false
Reputation:	low
Preview:	mozLz40.......{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1554899853000,"loader":null,"path":s.....xpi","runInSafeModej..telemetryKeyC.7%40....:1.0","version":"...},"screenshots..T.r.......B....K35.0......startupData...p..astentL..!er..Arunt....{"onMessage":[[]]}}}},"webcompat-reporter7..Ofals..&.z...?...I..F. 1....-..............)....p....!...Y3.0.2......'...webRequest..BeforeSendHe......[{"tabId..0typ0....0url$.U"://...-....-testcases.schub.io/"],"windowQ..},["blocking........?]],......directvnow.comn.!....P.0tag..%{}..../usr/lib/firefox/browser/features"}}

/home/james/.mozilla/firefox/5zxot757.default/cert9.db

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	458752
Entropy (8bit):	0.4274693102066276
Encrypted:	false
SSDEEP:	384:9ozkVmvQhyn+Zoo+wJtKZYcMM0cTozkVmvQhyn+ZooNwJtKZYcMM0Xyw:90wJtgYcMOHwJtgYcMT
MD5:	900211D7DE30960C2A4E0D7A47F0CFEB
SHA1:	D7B2DBD51226CFAEF7C845749D777E3EDEF35234
SHA-256:	0CB8745FED8EDD90B669E5DC5CDC25C70E6B290BB4ED47DDB53C92D71044CA8E
SHA-512:	51FF3EED8652F26DA9744128498BD8509B7C06A7787C950FF47AE875775E43121B866ADDF5E1C0AB3E46651A4C96D1D204A2CE7B20ECFB24865B4F838EB3C305
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................,P.....z..\|...{.{.{@z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	459912
Entropy (8bit):	0.35329559318597326
Encrypted:	false
SSDEEP:	384:WZYcMM0kSozkVmvQhyn+Zoo1wwJtKZYcMM0xCozkVmvQhyn+Zoo/:cYcM/owJtgYcM4J
MD5:	D4FCFA04AE403BABF28BA585B3A205C5
SHA1:	F7AB07907132FAFCBB427ECD881BB29D48947292
SHA-256:	49CBA104C7E9B8CC2844CD1CE344A479F6E10A5A437CFE823A4F71B399D369C3
SHA-512:	D297BAA9D595D5387DBD91E8507FC121E9A7401D3108D6AB5BBD03AFA8D4935298784C4532D97D8E30954F7B0F506DCACA45ACBD29867C312B8AFF56FD932DE0
Malicious:	false
Reputation:	low
Preview:	............_qn`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	295160
Entropy (8bit):	0.12109074225950223
Encrypted:	false
SSDEEP:	48:nneHk9uvTWSsExeHk91+9Tsr5XSExeHk9Mf39TW:c6+6q
MD5:	0724DD4DEADBF04A535E2E2433BB64AD
SHA1:	919362B32803883ED946FA2BFC47E66860AAFDAD
SHA-256:	7AAB7E182A0B9E1147CBFF17B4B67B0D43C9D93AC528EE7064AA57622384F44B
SHA-512:	0DC7F5F8F0B7C681A1DFF1FE4EF6672473C6A7DBD23BC725D78E66290376D53B4E435DA0199C6EE06E86D5BB48A95CF32AEB7A1F9D349E8158903B481B588C5D
Malicious:	false
Reputation:	low
Preview:	7....-.............]e9/;3I..&.............]e9/;l..2^......~.....I~.~.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/key4.db

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.3921129614382668
Encrypted:	false
SSDEEP:	192:mJLvKXzkVmvQhyn+ZoQfqlQbGhMHPaVAL23v8Qs0bblv:mJLozkVmvQhyn+ZooQs0Fv
MD5:	EC5B6A46DBCCE619CA3B776BE7A7F16B
SHA1:	14D5CEE4CA91C4A4818A20203BC779A443B6C735
SHA-256:	D0680E842ACAC8BA47E02C4683999E3A047C9F74707080CF0391D74E5323F020
SHA-512:	3968D881471BBAE8CE2D5DE45A5ACBE1373A498EA60DD7DBDF5A24DB76C6691F5F7E833E8376A1337C0BF27FB2C961014A34ED11215FC8182C30D124FECBC34F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................,P.....zR.\|...{.{w{5z.zRz.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	98852
Entropy (8bit):	0.21430607200423618
Encrypted:	false
SSDEEP:	192:nt5JLvKXzkVmvQhyn+ZoQfqlQbGhMHPaVAL23v8q:t5JLozkVmvQhyn+Zooq
MD5:	1CF6A091976C55A8867D04C06A1552B7
SHA1:	5AC77CE073825BEDDD649BB55A1D567487048148
SHA-256:	F444A4725C10D760769EC8463C93CCD637C705DD26BC405B73BB945D5A4B1A37
SHA-512:	00B8B6123138A3F7A766CAB29BBCBB817B1B97E56EB36FFD45F107495D37A7B6A4A4F4793B056B37CDAB46DC880917828566BC1A6520EFDFA329A4CFAAB2F93B
Malicious:	false
Reputation:	low
Preview:	..............-.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.09611120034147747
Encrypted:	false
SSDEEP:	12:DBl/Wlb9gPxRymgObsCVR49wcYR4fmnsCVR4aR:DLwZah76wd4+X
MD5:	3EC564DFFB31A761D90CC78B79A12619
SHA1:	179B48158BB8B9FAB1422D40C9B0618307AC0C5B
SHA-256:	18A9301EDE2C87FC24D9CE4EB1DC710DE2CD13C9DC57C46B0D88F08F8EC0CB91
SHA-512:	5081DA75330182C57DE2D4CDE5FFB484E0049ECE32810889127A4900D3A3D0BB289A59EEBE1D43022F19AC7307C7146D94D7AF4B97288BBA38500A32957980DC
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................,P.....~e..F~e........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	66076
Entropy (8bit):	0.11238868854213069
Encrypted:	false
SSDEEP:	12:9QP8bPGjcp6Bl/AYlk9gPxRymgObsCVR49wcYR4fmnsCVR4k69:GkjGjM6L9lMah76wd4+N69
MD5:	482174F38972805841B37A669EE721A2
SHA1:	880CD3F19847407EE6A3F17C25687775DA319C8E
SHA-256:	DDF5F22A5AF27349B22042DE2B4AC0A15D33D56D027A9A180ACEBA0CB02821E2
SHA-512:	50D88845E3346409F70EA2DB4A0B4C195566819FD33616DEB079CA945EDC6D1D651EB62A7479652E5BBE2C02EE940A45118497B5D9EFC9A1EAD44D8205EECE50
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	1541256
Entropy (8bit):	0.14475108132181083
Encrypted:	false
SSDEEP:	192:ATqL2adFzST8HQTTPJL2+jFK7ujlQLQTTHJL25DFxwYZgQTTW0QTTv:AuLzST8QVLMKjlF9L8wYlGb
MD5:	091531750E6E2383ACCE43E725FA104B
SHA1:	A600912A1B3946F48658CAC2B87CB4E2DF00813D
SHA-256:	9B4BBC1D9D33C9D770DA79D2FABF90DE215CD285FB7BD40E1715F558B68C72B0
SHA-512:	10E84222F9BDCBE1449EEF96091530FA93703128F422EA125170AA8CEDD565182DAD8A032EF3A62752586D533A900C34699B4C5DE0252D585919C9867E7B0192
Malicious:	false
Reputation:	low
Preview:	7....-...........E.......NH..\.^.........E.......7.A..9...(..~...X.8.....\|..~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines (663)
Category:	dropped
Size (bytes):	26563
Entropy (8bit):	5.173292876194334
Encrypted:	false
SSDEEP:	384:BDG51pz2DzqNDGX1pz2DzqNDGX1pz2JzqNDGX1pz2wzq1:Ml2lOLOe1
MD5:	9CCFA8D6DA0310CC749E788358E8B2EF
SHA1:	F8270391E07A875D0F0A4567BBACACCE729E061A
SHA-256:	C43888E993E3960DCF280DF5448A1977024AFAD115C25212ACE5FE0C5B8AAB24
SHA-512:	977F18A8987763F0A49F6641F7E9A42956DADA511B28109241ADCD40BC0CE0DFCDBCB045C376FED39977949A498447FCF3323DA6B5A6631C46F5E632E99A063D
Malicious:	false
Reputation:	low
Preview:	// Mozilla User Preferences..// DO NOT EDIT THIS FILE..//.// If you make changes to this file while the application is running,.// the changes will be overwritten when the application exits..//.// To change a preference value, you can either:.// - modify it via the UI (e.g. via about:config in the browser); or.// - set it within a user.js file in your profile...user_pref("app.normandy.first_run", false);.user_pref("app.normandy.startupExperimentPrefs.dom.push.alwaysConnect", false);.user_pref("app.normandy.startupRolloutPrefs.media.autoplay.default", 1);.user_pref("app.normandy.user_id", "deb21830-19ac-4c3a-a05f-f7f80e818647");.user_pref("app.update.lastUpdateTime.addon-background-update-timer", 0);.user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0);.user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1556631169);.user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 0);.user_pref("app.update.lastUpdateTime.search-engine-update-timer", 0)

/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.223691028533093
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+ABaQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+kOy6Lb1BA+m2L69Yr
MD5:	C0E4C22C50DD21142F57714EF49B8713
SHA1:	06B77307DCA5C889EA279243E74730CBC10801BE
SHA-256:	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
SHA-512:	A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F75711BB470461B86AA507921AF037A6D22DF9278E
Malicious:	false
Reputation:	low
Preview:	{"profile-after-change":true,"final-ui-startup":true}{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

/proc/4887/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4887/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/4887/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4963/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4963/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/4963/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/5001/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/5001/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/5001/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 12:44:20.563055038 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:20.563111067 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:20.563158035 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:20.563951015 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:20.563965082 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.100280046 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.100327015 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.100467920 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.101234913 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.101252079 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.302345037 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.302536964 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.321007013 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.321067095 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.321187973 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.360686064 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.360702991 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.360748053 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.510499001 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:21.510543108 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:21.510596037 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:21.512090921 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:21.512103081 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:21.762995958 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.763175011 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.766151905 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.766165972 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.766248941 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.766289949 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.804575920 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:21.804591894 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:21.804763079 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:22.197165966 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:22.197237968 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:22.197263002 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:22.197652102 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:22.197652102 CEST	35930	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:22.197678089 CEST	443	35930	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:22.328460932 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:22.328510046 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:22.328593016 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:22.329320908 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:22.329339027 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:22.449594975 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:22.449665070 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:22.453460932 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:22.453471899 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:22.453600883 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:22.453814030 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:22.453828096 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:22.492712975 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:22.913135052 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:22.913336992 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:22.917345047 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:22.917366028 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:22.917447090 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:22.917656898 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:22.917674065 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:22.956686974 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:23.203643084 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.203811884 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.204114914 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.204130888 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.204289913 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.204324007 CEST	443	33980	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.204407930 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.204426050 CEST	33980	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.205504894 CEST	33984	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.205562115 CEST	443	33984	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.205614090 CEST	33984	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.206393957 CEST	33984	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.206413031 CEST	443	33984	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.206875086 CEST	33984	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.207457066 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.207484007 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.207523108 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.208221912 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:23.208245039 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.248508930 CEST	443	33984	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:23.272381067 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:23.272476912 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:23.272497892 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:23.273821115 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:23.273821115 CEST	37696	443	192.168.2.20	104.21.22.55
Aug 30, 2024 12:44:23.273850918 CEST	443	37696	104.21.22.55	192.168.2.20
Aug 30, 2024 12:44:23.401710987 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:23.401770115 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:23.401870012 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:23.402561903 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:23.402584076 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.015191078 CEST	443	33984	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.015342951 CEST	443	33984	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.015366077 CEST	33984	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.015389919 CEST	33984	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.032361984 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.032521963 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.038579941 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.038594007 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.038671970 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.038916111 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.039606094 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.039699078 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.039715052 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.043973923 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.043989897 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.044064045 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.044070005 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.044084072 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.076594114 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.080724001 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.080753088 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:24.080816984 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:24.507015944 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.507231951 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.507262945 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.508014917 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.511894941 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.512059927 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.512087107 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.512146950 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.518551111 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.519047976 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.526403904 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.526463985 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.526492119 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.526536942 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.526642084 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.526704073 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.526704073 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.526839972 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.526868105 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.526882887 CEST	44868	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.526890993 CEST	443	44868	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.614743948 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.614787102 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.614842892 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.615628004 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.615637064 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.616506100 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.616545916 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.616586924 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.617342949 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.617362976 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.618256092 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.618272066 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.618311882 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.619020939 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.619033098 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.624500990 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.624514103 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.624566078 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.625303030 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.625314951 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.627516031 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.627556086 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:24.627607107 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.628393888 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:24.628407955 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.516098022 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:25.516298056 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:25.517995119 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:25.518049002 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:25.518059015 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:25.518069983 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:25.518102884 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:25.521806002 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.521984100 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.528045893 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.528105021 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.531271935 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:25.531296015 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:25.531307936 CEST	33986	443	192.168.2.20	18.165.183.111
Aug 30, 2024 12:44:25.531313896 CEST	443	33986	18.165.183.111	192.168.2.20
Aug 30, 2024 12:44:25.531575918 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.531615019 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.532279968 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.532285929 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.532351017 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.533783913 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.533787966 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.533864975 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.535111904 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.535125017 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.535207987 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.537877083 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.538482904 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.538527012 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.541443110 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.541496038 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.542881012 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.544024944 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.544030905 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.544104099 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.548798084 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.548803091 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.548877001 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.549434900 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.553559065 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.584496975 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.584516048 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.588701010 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.596487999 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.596496105 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.695745945 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.695805073 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.695898056 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.695923090 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.703879118 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.703936100 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.703950882 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.703965902 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.704296112 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.704324961 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.704336882 CEST	44872	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.704344988 CEST	443	44872	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.706826925 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.709218979 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.709249973 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.709445953 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.709461927 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.709500074 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.712034941 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.712135077 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.712198973 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.712316990 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.712333918 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.712347984 CEST	44874	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.712352037 CEST	443	44874	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.717843056 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.720391035 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.720426083 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.720458984 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.720525026 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.720525026 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.720526934 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.720696926 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.720709085 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.720719099 CEST	44878	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.720724106 CEST	443	44878	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.726187944 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.729146957 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.729177952 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.729268074 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.729275942 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.729309082 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.734637976 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.737816095 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.737843037 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.737961054 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.737966061 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.737998962 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.743968964 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.744021893 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.744059086 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.744064093 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.744096041 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.744421005 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.744488001 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.744501114 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.744513035 CEST	44870	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.744518042 CEST	443	44870	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.784502029 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.869496107 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:25.869546890 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:25.869755030 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:25.870449066 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:25.870461941 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:25.897691011 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.897753954 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.897773027 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.898439884 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.898458958 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:25.898471117 CEST	44876	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:25.898478031 CEST	443	44876	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.103806019 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:26.103842020 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:26.104584932 CEST	443	35928	3.224.72.48	192.168.2.20
Aug 30, 2024 12:44:26.104660988 CEST	35928	443	192.168.2.20	3.224.72.48
Aug 30, 2024 12:44:26.105238914 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.105271101 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.105307102 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.106180906 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.106192112 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.106877089 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.106899977 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.106939077 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.107819080 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.107827902 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.579488039 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:26.579709053 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:26.583764076 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:26.583775997 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:26.583858967 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:26.584733963 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:26.584748983 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:26.624710083 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:26.858889103 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.858958960 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.860004902 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.860012054 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.860068083 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.860621929 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.895231009 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.895512104 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.896379948 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.896392107 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.896467924 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.897177935 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:26.904500008 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:26.940506935 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.002468109 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.002537966 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.002648115 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.002648115 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.002669096 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.002706051 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.005034924 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.005270004 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.005276918 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.005315065 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.007846117 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.007903099 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.010828972 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.010883093 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.010891914 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.010926962 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.013715982 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.013773918 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.013782024 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.013817072 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.016572952 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.016666889 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.016675949 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.016710043 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.036262035 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.036365986 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.165671110 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.165847063 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.173218012 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.173280954 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.173291922 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.173326969 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.181890965 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.181958914 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.181968927 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.182010889 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.183465958 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.183675051 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.191412926 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.191530943 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.196451902 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.196500063 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.197876930 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.197925091 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.197930098 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.197967052 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.205967903 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.206017971 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.206023932 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.206068993 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.206073999 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.206113100 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.208224058 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.208308935 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.208409071 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.208518982 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.208518982 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.208750963 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.208775043 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.208786964 CEST	39208	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.208796024 CEST	443	39208	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.216253042 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.218569994 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.218602896 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.218614101 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.218631983 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.218666077 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.227062941 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.227998018 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.228027105 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.228111029 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.229005098 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.229036093 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.229046106 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.229063034 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.229094028 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.229202032 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.229217052 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.236030102 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.238460064 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.238503933 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.238522053 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.245352983 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.245445967 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.245486975 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.245599985 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.245621920 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.245631933 CEST	44886	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.245637894 CEST	443	44886	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.276684999 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.276711941 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.276758909 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.288636923 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.288695097 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.289906979 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.289948940 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.297214985 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.297266960 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.297274113 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.297313929 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300579071 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.300622940 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300626040 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.300636053 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.300672054 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300672054 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300679922 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.300709009 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300710917 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.300847054 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300872087 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.300884962 CEST	44884	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:27.300892115 CEST	443	44884	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:27.891633034 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.891854048 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.895294905 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.895307064 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.895385027 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:27.897778034 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:27.944504023 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:28.137587070 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:28.137700081 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:28.137859106 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:28.138235092 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:28.138252020 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:28.138282061 CEST	39214	443	192.168.2.20	188.114.96.3
Aug 30, 2024 12:44:28.138288021 CEST	443	39214	188.114.96.3	192.168.2.20
Aug 30, 2024 12:44:31.000376940 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:31.000394106 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:31.000433922 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:31.001240015 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:31.001250029 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:31.631333113 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:31.631452084 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:31.632988930 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:31.632996082 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:31.633073092 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:31.634124994 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:31.676501989 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.203948975 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.203994036 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.204073906 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:32.204093933 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.204683065 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:32.204694986 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.204724073 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:32.204852104 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.204885960 CEST	443	44894	188.114.97.3	192.168.2.20
Aug 30, 2024 12:44:32.204912901 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:32.204929113 CEST	44894	443	192.168.2.20	188.114.97.3
Aug 30, 2024 12:44:40.833637953 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:40.833677053 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:40.833722115 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:40.833854914 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:40.833869934 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:40.917545080 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:40.917589903 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:40.917638063 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:40.918418884 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:40.918432951 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.605794907 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.605869055 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:41.614216089 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:41.614236116 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.614456892 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.616038084 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:41.660506964 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.667633057 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.667721987 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.674437046 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.674451113 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.674511909 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.675019026 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.675033092 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.712686062 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.876085997 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.876224995 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.877573967 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:41.877711058 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:41.877729893 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.877749920 CEST	58566	443	192.168.2.20	35.244.181.201
Aug 30, 2024 12:44:41.877756119 CEST	443	58566	35.244.181.201	192.168.2.20
Aug 30, 2024 12:44:41.932754993 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.932955980 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.932970047 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.933010101 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.934608936 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.934629917 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.934808969 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.934860945 CEST	443	43820	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:41.934866905 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:41.934900999 CEST	43820	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.031630039 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.031671047 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.031716108 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.032562017 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.032573938 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.668436050 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.668551922 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.671991110 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.672000885 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.672069073 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.674855947 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.720509052 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.873496056 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.885443926 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.886435986 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.886482000 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.886501074 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:47.886527061 CEST	43824	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:47.886532068 CEST	443	43824	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:57.969579935 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:57.969621897 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:57.969660044 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:57.970649958 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:57.970660925 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.652573109 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.652793884 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:58.656291008 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:58.656301022 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.656373978 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.659219027 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:58.700505018 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.919253111 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.921879053 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.923954010 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:58.924000978 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:58.924021006 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:44:58.924047947 CEST	43826	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:44:58.924053907 CEST	443	43826	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:18.975344896 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:18.975394964 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:18.975461006 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:18.978379011 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:18.978394985 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.528959990 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.529088974 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:19.532516003 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:19.532526970 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.532598019 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.535154104 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:19.576509953 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.743032932 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.753441095 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.754384995 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:19.754507065 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:19.754527092 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:19.754553080 CEST	43828	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:19.754558086 CEST	443	43828	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:59.807955027 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:59.808007002 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:45:59.808068991 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:59.811012983 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:45:59.811038017 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.424416065 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.424684048 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:46:00.425651073 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:46:00.425667048 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.425740004 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.426747084 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:46:00.472527027 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.672939062 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.681574106 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.682524920 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:46:00.682682037 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:46:00.682682037 CEST	43830	443	192.168.2.20	34.107.243.93
Aug 30, 2024 12:46:00.682702065 CEST	443	43830	34.107.243.93	192.168.2.20
Aug 30, 2024 12:46:00.682710886 CEST	443	43830	34.107.243.93	192.168.2.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 12:44:20.472791910 CEST	48948	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:20.472791910 CEST	48948	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:20.562053919 CEST	53	48948	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:20.562278032 CEST	53	48948	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:22.232032061 CEST	45605	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:22.232033014 CEST	45605	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:22.319777966 CEST	53	45605	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:22.327528954 CEST	53	45605	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:23.311332941 CEST	53277	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:23.311332941 CEST	53277	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:23.392698050 CEST	53	53277	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:23.400958061 CEST	53	53277	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:25.812391996 CEST	56500	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:25.812391996 CEST	56500	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:25.859047890 CEST	53	56500	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:25.868881941 CEST	53	56500	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:31.000241041 CEST	44422	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:31.000241041 CEST	44422	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:31.032629967 CEST	53	44422	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:31.035446882 CEST	53	44422	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:40.761075974 CEST	52782	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:40.761075974 CEST	52782	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:40.842130899 CEST	53	52782	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:40.842144012 CEST	53	52782	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:40.848992109 CEST	57535	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:40.848992109 CEST	57535	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:40.917156935 CEST	53	57535	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:40.917278051 CEST	53	57535	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:46.935822964 CEST	60274	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:46.935822964 CEST	60274	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:46.935986996 CEST	58927	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:47.031263113 CEST	53	60274	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:47.031279087 CEST	53	58927	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:47.031291962 CEST	53	60274	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:57.888112068 CEST	57147	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:57.888112068 CEST	57147	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:57.889179945 CEST	44704	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:44:57.963792086 CEST	53	57147	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:57.963849068 CEST	53	57147	8.8.8.8	192.168.2.20
Aug 30, 2024 12:44:57.969305992 CEST	53	44704	8.8.8.8	192.168.2.20
Aug 30, 2024 12:45:18.925441027 CEST	46444	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:45:18.925441027 CEST	46444	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:45:18.928009987 CEST	49224	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:45:18.973663092 CEST	53	46444	8.8.8.8	192.168.2.20
Aug 30, 2024 12:45:18.974811077 CEST	53	46444	8.8.8.8	192.168.2.20
Aug 30, 2024 12:45:18.974824905 CEST	53	49224	8.8.8.8	192.168.2.20
Aug 30, 2024 12:45:59.757164955 CEST	38923	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:45:59.757165909 CEST	38923	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:45:59.757978916 CEST	48297	53	192.168.2.20	8.8.8.8
Aug 30, 2024 12:45:59.801806927 CEST	53	38923	8.8.8.8	192.168.2.20
Aug 30, 2024 12:45:59.801886082 CEST	53	38923	8.8.8.8	192.168.2.20
Aug 30, 2024 12:45:59.807332039 CEST	53	48297	8.8.8.8	192.168.2.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 12:44:20.472791910 CEST	192.168.2.20	8.8.8.8	0xec90	Standard query (0)	airmarkcomponents.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:20.472791910 CEST	192.168.2.20	8.8.8.8	0x8d16	Standard query (0)	airmarkcomponents.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:22.232032061 CEST	192.168.2.20	8.8.8.8	0xab68	Standard query (0)	qltuh.algiedideneb.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:22.232033014 CEST	192.168.2.20	8.8.8.8	0x916d	Standard query (0)	qltuh.algiedideneb.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:23.311332941 CEST	192.168.2.20	8.8.8.8	0x67b1	Standard query (0)	qltuh.check-tl-ver-108-a.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:23.311332941 CEST	192.168.2.20	8.8.8.8	0xc302	Standard query (0)	qltuh.check-tl-ver-108-a.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:25.812391996 CEST	192.168.2.20	8.8.8.8	0x6679	Standard query (0)	cdnstatic.check-tl-ver-108-a.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:25.812391996 CEST	192.168.2.20	8.8.8.8	0x7be8	Standard query (0)	cdnstatic.check-tl-ver-108-a.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:31.000241041 CEST	192.168.2.20	8.8.8.8	0x5375	Standard query (0)	qltuh.check-tl-ver-108-a.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:31.000241041 CEST	192.168.2.20	8.8.8.8	0xd10f	Standard query (0)	qltuh.check-tl-ver-108-a.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:40.761075974 CEST	192.168.2.20	8.8.8.8	0x8461	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:40.761075974 CEST	192.168.2.20	8.8.8.8	0xfdb9	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:40.848992109 CEST	192.168.2.20	8.8.8.8	0x4ce8	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:40.848992109 CEST	192.168.2.20	8.8.8.8	0xe589	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:46.935822964 CEST	192.168.2.20	8.8.8.8	0x2fc8	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:46.935822964 CEST	192.168.2.20	8.8.8.8	0x2f1a	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:46.935986996 CEST	192.168.2.20	8.8.8.8	0x297c	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:57.888112068 CEST	192.168.2.20	8.8.8.8	0x24b9	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:57.888112068 CEST	192.168.2.20	8.8.8.8	0x6188	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Aug 30, 2024 12:44:57.889179945 CEST	192.168.2.20	8.8.8.8	0xf4a7	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:18.925441027 CEST	192.168.2.20	8.8.8.8	0x32ad	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:18.925441027 CEST	192.168.2.20	8.8.8.8	0x43ef	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Aug 30, 2024 12:45:18.928009987 CEST	192.168.2.20	8.8.8.8	0x1e6b	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:59.757164955 CEST	192.168.2.20	8.8.8.8	0x500	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:59.757165909 CEST	192.168.2.20	8.8.8.8	0xc4a5	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Aug 30, 2024 12:45:59.757978916 CEST	192.168.2.20	8.8.8.8	0x9688	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 12:44:20.562053919 CEST	8.8.8.8	192.168.2.20	0xec90	No error (0)	airmarkcomponents.com		3.224.72.48	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:21.502295971 CEST	8.8.8.8	192.168.2.20	0x95bf	No error (0)	d228z91au11ukj.cloudfront.net		18.165.183.111	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:21.502295971 CEST	8.8.8.8	192.168.2.20	0x95bf	No error (0)	d228z91au11ukj.cloudfront.net		18.165.183.87	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:21.502295971 CEST	8.8.8.8	192.168.2.20	0x95bf	No error (0)	d228z91au11ukj.cloudfront.net		18.165.183.80	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:21.502295971 CEST	8.8.8.8	192.168.2.20	0x95bf	No error (0)	d228z91au11ukj.cloudfront.net		18.165.183.109	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:22.327528954 CEST	8.8.8.8	192.168.2.20	0xab68	No error (0)	qltuh.algiedideneb.com		104.21.22.55	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:22.327528954 CEST	8.8.8.8	192.168.2.20	0xab68	No error (0)	qltuh.algiedideneb.com		172.67.202.247	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:23.400958061 CEST	8.8.8.8	192.168.2.20	0x67b1	No error (0)	qltuh.check-tl-ver-108-a.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:23.400958061 CEST	8.8.8.8	192.168.2.20	0x67b1	No error (0)	qltuh.check-tl-ver-108-a.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:25.868881941 CEST	8.8.8.8	192.168.2.20	0x6679	No error (0)	cdnstatic.check-tl-ver-108-a.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:25.868881941 CEST	8.8.8.8	192.168.2.20	0x6679	No error (0)	cdnstatic.check-tl-ver-108-a.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:31.035446882 CEST	8.8.8.8	192.168.2.20	0x5375	No error (0)	qltuh.check-tl-ver-108-a.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:31.035446882 CEST	8.8.8.8	192.168.2.20	0x5375	No error (0)	qltuh.check-tl-ver-108-a.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:40.833259106 CEST	8.8.8.8	192.168.2.20	0x6c3e	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 12:44:40.833259106 CEST	8.8.8.8	192.168.2.20	0x6c3e	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:40.833337069 CEST	8.8.8.8	192.168.2.20	0x6951	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 12:44:40.842130899 CEST	8.8.8.8	192.168.2.20	0x8461	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:40.917156935 CEST	8.8.8.8	192.168.2.20	0x4ce8	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:41.945460081 CEST	8.8.8.8	192.168.2.20	0x8d68	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 12:44:41.945460081 CEST	8.8.8.8	192.168.2.20	0x8d68	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 12:44:41.950953960 CEST	8.8.8.8	192.168.2.20	0x5724	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 12:44:41.950953960 CEST	8.8.8.8	192.168.2.20	0x5724	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 12:44:47.031263113 CEST	8.8.8.8	192.168.2.20	0x2fc8	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:47.031279087 CEST	8.8.8.8	192.168.2.20	0x297c	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:57.963792086 CEST	8.8.8.8	192.168.2.20	0x24b9	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:44:57.969305992 CEST	8.8.8.8	192.168.2.20	0xf4a7	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:18.974811077 CEST	8.8.8.8	192.168.2.20	0x32ad	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:18.974824905 CEST	8.8.8.8	192.168.2.20	0x1e6b	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:59.801806927 CEST	8.8.8.8	192.168.2.20	0x500	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Aug 30, 2024 12:45:59.807332039 CEST	8.8.8.8	192.168.2.20	0x9688	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

airmarkcomponents.com

snippets.cdn.mozilla.net

qltuh.algiedideneb.com

qltuh.check-tl-ver-108-a.com

https:

cdnstatic.check-tl-ver-108-a.com

aus5.mozilla.org

push.services.mozilla.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	35930	3.224.72.48	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:21 UTC	333	OUT	GET / HTTP/1.1 Host: airmarkcomponents.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1
2024-08-30 10:44:22 UTC	309	IN	HTTP/1.1 302 Found Date: Fri, 30 Aug 2024 10:44:21 GMT Server: Apache X-LiteSpeed-Tag: 11f_HTTP.302 X-Redirect-By: WordPress Location: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.20	33980	18.165.183.111	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:22 UTC	397	OUT	GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1 Host: snippets.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-08-30 10:44:23 UTC	565	IN	HTTP/1.1 303 See Other Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Cache-Control: public, max-age=86400 Date: Fri, 30 Aug 2024 10:44:23 GMT Location: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json Server: meinheld/1.0.2 X-Backend-Server: oregon/snippets-prod/snippets-prod-6db6b58f67-9rsj8 X-Cache: Miss from cloudfront Via: 1.1 6ea1443d3dc39c2be7c23883fb0bd3e0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ZRH55-P1 X-Amz-Cf-Id: n9zMsFIkQidORFOCMjL4Cy0GCLW8F8uE5EjPYkNISivkY7jYKmJOJQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.20	37696	104.21.22.55	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:22 UTC	390	OUT	GET /?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730 HTTP/1.1 Host: qltuh.algiedideneb.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1
2024-08-30 10:44:23 UTC	1154	IN	HTTP/1.1 302 Found Date: Fri, 30 Aug 2024 10:44:23 GMT Content-Length: 0 Connection: close location: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 set-cookie: CHiI7Gh3GUyTa8XGgNqDyQ=1; max-age=345600; path=/; samesite=lax set-cookie: __pl=f9e5cc7a-6dbb-4252-86ee-2833b37c15e6; expires=Sun, 30 Aug 2026 10:44:23 GMT; path=/; samesite=lax set-cookie: __cap=1; max-age=3600; path=/; samesite=lax cache-control: max-age=0, no-cache, no-store, must-revalidate accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CkPuzw%2FXo5Q2jCRNqAIf4ZnmWo0Jze%2F3sFTJaGVvrxhLqRC%2FWX%2BcSzh8gDqm073e3vQPMbYvJQHFmd3H8UIR064RZqdz1Zt0X4Hbz9dUk%2FbueTfkjBc%2FljaP1C%2BXJfl5loQGq90jAQDu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f6bd8304262-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.20	44868	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:24 UTC	504	OUT	GET /space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1
2024-08-30 10:44:24 UTC	623	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:24 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHpiAlaCCLMDA09z%2F1BQd2V%2BXCsrl0MCgZlaBNThqVeVdEEABFW0j9OUi%2BgFY28aMQaUSpNhXjPjAYT%2BuhlhBxXVNVI9WtWbU8gUqI9W5Ulace8gsmTRrV%2FLq3LwuEy8ppAq0r8qjPKj115Fi4ft"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f72b82d8c90-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:24 UTC	746	IN	Data Raw: 32 33 38 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 2f 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 66 34 34 64 32 31 35 30 38 62 64 35 62 62 31 65 63 31 32 64 36 32 33 62 39 65 35 66 33 35 31 30 22 20 6e 61 6d 65 3d 22 70 75 73 68 73 64 6b 22 2f 3e 0a 3c 74 69 74 6c 65 20 69 64 3d 22 74 69 74 6c 65 22 3e 39 63 39 33 61 62 37 32 2d 62 30 63 62 2d 34 37 30 36 2d 39 36 62 66 2d 39 66 35 62 65 30 39 65 35 30 37 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 Data Ascii: 2386<!DOCTYPE html><html lang="en"><head><meta content="text/html; charset=utf-8" http-equiv="Content-Type"/><meta content="f44d21508bd5bb1ec12d623b9e5f3510" name="pushsdk"/><title id="title">9c93ab72-b0cb-4706-96bf-9f5be09e507a</title><meta cont
2024-08-30 10:44:24 UTC	1369	IN	Data Raw: 65 2f 70 6e 67 22 2f 3e 0a 3c 6c 69 6e 6b 20 63 6f 6c 6f 72 3d 22 23 35 62 62 61 64 35 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 73 61 66 61 72 69 2d 70 69 6e 6e 65 64 2d 74 61 62 2e 73 76 67 22 20 72 65 6c 3d 22 6d 61 73 6b 2d 69 63 6f 6e 22 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 2f 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 23 64 61 35 33 32 63 22 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 43 6f 6c 6f 72 22 2f 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 66 66 66 22 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e Data Ascii: e/png"/><link color="#5bbad5" href="assets/safari-pinned-tab.svg" rel="mask-icon"/><link href="assets/favicon.ico" rel="shortcut icon"/><meta content="#da532c" name="msapplication-TileColor"/><meta content="#ffffff" name="theme-color"/></head><body>
2024-08-30 10:44:24 UTC	1369	IN	Data Raw: 32 2e 31 63 2d 31 2e 34 2d 34 2e 32 2d 32 2e 34 2d 38 2e 36 2d 33 2e 32 2d 31 33 63 2d 30 2e 33 2d 31 2e 34 2c 30 2e 31 2d 32 2e 37 2c 30 2e 39 2d 33 2e 38 20 63 32 31 2d 32 37 2e 33 2c 35 33 2e 32 2d 34 33 2e 32 2c 38 37 2e 36 2d 34 33 2e 32 73 36 36 2e 37 2c 31 35 2e 39 2c 38 37 2e 36 2c 34 33 2e 32 63 30 2e 39 2c 31 2e 31 2c 31 2e 32 2c 32 2e 34 2c 30 2e 39 2c 33 2e 38 43 31 39 36 2e 33 2c 38 38 2e 36 2c 31 39 35 2e 33 2c 39 33 2c 31 39 33 2e 39 2c 39 37 2e 32 4c 31 39 33 2e 39 2c 39 37 2e 32 7a 22 3e 0a 3c 2f 70 61 74 68 3e 0a 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 35 6a 48 36 73 22 20 64 3d 22 4d 31 39 32 2e 34 2c 38 33 2e 34 63 2d 31 39 2e 33 2d 32 35 2e 31 2d 34 39 2e 37 2d 34 31 2e 33 2d 38 33 2e 38 2d 34 31 2e 33 53 34 34 2c 35 38 2e 32 2c 32 Data Ascii: 2.1c-1.4-4.2-2.4-8.6-3.2-13c-0.3-1.4,0.1-2.7,0.9-3.8 c21-27.3,53.2-43.2,87.6-43.2s66.7,15.9,87.6,43.2c0.9,1.1,1.2,2.4,0.9,3.8C196.3,88.6,195.3,93,193.9,97.2L193.9,97.2z"></path><path class="c5jH6s" d="M192.4,83.4c-19.3-25.1-49.7-41.3-83.8-41.3S44,58.2,2
2024-08-30 10:44:24 UTC	1369	IN	Data Raw: 38 2e 38 63 2d 38 2e 32 2c 30 2e 39 2d 31 38 2e 35 2c 33 2d 32 33 2e 37 2c 39 63 2d 32 2e 37 2c 33 2e 32 2d 33 2e 37 2c 37 2d 33 2e 37 2c 31 31 2e 31 76 33 35 2e 33 63 30 2c 31 2e 36 2c 30 2e 32 2c 33 2e 31 2c 30 2e 38 2c 34 2e 36 20 63 32 2e 39 2c 38 2e 35 2c 31 33 2e 38 2c 31 33 2e 37 2c 32 31 2e 36 2c 31 36 2e 34 63 31 33 2c 34 2e 35 2c 32 38 2e 31 2c 36 2e 32 2c 34 31 2e 37 2c 36 2e 32 73 32 38 2e 38 2d 31 2e 37 2c 34 31 2e 37 2d 36 2e 32 63 37 2e 38 2d 32 2e 37 2c 31 38 2e 37 2d 37 2e 39 2c 32 31 2e 36 2d 31 36 2e 34 63 30 2e 35 2d 31 2e 35 2c 30 2e 38 2d 33 2c 30 2e 38 2d 34 2e 36 76 2d 33 35 2e 33 20 63 30 2d 34 2e 31 2d 31 2d 37 2e 39 2d 33 2e 37 2d 31 31 2e 31 43 31 36 33 2e 36 2c 31 30 38 2e 32 2c 31 35 33 2e 34 2c 31 30 36 2e 31 2c 31 34 35 2e Data Ascii: 8.8c-8.2,0.9-18.5,3-23.7,9c-2.7,3.2-3.7,7-3.7,11.1v35.3c0,1.6,0.2,3.1,0.8,4.6 c2.9,8.5,13.8,13.7,21.6,16.4c13,4.5,28.1,6.2,41.7,6.2s28.8-1.7,41.7-6.2c7.8-2.7,18.7-7.9,21.6-16.4c0.5-1.5,0.8-3,0.8-4.6v-35.3 c0-4.1-1-7.9-3.7-11.1C163.6,108.2,153.4,106.1,145.
2024-08-30 10:44:24 UTC	1369	IN	Data Raw: 3c 2f 72 65 63 74 3e 0a 3c 2f 67 3e 0a 3c 2f 73 76 67 3e 0a 3c 21 2d 2d 20 4d 4f 55 54 48 20 2d 2d 3e 0a 3c 73 76 67 20 69 64 3d 22 6d 6f 75 74 68 22 20 76 69 65 77 62 6f 78 3d 22 30 20 30 20 32 38 2e 31 20 31 33 2e 35 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 4e 32 38 53 56 59 20 68 69 64 65 22 20 64 3d 22 4d 32 31 2e 34 2c 33 2e 37 63 30 2e 37 2c 30 2e 34 2c 30 2e 39 2c 31 2e 33 2c 30 2e 35 2c 31 2e 39 63 2d 30 2e 38 2c 31 2e 34 2d 32 2c 32 2e 35 2d 33 2e 33 2c 33 2e 33 73 2d 32 2e 39 2c 31 2e 32 2d 34 2e 35 2c 31 2e 32 73 2d 33 2e 32 2d 30 2e 34 2d 34 2e 35 2d 31 2e 32 20 43 38 2e 32 2c 38 2e 31 2c 37 2e 31 2c 37 2c 36 2e 33 2c 35 2e 36 43 35 Data Ascii: </rect></g></svg>... MOUTH --><svg id="mouth" viewbox="0 0 28.1 13.5" xmlns="http://www.w3.org/2000/svg"><path class="N28SVY hide" d="M21.4,3.7c0.7,0.4,0.9,1.3,0.5,1.9c-0.8,1.4-2,2.5-3.3,3.3s-2.9,1.2-4.5,1.2s-3.2-0.4-4.5-1.2 C8.2,8.1,7.1,7,6.3,5.6C5
2024-08-30 10:44:24 UTC	1369	IN	Data Raw: 33 2e 32 2c 36 2e 31 43 31 31 2e 39 2c 33 37 2e 35 2c 32 2e 39 2c 31 39 2e 37 2c 32 2e 39 2c 31 39 2e 37 20 43 36 2e 37 2c 31 33 2e 34 2c 33 2e 35 2c 34 2c 32 2e 34 2c 32 2e 36 7a 22 3e 0a 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 21 2d 2d 20 41 52 4d 20 4c 45 46 54 20 2d 2d 3e 0a 3c 73 76 67 20 69 64 3d 22 61 72 6d 4c 65 66 74 22 20 76 69 65 77 62 6f 78 3d 22 30 20 30 20 33 30 20 34 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 64 61 78 42 4b 79 22 20 64 3d 22 4d 32 39 2e 35 2c 34 2e 31 63 30 2e 37 2d 31 2c 30 2e 36 2d 32 2e 34 2d 30 2e 33 2d 33 2e 32 53 32 36 2e 39 2d 30 2e 31 2c 32 36 2c 30 2e 37 63 2d 34 2e 35 2c 33 2e 36 2d 38 2e 37 2c Data Ascii: 3.2,6.1C11.9,37.5,2.9,19.7,2.9,19.7 C6.7,13.4,3.5,4,2.4,2.6z"></path></svg>... ARM LEFT --><svg id="armLeft" viewbox="0 0 30 42" xmlns="http://www.w3.org/2000/svg"><path class="daxBKy" d="M29.5,4.1c0.7-1,0.6-2.4-0.3-3.2S26.9-0.1,26,0.7c-4.5,3.6-8.7,
2024-08-30 10:44:24 UTC	1369	IN	Data Raw: 38 2d 32 32 2e 39 2d 32 30 2e 38 63 2d 32 2e 33 2d 31 34 2d 31 35 2e 38 2d 31 38 2e 34 2d 32 32 2d 31 38 2e 31 20 63 2d 36 2e 32 2d 30 2e 33 2d 31 39 2e 36 2c 34 2e 31 2d 32 32 2c 31 38 2e 31 63 2d 31 2e 38 2c 31 31 2d 35 2e 36 2c 31 36 2d 32 32 2e 39 2c 32 30 2e 38 43 34 2e 37 2c 34 35 2e 36 2d 30 2e 37 2c 32 33 2e 32 2c 31 32 2e 34 2c 34 2e 38 63 31 34 2e 31 2c 35 2c 33 30 2e 39 2c 37 2e 39 2c 34 38 2e 39 2c 37 2e 39 53 39 36 2e 31 2c 39 2e 38 2c 31 31 30 2e 32 2c 34 2e 38 20 4c 31 31 30 2e 32 2c 34 2e 38 7a 22 3e 0a 3c 2f 70 61 74 68 3e 0a 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 64 61 78 42 4b 79 22 20 64 3d 22 4d 31 31 34 2e 31 2c 32 63 31 34 2e 36 2c 32 30 2e 33 2c 38 2e 36 2c 34 34 2e 39 2d 33 2e 39 2c 36 34 2e 36 63 2d 31 2e 31 2c 31 2e 38 2d 33 2e Data Ascii: 8-22.9-20.8c-2.3-14-15.8-18.4-22-18.1 c-6.2-0.3-19.6,4.1-22,18.1c-1.8,11-5.6,16-22.9,20.8C4.7,45.6-0.7,23.2,12.4,4.8c14.1,5,30.9,7.9,48.9,7.9S96.1,9.8,110.2,4.8 L110.2,4.8z"></path><path class="daxBKy" d="M114.1,2c14.6,20.3,8.6,44.9-3.9,64.6c-1.1,1.8-3.
2024-08-30 10:44:24 UTC	142	IN	Data Raw: 2e 6a 73 3f 76 3d 33 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 68 61 72 65 64 2d 6a 73 2f 61 73 73 65 74 73 2f 73 74 61 74 69 63 2d 70 6c 2e 6a 73 3f 76 3d 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: .js?v=3" type="text/javascript"></script><script src="/shared-js/assets/static-pl.js?v=4" type="text/javascript"></script></body></html>
2024-08-30 10:44:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.20	33986	18.165.183.111	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:24 UTC	295	OUT	GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1 Host: snippets.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-08-30 10:44:25 UTC	537	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 3 Connection: close Last-Modified: Wed, 30 Oct 2019 08:26:45 GMT x-amz-version-id: null Accept-Ranges: bytes Server: AmazonS3 Date: Fri, 30 Aug 2024 10:43:16 GMT Cache-Control: max-age=600 ETag: "8a80554c91d9fca8acb82f023de02f11" Vary: Accept-Encoding X-Cache: Error from cloudfront Via: 1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ZRH55-P1 X-Amz-Cf-Id: i-T1IOPDb7rIDm-Vhc1NJOg3TILQz2bE25-hAxLCNPnDUDTcCGJG_w== Age: 386
2024-08-30 10:44:25 UTC	3	IN	Data Raw: 7b 7d 0a Data Ascii: {}

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.20	44870	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:25 UTC	488	OUT	GET /space-robot/assets/trls.js HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive
2024-08-30 10:44:25 UTC	716	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:25 GMT Content-Type: application/javascript Content-Length: 12109 Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: "66cee519-2f4d" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 642 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2FX%2Bl1JKW7AGvEaI5a%2BjGrBJTFJbCYMnnR8%2FzOzfYn60aMF1xz6jtyNiSTqhXH7RePKhcGo2FaiyfpraO2ok%2FihtkSQrifKzVP4NnJ0XPFj5AETP4W%2FaivnSFdr%2BNNbgdZvi2dh2Nh0SQHoKWBF2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f7c4dcf2395-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:25 UTC	653	IN	Data Raw: 76 61 72 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 3d 20 7b 0d 0a 20 20 20 20 73 6f 75 72 63 65 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 27 43 6c 69 63 6b 20 22 41 6c 6c 6f 77 22 27 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 50 72 65 73 73 20 74 68 65 20 22 41 6c 6c 6f 77 22 20 62 75 74 74 6f 6e 20 74 6f 20 76 65 72 69 66 79 20 79 6f 75 5c 27 72 65 20 68 75 6d 61 6e 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 65 6e 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 27 43 6c 69 63 6b 20 22 41 6c 6c 6f 77 22 27 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 50 72 65 73 73 20 74 68 65 20 22 41 6c 6c 6f 77 22 20 62 75 74 74 6f 6e 20 74 6f 20 76 65 72 69 66 79 20 79 6f 75 5c 27 72 65 20 68 75 6d 61 6e 21 27 Data Ascii: var translation = { source: { title: 'Click "Allow"', text1: 'Press the "Allow" button to verify you\'re human!' }, en: { title: 'Click "Allow"', text1: 'Press the "Allow" button to verify you\'re human!'
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: be d0 bb d1 96 d1 86 d1 8c 22 27 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 d0 9d d0 b0 d1 86 d1 96 d1 81 d0 bd d1 96 d1 86 d0 b5 20 d0 ba d0 bd d0 be d0 bf d0 ba d1 83 20 22 d0 94 d0 b0 d0 b7 d0 b2 d0 be d0 bb d1 96 d1 86 d1 8c 22 2c 20 d0 ba d0 b0 d0 b1 20 d0 bf d0 b0 d1 86 d0 b2 d0 b5 d1 80 d0 b4 d0 b7 d1 96 d1 86 d1 8c 2c 20 d1 88 d1 82 d0 be 20 d0 b2 d1 8b 20 d1 87 d0 b0 d0 bb d0 b0 d0 b2 d0 b5 d0 ba 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 62 6e 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 22 e0 a6 85 e0 a6 a8 e0 a7 81 e0 a6 ae e0 a6 a4 e0 a6 bf 20 e0 a6 a6 e0 a6 bf e0 a6 a8 20 e0 a6 95 e0 a7 8d e0 a6 b2 e0 a6 bf e0 a6 95 20 e0 a6 95 e0 a6 b0 e0 a7 81 e0 a6 a8 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a Data Ascii: "', text1: ' "", , !' }, bn: { title: " ", text1:
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 20 6d 65 6d 76 65 72 69 66 69 6b 61 73 69 20 62 61 68 77 61 20 41 6e 64 61 20 61 64 61 6c 61 68 20 6d 61 6e 75 73 69 61 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 65 6c 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 22 ce 9a ce ac ce bd cf 84 ce b5 20 ce ba ce bb ce b9 ce ba 20 cf 83 cf 84 ce b7 ce bd 20 ce b5 cf 80 ce b9 ce bb ce bf ce b3 ce ae 20 ce 9d ce b1 20 ce b5 cf 80 ce b9 cf 84 cf 81 ce ad cf 80 ce b5 cf 84 ce b1 ce b9 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 22 ce 9a ce ac ce bd cf 84 ce b5 20 ce ba ce bb ce b9 ce ba 20 cf 83 cf 84 ce bf 20 ce ba ce bf cf 85 ce bc cf 80 ce af 20 c2 ab ce 95 cf 80 ce b9 cf 84 cf 81 ce ad cf 80 ce b5 cf 84 ce b1 ce b9 c2 bb 20 ce b3 ce b9 ce b1 20 ce bd ce b1 20 ce b5 cf 80 ce b9 Data Ascii: memverifikasi bahwa Anda adalah manusia!' }, el: { title: " ", text1: "
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 22 4b 6c 69 6b 6e 69 74 65 20 c2 ab 44 6f 70 75 73 74 69 c2 bb 20 64 61 20 62 69 73 74 65 20 70 6f 74 76 72 64 69 6c 69 20 64 61 20 6e 69 73 74 65 20 72 6f 62 6f 74 21 22 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 68 75 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 22 4e 79 6f 6d 6a 20 61 7a 20 45 6e 67 65 64 c3 a9 6c 79 65 7a c3 a9 73 72 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 4e 79 6f 6d 6a 61 20 6d 65 67 20 61 7a 20 22 45 6e 67 65 64 c3 a9 6c 79 65 7a c3 a9 73 22 20 67 6f 6d 62 6f 74 2c 20 68 6f 67 79 20 69 67 61 7a 6f 6c 6a 61 2c 20 68 6f 67 79 20 65 6d 62 65 72 20 76 61 67 79 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 68 79 3a 20 7b 0d 0a 20 20 20 20 20 Data Ascii: ", text1: "Kliknite Dopusti da biste potvrdili da niste robot!" }, hu: { title: "Nyomj az Engedlyezsre", text1: 'Nyomja meg az "Engedlyezs" gombot, hogy igazolja, hogy ember vagy!' }, hy: {
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: a3 d1 8b d0 b7 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 6b 6f 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 22 ed 97 88 ec 9a a9 ec 9d 84 20 eb 88 84 eb a5 b4 ec 84 b8 ec 9a 94 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 22 eb a1 9c eb b4 87 ec 9d b4 20 ec 95 84 eb 8b 88 eb 9d bc eb 8a 94 20 ea b2 83 ec 9d 84 20 ed 99 95 ec 9d b8 ed 95 98 eb a0 a4 eb a9 b4 20 c2 ab 41 6c 6c 6f 77 c2 bb eb a5 bc 20 ed 81 b4 eb a6 ad ed 95 98 ec 84 b8 ec 9a 94 21 22 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 6c 74 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 22 4e 6f 6b 6c 69 6b c5 a1 c4 b7 69 6e 69 65 74 20 75 7a 20 41 74 c4 bc 61 75 74 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 50 61 73 70 61 75 73 6b 69 74 Data Ascii: !' }, ko: { title: " ", text1: " Allow !" }, lt: { title: "Noklikiniet uz Ataut", text1: 'Paspauskit
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 20 20 20 20 74 69 74 6c 65 3a 20 22 4b 6c 69 6b 6b 20 54 69 6c 6c 61 74 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 54 72 79 6b 6b 20 70 c3 a5 20 22 54 69 6c 6c 61 74 22 2d 6b 6e 61 70 70 65 6e 20 66 6f 72 20 c3 a5 20 62 65 6b 72 65 66 74 65 20 61 74 20 64 75 20 65 72 20 65 74 20 6d 65 6e 6e 65 73 6b 65 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 6e 62 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 22 4b 6c 69 6b 6b 20 54 69 6c 6c 61 74 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 54 72 79 6b 6b 20 70 c3 a5 20 22 54 69 6c 6c 61 74 22 2d 6b 6e 61 70 70 65 6e 20 66 6f 72 20 c3 a5 20 62 65 6b 72 65 66 74 65 20 61 74 20 64 75 20 65 72 20 65 74 20 6d 65 6e 6e 65 73 6b 65 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 Data Ascii: title: "Klikk Tillat", text1: 'Trykk p "Tillat"-knappen for bekrefte at du er et menneske!' }, nb: { title: "Klikk Tillat", text1: 'Trykk p "Tillat"-knappen for bekrefte at du er et menneske!' },
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 20 22 4b 6c 69 6b 6e 69 74 65 20 6e 61 20 50 6f 76 6f 6c 69 c5 a5 22 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 4b 6c 69 6b 6e 75 74 c3 ad 6d 20 6e 61 20 74 6c 61 c4 8d 69 64 6c 6f 20 22 50 6f 76 6f 6c 69 c5 a5 22 20 70 6f 74 76 72 c4 8f 74 65 2c 20 c5 be 65 20 6e 69 65 20 73 74 65 20 72 6f 62 6f 74 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 73 6c 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 27 4b 6c 69 6b 6e 69 74 65 20 22 44 6f 76 6f 6c 69 22 27 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 50 72 69 74 69 73 6e 69 74 65 20 67 75 6d 62 20 22 44 6f 76 6f 6c 69 22 2c 20 64 61 20 70 6f 74 72 64 69 74 65 2c 20 64 61 20 73 74 65 20 c4 8d 6c 6f 76 65 6b 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 73 72 3a 20 7b Data Ascii: "Kliknite na Povoli", text1: 'Kliknutm na tlaidlo "Povoli" potvrte, e nie ste robot!' }, sl: { title: 'Kliknite "Dovoli"', text1: 'Pritisnite gumb "Dovoli", da potrdite, da ste lovek!' }, sr: {
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 73 61 74 20 62 65 72 69 73 68 22 20 74 75 67 6d 61 73 69 6e 69 20 62 6f 73 69 6e 67 2c 20 62 75 20 6f 72 71 61 6c 69 20 73 69 7a 20 69 6e 73 6f 6e 20 65 6b 61 6e 6c 69 67 69 6e 67 69 7a 6e 69 20 74 61 73 64 69 71 6c 61 6e 67 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 76 69 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3a 20 27 4e 68 e1 ba a5 70 20 76 c3 a0 6f 20 22 43 68 6f 20 70 68 c3 a9 70 22 27 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 31 3a 20 27 56 75 69 20 6c c3 b2 6e 67 20 6e 68 e1 ba a5 6e 20 6e c3 ba 74 20 22 43 68 6f 20 70 68 c3 a9 70 22 20 c4 91 e1 bb 83 20 78 c3 a1 63 20 6d 69 6e 68 20 62 e1 ba a1 6e 20 6c c3 a0 20 63 6f 6e 20 6e 67 c6 b0 e1 bb 9d 69 21 27 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 2f 2f d0 ba d0 b8 d1 82 d0 b0 Data Ascii: sat berish" tugmasini bosing, bu orqali siz inson ekanligingizni tasdiqlang!' }, vi: { title: 'Nhp vo "Cho php"', text1: 'Vui lng nhn nt "Cho php" xc minh bn l con ngi!' }, //
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 2e 6c 65 6e 67 74 68 29 0d 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 6f 20 3d 20 30 3b 20 6f 20 3c 20 61 2e 6c 65 6e 67 74 68 3b 20 6f 2b 2b 29 20 6e 75 6c 6c 20 21 3d 20 61 5b 6f 5d 2e 70 6c 61 63 65 68 6f 6c 64 65 72 20 3f 20 61 5b 6f 5d 2e 70 6c 61 63 65 68 6f 6c 64 65 72 20 3d 20 69 5b 74 5d 5b 65 5d 20 3a 20 61 5b 6f 5d 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 69 5b 74 5d 5b 65 5d 3b 0d 0a 65 6c 73 65 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 65 6c 65 6d 65 6e 74 20 6e 6f 74 20 46 6f 75 6e 64 3a 20 22 20 2b 20 65 29 0d 0a 7d 0d 0a 0d 0a 66 75 6e 63 74 69 6f 6e 20 74 72 61 6e 73 6c 61 74 69 6f 6e 5f 61 76 61 69 6c 61 62 6c 65 28 74 2c 20 65 29 20 7b 0d 0a 72 65 74 75 72 6e 20 74 5b 65 5d 20 3f 20 65 20 3a 20 28 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 54 Data Ascii: .length) for (var o = 0; o < a.length; o++) null != a[o].placeholder ? a[o].placeholder = i[t][e] : a[o].innerHTML = i[t][e];else console.log("element not Found: " + e)}function translation_available(t, e) {return t[e] ? e : (console.log("T
2024-08-30 10:44:25 UTC	504	IN	Data Raw: 20 7d 2c 20 31 29 20 3a 20 28 6f 2e 70 75 73 68 28 7b 0d 0a 20 20 20 20 20 20 20 20 66 6e 3a 20 74 2c 0d 0a 20 20 20 20 20 20 20 20 63 74 78 3a 20 65 0d 0a 20 20 20 20 7d 29 2c 20 76 6f 69 64 28 22 63 6f 6d 70 6c 65 74 65 22 20 3d 3d 3d 20 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 20 7c 7c 20 21 64 6f 63 75 6d 65 6e 74 2e 61 74 74 61 63 68 45 76 65 6e 74 20 26 26 20 22 69 6e 74 65 72 61 63 74 69 76 65 22 20 3d 3d 3d 20 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 20 3f 20 73 65 74 54 69 6d 65 6f 75 74 28 69 2c 20 31 29 20 3a 20 6c 20 7c 7c 20 28 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 20 3f 20 28 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e Data Ascii: }, 1) : (o.push({ fn: t, ctx: e }), void("complete" === document.readyState \|\| !document.attachEvent && "interactive" === document.readyState ? setTimeout(i, 1) : l \|\| (document.addEventListener ? (document.addEventListener("DOMCon

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.20	44874	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:25 UTC	509	OUT	GET /space-robot/assets/style.css?v=5 HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive
2024-08-30 10:44:25 UTC	677	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:25 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: W/"66cee519-15f1" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 642 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9hG1ORXFsJDDwfePU1i%2BILPqEzmEzWJA6PDjFft44pcyJdUFrLq2NHyUDpGLJoTwi2gLktt3iaOunG19fJb8puom%2BXGUL2gKMiIEdjbtGjaXEg48rfGsQQk0pOJ4pbgBm5pc520iOCptRj8VqtRH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f7c4d184246-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:25 UTC	692	IN	Data Raw: 31 35 66 31 0d 0a 2e 71 49 6b 35 62 71 2c 62 6f 64 79 2c 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 77 69 64 74 68 3a 31 30 30 25 7d 23 62 6f 64 79 2c 23 72 53 68 61 64 6f 77 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 7d 23 62 6f 64 79 2c 23 72 42 6f 64 79 42 6f 78 2c 23 72 53 68 61 64 6f 77 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 62 6f 64 79 2c 23 72 48 65 61 64 42 6f 78 7b 74 6f 70 3a 30 7d 2e 64 38 55 4e 74 46 2c 2e 66 58 63 38 6a 51 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 Data Ascii: 15f1.qIk5bq,body,html{height:100%;width:100%}#body,#rShadow{position:absolute;left:0;right:0}#body,#rBodyBox,#rShadow{position:absolute}#body,#rHeadBox{top:0}.d8UNtF,.fXc8jQ{text-align:center}@font-face{font-family:Roboto;font-style:normal;font-weight:3
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6c 43 6e 71 45 75 39 32 46 72 31 4d 6d 53 55 35 66 41 42 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 75 2b 30 34 30 30 2d 30 34 35 66 2c 75 2b 30 34 39 30 2d 30 34 39 31 2c 75 2b 30 34 62 30 2d 30 34 62 31 2c 75 2b 32 31 31 36 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 73 72 63 3a 6c 6f 63 61 6c 28 22 52 6f 62 6f 74 6f 20 4d 65 64 69 75 6d 22 29 2c 6c 6f 63 61 6c 28 22 52 6f 62 6f 74 6f 2d 4d 65 64 69 75 6d 22 29 2c 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 Data Ascii: s/roboto/v18/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format("woff2");unicode-range:u+0400-045f,u+0490-0491,u+04b0-04b1,u+2116}@font-face{font-family:Roboto;font-style:normal;font-weight:500;src:local("Roboto Medium"),local("Roboto-Medium"),url(https://fonts.gs
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 33 63 33 7d 2e 6b 42 61 7a 51 48 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 65 6e 64 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 20 30 20 30 3b 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 77 69 64 74 68 3a 34 30 25 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 32 29 3b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 32 30 30 70 78 7d 2e 63 49 34 38 54 67 7b 77 69 64 74 68 3a 31 34 31 70 78 3b 68 65 69 67 68 74 3a 31 38 32 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 23 72 42 6f 64 79 42 6f 78 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 35 33 70 78 3b 74 6f 70 3a 31 31 30 70 78 3b 6c 65 66 74 3a 30 7d 23 72 42 6f 64 79 42 6f 78 2c 23 72 48 65 61 64 42 6f 78 7b 74 72 61 6e 73 69 74 69 6f Data Ascii: 3c3}.kBazQH{justify-content:flex-end;padding:40px 0 0;flex-shrink:0;width:40%;transform:scale(2);float:right;margin-right:-200px}.cI48Tg{width:141px;height:182px;margin:0 auto}#rBodyBox{width:100%;height:53px;top:110px;left:0}#rBodyBox,#rHeadBox{transitio
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 2d 69 6e 64 65 78 3a 39 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 43 61 79 7a 44 33 2c 2e 68 69 64 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 4a 50 31 64 7a 30 7b 77 69 64 74 68 3a 35 37 25 3b 68 65 69 67 68 74 3a 35 37 25 3b 66 69 6c 6c 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 6f 70 61 63 69 74 79 3a 2e 39 7d 2e 64 38 55 4e 74 46 7b 77 69 64 74 68 3a 31 30 30 25 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 7d 2e 78 56 76 59 34 5a 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 31 30 30 70 78 3b 62 6f 74 74 6f 6d 3a 2d 33 35 70 78 7d 2e 74 6e 4b 41 39 35 2c 66 6f 72 6d 7b Data Ascii: -index:9000;cursor:pointer}.CayzD3,.hide{display:none!important}.JP1dz0{width:57%;height:57%;fill:#fff;display:none;opacity:.9}.d8UNtF{width:100%;font-size:18px;margin:10px 0 0;color:#909090}.xVvY4Z{position:absolute;right:100px;bottom:-35px}.tnKA95,form{
2024-08-30 10:44:25 UTC	826	IN	Data Raw: 65 69 67 68 74 3a 37 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 33 70 78 3b 6d 61 72 67 69 6e 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 7b 2e 50 44 64 70 6f 78 7b 7a 2d 69 6e 64 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 38 25 3b 77 69 64 74 68 3a 34 30 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 2e 4f 56 78 36 4b 31 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 Data Ascii: eight:700;font-size:23px;margin:0}@media screen and (max-width:600px){.PDdpox{z-index:1;display:flex;align-items:center;padding:8%;width:400px;min-width:100%;box-sizing:border-box;position:relative}p{font-size:18px;font-weight:300}.OVx6K1{position:absolut
2024-08-30 10:44:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.20	44878	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:25 UTC	492	OUT	GET /space-robot/assets/main.js?v=3 HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive
2024-08-30 10:44:25 UTC	711	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:25 GMT Content-Type: application/javascript Content-Length: 4693 Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: "66cee519-1255" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 642 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ux9jhvPPNANpqvMbsXoz720NL1FWu6rrPbb8hL80%2FpNab59vXPU6JbSmwKBT8ZU6IkinUet02tNjWfz7Iy%2FVdqktWwN5rRagC%2BYGxqNz1T2gK2ITdNGXfkuKL8%2BXXxnt%2BMlnMor91DnPQkf7yHc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f7c4e5ec324-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:25 UTC	658	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 49 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 49 28 29 7d 29 2c 35 65 33 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 61 72 6d 4c 65 66 74 22 29 2c 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 61 72 6d 52 69 67 68 74 22 29 2c 73 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 65 79 65 4e 6f 72 6d 61 6c 22 29 2c 69 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 65 79 65 42 6c 69 6e 6b 22 29 2c 64 3d 64 Data Ascii: document.addEventListener("DOMContentLoaded",(function(){I(),setInterval((function(){I()}),5e3);var e=document.getElementById("armLeft"),t=document.getElementById("armRight"),s=document.getElementById("eyeNormal"),i=document.getElementById("eyeBlink"),d=d
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 68 69 64 65 22 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 73 68 6f 77 42 6c 6f 63 6b 22 29 7d 29 2c 30 29 2c 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 65 22 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 73 68 6f 77 42 6c 6f 63 6b 22 29 7d 29 2c 33 30 30 29 7d 29 2c 35 65 33 29 3b 76 61 72 20 6c 2c 72 2c 4c 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 6c 29 2c 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 72 29 2c 4c 3d 30 2c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 6f 75 74 68 31 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 65 Data Ascii: hide"),i.classList.add("showBlock")}),0),setTimeout((function(){s.classList.remove("hide"),i.classList.remove("showBlock")}),300)}),5e3);var l,r,L=0;function u(){clearInterval(l),clearTimeout(r),L=0,document.getElementById("mouth1").classList.remove("hide
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 20 28 77 20 3d 20 69 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 61 6e 64 72 6f 69 64 22 29 20 3e 20 2d 31 29 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 69 73 41 6e 64 72 6f 69 64 22 29 2c 20 2d 31 20 21 3d 20 28 76 65 72 4f 66 66 73 65 74 20 3d 20 69 2e 69 6e 64 65 78 4f 66 28 22 4f 50 52 2f 22 29 29 20 7c 7c 20 2d 31 20 21 3d 20 28 76 65 72 4f 66 66 73 65 74 20 3d 20 69 2e 69 6e 64 65 78 4f 66 28 22 4f 70 65 72 61 22 29 29 20 3f 20 28 22 4f 70 65 72 61 22 2c 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 4f 70 65 72 61 22 29 29 20 3a 20 2d 31 20 21 3d 20 28 76 65 72 4f 66 66 73 65 74 20 3d Data Ascii: or.userAgent; (w = i.toLowerCase().indexOf("android") > -1) && document.body.classList.add("isAndroid"), -1 != (verOffset = i.indexOf("OPR/")) \|\| -1 != (verOffset = i.indexOf("Opera")) ? ("Opera", document.body.classList.add("Opera")) : -1 != (verOffset =
2024-08-30 10:44:25 UTC	1297	IN	Data Raw: 76 65 72 4f 66 66 73 65 74 20 3d 20 69 2e 69 6e 64 65 78 4f 66 28 22 56 69 76 61 6c 64 69 22 29 29 20 3f 20 28 22 56 69 76 61 6c 64 69 22 2c 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 56 69 76 61 6c 64 69 22 29 29 20 3a 20 2d 31 20 21 3d 20 28 76 65 72 4f 66 66 73 65 74 20 3d 20 69 2e 69 6e 64 65 78 4f 66 28 22 59 61 42 72 6f 77 73 65 72 22 29 29 20 3f 20 28 22 59 61 6e 64 65 78 20 42 72 6f 77 73 65 72 22 2c 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 59 61 6e 64 65 78 22 29 29 20 3a 20 2d 31 20 21 3d 20 28 76 65 72 4f 66 66 73 65 74 20 3d 20 69 2e 69 6e 64 65 78 4f 66 28 22 55 43 42 72 6f 77 73 65 72 22 29 29 20 3f 20 28 22 55 43 20 42 72 6f 77 73 65 72 22 2c 20 Data Ascii: verOffset = i.indexOf("Vivaldi")) ? ("Vivaldi", document.body.classList.add("Vivaldi")) : -1 != (verOffset = i.indexOf("YaBrowser")) ? ("Yandex Browser", document.body.classList.add("Yandex")) : -1 != (verOffset = i.indexOf("UCBrowser")) ? ("UC Browser",

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.20	44872	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:25 UTC	495	OUT	GET /shared-js/assets/static-pl.js?v=4 HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive
2024-08-30 10:44:25 UTC	716	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:25 GMT Content-Type: application/javascript Content-Length: 3744 Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: "66cee519-ea0" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 642 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1hsXLiMg%2Bvhy5NHbxOj%2BjEq%2BDOCmzMPRozxjvX065bLolh4y07Ei3F%2BLQPk0k%2B1buUf%2BATmNrFLdXNnIAf4b7lYau%2FrmWp8a6fI3YLhRiiMinHkgiL7k1bfn6rS2DBJLrRAK%2FEVmBjtn7xUUP7Af"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f7c28951899-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:25 UTC	653	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 2f 2f 20 52 65 64 69 72 65 63 74 20 57 68 65 6e 20 4a 53 20 6e 6f 74 20 6c 6f 61 64 65 64 0d 0a 0d 0a 20 20 2f 2f 20 55 6e 63 6f 6d 6d 65 6e 74 20 74 6f 20 75 73 65 20 72 65 67 75 6c 61 72 20 72 65 64 69 72 65 63 74 20 77 69 74 68 6f 75 74 20 73 73 70 0d 0a 20 20 2f 2f 20 63 6f 6e 73 74 20 74 72 61 66 66 69 63 42 61 63 6b 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6d 62 74 72 6b 31 2e 63 6f 6d 2f 63 6c 69 63 6b 2e 70 68 70 3f 6b 65 79 3d 37 65 66 31 71 64 31 6c 76 66 74 64 6a 75 34 6e 39 38 35 73 26 74 72 61 63 6b 65 72 3d 70 75 73 68 6c 69 6e 6b 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2d 7b 72 65 61 73 6f 6e 7d 27 3b 0d 0a 20 20 2f 2f 20 63 6f 6e 73 74 20 74 72 61 66 66 69 63 42 61 63 6b 54 72 61 63 6b 20 3d 20 Data Ascii: (function () { // Redirect When JS not loaded // Uncomment to use regular redirect without ssp // const trafficBack = 'https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-{reason}'; // const trafficBackTrack =
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 20 2f 2f 20 55 73 65 20 43 44 4e 20 73 74 61 74 69 63 20 66 6f 72 20 4a 53 0d 0a 20 20 63 6f 6e 73 74 20 75 73 65 43 64 6e 53 74 61 74 69 63 20 3d 20 74 72 75 65 3b 0d 0a 20 20 63 6f 6e 73 74 20 63 64 6e 53 74 61 74 69 63 50 72 65 66 69 78 20 3d 20 27 63 64 6e 73 74 61 74 69 63 27 3b 0d 0a 20 20 63 6f 6e 73 74 20 64 65 66 61 75 6c 74 4a 53 44 6f 6d 61 69 6e 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6a 73 2e 73 74 72 65 61 6d 70 73 68 2e 74 6f 70 27 3b 0d 0a 0d 0a 20 20 66 75 6e 63 74 69 6f 6e 20 67 65 74 50 61 72 61 6d 65 74 65 72 42 79 4e 61 6d 65 28 6e 61 6d 65 2c 20 75 72 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 20 7b 0d 0a 20 20 20 20 20 20 6e 61 6d 65 20 3d 20 6e 61 6d 65 2e 72 65 70 6c 61 63 65 28 2f 5b 5c 5b 5c 5d 5d 2f Data Ascii: // Use CDN static for JS const useCdnStatic = true; const cdnStaticPrefix = 'cdnstatic'; const defaultJSDomain = 'https://js.streampsh.top'; function getParameterByName(name, url = window.location.href) { name = name.replace(/[\[\]]/
2024-08-30 10:44:25 UTC	1369	IN	Data Raw: 74 28 27 2e 27 29 3b 0d 0a 20 20 20 20 20 20 69 66 20 28 70 61 72 74 73 2e 6c 65 6e 67 74 68 20 3e 3d 20 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 64 6f 6d 61 69 6e 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 20 2b 20 27 2f 2f 27 20 2b 20 63 64 6e 53 74 61 74 69 63 50 72 65 66 69 78 20 2b 20 27 2e 27 20 2b 20 70 61 72 74 73 5b 70 61 72 74 73 2e 6c 65 6e 67 74 68 20 2d 20 32 5d 20 2b 20 27 2e 27 20 2b 20 70 61 72 74 73 5b 70 61 72 74 73 2e 6c 65 6e 67 74 68 20 2d 20 31 5d 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 7d 0d 0a 0d 0a 20 20 6c 65 74 20 72 65 64 69 72 65 63 74 55 72 6c 20 3d 20 74 72 61 66 66 69 63 42 61 63 6b 0d 0a 20 20 20 20 20 20 2e 72 65 70 6c 61 63 65 28 27 7b 6a 73 5f 64 6f 6d 61 69 6e 7d 27 2c 20 Data Ascii: t('.'); if (parts.length >= 2) { domain = window.location.protocol + '//' + cdnStaticPrefix + '.' + parts[parts.length - 2] + '.' + parts[parts.length - 1]; } } let redirectUrl = trafficBack .replace('{js_domain}',
2024-08-30 10:44:25 UTC	353	IN	Data Raw: 0a 20 20 20 20 20 20 2b 20 27 26 74 62 3d 27 20 2b 20 74 72 61 66 66 69 63 42 61 63 6b 54 72 61 63 6b 0d 0a 20 20 20 20 20 20 2b 20 27 26 6e 72 69 64 3d 27 20 2b 20 6e 72 69 64 3b 0d 0a 0d 0a 20 20 73 63 72 69 70 74 54 61 67 2e 6f 6e 65 72 72 6f 72 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 69 66 20 28 70 6f 70 75 70 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 73 65 6c 66 2e 63 6c 6f 73 65 28 29 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 69 66 20 28 72 65 64 69 72 65 63 74 55 72 6c 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 73 73 69 67 6e 28 72 65 64 69 72 65 63 74 55 72 6c 2e 72 65 Data Ascii: + '&tb=' + trafficBackTrack + '&nrid=' + nrid; scriptTag.onerror = function () { if (popup) { window.self.close() return; } if (redirectUrl) { window.location.assign(redirectUrl.re

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.20	44876	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:25 UTC	502	OUT	GET /space-robot/assets/corner.png HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive
2024-08-30 10:44:25 UTC	694	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:25 GMT Content-Type: image/png Content-Length: 300 Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: "66cee519-12c" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 642 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tG5qF6t%2B0%2FMXmMpnDATiGJ7FOPrRBk%2FH8Dh2VpJKVsjJPryC4kg0cw7orQgUQnuzMerVIdPj0xYSBZ9XMcqRFk5xLBS2J1GhQH50E55QBUMC0YOZHwRnl2e%2FZdZEmU769GcJLkiWGkWXuofqHOG5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f7d4ed8c45c-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:25 UTC	300	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 2c 00 00 00 2c 08 03 00 00 00 29 5a aa 33 00 00 00 3c 50 4c 54 45 00 00 00 95 95 95 95 95 95 95 95 95 95 95 95 97 97 97 95 95 95 da da da 95 95 95 ff ff ff ff ff ff 95 95 95 96 96 96 c8 c8 c8 95 95 95 95 95 95 95 95 95 95 95 95 ff ff ff ed ed ed 65 21 4a b1 00 00 00 12 74 52 4e 53 00 04 12 32 1b 88 55 fd aa df 20 01 77 fd 98 44 25 1f 30 6b 02 03 00 00 00 8d 49 44 41 54 38 cb 8d ca 37 16 83 40 10 05 c1 8f 11 32 8b b0 f7 bf 2b 8f a8 33 7a 2a ae fc be 47 4d 6e d5 1d b6 0b db 85 ed e2 1b f1 8d c0 77 c0 f6 dc f5 c3 eb fd 78 cf cf 34 96 37 99 ed 99 ed d9 37 d9 37 19 6c cf 6c cf 6c cb be c9 be c9 be c9 be c9 be c9 be c9 b6 3d b3 3d b3 41 f6 4d f6 4d f6 4d f6 4d f6 4d ae 6e b2 6f b2 6f b2 6f 72 6d 93 7d 93 Data Ascii: PNGIHDR,,)Z3<PLTEe!JtRNS2U wD%0kIDAT87@2+3z*GMnwx4777lll==AMMMMMnooorm}

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.20	39208	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:26 UTC	716	OUT	GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5 HTTP/1.1 Host: cdnstatic.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive
2024-08-30 10:44:26 UTC	873	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:26 GMT Content-Type: application/javascript Transfer-Encoding: chunked Connection: close cache-control: max-age=0, no-cache, no-store, must-revalidate accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version CF-Cache-Status: BYPASS Set-Cookie: __psu=5bae6dc6-cff2-4d35-8c46-e4e147c7e338; expires=Sun, 30 Aug 2026 10:44:26 GMT; path=/; secure; samesite=none Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ubbW%2BqCRtNKkY2B0ntqhyGSacnMV09wQ0RLrob46wpc84umlqUvHwexqrlicbXMulg8Mw812GFYZ9KDLixiMptm2pTuOjz07NOdBWAXxW0lvOXTChM0q9OPYa%2FBlipuHX7CWCGOXkbg3pxp%2F6m0pMy9ywA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f830a4542e6-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:26 UTC	496	IN	Data Raw: 37 63 34 37 0d 0a 63 6f 6e 73 74 20 61 30 5f 30 78 34 34 39 63 3d 5b 27 70 75 73 68 27 2c 27 6f 6e 50 65 72 6d 69 73 73 69 6f 6e 44 65 66 61 75 6c 74 27 2c 27 70 75 73 68 53 74 61 74 65 27 2c 27 6f 6e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 55 6e 73 75 70 70 6f 72 74 65 64 27 2c 27 61 70 70 65 6e 64 27 2c 27 77 65 62 6b 69 74 52 65 71 75 65 73 74 46 75 6c 6c 53 63 72 65 65 6e 27 2c 27 70 61 72 65 6e 74 4e 6f 64 65 27 2c 27 74 69 74 6c 65 27 2c 27 36 31 32 33 37 32 70 69 77 7a 56 70 27 2c 27 6e 61 6d 65 27 2c 27 6d 61 74 63 68 27 2c 27 72 65 6c 6f 61 64 27 2c 27 61 70 70 6c 79 27 2c 27 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 27 2c 27 70 61 72 73 65 27 2c 27 31 46 59 68 5a 58 47 27 2c 27 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 27 2c 27 67 Data Ascii: 7c47const a0_0x449c=['push','onPermissionDefault','pushState','onNotificationUnsupported','append','webkitRequestFullScreen','parentNode','title','612372piwzVp','name','match','reload','apply','getHighEntropyValues','parse','1FYhZXG','preventDefault','g
2024-08-30 10:44:26 UTC	1369	IN	Data Raw: 27 6f 70 65 6e 27 2c 27 69 6e 6e 65 72 57 69 64 74 68 27 2c 27 6a 6f 69 6e 27 2c 27 6c 65 6e 67 74 68 27 2c 27 63 6f 64 65 27 2c 27 74 65 73 74 27 2c 27 73 75 62 73 74 72 69 6e 67 27 2c 27 72 65 67 69 73 74 65 72 27 2c 27 73 65 74 49 74 65 6d 27 2c 27 65 78 65 63 27 2c 27 6c 6f 63 61 74 69 6f 6e 27 2c 27 6f 6e 6c 6f 61 64 27 2c 27 37 37 33 38 30 33 66 42 73 70 76 73 27 2c 27 62 6f 64 79 27 2c 27 77 65 62 6b 69 74 52 65 71 75 65 73 74 46 75 6c 6c 73 63 72 65 65 6e 27 2c 27 70 72 6f 74 6f 74 79 70 65 27 2c 27 72 61 6e 64 6f 6d 27 2c 27 73 74 61 74 65 27 2c 27 6c 61 6e 67 75 61 67 65 27 2c 27 32 30 35 38 39 4e 61 74 71 5a 44 27 2c 27 69 6e 64 65 78 4f 66 27 2c 27 75 73 65 72 41 67 65 6e 74 27 2c 27 74 61 72 67 65 74 27 2c 27 73 74 61 74 75 73 27 2c 27 68 65 Data Ascii: 'open','innerWidth','join','length','code','test','substring','register','setItem','exec','location','onload','773803fBspvs','body','webkitRequestFullscreen','prototype','random','state','language','20589NatqZD','indexOf','userAgent','target','status','he
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 66 74 27 5d 28 29 29 3b 7d 7d 7d 28 61 30 5f 30 78 34 34 39 63 2c 30 78 64 62 62 31 63 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 5f 30 78 34 62 39 63 65 38 3d 61 30 5f 30 78 34 37 39 33 2c 5f 30 78 33 66 38 61 37 36 3d 27 43 48 69 49 37 47 68 33 47 55 79 54 61 38 58 47 67 4e 71 44 79 51 27 2c 5f 30 78 31 37 32 37 38 62 3d 27 74 72 75 65 27 3d 3d 3d 27 74 72 75 65 27 2c 5f 30 78 31 38 61 36 39 31 3d 27 66 61 6c 73 65 27 3d 3d 3d 27 74 72 75 65 27 2c 5f 30 78 31 38 35 62 31 34 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 73 74 61 74 69 63 2e 63 68 65 63 6b 2d 74 6c 2d 76 65 72 2d 31 30 38 2d 61 2e 63 6f 6d 27 2c 5f 30 78 35 37 31 61 36 38 3d 21 5f 30 78 31 38 61 36 39 31 26 26 21 5f 30 78 31 37 32 37 38 62 3f 27 30 27 3a 27 30 27 2c 5f 30 78 35 37 Data Ascii: ft']());}}}(a0_0x449c,0xdbb1c),function(){const _0x4b9ce8=a0_0x4793,_0x3f8a76='CHiI7Gh3GUyTa8XGgNqDyQ',_0x17278b='true'==='true',_0x18a691='false'==='true',_0x185b14='https://cdnstatic.check-tl-ver-108-a.com',_0x571a68=!_0x18a691&&!_0x17278b?'0':'0',_0x57
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 6b 61 74 69 6f 6e 65 72 27 2c 27 61 6c 6c 6f 77 27 3a 27 54 69 6c 6c 61 64 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 6b 65 72 27 7d 2c 27 6e 6c 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 77 69 6c 20 68 65 74 20 76 6f 6c 67 65 6e 64 65 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 4d 65 6c 64 69 6e 67 65 6e 20 62 65 6b 69 6a 6b 65 6e 27 2c 27 61 6c 6c 6f 77 27 3a 27 54 6f 65 73 74 61 61 6e 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 6b 6b 65 72 65 6e 27 7d 2c 27 61 6d 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 e1 8b a8 e1 88 9a e1 8a a8 e1 89 b0 e1 88 89 e1 89 b5 e1 8a 95 20 e1 88 9b e1 8b b5 e1 88 a8 e1 8c 8d 20 e1 8b ad e1 8d 88 e1 88 8d e1 8c 8b e1 88 8d 5c 75 31 33 36 36 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 e1 88 Data Ascii: kationer','allow':'Tillad','disallow':'Bloker'},'nl':{'title':'... wil het volgende','permission':'Meldingen bekijken','allow':'Toestaan','disallow':'Blokkeren'},'am':{'title':'... \u1366','permission':'
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 80 80 e1 80 ba e1 80 99 e1 80 bb e1 80 ac e1 80 b8 20 e1 80 95 e1 80 bc e1 80 9b e1 80 94 e1 80 ba 27 2c 27 61 6c 6c 6f 77 27 3a 27 e1 80 81 e1 80 bd e1 80 84 e1 80 ba e1 80 b7 e1 80 95 e1 80 bc e1 80 af e1 80 9b e1 80 94 e1 80 ba 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 e1 80 95 e1 80 ad e1 80 90 e1 80 ba e1 80 86 e1 80 ad e1 80 af e1 80 b7 e1 80 9b e1 80 94 e1 80 ba 27 7d 2c 27 65 6c 27 3a 7b 27 74 69 74 6c 65 27 3a 27 54 6f 20 2e 2e 2e 20 ce b8 ce ad ce bb ce b5 ce b9 20 ce bd ce b1 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 ce 95 ce bc cf 86 ce ac ce bd ce b9 cf 83 ce b7 20 ce b5 ce b9 ce b4 ce bf cf 80 ce bf ce b9 ce ae cf 83 ce b5 cf 89 ce bd 27 2c 27 61 6c 6c 6f 77 27 3a 27 ce 95 cf 80 ce b9 cf 84 cf 81 ce ad cf 80 ce b5 cf 84 ce b1 ce b9 27 Data Ascii: ','allow':'','disallow':''},'el':{'title':'To ... ','permission':' ','allow':''
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 3a 7b 27 74 69 74 6c 65 27 3a 27 4d 61 65 20 2e 2e 2e 20 65 69 73 69 61 75 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 44 61 6e 67 6f 73 20 68 79 73 62 79 73 69 61 64 61 75 27 2c 27 61 6c 6c 6f 77 27 3a 27 43 61 6e 69 61 74 c3 a1 75 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 52 68 77 79 73 74 72 6f 27 7d 2c 27 73 6c 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 c5 be 65 6c 69 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 50 6f 6b 61 c5 be 69 20 6f 62 76 65 73 74 69 6c 61 27 2c 27 61 6c 6c 6f 77 27 3a 27 44 6f 76 6f 6c 69 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 6b 69 72 61 6a 27 7d 2c 27 74 65 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 e0 b0 b5 e0 b1 80 e0 b0 9f e0 b0 bf e0 b0 a8 e0 b0 bf 20 e0 b0 9a e0 b1 87 e0 b0 af e0 b0 be e0 b0 Data Ascii: :{'title':'Mae ... eisiau','permission':'Dangos hysbysiadau','allow':'Caniatu','disallow':'Rhwystro'},'sl':{'title':'... eli','permission':'Pokai obvestila','allow':'Dovoli','disallow':'Blokiraj'},'te':{'title':'...
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 45 73 74 c3 a4 27 7d 2c 27 6e 62 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 76 69 6c 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 56 69 73 20 76 61 72 73 6c 65 72 27 2c 27 61 6c 6c 6f 77 27 3a 27 54 69 6c 6c 61 74 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 6b 6b c3 a9 72 27 7d 2c 27 6e 6f 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 76 69 6c 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 56 69 73 20 76 61 72 73 6c 65 72 27 2c 27 61 6c 6c 6f 77 27 3a 27 54 69 6c 6c 61 74 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 6b 6b c3 a9 72 27 7d 2c 27 6b 6d 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 e1 9e 85 e1 9e 84 e1 9f 8b 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 e1 9e 94 e1 9e 84 e1 9f 92 e1 9e a0 e1 9e b6 e1 9e 89 e1 9e 80 Data Ascii: Est'},'nb':{'title':'... vil','permission':'Vis varsler','allow':'Tillat','disallow':'Blokkr'},'no':{'title':'... vil','permission':'Vis varsler','allow':'Tillat','disallow':'Blokkr'},'km':{'title':'... ','permission':'
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 82 d2 af d2 af 27 2c 27 61 6c 6c 6f 77 27 3a 27 d0 a3 d1 80 d1 83 d0 ba d1 81 d0 b0 d1 82 20 d0 b1 d0 b5 d1 80 d2 af d2 af 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 d0 91 d3 a9 d0 b3 d3 a9 d1 82 d1 82 d3 a9 d3 a9 27 7d 2c 27 64 65 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 6d c3 b6 63 68 74 65 3a 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 42 65 6e 61 63 68 72 69 63 68 74 69 67 75 6e 67 65 6e 20 61 6e 7a 65 69 67 65 6e 27 2c 27 61 6c 6c 6f 77 27 3a 27 5a 75 6c 61 73 73 65 6e 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 63 6b 69 65 72 65 6e 27 7d 2c 27 6e 65 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 e0 a4 a8 e0 a4 bf e0 a4 ae e0 a5 8d e0 a4 a8 20 e0 a4 95 e0 a5 81 e0 a4 b0 e0 a4 be e0 a4 95 e0 a4 be 20 e0 a4 b2 e0 a4 be e0 a4 97 e0 a4 Data Ascii: ','allow':' ','disallow':''},'de':{'title':'... mchte:','permission':'Benachrichtigungen anzeigen','allow':'Zulassen','disallow':'Blockieren'},'ne':{'title':'...
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: a8 b0 e0 a8 a8 e0 a8 be 20 e0 a8 9a e0 a8 be e0 a8 b9 e0 a9 81 e0 a9 b0 e0 a8 a6 e0 a9 80 20 e0 a8 b9 e0 a9 88 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 e0 a8 b8 e0 a9 82 e0 a8 9a e0 a8 a8 e0 a8 be e0 a8 b5 e0 a8 be e0 a8 82 20 e0 a8 a6 e0 a8 bf e0 a8 96 e0 a8 be e0 a8 93 27 2c 27 61 6c 6c 6f 77 27 3a 27 e0 a8 86 e0 a8 97 e0 a8 bf e0 a8 86 20 e0 a8 a6 e0 a8 bf e0 a8 93 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 e0 a8 ac e0 a8 b2 e0 a9 8c e0 a8 95 20 e0 a8 95 e0 a8 b0 e0 a9 8b 27 7d 2c 27 75 6b 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 d1 85 d0 be d1 87 d0 b5 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 d0 bf d0 be d0 ba d0 b0 d0 b7 d1 83 d0 b2 d0 b0 d1 82 d0 b8 20 d1 81 d0 bf d0 be d0 b2 d1 96 d1 89 d0 b5 d0 bd d0 bd d1 8f 27 2c 27 61 6c 6c Data Ascii: ','permission':' ','allow':' ','disallow':' '},'uk':{'title':'... ','permission':' ','all
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 6c 6c 6f 77 27 3a 27 4c 65 69 73 74 69 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 42 6c 6f 6b 75 6f 74 69 27 7d 2c 27 6b 6b 27 3a 7b 27 74 69 74 6c 65 27 3a 27 2e 2e 2e 20 d2 af d1 88 d1 96 d0 bd 20 d2 9b d0 b0 d0 b6 d0 b5 d1 82 d1 82 d1 96 20 d3 99 d1 80 d0 b5 d0 ba d0 b5 d1 82 d1 82 d0 b5 d1 80 3a 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 3a 27 d0 a5 d0 b0 d0 b1 d0 b0 d1 80 d0 bb d0 b0 d0 bd d0 b4 d1 8b d1 80 d1 83 d0 bb d0 b0 d1 80 d0 b4 d1 8b 20 d0 ba d3 a9 d1 80 d1 81 d0 b5 d1 82 d1 83 27 2c 27 61 6c 6c 6f 77 27 3a 27 d0 a0 d2 b1 d2 9b d1 81 d0 b0 d1 82 20 d0 b1 d0 b5 d1 80 d1 83 27 2c 27 64 69 73 61 6c 6c 6f 77 27 3a 27 d0 91 d3 a9 d0 b3 d0 b5 d1 83 27 7d 2c 27 68 75 27 3a 7b 27 74 69 74 6c 65 27 3a 27 41 28 7a 29 20 2e 2e 2e 20 61 20 6b c3 b6 76 65 Data Ascii: llow':'Leisti','disallow':'Blokuoti'},'kk':{'title':'... :','permission':' ','allow':' ','disallow':''},'hu':{'title':'A(z) ... a kve

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.20	44884	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:26 UTC	300	OUT	GET /space-robot/assets/apple-touch-icon.png HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-08-30 10:44:27 UTC	695	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:27 GMT Content-Type: image/png Content-Length: 23177 Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: "66cee519-5a89" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 643 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F78myeJ8M5koV1PJL0i1pzyMfB9H7myJKQBg79D3xKgLNF2rXgr7rMknrgD0bb%2BCdHozW2qqte3CcwiyjsEuNK33zRkb4Vl9ZGGPCIdO%2BtoQVVFP9t6RcturPLGcH6vGijBlQN3crueM9g%2BHDM5a"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f8529cdc47f-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:27 UTC	674	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b4 00 00 00 b4 08 06 00 00 00 3d cd 06 32 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 07 74 49 4d 45 07 e5 08 19 0d 38 1c 9c 7a 00 a2 00 00 59 2a 49 44 41 54 78 da ed 9d 77 7c 14 f7 b5 f6 bf 33 db 77 a5 5d f5 86 1a 92 00 d1 c1 74 b0 69 2e b8 e3 12 27 ee 25 8e 9d 9e 38 bd dd bc d7 49 1c a7 dd 54 c7 4e 9c 38 71 e2 de 2b b6 31 60 7a ef 5d 08 81 84 50 ef db fb ce bc 7f cc ee 48 0b 08 56 12 20 c0 3c f9 6c 64 a1 dd 69 fb cc 99 f3 3b e7 39 e7 c0 45 5c c4 45 5c c4 45 5c c4 45 5c c4 45 5c c4 45 5c c4 45 7c 6a 21 Data Ascii: PNGIHDR=2gAMAa cHRMz&u0`:pQ<bKGDtIME8zY*IDATxw\|3w]ti.'%8ITN8q+1`z]PHV <ldi;9E\E\E\E\E\E\E\|j!
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 47 24 3c fe 00 5d 6e 2f e1 70 04 19 99 e4 24 0b d7 5f 37 8f af 7d e5 1e 8a 0a 87 0c f6 25 b8 60 71 91 d0 7d 24 f4 a6 cd bb f8 e9 a3 7f a4 a2 e2 30 08 90 69 4b 66 e6 c8 52 e6 8f 2f a7 28 3b 8d ec 14 2b c1 70 18 bb db c7 e1 a6 36 56 ee ae 64 cd be 2a ba dc 5e 04 04 a6 4d 1d cf 63 3f fb 16 23 46 94 0c f6 65 b8 20 71 91 d0 7d 20 f4 9e bd 07 f9 ce f7 1f a7 e2 c0 61 34 a2 c8 ac 51 a5 7c ed 86 79 4c 1a 56 84 5e 1f 4d 93 c6 2e 67 f4 f3 7e 7f 80 35 7b ab 78 e2 fd 15 ec aa ae 43 96 65 a6 4e 1d cf 6f 1e ff 3e a5 25 85 83 7d 29 2e 38 5c 8c 72 24 08 bb dd c9 13 4f fe 97 8a 8a 43 68 44 91 eb a6 8e e3 f7 0f 7d 96 19 a3 87 a1 d7 6a 41 92 94 97 2c 2b af e8 ef 46 bd 8e 2b 27 8f e1 0f 0f 7f 96 59 a3 ca 10 04 81 cd 9b 77 f1 c4 93 cf e1 f1 78 07 fb b4 2e 38 5c 24 74 82 78 ef Data Ascii: G$<]n/p$_7}%`q}$0iKfR/(;+p6Vd*^Mc?#Fe q} a4Q\|yLV^M.g~5{xCeNo>%}).8\r$OChD}jA,+F+'Ywx.8\$tx
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 8d 46 f9 79 11 fd c3 a7 86 d0 7d f9 b7 44 a1 84 01 03 78 bd 3e 3a 3b 1d 38 9d 6e 7a 2a f1 04 41 20 10 08 f0 d4 d3 2f f2 ca 6b 8b f0 fb 03 c7 55 a7 88 a2 88 c9 64 c4 64 32 62 8e fe 4c 4a 32 93 96 96 42 6a aa 8d d4 14 2b a9 a9 36 32 33 d2 b0 d9 92 31 1a 0d 68 b5 17 ee 53 75 a0 10 22 91 c8 05 13 e5 e8 0b 39 fb 4a 64 49 92 f0 7a 7d b4 b6 76 50 7b b4 51 79 d5 d6 53 5d 53 4f 7d 7d 13 2e b7 07 97 cb 83 cf e7 3f e1 67 4f 1d ed 8f 7f 83 20 08 e8 f5 3a 0c 06 03 06 83 1e 8b c5 c4 90 bc 6c 86 16 17 50 5c 9c 4f 51 61 1e a5 a5 85 e4 e6 64 62 36 9b 2e 5a f5 28 04 49 ea 4b 2d fe f9 8d be 90 58 92 24 5c 6e 0f 47 8f 36 51 75 a8 86 7d fb aa d8 b7 bf 8a da a3 8d 38 9d 2e 3c 1e 1f 91 48 04 10 a2 1a 25 21 9a f5 16 8e b3 c2 32 70 72 46 c7 b6 11 7f ac ca 47 94 cf c9 b2 ac fe 2e Data Ascii: Fy}Dx>:;8nz*A /kUdd2bLJ2Bj+6231hSu"9JdIz}vP{QyS]SO}}.?gO :lP\OQadb6.Z(IK-X$\nG6Qu}8.<H%!2prFG.
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: b7 49 21 b4 2f ce 42 f7 06 9b 35 89 b9 73 a6 31 73 c6 44 2a 0f d6 f0 d1 47 ab 58 f4 e1 0a 6a 8f 36 a8 c4 76 ba dc bc f5 ce 12 36 6c da c1 0d d7 cf e7 73 9f b9 8e b2 b2 a2 73 6a 1d d1 1b ce 7b 42 77 74 da 79 f3 ad c5 bc f4 ca fb d4 d4 d4 01 8a 3e 42 92 24 74 5a 2d a3 c7 8e e0 96 9b 17 70 ed d5 73 f9 e0 a3 15 fc e2 97 4f aa c9 0a df 79 2c ed 4c 4b 4d 89 cb 4a 06 02 01 dc ee c4 cf 45 af d7 33 76 cc 08 46 8d 2c e3 86 1b 2e e7 ad b7 3f e6 83 0f 57 50 df d0 a2 d4 f8 8a 02 4d cd 6d 3c f3 af d7 58 b1 62 23 f7 df 77 2b 37 2d bc f2 9c af b8 39 6f 09 1d 0e 87 d9 b4 79 17 4f ff e3 65 d6 6f dc 41 30 18 8c 12 59 06 01 46 8d 1a c6 ed b7 5d c7 d5 0b 66 93 9d 9d 81 20 08 64 65 a6 ab 64 17 04 01 af cf 8f fb 3c 25 74 4a 8a 55 3d 17 50 9e 52 5d 5d 8e 3e 6f 47 a3 d1 30 b2 bc Data Ascii: I!/B5s1sD*GXj6v6lssj{Bwty>B$tZ-psOy,LKMJE3vF,.?WPMm<Xb#w+7-9oyOeoA0YF]f ded<%tJU=PR...oG0
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: fd fd 45 3c 1e 1f df f8 da 7d 24 27 9f 9d 94 f9 39 61 a1 9b 9b db f8 e1 8f 7f cb 3b ef 2f 53 53 b9 7a bd 8e 07 1f b8 8d 5f fc ec 5b a7 8d cc d0 4d 68 50 6e 18 45 cf 71 7e 5a e8 d4 94 78 0b 1d 89 48 74 75 0d 4e e6 73 e4 c8 32 7e f3 ab ef 73 fd 75 f3 d5 82 de 40 20 c8 bf ff f3 06 ff f7 c7 67 70 bb 3d 67 e5 38 06 9d d0 ad ad 1d fc cf ff fb 03 9f 2c 5f af 56 8f 98 cd 26 be fa e5 bb f9 ee b7 bf 70 da ef ec d4 54 6b 5c e1 6b 30 14 c2 e9 3c 3f 5b 75 59 ad 96 b8 84 86 2c 9f 9e 6c 61 7f 91 3f 24 87 9f ff ef 23 dc 71 fb 0d 6a 33 9c 70 38 cc 8b 2f bd cb 9f fe f2 9f b3 62 38 06 95 d0 ed ed 5d fc ef cf ff cc d2 4f d6 a9 6e 80 cd 9a cc b7 1f f9 3c 5f f9 d2 dd 18 8d 86 d3 be cf 14 5b 7c 35 4a 2c b9 72 3e c2 6c 36 61 b1 98 54 c5 9d 24 0d 7e 2a 3f 3d 3d 85 1f ff f0 cb dc Data Ascii: E<}$'9a;/SSz_[MhPnEq~ZxHtuNs2~su@ gp=g8,_V&pTk\k0<?[uY,la?$#qj3p8/b8]On<_[\|5J,r>l6aT$~*?==
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 6c 62 42 4c e2 90 6c 36 91 11 1b 85 21 c9 a4 26 5b f8 ee ad 57 f1 c8 c2 cb b1 25 99 70 3a 3d fc ee f7 ff e4 bd f7 97 f5 fb bb 38 23 84 ae 6f 68 56 a3 1a a9 a9 36 ee bc e3 c6 73 aa d7 b0 e9 04 ed 0c 62 fd 39 ce 37 58 2c 66 45 3d 18 d5 a6 08 02 78 3c 5e 02 fe c0 60 1f 1a a1 50 48 55 d6 09 82 80 c3 e3 65 5b d5 11 7a 5c 78 4c 06 3d 5f b8 66 36 df ba e9 0a 6c 49 26 ec 76 27 bf fb fd 3f 59 b9 7a 53 bf f6 79 46 c4 13 79 39 59 6a 58 cc ed f6 d0 d4 dc 76 f6 af e6 49 60 8a 69 20 7a b4 33 70 ba 94 9e 16 67 33 6b 79 3a a0 d3 69 49 4e 4e 52 e7 d7 0a 82 40 63 63 2b 4b 96 ad 25 25 c5 aa 8c 95 d3 6a d0 eb f5 58 ad 49 58 ad 49 98 8c 46 b4 5a 4d f4 a5 e3 4c 3d 38 93 92 2c dc fe b9 eb d9 bd e7 00 4e a7 9b 60 28 c2 2b ab b6 70 f9 f8 91 14 66 a7 c7 a6 32 a1 d7 6a b8 e7 8a 19 Data Ascii: lbBLl6!&[W%p:=8#ohV6sb97X,fE=x<^`PHUe[z\xL=_f6lI&v'?YzSyFy9YjXvI`i z3pg3ky:iINNR@cc+K%%jXIXIFZML=8,N`(+pf2j
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 59 bb af 8a 40 28 42 38 1c 41 10 e0 8a cb 67 a1 3f 83 5a 0e a7 d3 cd ce 5d fb 59 f4 e1 0a fe fd 9f d7 f9 e7 33 af f2 f6 bb 4b d8 b0 71 07 47 6a 1b 70 38 5c 04 83 a1 38 32 c7 aa ce db da 3a 99 35 73 d2 a0 68 b4 13 85 cb e5 e1 cd b7 3e e2 f1 df fc 9d ea ea a3 88 a2 48 24 12 61 f2 a4 b1 fc ef 4f bf 41 46 46 2a a0 dc d0 1e 8f 97 40 20 44 24 22 45 f5 c8 b2 9a 82 3e 16 5a ad 16 8b c5 4c 71 71 3e b3 66 5e c2 bc 39 d3 29 28 c8 c5 e9 74 d3 d1 61 27 12 89 20 8a 22 5d 76 07 9b 36 ed 24 18 0c 33 61 fc c8 3e 55 1a 59 ad 49 ac df b0 5d 19 4c 24 0a 78 02 41 e6 8f 1f 41 9a 2d a9 67 43 58 05 32 e4 a4 da a8 6d ed 64 5f 6d 03 1d 1d 5d 64 67 67 70 c9 c4 d1 27 dd c7 69 21 f4 d6 6d 7b 78 f4 e7 7f a1 a1 a1 05 8b c9 c0 77 6e b9 92 2f 5d 37 97 21 e9 a9 6c aa ac e6 68 5b 27 a2 28 Data Ascii: Y@(B8Ag?Z]Y3KqGjp8\82:5sh>H$aOAFF*@ D$"E>ZLqq>f^9)(ta' "]v6$3a>UYI]L$xAA-gCX2md_m]dggp'i!m{xwn/]7!lh['(
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 35 2e b9 64 0c c3 87 15 9f f2 7c d3 d3 52 18 3b 66 38 3b 77 ed 47 14 04 ea 3b ba a8 38 da 44 61 76 c6 09 09 8d 24 33 69 58 11 33 46 96 f0 c1 e6 3d ec da 7d 80 dd 7b 0e 30 6b e6 a4 13 6e bf df 84 3e 5a d7 c4 3f ff f5 2a 2e 97 1b ab c5 cc 83 0b 2e a5 20 33 ad fb a0 04 81 56 bb 93 4d 95 35 20 43 44 92 18 59 5e ca a5 b3 26 f7 6b 7f b2 2c b3 75 db 1e fe f0 a7 7f b3 69 f3 2e c2 d1 45 8a 24 49 e8 f5 7a 46 8c 18 ca bc 39 33 98 37 77 1a 23 cb 4b 4f 2a 86 0a 87 23 f8 7c 7e cc 66 23 1a 8d 86 d4 54 1b df ff ee 43 94 94 14 f0 cf 67 5e e5 68 5d 63 f4 01 23 d0 dc dc c6 9b 6f 7d cc 07 1f ae 24 35 d5 4a 51 61 1e 65 65 c5 94 0f 2f a1 a8 68 08 59 59 e9 a4 d8 14 ab af d7 6b d5 64 45 2c ac 15 0e 47 7a c4 83 43 b8 3d 5e da da 3a 69 69 6d a7 a1 a1 45 8d f7 36 34 34 e3 72 79 f0 Data Ascii: 5.d\|R;f8;wG;8Dav$3iX3F=}{0kn>Z?.. 3VM5 CDY^&k,ui.E$IzF937w#KO#\|~f#TCg^h]c#o}$5JQaee/hYYkdE,GzC=^:iimE644ry
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: a2 0f 57 10 0a 87 29 ca 4a e7 c6 e9 e3 11 35 62 3c a1 05 81 4e b7 87 86 76 3b a0 b8 28 43 86 e4 90 95 95 91 f0 7e 64 59 e6 ed 77 97 f0 cc bf 5e c5 1f 15 ab 6b b5 1a ae bb 76 2e 8f 7c e3 01 4a 86 16 c4 bd bf bd bd 8b 4f 56 6c e0 ed 77 96 b0 6b 77 85 9a c6 16 44 b1 57 d9 6a 6c ce de df ff f1 12 db b6 ef e1 a1 07 6f 67 c6 8c 89 ea 0c 6b 51 14 c8 cc 48 63 c1 95 97 71 e5 e5 b3 f0 07 82 b4 b7 75 52 5d 73 94 ba fa 66 1a 1a 5a 68 68 68 a6 be a1 19 a7 cb 8d 14 91 90 24 c5 da 4a b2 dc ad 45 36 e8 31 47 8b 0a b2 32 d3 c9 c9 c9 24 3b 3b 83 cc 8c 34 72 73 b3 28 c8 cf 21 29 c9 72 d2 d0 97 2f fa 25 2e fe 78 75 34 8b 57 4f 38 1c 3e ed 56 b9 37 88 a2 c8 da b5 5b d9 ba 6d 2f b3 2f 9b 02 c0 f8 f1 23 99 38 61 14 cb 96 2b fd bd eb eb 9b 38 58 75 e4 94 84 06 98 34 71 34 ff d5 Data Ascii: W)J5b<Nv;(C~dYw^kv.\|JOVlwkwDWjlogkQHcquR]sfZhhh$JE61G2$;;4rs(!)r/%.xu4WO8>V7[m//#8a+8Xu4q4
2024-08-30 10:44:27 UTC	1369	IN	Data Raw: 43 5d 7d 13 e1 70 04 ad 56 43 52 92 99 8c cc 54 64 49 46 d4 88 b8 3d 5e 3a bb 1c 14 17 e7 9f 72 3b 31 42 cb b2 4c 28 1c a1 b2 be 85 f9 13 4e 12 c7 96 65 72 d3 6c 24 19 0d b4 d9 5d b4 b4 76 10 0e 87 e3 ca c4 12 7e 8e 1d 3e 7c 94 8a 8a 43 08 82 c8 a8 c2 3c b2 53 ad 27 26 b4 20 e0 f2 fa e9 70 b9 a3 c7 a0 8c 9c 30 25 a0 9d 55 42 3f 9b e8 ec b4 23 08 02 3a 9d 8e eb ae 9d 4f 56 66 77 fb d5 0f 17 af 62 d9 27 eb cf 58 a5 72 22 10 04 41 8d 60 c4 fc ea 48 24 a2 56 87 04 43 a1 68 e2 24 44 28 14 26 12 89 a8 7d 32 34 1a 4d f4 06 10 e3 12 2a e7 0f 04 da db bb d4 0e 47 06 83 3e aa 7e 53 ce cf ef f7 27 5c b2 95 9f 9f 1b 9d bd 2e 13 91 24 0e 35 b6 f6 ee 6e 44 91 96 6c 26 2d d9 82 40 77 df e9 9e 48 98 d0 07 0e 1c c6 e1 74 a3 d5 88 4c 1a 56 88 ee 24 c5 93 0e af 0f 67 b4 4b Data Ascii: C]}pVCRTdIF=^:r;1BL(Nerl$]v~>\|C<S'& p0%UB?#:OVfwb'Xr"A`H$VCh$D(&}24M*G>~S'\.$5nDl&-@wHtLV$gK

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.20	44886	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:26 UTC	297	OUT	GET /space-robot/assets/favicon-16x16.png HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-08-30 10:44:27 UTC	701	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:27 GMT Content-Type: image/png Content-Length: 1163 Connection: close last-modified: Wed, 28 Aug 2024 08:51:37 GMT etag: "66cee519-48b" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 589 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiHzOKZYJ%2Bzvx31ze1NFaVP%2BRDFTdURtiTRd%2BPnpidq6umtRdPUs%2BhUILgOPeVScOYTuJrwR16OtxYfM4ZmLwHti2Q8%2FE5zc91%2F3ZJIpZaTxKMqe%2F4gQ3jDeyIpnEi4sfBQlcHJRJz7gNeSxz0gY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f855fed236b-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:27 UTC	668	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 03 00 00 00 28 2d 0f 53 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 0a 50 4c 54 45 dc dc dc e9 e9 e9 f5 f5 f5 ff ff ff fa fa fa f7 f8 f8 de de e2 f6 f6 f7 ff ff ff f7 f7 f8 d6 d7 dc b4 b5 be 9e a0 ab 96 98 a5 99 9a a7 a8 aa b4 c6 c7 ce d9 d9 de dd de e2 fd fd fd fe fe fe fe ff ff ff ff ff fb fb fb d9 d1 d6 cf ab b2 d6 cb d0 fc fd fc d7 ce d3 c8 a0 a8 d0 c4 ca fc fc fc fa fa fa e5 e6 e9 c9 c9 d0 8c 8c 9a b3 b4 be bf c0 c8 ce cf d5 f0 f0 f2 ee ef f1 be bf c7 96 98 a4 db dc e0 f1 f1 f3 f5 f5 f6 c4 c5 cc aa ac b6 cb cc d2 f9 f9 fa e8 e8 eb ba Data Ascii: PNGIHDR(-SgAMAa cHRMz&u0`:pQ<PLTE
2024-08-30 10:44:27 UTC	495	IN	Data Raw: 0c 4c f2 00 00 00 07 74 49 4d 45 07 e5 08 19 0d 38 1c 9c 7a 00 a2 00 00 00 fc 49 44 41 54 18 d3 63 60 60 64 62 66 66 61 65 63 67 86 00 06 61 11 51 31 31 71 09 49 29 31 08 60 10 06 01 69 19 59 39 98 80 b8 b8 b8 bc 82 a2 92 b2 8a aa 9a 3a 58 00 88 35 34 b5 b4 75 74 f5 f4 55 0d 0c c1 02 46 c6 26 a6 66 62 62 e6 7a 22 16 96 86 40 01 2b 6b 0d 31 1b 5b 31 31 13 3b 11 31 7b 07 a0 80 a3 93 98 b3 8b ab 88 9b bb 87 a7 97 b7 8f 2f 83 9f 7f 40 60 50 70 48 68 58 78 44 64 54 74 4c 2c 43 5c 7c 42 62 52 72 4a 6a 5a 7a 46 66 56 76 4e 2e 43 5e 7e 41 61 51 71 49 69 59 79 45 65 55 75 4d 2d 43 5d 7d 43 63 5a 53 49 73 4b 6b 5b 7b 87 75 67 17 83 5b 77 4f 6f 5f ff 84 89 93 26 4f 99 3a 6d ba e9 0c 06 b1 99 b3 66 17 ce 99 db 31 6f fe 82 85 8b 8c 17 83 1c b6 64 e9 b2 e5 2b f4 57 ae Data Ascii: LtIME8zIDATc``dbffaecgaQ11qI)1`iY9:X54utUF&fbbz"@+k1[11;1{/@`PpHhXxDdTtL,C\\|BbRrJjZzFfVvN.C^~AaQqIiYyEeUuM-C]}CcZSIsKk[{ug[wOo_&O:mf1od+W

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.20	39214	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:27 UTC	556	OUT	GET /ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ HTTP/1.1 Host: cdnstatic.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 Connection: keep-alive Cookie: __psu=5bae6dc6-cff2-4d35-8c46-e4e147c7e338
2024-08-30 10:44:28 UTC	749	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:28 GMT Content-Type: application/javascript Transfer-Encoding: chunked Connection: close cache-control: max-age=0, no-cache, no-store, must-revalidate accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qmwy7FuKnx0KZ9eIDrGHRxdhbhwXA9hT6sU4juDicCMjt892cxUL1yJathfTkpnIe5xW81dDIwpcnej%2BflYGk2P9FFyEtpy9T3%2BfVE3h30FdxU%2F2LaUtOGSbgoKK9LctO%2BrS0rv73xmdbKRY1psnU6sVeA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42f8ade0242a3-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:28 UTC	363	IN	Data Raw: 31 36 34 0d 0a 76 61 72 20 63 6f 6e 66 69 67 20 3d 20 7b 0d 0a 20 20 20 20 27 61 70 69 4b 65 79 27 3a 27 41 49 7a 61 53 79 41 38 49 6e 6b 61 79 49 66 5a 70 63 56 56 47 61 75 34 51 36 76 36 39 65 69 70 43 5a 54 41 64 52 49 27 2c 0d 0a 20 20 20 20 27 61 75 74 68 44 6f 6d 61 69 6e 27 3a 27 66 67 68 6a 2d 66 37 61 38 31 2e 66 69 72 65 62 61 73 65 61 70 70 2e 63 6f 6d 27 2c 0d 0a 20 20 20 20 27 64 61 74 61 62 61 73 65 55 52 4c 27 3a 27 68 74 74 70 73 3a 2f 2f 66 67 68 6a 2d 66 37 61 38 31 2e 66 69 72 65 62 61 73 65 69 6f 2e 63 6f 6d 27 2c 0d 0a 20 20 20 20 27 70 72 6f 6a 65 63 74 49 64 27 3a 27 66 67 68 6a 2d 66 37 61 38 31 27 2c 0d 0a 20 20 20 20 27 61 70 70 49 64 27 3a 27 31 3a 39 32 38 33 36 33 31 35 30 34 38 34 3a 77 65 62 3a 62 31 62 37 30 35 36 38 37 36 Data Ascii: 164var config = { 'apiKey':'AIzaSyA8InkayIfZpcVVGau4Q6v69eipCZTAdRI', 'authDomain':'fghj-f7a81.firebaseapp.com', 'databaseURL':'https://fghj-f7a81.firebaseio.com', 'projectId':'fghj-f7a81', 'appId':'1:928363150484:web:b1b7056876
2024-08-30 10:44:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.20	44894	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:31 UTC	355	OUT	GET /sw-707a7d0735647f53a9228ce50d13ab46.js HTTP/1.1 Host: qltuh.check-tl-ver-108-a.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
2024-08-30 10:44:32 UTC	714	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 10:44:31 GMT Content-Type: application/javascript Content-Length: 2388 Connection: close last-modified: Sat, 08 Apr 2023 14:34:09 GMT etag: "64317b61-954" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 647 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEgp2WkAWnhegiYtLwivnA7u%2BXwHROHf7BTz93HXMgWZUXlvFzqGYwM3%2BYozAHSMSqjOc3Wg%2FwyzYdY6E%2FJ1ZDiJCvJPo1Z5vZRm7GuJ%2FDJOGV5gM%2BIC8QhT8xqdyXyA7yzn%2BLupkvZgxezJRL1L"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb42fa26e3a0f49-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 10:44:32 UTC	655	IN	Data Raw: 2f 2a 0a 20 2a 20 76 2e 20 31 2e 30 2e 35 0a 20 2a 2f 0a 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 73 65 6c 66 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 70 75 73 68 27 2c 20 28 65 76 65 6e 74 29 20 3d 3e 20 7b 0a 20 20 76 61 72 20 70 75 73 68 20 3d 20 4a 53 4f 4e 2e 70 61 72 73 65 28 65 76 65 6e 74 2e 64 61 74 61 2e 74 65 78 74 28 29 29 3b 0a 0a 20 20 69 66 20 28 70 75 73 68 2e 64 61 74 61 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 27 70 69 78 65 6c 27 29 20 26 26 20 76 61 6c 69 64 55 52 4c 28 70 75 73 68 2e 64 61 74 61 2e 70 69 78 65 6c 29 29 20 7b 0a 20 20 20 20 76 61 72 20 70 69 78 65 6c 55 72 6c 20 3d 20 70 75 73 68 2e 64 61 74 61 2e 70 69 78 65 6c 3b 0a 20 20 20 20 76 61 72 20 67 65 74 54 72 61 63 6b 69 6e 67 50 69 78 65 6c 50 Data Ascii: /* * v. 1.0.5 */'use strict';self.addEventListener('push', (event) => { var push = JSON.parse(event.data.text()); if (push.data.hasOwnProperty('pixel') && validURL(push.data.pixel)) { var pixelUrl = push.data.pixel; var getTrackingPixelP
2024-08-30 10:44:32 UTC	1369	IN	Data Raw: 67 2e 73 74 61 72 74 73 57 69 74 68 28 27 73 65 72 76 69 63 65 5f 6d 65 73 73 61 67 65 27 29 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 7d 0a 0a 20 20 76 61 72 20 74 69 74 6c 65 20 3d 20 70 75 73 68 2e 64 61 74 61 2e 74 69 74 6c 65 3b 0a 0a 20 20 76 61 72 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 4f 70 74 69 6f 6e 73 20 3d 20 7b 0a 20 20 20 20 62 6f 64 79 3a 20 70 75 73 68 2e 64 61 74 61 2e 62 6f 64 79 2c 0a 20 20 20 20 69 63 6f 6e 3a 20 70 75 73 68 2e 64 61 74 61 2e 69 63 6f 6e 2c 0a 20 20 20 20 62 61 64 67 65 3a 20 70 75 73 68 2e 64 61 74 61 2e 62 61 64 67 65 2c 0a 20 20 20 20 64 61 74 61 3a 20 7b 0a 20 20 20 20 20 20 63 6c 69 63 6b 5f 61 63 74 69 6f 6e 3a 20 70 75 73 68 2e 64 61 74 61 2e 63 6c 69 63 6b 5f 61 63 74 69 6f 6e 2c 0a 20 20 20 20 7d Data Ascii: g.startsWith('service_message')) { return; } var title = push.data.title; var notificationOptions = { body: push.data.body, icon: push.data.icon, badge: push.data.badge, data: { click_action: push.data.click_action, }
2024-08-30 10:44:32 UTC	364	IN	Data Raw: 74 69 6f 6e 4e 75 6d 62 65 72 29 3b 0a 20 20 74 61 72 67 65 74 20 3d 20 75 72 6c 2e 74 6f 53 74 72 69 6e 67 28 29 3b 0a 20 20 72 65 74 75 72 6e 20 74 61 72 67 65 74 3b 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 76 61 6c 69 64 55 52 4c 28 75 72 6c 29 20 7b 0a 20 20 76 61 72 20 70 61 74 74 65 72 6e 20 3d 20 6e 65 77 20 52 65 67 45 78 70 28 27 5e 28 68 74 74 70 73 3f 3a 5c 5c 2f 5c 5c 2f 29 3f 27 20 2b 0a 20 20 20 20 27 28 28 28 5b 61 2d 7a 5c 5c 64 5d 28 5b 61 2d 7a 5c 5c 64 2d 5d 2a 5b 61 2d 7a 5c 5c 64 5d 29 2a 29 5c 5c 2e 29 2b 5b 61 2d 7a 5d 7b 32 2c 7d 7c 27 20 2b 0a 20 20 20 20 27 28 28 5c 5c 64 7b 31 2c 33 7d 5c 5c 2e 29 7b 33 7d 5c 5c 64 7b 31 2c 33 7d 29 29 27 20 2b 0a 20 20 20 20 27 28 5c 5c 3a 5c 5c 64 2b 29 3f 28 5c 5c 2f 5b 2d 61 2d 7a 5c 5c 64 25 Data Ascii: tionNumber); target = url.toString(); return target;}function validURL(url) { var pattern = new RegExp('^(https?:\\/\\/)?' + '((([a-z\\d]([a-z\\d-][a-z\\d]))\\.)+[a-z]{2,}\|' + '((\\d{1,3}\\.){3}\\d{1,3}))' + '(\\:\\d+)?(\\/[-a-z\\d%

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.20	58566	35.244.181.201	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:41 UTC	444	OUT	GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-08-30 10:44:41 UTC	744	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 30 Aug 2024 10:44:41 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 718 Vary: Accept-Encoding Rule-ID: unknown Rule-Data-Version: unknown Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-10-13-11-24-53.chain; p384ecdsa=eoAxzscTa2zPKFAeU39FaxIdXrJ-0ch55NhCfcpLK1P-dMVeTz70Smq4eY2IoMv2XfQQ4XtfVCgZXVHhe4e5DYAAC09ypwwBFBo1g0N7CiIdZEXNNM_M8zCFoIpbRNYE Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-08-30 10:44:41 UTC	718	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 6c 69 6e 75 78 36 34 2d 36 63 32 65 37 30 30 38 66 38 62 62 65 32 66 66 39 30 31 30 30 39 37 32 66 39 37 30 37 31 65 62 38 37 65 63 33 37 63 62 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 32 36 61 66 66 37 32 63 33 64 35 34 36 65 32 61 37 35 39 66 30 31 63 36 65 37 33 32 39 66 33 32 64 32 65 63 33 39 39 33 64 Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-linux64-6c2e7008f8bbe2ff90100972f97071eb87ec37cb.zip" hashFunction="sha512" hashValue="26aff72c3d546e2a759f01c6e7329f32d2ec3993d

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.20	43820	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:41 UTC	522	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: c6kBy8Q962evQN09480c7A== Connection: keep-alive, Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-08-30 10:44:41 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 30 Aug 2024 10:44:41 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 10:44:41 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.20	43824	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:47 UTC	522	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: m+gHMIH+bM+IXrbp144tUg== Connection: keep-alive, Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-08-30 10:44:47 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 30 Aug 2024 10:44:47 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 10:44:47 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.20	43826	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:44:58 UTC	522	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: gzH4mgj0m04q25/HFLUzOQ== Connection: keep-alive, Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-08-30 10:44:58 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 30 Aug 2024 10:44:58 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 10:44:58 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.20	43828	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:45:19 UTC	522	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: 2m+e3cL0QOajGC13MGedSQ== Connection: keep-alive, Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-08-30 10:45:19 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 30 Aug 2024 10:45:19 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 10:45:19 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.20	43830	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 10:46:00 UTC	522	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: mG0Ahy8ERvDWimCnq72XWQ== Connection: keep-alive, Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-08-30 10:46:00 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 30 Aug 2024 10:46:00 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 10:46:00 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

System Behavior

Analysis Process: exo-open PID: 4734, Parent PID: 4674

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/exo-open
Arguments:	exo-open https://airmarkcomponents.com/
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities

Analysis Process: exo-open PID: 4741, Parent PID: 4734

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/exo-open
Arguments:	-
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities

Analysis Process: exo-open PID: 4742, Parent PID: 4741

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/exo-open
Arguments:	-
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities

Analysis Process: exo-helper-1 PID: 4742, Parent PID: 1656

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser https://airmarkcomponents.com/
File size:	63560 bytes
MD5 hash:	c27a648e34ba5ce625d064af015be147

Chronological Activities

Analysis Process: exo-helper-1 PID: 4749, Parent PID: 4742

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
Arguments:	-
File size:	63560 bytes
MD5 hash:	c27a648e34ba5ce625d064af015be147

Chronological Activities

Analysis Process: sensible-browser PID: 4749, Parent PID: 4742

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/sensible-browser
Arguments:	/bin/sh /usr/bin/sensible-browser https://airmarkcomponents.com/
File size:	1132 bytes
MD5 hash:	a5909f49ad9c97574d2b4c49cc24905d

Chronological Activities

Analysis Process: x-www-browser PID: 4749, Parent PID: 4742

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/x-www-browser
Arguments:	/bin/sh /usr/bin/x-www-browser https://airmarkcomponents.com/
File size:	31 bytes
MD5 hash:	42b33a4578e4a51d8a5d1010c466a9d7

Chronological Activities

Analysis Process: x-www-browser PID: 4754, Parent PID: 4749

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/x-www-browser
Arguments:	-
File size:	31 bytes
MD5 hash:	42b33a4578e4a51d8a5d1010c466a9d7

Chronological Activities

Analysis Process: which PID: 4754, Parent PID: 4749

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/bin/which
Arguments:	/bin/sh /usr/bin/which /usr/bin/x-www-browser
File size:	0 bytes
MD5 hash:	unknown

Chronological Activities

Analysis Process: firefox PID: 4749, Parent PID: 4742

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox https://airmarkcomponents.com/
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4773, Parent PID: 4749

General

Start time (UTC):	10:44:17
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Analysis Process: firefox PID: 4777, Parent PID: 4749

General

Start time (UTC):	10:44:18
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4791, Parent PID: 4749

General

Start time (UTC):	10:44:18
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: lsb_release PID: 4791, Parent PID: 4749

General

Start time (UTC):	10:44:18
Start date (UTC):	30/08/2024
Path:	/usr/bin/lsb_release
Arguments:	/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
File size:	3638 bytes
MD5 hash:	18cba7de7bfedd0d9f027bd1c54cc2b2

Chronological Activities

Analysis Process: firefox PID: 4811, Parent PID: 4749

General

Start time (UTC):	10:44:19
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: dbus-launch PID: 4811, Parent PID: 4749

General

Start time (UTC):	10:44:19
Start date (UTC):	30/08/2024
Path:	/usr/bin/dbus-launch
Arguments:	dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
File size:	26616 bytes
MD5 hash:	e4a469f27d130d783c21ce9c1c4456c3

Chronological Activities

Analysis Process: firefox PID: 4887, Parent PID: 4749

General

Start time (UTC):	10:44:19
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4888, Parent PID: 4887

General

Start time (UTC):	10:44:19
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4887, Parent PID: 4749

General

Start time (UTC):	10:44:19
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4963, Parent PID: 4749

General

Start time (UTC):	10:44:20
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4964, Parent PID: 4963

General

Start time (UTC):	10:44:20
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 4963, Parent PID: 4749

General

Start time (UTC):	10:44:20
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 5001, Parent PID: 4749

General

Start time (UTC):	10:44:21
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 5004, Parent PID: 5001

General

Start time (UTC):	10:44:21
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Chronological Activities

Analysis Process: firefox PID: 5001, Parent PID: 4749

General

Start time (UTC):	10:44:21
Start date (UTC):	30/08/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report https://airmarkcomponents.com/

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/james/.cache/dconf/user

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3897E273C86B69E7EC90C667F04ACC4F68CD01F9

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3D18B3B7E73CB9205101A761EB49BAE007D291B0

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3FE38C9C3C92A20A0349E3495766F11D3CA2EC60

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8F43299B2BBC180803AAE2295F17077D2C87FC5E

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A32D31641179C3E5616066431ABEF74C58BB525A

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A9DB122571F6E7BBF5B17F0B73306BED943AF492

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/F044322FA5BF290DD59313620194059BDC3D6C98

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore

Linux Analysis Report
https://airmarkcomponents.com/