Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

Overview

General Information

Sample URL:	http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/
Analysis ID:	1520324
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 4424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1988,i,10652732351132495408,6231754353211819788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

LLM: Score: 7 Reasons: The URL uses an IPFS (InterPlanetary File System) link, which is not typically associated with well-known brands., The brand is marked as 'unknown', and there is no clear indication of a legitimate brand association., IPFS links are often used for decentralized content and are not commonly used by legitimate brands for login pages., The presence of input fields for Email and Password on an unknown domain is suspicious and a common tactic used in phishing attempts. DOM: 0.0.pages.csv

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: Gateway: dweb.link

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: Number of links: 0

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: Base64 decoded: asdasd@gmail.com

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: Title: Webmail does not match URL

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: <input type="password" .../> found

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: No <meta name="author".. found

Source: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49730 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.5:51729 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49730 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.linkConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.linksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 06:15:55 GMTContent-Length: 4288Content-Security-Policy: base-uri 'self'; script-src 'self'; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: chromecache_130.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_130.2.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: chromecache_130.2.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: chromecache_130.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_130.2.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51733
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@23/16@24/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1988,i,10652732351132495408,6231754353211819788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1988,i,10652732351132495408,6231754353211819788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/	100%	Avira URL Cloud	phishing
http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	0%	Avira URL Cloud	safe
https://code.jquery.com/jquery-2.2.4.min.js	0%	Avira URL Cloud	safe
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	0%	Avira URL Cloud	safe
https://alphatrade-options.com/git/rand/favicon.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
code.jquery.com	151.101.2.137	true	false		unknown
bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link	209.94.90.3	true	false		unknown
www.google.com	142.250.181.228	true	false		unknown
fac.corp.fortinet.com	208.91.114.103	true	false		unknown
d28h3jm4r3crf8.cloudfront.net	13.35.58.96	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
alphatrade-options.com	unknown	unknown	true		unknown
ik.imagekit.io	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-2.2.4.min.js	false	Avira URL Cloud: safe	unknown
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	false	Avira URL Cloud: safe	unknown
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false	Avira URL Cloud: safe	unknown
https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alphatrade-options.com/git/rand/favicon.png	chromecache_130.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
151.101.2.137	code.jquery.com	United States		54113	FASTLYUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
13.35.58.96	d28h3jm4r3crf8.cloudfront.net	United States		16509	AMAZON-02US	false
142.250.181.228	www.google.com	United States		15169	GOOGLEUS	false
209.94.90.3	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link	United States		40680	PROTOCOLUS	false
208.91.114.103	fac.corp.fortinet.com	United States		40934	FORTINETUS	false
151.101.194.137	unknown	United States		54113	FASTLYUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520324
Start date and time:	2024-09-27 08:14:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@23/16@24/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.186.110, 64.233.167.84, 34.104.35.123, 142.250.184.234, 216.58.212.138, 172.217.18.106, 172.217.16.202, 142.250.74.202, 142.250.185.234, 142.250.186.42, 142.250.185.170, 142.250.186.106, 142.250.186.138, 142.250.185.202, 142.250.185.106, 172.217.18.10, 142.250.185.138, 142.250.186.74, 142.250.185.74, 4.245.163.56, 93.184.221.240, 192.229.221.95, 13.95.31.18, 13.85.23.206, 142.250.185.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/ Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "trigger_text":"unknown", "prominent_button_name":"Log in", "text_input_field_labels":["Email", "Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/ Model: jbxai	{ "phishing_score":9, "brands":"unknown", "legit_domain":"unknown", "classification":"unknown", "reasons":["The URL uses an IPFS (InterPlanetary File System) link, which is not typically associated with well-known brands.", "The brand is marked as 'unknown', and there is no clear indication of a legitimate brand association.", "IPFS links are often used for decentralized content and are not commonly used by legitimate brands for login pages.", "The presence of input fields for Email and Password on an unknown domain is suspicious and a common tactic used in phishing attempts."], "brand_matches":[], "url_match":false, "brand_input":"unknown", "input_fields":"Email, Password"}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:15:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9756113690042443
Encrypted:	false
SSDEEP:	48:8QdUTYkxHEidAKZdA19ehwiZUklqehsJy+3:8XXYBJy
MD5:	B5AB9AAFACB59B85458D4DAE9671C485
SHA1:	2CD50E6578C1C7CA5316C0690732A2ED5E723F14
SHA-256:	B0B0A1CEC308A9341ACB323AF072CFFA0E25F0CC22991124076E385596701393
SHA-512:	8C15529700D42A5E80D4494E85133B10F53A49156835BAA7C830E3AFD987F16C905ACCE45CBC855DB3D21DA9BD395E33A13D5FED26946E8452D4806BE1F72B2E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......@.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:15:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9899620327561407
Encrypted:	false
SSDEEP:	48:8SdUTYkxHEidAKZdA1weh/iZUkAQkqehxJy+2:8BXy9Q+Jy
MD5:	240C1CBB6911D00672D52AFA8BBBA58C
SHA1:	83E69195604FF17AC37230D365A4FD1E82258481
SHA-256:	834E087DE7023ED364099812F0CB38F8A88E7DFB6CDFCC16975EFD830051734A
SHA-512:	D51DA37E7DB0CFC92749C20CE9C73914AF7F7C8F2C04EF15D82692DBA1345ACE07669791A05F83B66B6082070DA413EA05AEA494A0A9AAF77E602D8E1FE1DCBC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....].6.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003250231726485
Encrypted:	false
SSDEEP:	48:8xtdUTYksHEidAKZdA14tseh7sFiZUkmgqeh7srJy+BX:8x0XBndJy
MD5:	0D59E1C0A3BF259BAC9B5AA3959CC906
SHA1:	08A917276E12021D9C99EB917040F66EB9249A85
SHA-256:	754E20D927120AE38013808480487C2E025888B6696FAD1C98D04AC48D1DB561
SHA-512:	7198CAE3FADA142F2291C2F5B701EEB472094E2E1D742D0B286212DE718A6E7EABE4B751D58D8FA72A68009228F7A45B427C674E4F7134ED174A8F941C677720
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:15:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989015842973951
Encrypted:	false
SSDEEP:	48:8ldUTYkxHEidAKZdA1vehDiZUkwqeh1Jy+R:8sXZjJy
MD5:	2F8D5180FD71F25BA548E48A290F5F93
SHA1:	67FA8D4DEE86A307AD3C2C08ACDDC6D142EBBBC6
SHA-256:	47E186FE465449C0CED57CA7E65FDFAAF53183EEB94214F060B13732AFF75540
SHA-512:	CB891EF96206FD28D1F9929874E523E813932682BEC4723F1DD043B93044FEBCB8BD2E6A7222273971355D604A487114B7915EDAF92BD15EDA6EEC2C7AE0A727
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......0.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:15:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.980349619960808
Encrypted:	false
SSDEEP:	48:8odUTYkxHEidAKZdA1hehBiZUk1W1qehnJy+C:8vXp9HJy
MD5:	03DCD9957A3BC368815D1C04343A8841
SHA1:	6B2BF3691E06BEDE2216307CE03DF6D5F4192BCE
SHA-256:	CE3F355BAE866C7E9B2942F13DCDF83A5B57170EFA56890BAB80F3B183BFCB1A
SHA-512:	6F08357D1927AF07A005BD1C9D9958088475DFB881A543A614F449D06F93DE019EEE82829FF1A4038713CD8994C995042B1D404EEB9F22ECC675F8BD28B92483
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....](<.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:15:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.990192323690524
Encrypted:	false
SSDEEP:	48:8rdUTYkxHEidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdJy+yT+:8SX1T/TbxWOvTbdJy7T
MD5:	1D17B55034088E4E0A8A52204FFFF129
SHA1:	BC52CD533483B23E2D1DCD2DDA06369E4D1496FC
SHA-256:	DCEF3A659537B42A198A566B800D07A53833B72FC6617A28129F6C1DCA92DD7E
SHA-512:	F003C9964296F9FD2B97100583AD9C72E827F917DB9535EE7684583EE363992E40150FA367FA4B8E84E0C634EBE7C042B44FC81B4AB03A7C35C3CDA879A4A92B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Z(.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 127

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlKXhUk7WyhERIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 128

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 129

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 130

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52259), with CRLF line terminators
Category:	downloaded
Size (bytes):	163799
Entropy (8bit):	5.1340268563120555
Encrypted:	false
SSDEEP:	3072:tBazhIHn+pIi5x/xD47c0QxVLMOePEwN/92aqFbOaQcCysDdY1xSfjByEizP+xjm:/azhIHn+pIi5x/xD47c0QxVLMOePrN/y
MD5:	8106F0F35A36951AFEBFFC30B9FDF98D
SHA1:	8C3B330BBFF440DC97EF14D1731FA22217346513
SHA-256:	8B7209F4498718553198B82A191D9C30C4EDD99B2323BB3D0807BAB7BFCD9ECE
SHA-512:	2AC5A61373511A9A6FC541AA0F33098FDD03D84D866C7250F37191E686E6E82B1200BCBFA2B4A8E753D0D7FADE52AAF1E65420BF435E48250BA0CBBD4758401D
Malicious:	false
Reputation:	low
URL:	https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/
Preview:	<!DOCTYPE html>..<html lang="en">.. "5sqf90t3gqz7po"-->..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != window.location) {.. window.opener.top.location.reload();.. self.close();.. }.. </script>......

Chrome Cache Entry: 131

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 132

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 08:15:45.599713087 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:45.599960089 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:45.724710941 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:53.910342932 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:53.910393953 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:53.910469055 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:53.910629988 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:53.910641909 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.387341022 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.387980938 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.388015032 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.389069080 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.389128923 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.415169954 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.415327072 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.415453911 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.415472984 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.532386065 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.532413006 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.532484055 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.532512903 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.532560110 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.533029079 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.533219099 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.533245087 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.533267021 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.533272982 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.533282995 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.533315897 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.533756018 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.533807039 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.537089109 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.582282066 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:54.582313061 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:54.582374096 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:54.583698988 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:54.583714008 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:54.597836971 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:54.597873926 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:54.597937107 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:54.598141909 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:54.598154068 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:54.623519897 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623553991 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623581886 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623584032 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.623596907 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623631954 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623645067 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.623652935 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623672009 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.623903036 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.623950958 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.623958111 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.624330044 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.624361992 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.624376059 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.624383926 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.624411106 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.624419928 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.624427080 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.624473095 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.625190020 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.625304937 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.625336885 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.625355005 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.625363111 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.625399113 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.625401020 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.625411034 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.625457048 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.626209021 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.626251936 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.626280069 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.626296997 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.626305103 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.626332998 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.626346111 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.626353025 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.626398087 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.714553118 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.714613914 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.714651108 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.714658022 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.714680910 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.714730978 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.714737892 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.714871883 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.714924097 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.714931011 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.715775013 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.715801954 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.715836048 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.715845108 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.715876102 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.716295004 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.716322899 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.716339111 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.716346025 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.716375113 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.716435909 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.716478109 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.716547966 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.717276096 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.717310905 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.717330933 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.717336893 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.717365980 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.718077898 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.718128920 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.718137026 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.718183041 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.718245029 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.718290091 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.718300104 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.718306065 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.718343973 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.718357086 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.719152927 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.719213009 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.719337940 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.719405890 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.719976902 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.720037937 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.785335064 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:54.785372972 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:54.785434008 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:54.785640001 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:54.785655022 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:54.805290937 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.805336952 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.805370092 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.805383921 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.805411100 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.805437088 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.805604935 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.805660009 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.805804014 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.805854082 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.805980921 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806030989 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.806152105 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806176901 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806200027 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.806206942 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806216955 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.806657076 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806710005 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.806718111 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806760073 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.806864977 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.806917906 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.807013988 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.807065964 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.807171106 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.807218075 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.807826996 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.807888031 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.807992935 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.808043957 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.808049917 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.808084965 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:54.808093071 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.808134079 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.808907032 CEST	49709	443	192.168.2.5	209.94.90.3
Sep 27, 2024 08:15:54.808917046 CEST	443	49709	209.94.90.3	192.168.2.5
Sep 27, 2024 08:15:55.038784981 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.039230108 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.039294958 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.040436983 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.040503025 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.041697025 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.041754961 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.042160034 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.042167902 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.082741976 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.136390924 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.137031078 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.137054920 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.137080908 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.137108088 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.137125015 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.137170076 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.137701988 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.137754917 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.137763977 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.138168097 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.138187885 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.138219118 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.138228893 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.138271093 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.143093109 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.151813030 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.151894093 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.151906013 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.206316948 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:55.206315994 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:55.209007978 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.223743916 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.223917961 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.223973036 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.223985910 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224159002 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224185944 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224206924 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.224215031 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224242926 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224257946 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.224265099 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224307060 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.224858046 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224900961 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224924088 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224941015 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224944115 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.224956989 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.224983931 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.225708008 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.225725889 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.225756884 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.225760937 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.225771904 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.225801945 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.226536989 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.226561069 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.226582050 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.226586103 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.226594925 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.226627111 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.226663113 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.226708889 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.226716042 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.266928911 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.266942978 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.282404900 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.282481909 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.282490015 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310587883 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310621977 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310655117 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310667992 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.310678005 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310713053 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310724020 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.310731888 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.310755014 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.311024904 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.311053991 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.311069965 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.311079025 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.311114073 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.311120033 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312079906 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312088966 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312100887 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312129021 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312146902 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.312156916 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312184095 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.312217951 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.312222958 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312237978 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.312283039 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.330998898 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:55.339339018 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.384105921 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.404875040 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.452763081 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.687657118 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.687685013 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.688859940 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.688922882 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.689074993 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.689110041 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.690083027 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.690150976 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.707107067 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.707205057 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.707418919 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.707427979 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.707870007 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.707937002 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.708218098 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.708226919 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.743947983 CEST	49712	443	192.168.2.5	151.101.2.137
Sep 27, 2024 08:15:55.743967056 CEST	443	49712	151.101.2.137	192.168.2.5
Sep 27, 2024 08:15:55.751477003 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.751477957 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.889915943 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.889982939 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.890037060 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.890053988 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.890069008 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:55.890110970 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:55.900876999 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.900902987 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.900911093 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.900923967 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.900929928 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.900937080 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.900949955 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.900974035 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.901010990 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.901026964 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.985021114 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.985049009 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.985100031 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.985131025 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.985165119 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.985184908 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.991003036 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.991019011 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.991080046 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.991087914 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.991141081 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.993670940 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.993736982 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.993743896 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.993779898 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:55.993796110 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:55.993827105 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:56.230640888 CEST	49714	443	192.168.2.5	208.91.114.103
Sep 27, 2024 08:15:56.230659962 CEST	443	49714	208.91.114.103	192.168.2.5
Sep 27, 2024 08:15:56.232584000 CEST	49713	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:56.232599020 CEST	443	49713	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:56.658871889 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:56.658936024 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:56.659023046 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:56.660736084 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:56.660758018 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:56.791513920 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:56.791551113 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:56.791896105 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:56.793129921 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:56.793153048 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:56.951499939 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:56.951538086 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:56.951668978 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:56.952682018 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:56.952697992 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:56.989448071 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:56.989497900 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:56.989551067 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:56.990103006 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:56.990118027 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.315270901 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.315347910 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.320354939 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.320382118 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.320944071 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.359478951 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 27, 2024 08:15:57.359584093 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:15:57.361342907 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.416702986 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.424557924 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.424575090 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.425915003 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.425981998 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.428127050 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.429244995 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.429325104 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.429673910 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.429682970 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.446427107 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:57.446717024 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:57.446727991 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:57.447777033 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:57.447845936 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:57.454385996 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:57.454468966 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:57.470751047 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.471424103 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.493979931 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:57.493988037 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:15:57.525675058 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.541480064 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.541490078 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.541501999 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.541580915 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.541601896 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.541657925 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.564285040 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:15:57.614619970 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.614630938 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.614674091 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.614717007 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.614732981 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.614764929 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.614784002 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.616544008 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.616605043 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.616630077 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.616635084 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.616681099 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.617356062 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.617417097 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.617578983 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.623651028 CEST	49716	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.623697996 CEST	443	49716	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.703447104 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.703505993 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.703535080 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.703547955 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.703627110 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.704252005 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.704301119 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.704323053 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.704329014 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.704365015 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.704377890 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.704401016 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.704453945 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.704458952 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.704570055 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.704622984 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.728749990 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.783035040 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:57.852842093 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:57.852868080 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.854625940 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.854636908 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.854697943 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:57.861572981 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:57.861663103 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.861892939 CEST	49721	443	192.168.2.5	151.101.194.137
Sep 27, 2024 08:15:57.861917019 CEST	443	49721	151.101.194.137	192.168.2.5
Sep 27, 2024 08:15:57.865345955 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:57.865355015 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:57.907268047 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.907298088 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:57.907370090 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.920337915 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:57.955981016 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:57.956008911 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.050884962 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061301947 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061311960 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061341047 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061352968 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061364889 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061551094 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.061573982 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061588049 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.061594009 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.061649084 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.111165047 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.144859076 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.144869089 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.144908905 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.144922972 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.144941092 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.144948006 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.145112991 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.147106886 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.150181055 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.150188923 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.150213957 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.150222063 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.150235891 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.150247097 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.150271893 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.150408030 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.152275085 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.152282000 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.152354956 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.152362108 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.152404070 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.213911057 CEST	49722	443	192.168.2.5	13.35.58.96
Sep 27, 2024 08:15:58.213943958 CEST	443	49722	13.35.58.96	192.168.2.5
Sep 27, 2024 08:15:58.589142084 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.589214087 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:58.617479086 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:58.617496014 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.617729902 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.621726036 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:58.667417049 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.866399050 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.866470098 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.866520882 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:58.914669991 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:58.914690018 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:15:58.914702892 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 27, 2024 08:15:58.914709091 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 27, 2024 08:16:07.356832027 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:07.356929064 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:07.356976032 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:08.091295004 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:08.091348886 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:08.091712952 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:08.091815948 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 27, 2024 08:16:08.091892958 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:08.092163086 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:08.092197895 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 27, 2024 08:16:08.096115112 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 27, 2024 08:16:08.096131086 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 27, 2024 08:16:08.462506056 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:08.462551117 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:08.705348015 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 27, 2024 08:16:08.705507040 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:27.859951973 CEST	443	49730	23.1.237.91	192.168.2.5
Sep 27, 2024 08:16:27.860133886 CEST	49730	443	192.168.2.5	23.1.237.91
Sep 27, 2024 08:16:33.509521961 CEST	51729	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:33.514473915 CEST	53	51729	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:33.514580965 CEST	51729	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:33.514619112 CEST	51729	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:33.519517899 CEST	53	51729	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:33.970841885 CEST	53	51729	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:33.972048998 CEST	51729	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:33.977435112 CEST	53	51729	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:33.977497101 CEST	51729	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:56.803124905 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:56.803173065 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:56.803234100 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:56.805139065 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:56.805146933 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:57.543788910 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:57.544542074 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:57.544553995 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:57.544857025 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:57.545708895 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:16:57.545757055 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:16:57.597059011 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:17:07.394474030 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:17:07.394539118 CEST	443	51733	142.250.181.228	192.168.2.5
Sep 27, 2024 08:17:07.394588947 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:17:08.448020935 CEST	51733	443	192.168.2.5	142.250.181.228
Sep 27, 2024 08:17:08.448045969 CEST	443	51733	142.250.181.228	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 08:15:52.133868933 CEST	53	60604	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:52.412159920 CEST	53	55700	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:53.416584015 CEST	53	52883	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:53.883147001 CEST	54686	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:53.883306980 CEST	55373	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:53.892816067 CEST	53	54686	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:53.895051956 CEST	53	55373	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:53.898366928 CEST	50996	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:53.898495913 CEST	56588	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:53.908559084 CEST	53	50996	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:53.909936905 CEST	53	56588	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:54.574445009 CEST	56635	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:54.574588060 CEST	55598	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:54.581249952 CEST	53	56635	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:54.581697941 CEST	53	55598	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:54.584271908 CEST	60594	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:54.584882021 CEST	59009	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:54.586246967 CEST	62032	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:54.586456060 CEST	58025	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:54.591902018 CEST	53	60594	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:54.600656986 CEST	53	59009	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:54.743577957 CEST	53	62032	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:54.894789934 CEST	53	58025	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.050561905 CEST	53	50801	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.767585993 CEST	50659	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.769455910 CEST	52893	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.774378061 CEST	53	50659	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.776254892 CEST	53	52893	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.793829918 CEST	58042	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.794200897 CEST	54714	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.935528994 CEST	51028	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.941719055 CEST	63006	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.942121029 CEST	53	51028	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.948385000 CEST	53	63006	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.979589939 CEST	59582	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.980082035 CEST	49593	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:56.987063885 CEST	53	59582	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:56.988526106 CEST	53	49593	1.1.1.1	192.168.2.5
Sep 27, 2024 08:15:57.853296041 CEST	58505	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:57.853511095 CEST	61756	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:15:59.878312111 CEST	54524	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:00.893346071 CEST	54524	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:01.766144037 CEST	53	61756	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:01.893395901 CEST	54524	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:02.317368984 CEST	53	54714	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:03.367635012 CEST	53	58505	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:03.909320116 CEST	54524	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:16:04.260318995 CEST	53	58042	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:07.411569118 CEST	53	54524	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:07.411585093 CEST	53	54524	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:07.411593914 CEST	53	54524	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:07.411602020 CEST	53	54524	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:10.478149891 CEST	53	61635	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:29.459228992 CEST	53	63534	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:33.509027004 CEST	53	59402	1.1.1.1	192.168.2.5
Sep 27, 2024 08:16:51.877074957 CEST	53	53403	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 27, 2024 08:15:54.600717068 CEST	192.168.2.5	1.1.1.1	c261	(Port unreachable)	Destination Unreachable
Sep 27, 2024 08:16:01.766237020 CEST	192.168.2.5	1.1.1.1	c1ed	(Port unreachable)	Destination Unreachable
Sep 27, 2024 08:16:03.367808104 CEST	192.168.2.5	1.1.1.1	c1ed	(Port unreachable)	Destination Unreachable
Sep 27, 2024 08:16:04.260468960 CEST	192.168.2.5	1.1.1.1	c1ed	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 08:15:53.883147001 CEST	192.168.2.5	1.1.1.1	0xa3e3	Standard query (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:53.883306980 CEST	192.168.2.5	1.1.1.1	0x7e55	Standard query (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link	65	IN (0x0001)	false
Sep 27, 2024 08:15:53.898366928 CEST	192.168.2.5	1.1.1.1	0x175e	Standard query (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:53.898495913 CEST	192.168.2.5	1.1.1.1	0x14fc	Standard query (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link	65	IN (0x0001)	false
Sep 27, 2024 08:15:54.574445009 CEST	192.168.2.5	1.1.1.1	0x339a	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.574588060 CEST	192.168.2.5	1.1.1.1	0xc187	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:54.584271908 CEST	192.168.2.5	1.1.1.1	0xd503	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.584882021 CEST	192.168.2.5	1.1.1.1	0xb685	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Sep 27, 2024 08:15:54.586246967 CEST	192.168.2.5	1.1.1.1	0xbc3e	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.586456060 CEST	192.168.2.5	1.1.1.1	0x39f8	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:56.767585993 CEST	192.168.2.5	1.1.1.1	0x7e56	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.769455910 CEST	192.168.2.5	1.1.1.1	0xfa4a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:56.793829918 CEST	192.168.2.5	1.1.1.1	0xb2a5	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.794200897 CEST	192.168.2.5	1.1.1.1	0x4e62	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:56.935528994 CEST	192.168.2.5	1.1.1.1	0x1028	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.941719055 CEST	192.168.2.5	1.1.1.1	0x4e74	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:56.979589939 CEST	192.168.2.5	1.1.1.1	0xcb92	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.980082035 CEST	192.168.2.5	1.1.1.1	0xca6	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Sep 27, 2024 08:15:57.853296041 CEST	192.168.2.5	1.1.1.1	0x9b2c	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:57.853511095 CEST	192.168.2.5	1.1.1.1	0x2b98	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:59.878312111 CEST	192.168.2.5	1.1.1.1	0xa31f	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:00.893346071 CEST	192.168.2.5	1.1.1.1	0xa31f	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:01.893395901 CEST	192.168.2.5	1.1.1.1	0xa31f	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:03.909320116 CEST	192.168.2.5	1.1.1.1	0xa31f	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 08:15:53.892816067 CEST	1.1.1.1	192.168.2.5	0xa3e3	No error (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link		209.94.90.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:53.892816067 CEST	1.1.1.1	192.168.2.5	0xa3e3	No error (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link		209.94.90.2	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:53.895051956 CEST	1.1.1.1	192.168.2.5	0x7e55	No error (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link			65	IN (0x0001)	false
Sep 27, 2024 08:15:53.908559084 CEST	1.1.1.1	192.168.2.5	0x175e	No error (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link		209.94.90.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:53.908559084 CEST	1.1.1.1	192.168.2.5	0x175e	No error (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link		209.94.90.2	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:53.909936905 CEST	1.1.1.1	192.168.2.5	0x14fc	No error (0)	bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link			65	IN (0x0001)	false
Sep 27, 2024 08:15:54.581249952 CEST	1.1.1.1	192.168.2.5	0x339a	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.581249952 CEST	1.1.1.1	192.168.2.5	0x339a	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.581249952 CEST	1.1.1.1	192.168.2.5	0x339a	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.581249952 CEST	1.1.1.1	192.168.2.5	0x339a	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.591902018 CEST	1.1.1.1	192.168.2.5	0xd503	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:54.591902018 CEST	1.1.1.1	192.168.2.5	0xd503	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.591902018 CEST	1.1.1.1	192.168.2.5	0xd503	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.591902018 CEST	1.1.1.1	192.168.2.5	0xd503	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.591902018 CEST	1.1.1.1	192.168.2.5	0xd503	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:54.600656986 CEST	1.1.1.1	192.168.2.5	0xb685	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:54.743577957 CEST	1.1.1.1	192.168.2.5	0xbc3e	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.774378061 CEST	1.1.1.1	192.168.2.5	0x7e56	No error (0)	www.google.com		142.250.181.228	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.776254892 CEST	1.1.1.1	192.168.2.5	0xfa4a	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 08:15:56.942121029 CEST	1.1.1.1	192.168.2.5	0x1028	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.942121029 CEST	1.1.1.1	192.168.2.5	0x1028	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.942121029 CEST	1.1.1.1	192.168.2.5	0x1028	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.942121029 CEST	1.1.1.1	192.168.2.5	0x1028	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.987063885 CEST	1.1.1.1	192.168.2.5	0xcb92	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:56.987063885 CEST	1.1.1.1	192.168.2.5	0xcb92	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.987063885 CEST	1.1.1.1	192.168.2.5	0xcb92	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.987063885 CEST	1.1.1.1	192.168.2.5	0xcb92	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.987063885 CEST	1.1.1.1	192.168.2.5	0xcb92	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:56.988526106 CEST	1.1.1.1	192.168.2.5	0xca6	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:16:01.766144037 CEST	1.1.1.1	192.168.2.5	0x2b98	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 27, 2024 08:16:02.317368984 CEST	1.1.1.1	192.168.2.5	0x4e62	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 27, 2024 08:16:03.367635012 CEST	1.1.1.1	192.168.2.5	0x9b2c	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:04.260318995 CEST	1.1.1.1	192.168.2.5	0xb2a5	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:07.411569118 CEST	1.1.1.1	192.168.2.5	0xa31f	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:07.411585093 CEST	1.1.1.1	192.168.2.5	0xa31f	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:07.411593914 CEST	1.1.1.1	192.168.2.5	0xa31f	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:07.411602020 CEST	1.1.1.1	192.168.2.5	0xa31f	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:07.466969013 CEST	1.1.1.1	192.168.2.5	0x2c04	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:16:07.466969013 CEST	1.1.1.1	192.168.2.5	0x2c04	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:21.118536949 CEST	1.1.1.1	192.168.2.5	0x2028	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:16:21.118536949 CEST	1.1.1.1	192.168.2.5	0x2028	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	209.94.90.3	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:54 UTC	717	OUT	GET / HTTP/1.1 Host: bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:54 UTC	1041	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 06:15:54 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m/ x-ipfs-roots: bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m x-ipfs-pop: rainbow-dc13-10 CF-Cache-Status: HIT Age: 99226 Server: cloudflare CF-RAY: 8c995ca56bbd431b-EWR
2024-09-27 06:15:54 UTC	328	IN	Data Raw: 37 62 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 22 35 73 71 66 39 30 74 33 67 71 7a 37 70 6f 22 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 Data Ascii: 7b8e<!DOCTYPE html><html lang="en">..."5sqf90t3gqz7po"--><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="re
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 32 2e 32 2e 34 2e 6d 69 6e 2e 6a 73 22 0d 0a 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 32 35 36 2d 42 62 68 64 6c 76 51 66 2f 78 54 59 39 67 6a 61 30 44 71 33 48 69 77 51 46 38 4c 61 43 52 54 58 78 5a 4b 52 75 74 65 6c 54 34 34 3d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 Data Ascii: on" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png"> <script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 75 62 6d 69 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e Data Ascii: input { border-radius: 5px; padding: 5px 3px; } input.submit { font-weight: bold; text-align: center; min-width: 90px; color: #f0f0f0; backgroun
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 7a 36 71 4f 69 50 47 78 56 4a 52 6c 44 66 5a 73 66 71 59 2b 6d 79 6e 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 33 43 52 45 72 33 45 58 55 36 6a 30 61 75 39 54 31 6a 64 35 61 65 75 45 65 4f 69 79 58 62 45 34 4e 35 68 7a 56 31 69 71 36 4f 55 43 47 2f 72 63 39 76 79 57 30 79 5a 71 4e 57 30 37 4c 58 2b 6e 45 44 33 66 4e 56 42 53 6c 6c 58 4b 52 46 34 4d 64 31 52 78 46 46 34 45 39 72 47 6f 69 38 53 57 63 35 34 43 36 59 55 52 4f 55 6a 78 30 49 44 31 46 2f 69 5a 73 71 78 6d 50 71 4c 46 63 31 2f 77 2f 45 73 74 4d 56 79 74 67 5a 2b 48 5a 50 70 50 49 41 48 46 30 51 4b 33 50 73 Data Ascii: z6qOiPGxVJRlDfZsfqY+myn9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq3CREr3EXU6j0au9T1jd5aeuEeOiyXbE4N5hzV1iq6OUCG/rc9vyW0yZqNW07LX+nED3fNVBSllXKRF4Md1RxFF4E9rGoi8SWc54C6YUROUjx0ID1F/iZsqxmPqLFc1/w/EstMVytgZ+HZPpPIAHF0QK3Ps
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 36 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 36 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 44 35 32 42 31 45 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 Data Ascii: 600; } .col2 { width: 286px; } .col2 input { width: 96%; } .error { color: #D52B1E; font-weight: normal; } .container {
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 68 3a 20 36 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: h: 600px) { body { background-image: none; } .container { /* position:relative; padding: 20px; box-shadow:none;
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 74 65 78 74 2d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 41 72 69 61 6c 20 42 6c 61 63 6b 22 2c 20 47 61 64 67 65 74 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 Data Ascii: object-fit: contain } .xlogo span { vertical-align: middle } .text-g { font-family: "Arial Black", Gadget, sans-serif; text-transform: uppercase !important; text
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 35 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 0d 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 6e 61 6d 65 3d 22 68 69 64 6f 22 20 69 64 3d 22 68 69 64 6f 22 20 76 61 6c 75 65 3d 22 22 3e 0d 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 6e 61 6d 65 3d 22 72 65 64 69 72 65 63 Data Ascii: osition:absolute; top:50%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image"> <input type="hidden" class="form-control" name="hido" id="hido" value=""> <input type="hidden" class="form-control" name="redirec
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 31 22 20 73 74 79 6c 65 3d 22 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 73 75 62 6d 69 74 5f 62 74 6e 22 20 63 Data Ascii: <div><span class="error" id="error"></span></div> </div> <div class="row"> <div class="col1" style="line-height:40px;padding-top:10px;"> <input type="button" id="submit_btn" c
2024-09-27 06:15:54 UTC	1369	IN	Data Raw: 74 61 6c 69 7a 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 22 20 63 6c 61 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 31 22 3e 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 64 5f 65 6d 61 69 6c 22 3e 45 6d 61 69 6c 3a 3c 2f 6c 61 62 65 6c 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 32 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 0d 0a 20 20 20 20 Data Ascii: talize !important;" class='text-g' id="banNer"></span> </div> <div class="row"> <div class="col1"><label for="id_email">Email:</label></div> <div class="col2"> ...

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	151.101.2.137	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:55 UTC	681	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:55 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1469673 Date: Fri, 27 Sep 2024 06:15:55 GMT X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740068-EWR X-Cache: HIT, HIT X-Cache-Hits: 2274, 0 X-Timer: S1727417755.092576,VS0,VE1 Vary: Accept-Encoding
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 7c 7c 7b 7d 2c 68 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 7c 7c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 29 7c 7c 28 67 3d 7b 7d 29 2c 68 3d 3d 3d 69 26 26 28 67 3d 74 68 69 73 2c 68 2d 2d 29 3b 69 3e 68 3b 68 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 29 29 66 6f 72 28 62 20 69 6e 20 61 29 63 3d 67 5b 62 5d 2c 64 3d 61 5b 62 5d 2c 67 21 3d 3d 64 26 26 28 6a 26 26 64 26 26 28 6e 2e 69 73 50 6c 61 Data Ascii: ,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPla
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 2d 22 29 2e 72 65 70 6c 61 63 65 28 71 2c 72 29 7d 2c 6e 6f 64 65 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 73 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 63 3e 64 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e Data Ascii: -").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 3d 6e 2e 74 79 70 65 28 61 29 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 63 7c 7c 6e 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 21 31 3a 22 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 7d 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 67 61 28 29 2c 7a 3d 67 61 28 29 2c 41 3d 67 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d Data Ascii: =n.type(a);return"function"===c\|\|n.isWindow(a)?!1:"array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 4b 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4c 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4c 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4c 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 59 3d 2f 5e 68 5c 64 24 2f 69 2c 5a 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 24 3d 2f 5e 28 3f 3a 23 28 Data Ascii: i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\\("+L+"((?:-\\d)?\\d)"+L+"\\)\|)(?=[^-]\|$)","i")},X=/^(?:input\|select\|textarea\|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#(
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 61 61 2c 22 5c 5c 24 26 22 29 3a 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 6b 3d 75 29 2c 72 3d 67 28 61 29 2c 68 3d 72 2e 6c 65 6e 67 74 68 2c 6c 3d 56 2e 74 65 73 74 28 6b 29 3f 22 23 22 2b 6b 3a 22 5b 69 64 3d 27 22 2b 6b 2b 22 27 5d 22 3b 77 68 69 6c 65 28 68 2d 2d 29 72 5b 68 5d 3d 6c 2b 22 20 22 2b 71 61 28 72 5b 68 5d 29 3b 73 3d 72 2e 6a 6f 69 6e 28 22 2c 22 29 2c 77 3d 5f 2e 74 65 73 74 28 61 29 26 26 6f 61 28 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 62 7d 69 66 28 73 29 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 64 2c 77 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 73 Data Ascii: Case()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)\|\|b}if(s)try{return H.apply(d,w.querySelectorAll(s
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 3f 22 48 54 4d 4c 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 3a 21 31 7d 2c 6d 3d 66 61 2e 73 65 74 44 6f 63 75 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 65 2c 67 3d 61 3f 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 3a 76 3b 72 65 74 75 72 6e 20 67 21 3d 3d 6e 26 26 39 3d 3d 3d 67 2e 6e 6f 64 65 54 79 70 65 26 26 67 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3f 28 6e 3d 67 2c 6f 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 70 3d 21 66 28 6e 29 2c 28 65 3d 6e 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 65 2e 74 6f 70 21 3d 3d 65 26 26 28 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c Data Ascii: ).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument\|\|a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventL
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 6e 20 66 7d 2c 64 2e 66 69 6e 64 2e 43 4c 41 53 53 3d 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 70 3f 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 3a 76 6f 69 64 20 30 7d 2c 72 3d 5b 5d 2c 71 3d 5b 5d 2c 28 63 2e 71 73 61 3d 5a 2e 74 65 73 74 28 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 29 26 26 28 69 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 69 64 3d 27 22 2b 75 2b 22 27 3e 3c 2f 61 Data Ascii: n f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 6d 65 6e 74 3a 61 2c 64 3d 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 61 3d 3d 3d 64 7c 7c 21 28 21 64 7c 7c 31 21 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 63 2e 63 6f 6e 74 61 69 6e 73 3f 63 2e 63 6f 6e 74 61 69 6e 73 28 64 29 3a 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 64 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 77 68 69 6c 65 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 Data Ascii: ment:a,d=b&&b.parentNode;return a===d\|\|!(!d\|\|1!==d.nodeType\|\|!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!
2024-09-27 06:15:55 UTC	1378	IN	Data Raw: 72 48 61 6e 64 6c 65 5b 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 66 3d 65 26 26 44 2e 63 61 6c 6c 28 64 2e 61 74 74 72 48 61 6e 64 6c 65 2c 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 65 28 61 2c 62 2c 21 70 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 66 3f 66 3a 63 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 21 70 3f 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 3a 28 66 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 62 29 29 26 26 66 2e 73 70 65 63 69 66 69 65 64 3f 66 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 2c 66 61 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 Data Ascii: rHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes\|\|!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognize

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	13.35.58.96	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:55 UTC	678	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:55 UTC	809	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: b5219f3c-5455-4706-92bc-1607d368c509 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Sun, 31 Dec 2023 19:31:51 GMT Date: Thu, 01 Feb 2024 00:34:10 GMT Via: 1.1 61c90c70feca5f532bf48bc0dc85d516.cloudfront.net (CloudFront), 1.1 7ccd3c44ed70cdb4cd40f0ff29b1254c.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: W-sFAEAmSTPJ4QuB6HH_ZvhquXtWvc9diJB8bl5uN4OpV5Rp5ftVMg== Age: 20670105
2024-09-27 06:15:55 UTC	15575	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-09-27 06:15:55 UTC	16384	IN	Data Raw: 78 d3 cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 Data Ascii: x!3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2024-09-27 06:15:55 UTC	16384	IN	Data Raw: 3b 81 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 Data Ascii: ;>l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_X
2024-09-27 06:15:55 UTC	6859	IN	Data Raw: 75 e7 ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa Data Ascii: u\|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	208.91.114.103	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:55 UTC	706	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:55 UTC	548	IN	HTTP/1.1 404 Not Found Date: Fri, 27 Sep 2024 06:15:55 GMT Content-Length: 4288 Content-Security-Policy: base-uri 'self'; script-src 'self'; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2024-09-27 06:15:55 UTC	4288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49721	151.101.194.137	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:57 UTC	358	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:57 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 27 Sep 2024 06:15:57 GMT Age: 1469675 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740061-EWR X-Cache: HIT, HIT X-Cache-Hits: 2274, 1 X-Timer: S1727417757.480187,VS0,VE1 Vary: Accept-Encoding
2024-09-27 06:15:57 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-09-27 06:15:57 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2024-09-27 06:15:57 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2024-09-27 06:15:57 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2024-09-27 06:15:57 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2024-09-27 06:15:57 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:57 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:15:57 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37817 Date: Fri, 27 Sep 2024 06:15:57 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49722	13.35.58.96	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:57 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:58 UTC	808	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 6f586e09-c9d6-43fb-be5a-a4eb2b520d61 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Wed, 31 Jul 2024 20:19:18 GMT Date: Tue, 06 Aug 2024 08:43:09 GMT Via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront), 1.1 50d1552804e5c5074606d2b5a0eb8ef8.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: jiOLqEvfmlhMejxRG1U9nkUBnOS8q6-kTJBLBai6mQ6gmC6dlgB0VA== Age: 4483968
2024-09-27 06:15:58 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-09-27 06:15:58 UTC	16384	IN	Data Raw: 06 15 30 ce 26 fd 80 69 00 09 a4 0c 34 c4 e0 aa 65 80 05 10 2b 22 fe c4 40 5a 12 86 9f 0d 66 3c 28 63 20 c5 d1 9f 01 2a 4f 72 80 13 83 2c 35 12 66 b4 bc 19 a0 75 23 13 37 7d c3 99 d0 20 79 a4 14 2f 45 fc 96 53 c1 c5 cb 19 8f 2a b8 3c 41 ec 8e 05 9b 24 39 34 f2 a0 7a 22 03 f1 7b 64 0c df 28 63 91 00 79 12 09 cc 30 8e 67 c0 08 92 04 66 23 1a d0 5c 63 03 86 81 64 d0 9f 79 82 19 f2 c1 46 23 d0 e7 c7 7d 1a 61 70 88 76 13 29 d0 de 21 31 68 96 10 7a 83 48 60 a1 3f 27 30 65 ff cc 06 13 11 00 60 20 03 7c 95 50 6e 8c 18 00 1e 42 0d 28 a8 c7 63 12 b5 f0 c8 00 17 4c 34 42 20 12 4c 64 42 24 9e 4d 44 d6 1f b7 21 84 61 24 57 9d f8 07 0a 12 ed 58 49 08 12 b1 c5 87 01 8b f5 73 a3 25 03 ac 48 0f 03 2e ce 51 24 45 99 18 60 62 3f 2a ec 51 42 42 2b 64 09 89 00 d8 f8 43 40 81 Data Ascii: 0&i4e+"@Zf<(c Or,5fu#7} y/ES<A$94z"{d(cy0gf#\cdyF#}apv)!1hzH`?'0e` \|PnB(cL4B LdB$MD!a$WXIs%H.Q$E`b?*QBB+dC@
2024-09-27 06:15:58 UTC	16384	IN	Data Raw: 08 bc 00 2e 7e 11 46 07 e8 f9 c2 a6 3a f5 a9 50 8d aa 54 a7 4a d5 aa 5a f5 aa 58 cd aa 56 b7 ca d5 ae 7a f5 ab 60 0d 2b 20 82 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 85 00 00 00 b5 b5 b5 f5 f5 f5 fd fd fd 9d 9d 9d f7 f7 f7 fb fb fb 99 99 99 9b 9b 9b ff ff ff a1 a1 a1 9f 9f 9f a5 a5 a5 ad ad ad c9 c9 c9 ed ed ed a3 a3 a3 f9 f9 f9 f3 f3 f3 df df df d1 d1 d1 e1 e1 e1 e9 e9 e9 b9 b9 b9 bd bd bd ef ef ef c3 c3 c3 a9 a9 a9 db db db eb eb eb e7 e7 e7 c7 c7 c7 cf cf cf c1 c1 c1 bb bb bb cb cb cb bf bf bf f1 f1 f1 d5 d5 d5 ab ab ab dd dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 Data Ascii: .~F:PTJZXVz`+ !,
2024-09-27 06:15:58 UTC	6050	IN	Data Raw: d8 d2 28 0d 17 5c 31 0d 0f c0 12 25 97 11 49 47 38 71 93 07 80 40 0b ec 38 86 01 70 80 74 94 4c e1 24 8e 08 4a 69 88 92 94 5c c8 80 0a 2e a0 c7 54 66 82 95 ad c4 86 0b 46 10 03 2e 26 c1 02 2a 10 c1 c4 72 79 00 55 5a 02 97 c4 c4 06 04 5c 10 02 10 a0 c0 03 1d c8 80 00 fc 26 81 0e c4 20 05 14 68 81 16 93 b9 bb 4c 70 80 8c c9 0c a7 60 08 50 b1 4d 74 e0 91 e2 4c e7 57 18 e0 43 4e 08 60 9b ea 8c 27 48 38 38 0a 03 ac 50 9e f8 4c 88 3b 4c 91 82 5a e6 13 9f 56 4c 85 04 06 f7 4f 7c 06 60 89 a8 50 01 38 0b da 4a 02 b0 71 15 59 64 68 3a 57 10 c8 54 a4 60 98 12 4d 23 04 1a 06 0b 3c 2e 34 a3 7c 1b 81 2f 53 51 00 97 81 d4 35 08 bd c5 03 20 78 52 ad b0 80 7b 9a be e8 80 26 5b ba 12 11 84 f0 17 8d c4 28 4d 97 b1 00 07 a4 14 19 03 40 01 41 5b 7a 02 1a 8c b4 17 12 a0 00 2a Data Ascii: (\1%IG8q@8ptL$Ji\.TfF.&ryUZ\& hLp`PMtLWCN`'H88PL;LZVLO\|`P8JqYdh:WT`M#<.4\|/SQ5 xR{&[(M@A[z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:58 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:15:58 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37762 Date: Fri, 27 Sep 2024 06:15:58 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-27 06:15:58 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4424, Parent PID: 5728

General

Target ID:	0
Start time:	02:15:48
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3172, Parent PID: 4424

General

Target ID:	2
Start time:	02:15:51
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1988,i,10652732351132495408,6231754353211819788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2700, Parent PID: 5728

General

Target ID:	3
Start time:	02:15:53
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeigptt7ax52px7en6oa3kf7onahn5ltozndza5z36paatth2z7xz5m.ipfs.dweb.link/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly