Edit tour

Windows Analysis Report
https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i
Analysis ID:	1502068
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2236,i,16274624969518994776,7244520482714180003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 22:40:24 GMTContent-Length: 4124Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; script-src 'self'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: chromecache_69.4.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_69.4.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: chromecache_69.4.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: chromecache_69.4.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_69.4.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.11:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.11:49726 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@17/16@19/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2236,i,16274624969518994776,7244520482714180003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2236,i,16274624969518994776,7244520482714180003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i	100%	Avira URL Cloud	phishing
https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	0%	Avira URL Cloud	safe
https://alphatrade-options.com/git/rand/favicon.png	0%	Avira URL Cloud	safe
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	0%	Avira URL Cloud	safe
https://code.jquery.com/jquery-2.2.4.min.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.66.137	true	false	unknown
www.google.com	142.250.184.228	true	false	unknown
fac.corp.fortinet.com	208.91.114.103	true	false	unknown
d28h3jm4r3crf8.cloudfront.net	18.65.39.116	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
ipfs.io	209.94.90.1	true	true	unknown
alphatrade-options.com	unknown	unknown	false	unknown
ik.imagekit.io	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-2.2.4.min.js	false	Avira URL Cloud: safe	unknown
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	false	Avira URL Cloud: safe	unknown
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false	Avira URL Cloud: safe	unknown
https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alphatrade-options.com/git/rand/favicon.png	chromecache_69.4.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.65.39.116	d28h3jm4r3crf8.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
13.35.58.119	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
208.91.114.103	fac.corp.fortinet.com	United States	40934	FORTINETUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	true

Private

IP
192.168.2.4
192.168.2.11

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502068
Start date and time:	2024-08-31 00:39:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@17/16@19/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.206, 142.250.185.67, 142.251.173.84, 34.104.35.123, 142.250.185.202, 142.250.185.74, 142.250.186.74, 172.217.23.106, 142.250.186.170, 216.58.212.170, 142.250.185.138, 172.217.16.138, 142.250.186.106, 142.250.185.234, 142.250.185.106, 142.250.186.138, 142.250.184.234, 142.250.181.234, 142.250.74.202, 142.250.185.170, 13.85.23.86, 93.184.221.240, 192.229.221.95, 13.95.31.18, 142.250.184.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i

Input	Output
URL: https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["Email", "Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i Model: jbxai	{ "phishing_score":2, "brand_name":"Not explicitly mentioned", "reasons":"The domain 'ipfs.io' is a legitimate top-level domain, and the design and functionality of the login page seem standard and legitimate. However, the lack of explicit brand name and the possibility of a phishing site using a similar design and functionality cannot be ruled out completely."}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.986546248956545
Encrypted:	false
SSDEEP:	48:8VbdSTU/PgH6WidAKZdA1nehwiZUklqehAy+3:8VMAby/y
MD5:	AC992B23F4A92FF1366ACF99D676CA96
SHA1:	A99F14526CDCB34582BB8A713BF91EE0C7C50513
SHA-256:	B565CE62D269E9DE61029D184F3D05E3C0576B69F502577ACBCD242701BF7998
SHA-512:	6849E6B011F4B674AA88761BE76BAF37F0B5F1AEC6980853C7EBF263990845AE22A000DE02EAE422F08FC0BB27795BA15C8963E20164DAB931382F2E56C6E3D2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........-.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.Y......M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.Y............................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y..............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\|..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001724609991028
Encrypted:	false
SSDEEP:	48:80bdSTU/PgH6WidAKZdA1geh/iZUkAQkqehvy+2:80MAbm9Qay
MD5:	9B4EDFF4B04C5355DCCE86D7E2E302A2
SHA1:	A4A42A1F00376545647CB09A3767B01787F00126
SHA-256:	67551A3D4938F2CC92E3075EE5ED2C5AE998169F5BC6C78FAA9A1A10A34F6C0A
SHA-512:	7DB062FC1A476AA0E95B15A9DCF1863C7D9550FC5425323315E9C7161E0141C793FD8BD58F16375045725667387C8FC83F3474657577AE4BE2BD6C09C80E3A14
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......s.-.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.Y......M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.Y............................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y..............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\|..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 09:52:18 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	4.009165745933779
Encrypted:	false
SSDEEP:	48:87bdSTU/PCH6WidAKZdA148eh7sFiZUkmgqeh7sZy+BX:87MAxwnby
MD5:	DA6D3F28326B0BB8F632BD95FD7457A8
SHA1:	CBF374F4A8A43E3CB1A0A611AC04F7D4DE2516EC
SHA-256:	5A566F0F9AB1418BF01EE96449E0F4FC6FDB84460807D07C5E9EEAB0A112F5D4
SHA-512:	1927BCC8704F65712B5F44B42BB31D7127712D37AD2C5299B128B53134B3F7EDAF1ECB11D27A7A51230AF39B4182B0C789A008D46E0B13D64E03C922403F5B8A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....s4..z.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.Y......M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.Y............................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.V............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\|..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9966656745017834
Encrypted:	false
SSDEEP:	48:8ebdSTU/PgH6WidAKZdA1lehDiZUkwqehTy+R:8eMAbjRy
MD5:	F013EC74EED2B3644B96A8D0F422A77B
SHA1:	B324EFAC9CEE8E22D8F725AA2F98B1B3697A17C6
SHA-256:	D38FF7FD577E68851DFED570E8125C118799EB198D79789D4EF36EDC74FC3618
SHA-512:	F8B92ECF12833B266E510819B5B5DC1EE953EF762DC5CACC86F362FB3071F7E8EBE4B990DE2D06079CAD4C085F1927A1AC20882C725C30DD9E6BC26B324B1AC9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......k.-.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.Y......M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.Y............................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y..............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\|..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9883458025872254
Encrypted:	false
SSDEEP:	48:8UQbdSTU/PgH6WidAKZdA17ehBiZUk1W1qehFy+C:8UQMAbz9ly
MD5:	80834A9B7A3D907CD6B15C629BC217D5
SHA1:	A71486414884CFDC736D6F812DC7CAB5CC86EB2D
SHA-256:	B82486C99C729DBD4C4DE6B10FC7D874999CD07F9918FD2187B53B06BB556AB9
SHA-512:	CBFE9367E62C92C9CB1AC446ADE04B2748CB6F50DA82AD69C020C52DBA7A110A24AB46EEF21ED058A31CF2F9F16649590CDF7BECD356EB5812EEB5619941691C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....dz.-.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.Y......M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.Y............................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y..............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\|..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99657529046327
Encrypted:	false
SSDEEP:	48:8DbdSTU/PgH6WidAKZdA1duTiehOuTbbiZUk5OjqehOuTbby+yT+:8DMAbZTLTbxWOvTbby7T
MD5:	3968A1BDA29DCFA9945674241FF1A35F
SHA1:	A4E53DD416051A41189204CB12C43FC394F1361E
SHA-256:	2E851344EFBF74D74B473D39D55ACED48558AB5CA3E7FA5B90BF5BB6B384A577
SHA-512:	B3A8CA105BFED29C76F34CEEE582260EF87C25BCF8549163A5F383D61AA29A4CF3B2453C92425D3794B2F633AF2E070326276EB56247F8D8A2C3FD2BD725D3F1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......a.-.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.Y......M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.Y............................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y..............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\|..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAmOrPg53DWYGBIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52134), with CRLF line terminators
Category:	downloaded
Size (bytes):	159342
Entropy (8bit):	5.155881928874016
Encrypted:	false
SSDEEP:	3072:5dvbpQkuZDwPglsfRDDDlYPe2zNcpcPaVyU+pISpzqGYq9MFXypD3pBW3Bs:bblu1wYlIRDDDlYPe2zNcpcPaV3NE3Ys
MD5:	C9997BC6B89F668F84C484F1D59E3EB5
SHA1:	4419F078D67E41175CF51BF7D6B4CACF94420EB5
SHA-256:	85B1F79BDD7313D8294A9CD7777E8D32EE0336B7FCCD85A76CB794AEEDE354DA
SHA-512:	58FEFED81238ECFD347A314DC899F042A2DE8A7176987B438891B5E03C4437A998F93998A43DFE04195B61BBCFDE607D031EF65667F9F944181EE1275E58DC7F
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i
Preview:	<!DOCTYPE html>..<html lang="en">.. "n8hmwvll7tncx7dy8zfwp4gcfnynqiz2zl9mwwn9tu4pa0lluir26iir2r5t2q5erh35w1zxl4keeisnyfoh9t4dr5kfjh76czrbc8thhcw37hnr413kyhbdycbohr6dg4lfflxtkvj"-->..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != windo

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 00:40:14.636976004 CEST	49671	443	192.168.2.11	204.79.197.203
Aug 31, 2024 00:40:15.121368885 CEST	49674	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:15.246330976 CEST	49673	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:19.449419022 CEST	49671	443	192.168.2.11	204.79.197.203
Aug 31, 2024 00:40:19.664515018 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:19.965013027 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:20.605650902 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:21.910018921 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:23.138691902 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.138736963 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.138797045 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.138931036 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.138938904 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.138983965 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.139523983 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.139535904 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.139707088 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.139714003 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.602915049 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.604296923 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.604305983 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.605452061 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.605524063 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.606225967 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.609352112 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.609415054 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.609431028 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.609571934 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.609596968 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.610609055 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.610672951 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.611429930 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.611505985 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.652503014 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.710922956 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.710942030 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.737658978 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.737694979 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.737704039 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.737710953 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.737747908 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.737786055 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.737790108 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.737826109 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.737838984 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.738293886 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.738341093 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.738348007 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.738354921 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.738387108 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.743874073 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.743911982 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.743944883 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.743951082 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.757926941 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.757937908 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.806108952 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:23.806144953 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:23.806204081 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:23.806473970 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:23.806488991 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:23.811636925 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:23.811677933 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:23.811758041 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:23.811947107 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:23.811965942 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:23.824120998 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824176073 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.824182987 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824284077 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824342966 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.824347973 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824706078 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824728966 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824749947 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.824754000 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.824795008 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.825333118 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.825417995 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.825440884 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.825455904 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.825459957 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.825496912 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.826242924 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.826293945 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.826322079 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.826338053 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.826342106 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.826376915 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.826380014 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.827236891 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.827265978 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.827280045 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.827284098 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.827317953 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.827322006 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.828145981 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.828171015 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.828196049 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.828200102 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.828238010 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.828241110 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.910917044 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.910949945 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.910981894 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.910986900 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911020994 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911035061 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.911039114 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911102057 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.911201954 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911209106 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911247015 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.911741018 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911762953 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911808014 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911812067 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.911828041 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.911832094 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.911870003 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.912112951 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.912158012 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.912166119 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.912205935 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.912219048 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.912261963 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.912867069 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.912918091 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.912926912 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.912931919 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.912966967 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.912980080 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913007975 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913018942 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.913032055 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913050890 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.913825035 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913855076 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913894892 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.913898945 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913908005 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.913953066 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.913995028 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.913999081 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.914078951 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.914756060 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.914820910 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.953672886 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.953758001 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.958113909 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.959335089 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:23.959373951 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:23.959444046 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:23.959778070 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:23.959798098 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:23.997771978 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.997929096 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.998070955 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998105049 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998133898 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.998137951 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998162985 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.998410940 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998461008 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.998471975 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998531103 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.998641014 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998712063 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.998775005 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.998822927 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.999253035 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.999304056 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.999319077 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.999325037 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.999357939 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.999372959 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.999388933 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:23.999392033 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:23.999418020 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:24.000045061 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.000127077 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.000152111 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.000169039 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:24.000169039 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:24.000174046 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.000220060 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:24.000224113 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.000299931 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.000364065 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:24.000652075 CEST	49714	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:24.000669956 CEST	443	49714	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:24.298351049 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.311779976 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.311794996 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.312899113 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.312957048 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.315006018 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.315071106 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.321302891 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.321311951 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.410247087 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:24.457659960 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.457672119 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507042885 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507061958 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507091045 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507101059 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507108927 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507235050 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.507249117 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507256985 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.507334948 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.508361101 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.508368969 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.508388042 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.508399010 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.508413076 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.508418083 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.508425951 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.508460045 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.508513927 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.510958910 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.510974884 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.510999918 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.511008024 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.511029005 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.511035919 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.511058092 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.511117935 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.516542912 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.577733994 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.577750921 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.579165936 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.579181910 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.579236984 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.583313942 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.583416939 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.583920002 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.583934069 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.594407082 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.594428062 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.594451904 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.594502926 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.594516039 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.594523907 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.594578028 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.596010923 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.596019983 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.596049070 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.596080065 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.596091986 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.596101999 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.596873999 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.596956968 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.596960068 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.597018957 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.663346052 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.752990961 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.753056049 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.756592989 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.756609917 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.757927895 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.757944107 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.758001089 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.762167931 CEST	49715	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:24.762193918 CEST	443	49715	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:24.766350031 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.766455889 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.766751051 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.766762018 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.773389101 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773415089 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773422003 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773452044 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773463964 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.773463964 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773482084 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773498058 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.773509979 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.773554087 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.773554087 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.848038912 CEST	49674	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:24.854250908 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.854273081 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.854290962 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.854316950 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.854327917 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.854342937 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.854382038 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.854419947 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.860131979 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.860142946 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.860166073 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.860177994 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.860203028 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.860219955 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.860279083 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.861916065 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.861989975 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.861999035 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:24.862066031 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:24.904506922 CEST	49673	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:24.904510021 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.948421955 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.948507071 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.948576927 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:24.948581934 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.948645115 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:24.997776985 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:24.997818947 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:24.998007059 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:24.998475075 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:24.998493910 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:25.009754896 CEST	49716	443	192.168.2.11	18.65.39.116
Aug 31, 2024 00:40:25.009785891 CEST	443	49716	18.65.39.116	192.168.2.11
Aug 31, 2024 00:40:25.016762018 CEST	49717	443	192.168.2.11	208.91.114.103
Aug 31, 2024 00:40:25.016788006 CEST	443	49717	208.91.114.103	192.168.2.11
Aug 31, 2024 00:40:25.185940027 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.185961008 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.186037064 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.187145948 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.187159061 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.220159054 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.220175982 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.220273018 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.220719099 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.220731974 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.641967058 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:25.650285006 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:25.650300980 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:25.651606083 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:25.651665926 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:25.654035091 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:25.654145956 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:25.666043043 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.666488886 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.666505098 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.667572975 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.667644024 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.668243885 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.668330908 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.668792009 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.668801069 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.753604889 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:25.753604889 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.753623009 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:25.770370960 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.786916971 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.786931038 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.786946058 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.786952972 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.786958933 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.787034988 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.787049055 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.787086964 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.787094116 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.787094116 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.863574982 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.863615036 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.863630056 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.863640070 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.863706112 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.863714933 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.863729000 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.865195990 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.865211964 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.865225077 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.865231037 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.865262985 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.865271091 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.865334988 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.939429998 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.953871012 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.953880072 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.955456018 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.955518961 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.955965996 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956016064 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956031084 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956047058 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956068039 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.956068039 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.956079960 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956091881 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.956091881 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.956288099 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.956367970 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.956720114 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:25.956787109 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:25.956793070 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:25.956964016 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956971884 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956983089 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.956990004 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.957019091 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.957036972 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.957046032 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.957072020 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.957086086 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:25.957140923 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.959975004 CEST	49723	443	192.168.2.11	151.101.66.137
Aug 31, 2024 00:40:25.959985971 CEST	443	49723	151.101.66.137	192.168.2.11
Aug 31, 2024 00:40:26.159852982 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.213010073 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.220968008 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.220976114 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.221015930 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.221029997 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.221036911 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.221040010 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.221051931 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.221097946 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.221097946 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.221103907 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.299885035 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.299895048 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.299943924 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.299956083 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.299963951 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.299973965 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.299988985 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.300009012 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.300013065 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.300046921 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.300046921 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.305196047 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305205107 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305238962 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305248022 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305258989 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305270910 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.305275917 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305305958 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.305316925 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.305360079 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.308726072 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.308794022 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.308800936 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.308809996 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.308865070 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.308871031 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.308926105 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.309021950 CEST	49724	443	192.168.2.11	13.35.58.119
Aug 31, 2024 00:40:26.309042931 CEST	443	49724	13.35.58.119	192.168.2.11
Aug 31, 2024 00:40:26.540546894 CEST	443	49707	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:26.540652990 CEST	49707	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:27.516539097 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:27.516582966 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:27.516661882 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:27.520605087 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:27.520618916 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.171648979 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.171722889 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.195653915 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.195687056 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.195923090 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.319042921 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.360512018 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.506513119 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.506591082 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.506644964 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.506738901 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.506762981 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.506776094 CEST	49725	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.506782055 CEST	443	49725	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.541248083 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.541282892 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:28.541342020 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.541620016 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:28.541631937 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.113507986 CEST	49671	443	192.168.2.11	204.79.197.203
Aug 31, 2024 00:40:29.179807901 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.179899931 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:29.183268070 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:29.183280945 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.183603048 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.185285091 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:29.232497931 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.300987959 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:29.458101988 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.458192110 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:29.458273888 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:29.459521055 CEST	49726	443	192.168.2.11	184.28.90.27
Aug 31, 2024 00:40:29.459542036 CEST	443	49726	184.28.90.27	192.168.2.11
Aug 31, 2024 00:40:35.539937019 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:35.539999008 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:35.540083885 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:36.488326073 CEST	49720	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:40:36.488353014 CEST	443	49720	142.250.184.228	192.168.2.11
Aug 31, 2024 00:40:38.342281103 CEST	49707	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:38.342341900 CEST	49707	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:38.343302011 CEST	49733	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:38.343342066 CEST	443	49733	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:38.343543053 CEST	49733	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:38.346155882 CEST	49733	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:38.346167088 CEST	443	49733	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:38.348556042 CEST	443	49707	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:38.348643064 CEST	443	49707	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:38.513621092 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:38.513694048 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:38.513864994 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:38.909931898 CEST	49676	443	192.168.2.11	20.189.173.3
Aug 31, 2024 00:40:38.936614990 CEST	443	49733	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:38.936691999 CEST	49733	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:40:39.926556110 CEST	49713	443	192.168.2.11	209.94.90.1
Aug 31, 2024 00:40:39.926587105 CEST	443	49713	209.94.90.1	192.168.2.11
Aug 31, 2024 00:40:58.089914083 CEST	443	49733	173.222.162.42	192.168.2.11
Aug 31, 2024 00:40:58.094630957 CEST	49733	443	192.168.2.11	173.222.162.42
Aug 31, 2024 00:41:25.417059898 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:25.417112112 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:25.417320967 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:25.417650938 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:25.417664051 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:26.048849106 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:26.049176931 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:26.049202919 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:26.049566984 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:26.050184011 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:26.050266027 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:26.094197989 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:35.955748081 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:35.955826044 CEST	443	49736	142.250.184.228	192.168.2.11
Aug 31, 2024 00:41:35.955951929 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:36.427242994 CEST	49736	443	192.168.2.11	142.250.184.228
Aug 31, 2024 00:41:36.427279949 CEST	443	49736	142.250.184.228	192.168.2.11

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 00:40:21.782479048 CEST	53	58581	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:21.845645905 CEST	53	60604	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:22.884938002 CEST	53	58699	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.126472950 CEST	65451	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.126630068 CEST	61509	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.134588957 CEST	53	65451	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.134989023 CEST	53	61509	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.795876980 CEST	58561	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.796106100 CEST	65315	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.798136950 CEST	49339	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.798301935 CEST	55687	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.798701048 CEST	50145	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.798868895 CEST	61689	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:23.804462910 CEST	53	58561	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.805550098 CEST	53	65315	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.809700966 CEST	53	49339	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.811217070 CEST	53	55687	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.958322048 CEST	53	61689	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:23.958566904 CEST	53	50145	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:24.937855005 CEST	59740	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:24.938066959 CEST	57176	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:24.944422007 CEST	53	59740	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:24.945480108 CEST	53	57176	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.019709110 CEST	53	51272	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.046466112 CEST	60341	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.046767950 CEST	53702	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.178138971 CEST	63117	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.178407907 CEST	56053	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.185086012 CEST	53	63117	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.185098886 CEST	53	56053	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.210769892 CEST	64541	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.211041927 CEST	50826	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.218121052 CEST	53	64541	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.219630957 CEST	53	50826	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.430527925 CEST	53	60341	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.431205988 CEST	56189	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.433587074 CEST	53	53702	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.434097052 CEST	53176	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.790890932 CEST	53	56189	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:25.792598009 CEST	55338	53	192.168.2.11	1.1.1.1
Aug 31, 2024 00:40:25.942369938 CEST	53	53176	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:26.184958935 CEST	53	55338	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:39.935971022 CEST	53	54361	1.1.1.1	192.168.2.11
Aug 31, 2024 00:40:58.985030890 CEST	53	56215	1.1.1.1	192.168.2.11
Aug 31, 2024 00:41:16.401747942 CEST	138	138	192.168.2.11	192.168.2.255
Aug 31, 2024 00:41:20.388202906 CEST	53	64165	1.1.1.1	192.168.2.11
Aug 31, 2024 00:41:21.378180027 CEST	53	58700	1.1.1.1	192.168.2.11
Aug 31, 2024 00:41:48.296030998 CEST	53	51837	1.1.1.1	192.168.2.11

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 31, 2024 00:40:25.942452908 CEST	192.168.2.11	1.1.1.1	c1f3	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 31, 2024 00:40:23.126472950 CEST	192.168.2.11	1.1.1.1	0x847	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.126630068 CEST	192.168.2.11	1.1.1.1	0xfdaa	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Aug 31, 2024 00:40:23.795876980 CEST	192.168.2.11	1.1.1.1	0x2bdc	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.796106100 CEST	192.168.2.11	1.1.1.1	0xedcc	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Aug 31, 2024 00:40:23.798136950 CEST	192.168.2.11	1.1.1.1	0xda58	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.798301935 CEST	192.168.2.11	1.1.1.1	0x842d	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Aug 31, 2024 00:40:23.798701048 CEST	192.168.2.11	1.1.1.1	0xed5f	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.798868895 CEST	192.168.2.11	1.1.1.1	0x44e1	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Aug 31, 2024 00:40:24.937855005 CEST	192.168.2.11	1.1.1.1	0x8587	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:24.938066959 CEST	192.168.2.11	1.1.1.1	0xa465	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 31, 2024 00:40:25.046466112 CEST	192.168.2.11	1.1.1.1	0xe66d	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.046767950 CEST	192.168.2.11	1.1.1.1	0xd043	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Aug 31, 2024 00:40:25.178138971 CEST	192.168.2.11	1.1.1.1	0xa1ca	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.178407907 CEST	192.168.2.11	1.1.1.1	0x2d8c	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Aug 31, 2024 00:40:25.210769892 CEST	192.168.2.11	1.1.1.1	0x7ecd	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.211041927 CEST	192.168.2.11	1.1.1.1	0xdd2f	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Aug 31, 2024 00:40:25.431205988 CEST	192.168.2.11	1.1.1.1	0x8cfa	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.434097052 CEST	192.168.2.11	1.1.1.1	0x25e8	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Aug 31, 2024 00:40:25.792598009 CEST	192.168.2.11	1.1.1.1	0xf71f	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 31, 2024 00:40:23.134588957 CEST	1.1.1.1	192.168.2.11	0x847	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.134989023 CEST	1.1.1.1	192.168.2.11	0xfdaa	No error (0)	ipfs.io			65	IN (0x0001)	false
Aug 31, 2024 00:40:23.804462910 CEST	1.1.1.1	192.168.2.11	0x2bdc	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.804462910 CEST	1.1.1.1	192.168.2.11	0x2bdc	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.804462910 CEST	1.1.1.1	192.168.2.11	0x2bdc	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.804462910 CEST	1.1.1.1	192.168.2.11	0x2bdc	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.809700966 CEST	1.1.1.1	192.168.2.11	0xda58	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:40:23.809700966 CEST	1.1.1.1	192.168.2.11	0xda58	No error (0)	d28h3jm4r3crf8.cloudfront.net		18.65.39.116	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.809700966 CEST	1.1.1.1	192.168.2.11	0xda58	No error (0)	d28h3jm4r3crf8.cloudfront.net		18.65.39.61	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.809700966 CEST	1.1.1.1	192.168.2.11	0xda58	No error (0)	d28h3jm4r3crf8.cloudfront.net		18.65.39.13	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.809700966 CEST	1.1.1.1	192.168.2.11	0xda58	No error (0)	d28h3jm4r3crf8.cloudfront.net		18.65.39.15	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:23.811217070 CEST	1.1.1.1	192.168.2.11	0x842d	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:40:23.958566904 CEST	1.1.1.1	192.168.2.11	0xed5f	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:24.944422007 CEST	1.1.1.1	192.168.2.11	0x8587	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:24.945480108 CEST	1.1.1.1	192.168.2.11	0xa465	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 31, 2024 00:40:25.185086012 CEST	1.1.1.1	192.168.2.11	0xa1ca	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.185086012 CEST	1.1.1.1	192.168.2.11	0xa1ca	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.185086012 CEST	1.1.1.1	192.168.2.11	0xa1ca	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.185086012 CEST	1.1.1.1	192.168.2.11	0xa1ca	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.218121052 CEST	1.1.1.1	192.168.2.11	0x7ecd	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:40:25.218121052 CEST	1.1.1.1	192.168.2.11	0x7ecd	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.218121052 CEST	1.1.1.1	192.168.2.11	0x7ecd	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.218121052 CEST	1.1.1.1	192.168.2.11	0x7ecd	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.218121052 CEST	1.1.1.1	192.168.2.11	0x7ecd	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.219630957 CEST	1.1.1.1	192.168.2.11	0xdd2f	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:40:25.430527925 CEST	1.1.1.1	192.168.2.11	0xe66d	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.433587074 CEST	1.1.1.1	192.168.2.11	0xd043	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Aug 31, 2024 00:40:25.790890932 CEST	1.1.1.1	192.168.2.11	0x8cfa	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:25.942369938 CEST	1.1.1.1	192.168.2.11	0x25e8	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Aug 31, 2024 00:40:26.184958935 CEST	1.1.1.1	192.168.2.11	0xf71f	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:36.711396933 CEST	1.1.1.1	192.168.2.11	0x3d03	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:40:36.711396933 CEST	1.1.1.1	192.168.2.11	0x3d03	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:40:50.622950077 CEST	1.1.1.1	192.168.2.11	0xb177	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:40:50.622950077 CEST	1.1.1.1	192.168.2.11	0xb177	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:41:14.091691971 CEST	1.1.1.1	192.168.2.11	0xb43d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:41:14.091691971 CEST	1.1.1.1	192.168.2.11	0xb43d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 31, 2024 00:41:33.498147011 CEST	1.1.1.1	192.168.2.11	0xdeb3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 00:41:33.498147011 CEST	1.1.1.1	192.168.2.11	0xdeb3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.11	49714	209.94.90.1	443	2924	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:23 UTC	714	OUT	GET /ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i HTTP/1.1 Host: ipfs.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:23 UTC	1070	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:40:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i x-ipfs-roots: bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i x-ipfs-pop: rainbow-dc13-07 CF-Cache-Status: HIT Age: 44291 Server: cloudflare CF-RAY: 8bb84843fbc443b6-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:40:23 UTC	299	IN	Data Raw: 37 62 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 22 6e 38 68 6d 77 76 6c 6c 37 74 6e 63 78 37 64 79 38 7a 66 77 70 34 67 63 66 6e 79 6e 71 69 7a 32 7a 6c 39 6d 77 77 6e 39 74 75 34 70 61 30 6c 6c 75 69 72 32 36 69 69 72 32 72 35 74 32 71 35 65 72 68 33 35 77 31 7a 78 6c 34 6b 65 65 69 73 6e 79 66 6f 68 39 74 34 64 72 35 6b 66 6a 68 37 36 63 7a 72 62 63 38 74 68 68 63 77 33 37 68 6e 72 34 31 33 6b 79 68 62 64 79 63 62 6f 68 72 36 64 67 34 6c 66 66 6c 78 74 6b 76 6a 22 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f Data Ascii: 7b83<!DOCTYPE html><html lang="en">..."n8hmwvll7tncx7dy8zfwp4gcfnynqiz2zl9mwwn9tu4pa0lluir26iir2r5t2q5erh35w1zxl4keeisnyfoh9t4dr5kfjh76czrbc8thhcw37hnr413kyhbdycbohr6dg4lfflxtkvj"--><head> <meta charset="UTF-8"> <meta name="viewport" co
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 69 64 3d 22 66 61 76 69 63 6f 6e 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 Data Ascii: "> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="referrer" content="strict-origin"> <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png"> <script src="
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 35 31 35 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 Data Ascii: color: #425152; text-decoration: none; } a:hover { text-decoration: underline; } input { border-radius: 5px; padding: 5px 3px; } input.s
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 53 47 36 4a 2f 65 4f 2b 71 59 65 4f 61 50 47 74 53 61 36 6e 47 31 67 6f 5a 65 63 30 33 65 5a 4d 36 72 38 48 4f 39 30 30 70 73 66 7a 75 57 6d 4f 56 35 79 2f 58 47 30 31 31 74 4b 6c 74 56 4f 6c 37 49 79 31 63 31 53 49 65 74 62 52 48 6e 70 2f 73 41 36 57 39 59 39 74 4d 5a 56 79 6b 43 6e 4b 42 63 52 45 72 78 6e 4e 44 63 71 4d 42 63 62 4f 65 37 56 49 6e 41 4a 2f 2f 6b 42 47 63 37 56 67 54 54 59 64 66 4f 36 78 72 6a 52 55 42 65 4b 76 34 64 73 65 34 32 44 61 73 30 7a 36 71 4f 69 50 47 78 56 4a 52 6c 44 66 5a 73 66 71 59 2b 6d 79 6e 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 Data Ascii: SG6J/eO+qYeOaPGtSa6nG1goZec03eZM6r8HO900psfzuWmOV5y/XG011tKltVOl7Iy1c1SIetbRHnp/sA6W9Y9tMZVykCnKBcRErxnNDcqMBcbOe7VInAJ//kBGc7VgTTYdfO6xrjRUBeKv4dse42Das0z6qOiPGxVJRlDfZsfqY+myn9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 Data Ascii: : middle; padding-top: 4px; } .col1 { width: 124px; font-size: 13px; font-weight: 600; } .col2 { width: 286px; } .col2 input {
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 39 30 70 78 20 61 75 74 6f 20 61 75 74 6f 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: width: 500px; margin: 90px auto auto auto; padding-left: 10px; } @media only screen and (max-width: 600px) { body { background-image: none; }
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 Data Ascii: margin-top: -25px; } .xlogo img { vertical-align: middle; width: 5%; height: 5%; object-fit: contain } .xlogo span { vertical-align: middle
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 37 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 62 67 5f 73 63 72 65 65 6e 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6b 2e 69 6d 61 67 65 6b 69 74 2e 69 6f 2f 65 73 63 72 6f 77 6d 61 64 65 2f 52 6f 6c 6c 69 6e 67 2d 31 73 2d 32 30 30 70 78 5f 5f 31 5f 5f 74 72 48 43 57 58 79 39 6a 44 2e 67 69 66 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 35 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 Data Ascii: 7; display:none" id="bg_screen"> </div> <img src="https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif" style="width:50px; position:absolute; top:50%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 6f 72 64 5f 68 69 64 64 65 6e 3a 39 33 65 64 66 37 64 33 63 65 62 37 30 34 62 65 39 32 65 65 30 38 34 65 63 63 36 32 63 36 63 38 2f 22 20 61 6c 74 3d 22 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 65 74 56 69 73 69 62 69 6c 69 74 79 28 29 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 3c 62 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 Data Ascii: ord_hidden:93edf7d3ceb704be92ee084ecc62c6c8/" alt="" onclick="setVisibility()"> </div> <br><br> <div class="row"> <div><span class="error" id="error"></span></div> </div> <d
2024-08-30 22:40:23 UTC	1369	IN	Data Raw: 63 6f 6d 2f 76 30 2f 62 2f 70 6f 72 74 61 6c 2d 61 61 33 36 33 2e 61 70 70 73 70 6f 74 2e 63 6f 6d 2f 6f 2f 66 61 76 69 63 6f 6e 73 2e 70 6e 67 3f 61 6c 74 3d 6d 65 64 69 61 26 74 6f 6b 65 6e 3d 38 30 35 66 62 30 65 66 2d 61 32 64 39 2d 34 61 37 66 2d 38 35 65 36 2d 64 36 38 33 38 34 65 31 36 36 65 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 63 61 70 69 74 61 6c 69 7a 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 22 20 63 6c 61 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 Data Ascii: com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3"> <span style="text-transform: capitalize !important;" class='text-g' id="banNer"></span> </div> <div clas

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.11	49715	151.101.66.137	443	2924	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:24 UTC	547	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ipfs.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:24 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1526683 Date: Fri, 30 Aug 2024 22:40:24 GMT X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740036-EWR X-Cache: HIT, HIT X-Cache-Hits: 175, 0 X-Timer: S1725057624.374725,VS0,VE1 Vary: Accept-Encoding
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2024-08-30 22:40:24 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.11	49716	18.65.39.116	443	2924	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:24 UTC	611	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:24 UTC	807	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: b5219f3c-5455-4706-92bc-1607d368c509 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Sun, 31 Dec 2023 19:31:51 GMT Date: Thu, 01 Feb 2024 00:34:10 GMT Via: 1.1 61c90c70feca5f532bf48bc0dc85d516.cloudfront.net (CloudFront), 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: AMS1-P1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: mnmHoNDLFBJL6uIlvl17F_fTE1jUQrFy6QeNOn3e_QbukGzvgR2pzQ== Age: 18309974
2024-08-30 22:40:24 UTC	15577	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 Data Ascii: !3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2024-08-30 22:40:24 UTC	16384	IN	Data Raw: 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 d1 Data Ascii: >l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs
2024-08-30 22:40:24 UTC	6857	IN	Data Raw: ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 0c Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.11	49717	208.91.114.103	443	2924	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:24 UTC	639	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:24 UTC	548	IN	HTTP/1.1 404 Not Found Date: Fri, 30 Aug 2024 22:40:24 GMT Content-Length: 4124 Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; script-src 'self' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2024-08-30 22:40:24 UTC	4124	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.11	49723	151.101.66.137	443	2924	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:25 UTC	358	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:25 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 30 Aug 2024 22:40:25 GMT Age: 1526685 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740077-EWR X-Cache: HIT, HIT X-Cache-Hits: 175, 1 X-Timer: S1725057626.720406,VS0,VE1 Vary: Accept-Encoding
2024-08-30 22:40:25 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-08-30 22:40:25 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2024-08-30 22:40:25 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2024-08-30 22:40:25 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2024-08-30 22:40:25 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2024-08-30 22:40:25 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.11	49724	13.35.58.119	443	2924	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:25 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:26 UTC	808	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 6f586e09-c9d6-43fb-be5a-a4eb2b520d61 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Wed, 31 Jul 2024 20:19:18 GMT Date: Tue, 06 Aug 2024 08:43:09 GMT Via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront), 1.1 3de687dde9ccf524586562826ee53358.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: j4qw3aKfYLrEkr45cW3PwlGSS0eg9d6csmmjggupykDgfYq9IDiuug== Age: 2123837
2024-08-30 22:40:26 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-08-30 22:40:26 UTC	16384	IN	Data Raw: 06 15 30 ce 26 fd 80 69 00 09 a4 0c 34 c4 e0 aa 65 80 05 10 2b 22 fe c4 40 5a 12 86 9f 0d 66 3c 28 63 20 c5 d1 9f 01 2a 4f 72 80 13 83 2c 35 12 66 b4 bc 19 a0 75 23 13 37 7d c3 99 d0 20 79 a4 14 2f 45 fc 96 53 c1 c5 cb 19 8f 2a b8 3c 41 ec 8e 05 9b 24 39 34 f2 a0 7a 22 03 f1 7b 64 0c df 28 63 91 00 79 12 09 cc 30 8e 67 c0 08 92 04 66 23 1a d0 5c 63 03 86 81 64 d0 9f 79 82 19 f2 c1 46 23 d0 e7 c7 7d 1a 61 70 88 76 13 29 d0 de 21 31 68 96 10 7a 83 48 60 a1 3f 27 30 65 ff cc 06 13 11 00 60 20 03 7c 95 50 6e 8c 18 00 1e 42 0d 28 a8 c7 63 12 b5 f0 c8 00 17 4c 34 42 20 12 4c 64 42 24 9e 4d 44 d6 1f b7 21 84 61 24 57 9d f8 07 0a 12 ed 58 49 08 12 b1 c5 87 01 8b f5 73 a3 25 03 ac 48 0f 03 2e ce 51 24 45 99 18 60 62 3f 2a ec 51 42 42 2b 64 09 89 00 d8 f8 43 40 81 Data Ascii: 0&i4e+"@Zf<(c Or,5fu#7} y/ES<A$94z"{d(cy0gf#\cdyF#}apv)!1hzH`?'0e` \|PnB(cL4B LdB$MD!a$WXIs%H.Q$E`b?*QBB+dC@
2024-08-30 22:40:26 UTC	16384	IN	Data Raw: 08 bc 00 2e 7e 11 46 07 e8 f9 c2 a6 3a f5 a9 50 8d aa 54 a7 4a d5 aa 5a f5 aa 58 cd aa 56 b7 ca d5 ae 7a f5 ab 60 0d 2b 20 82 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 85 00 00 00 b5 b5 b5 f5 f5 f5 fd fd fd 9d 9d 9d f7 f7 f7 fb fb fb 99 99 99 9b 9b 9b ff ff ff a1 a1 a1 9f 9f 9f a5 a5 a5 ad ad ad c9 c9 c9 ed ed ed a3 a3 a3 f9 f9 f9 f3 f3 f3 df df df d1 d1 d1 e1 e1 e1 e9 e9 e9 b9 b9 b9 bd bd bd ef ef ef c3 c3 c3 a9 a9 a9 db db db eb eb eb e7 e7 e7 c7 c7 c7 cf cf cf c1 c1 c1 bb bb bb cb cb cb bf bf bf f1 f1 f1 d5 d5 d5 ab ab ab dd dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 Data Ascii: .~F:PTJZXVz`+ !,
2024-08-30 22:40:26 UTC	6050	IN	Data Raw: d8 d2 28 0d 17 5c 31 0d 0f c0 12 25 97 11 49 47 38 71 93 07 80 40 0b ec 38 86 01 70 80 74 94 4c e1 24 8e 08 4a 69 88 92 94 5c c8 80 0a 2e a0 c7 54 66 82 95 ad c4 86 0b 46 10 03 2e 26 c1 02 2a 10 c1 c4 72 79 00 55 5a 02 97 c4 c4 06 04 5c 10 02 10 a0 c0 03 1d c8 80 00 fc 26 81 0e c4 20 05 14 68 81 16 93 b9 bb 4c 70 80 8c c9 0c a7 60 08 50 b1 4d 74 e0 91 e2 4c e7 57 18 e0 43 4e 08 60 9b ea 8c 27 48 38 38 0a 03 ac 50 9e f8 4c 88 3b 4c 91 82 5a e6 13 9f 56 4c 85 04 06 f7 4f 7c 06 60 89 a8 50 01 38 0b da 4a 02 b0 71 15 59 64 68 3a 57 10 c8 54 a4 60 98 12 4d 23 04 1a 06 0b 3c 2e 34 a3 7c 1b 81 2f 53 51 00 97 81 d4 35 08 bd c5 03 20 78 52 ad b0 80 7b 9a be e8 80 26 5b ba 12 11 84 f0 17 8d c4 28 4d 97 b1 00 07 a4 14 19 03 40 01 41 5b 7a 02 1a 8c b4 17 12 a0 00 2a Data Ascii: (\1%IG8q@8ptL$Ji\.TfF.&ryUZ\& hLp`PMtLWCN`'H88PL;LZVLO\|`P8JqYdh:WT`M#<.4\|/SQ5 xR{&[(M@A[z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.11	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 22:40:28 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39385 Date: Fri, 30 Aug 2024 22:40:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.11	49726	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 22:40:29 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39337 Date: Fri, 30 Aug 2024 22:40:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-30 22:40:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	18:40:16
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	18:40:19
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2236,i,16274624969518994776,7244520482714180003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	18:40:22
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i"
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i	Avira URL Cloud: detection malicious, Label: phishing
Source: https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ipfs.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

Windows Analysis Report
https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i