Edit tour

Windows Analysis Report
http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/

Overview

General Information

Sample URL:	http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/
Analysis ID:	1521029
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,710625568183230544,1241015653111021493,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 28 Sep 2024 01:20:00 GMTContent-Length: 4288Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: chromecache_49.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_49.2.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: chromecache_49.2.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: chromecache_49.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_49.2.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@18/10@21/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,710625568183230544,1241015653111021493,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,710625568183230544,1241015653111021493,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/	15%	Virustotal		Browse
http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Link
code.jquery.com	1%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
ik.imagekit.io	0%	Virustotal	Browse
fac.corp.fortinet.com	0%	Virustotal	Browse
alphatrade-options.com	1%	Virustotal	Browse
bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	15%	Virustotal	Browse
d28h3jm4r3crf8.cloudfront.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Link
https://code.jquery.com/jquery-2.2.4.min.js	1%	Virustotal	Browse
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	0%	Virustotal	Browse
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	0%	Virustotal	Browse
https://alphatrade-options.com/git/rand/favicon.png	0%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
code.jquery.com	151.101.130.137	true	false	1%, Virustotal, Browse	unknown
bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	209.94.90.2	true	false	15%, Virustotal, Browse	unknown
www.google.com	172.217.18.4	true	false	0%, Virustotal, Browse	unknown
fac.corp.fortinet.com	208.91.114.103	true	false	0%, Virustotal, Browse	unknown
d28h3jm4r3crf8.cloudfront.net	13.35.58.104	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
alphatrade-options.com	unknown	unknown	false	1%, Virustotal, Browse	unknown
ik.imagekit.io	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-2.2.4.min.js	false	1%, Virustotal, Browse	unknown
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	false	0%, Virustotal, Browse	unknown
https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/	true		unknown
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alphatrade-options.com/git/rand/favicon.png	chromecache_49.2.dr	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
13.35.58.119	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.35.58.104	d28h3jm4r3crf8.cloudfront.net	United States	16509	AMAZON-02US	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false
208.91.114.103	fac.corp.fortinet.com	United States	40934	FORTINETUS	false
209.94.90.2	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521029
Start date and time:	2024-09-28 03:19:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@18/10@21/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.186.46, 173.194.76.84, 34.104.35.123, 142.250.185.74, 172.217.18.10, 142.250.184.234, 216.58.206.42, 216.58.206.74, 142.250.184.202, 142.250.185.234, 142.250.181.234, 142.250.186.170, 142.250.185.170, 142.250.185.202, 216.58.212.138, 142.250.186.42, 142.250.185.138, 142.250.185.106, 142.250.186.106, 20.12.23.50, 199.232.214.172, 192.229.221.95, 13.85.23.206, 52.165.165.26, 172.217.18.3, 20.114.59.183
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Log in", "text_input_field_labels":["Email:", "Password:"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/ Model: jbxai	{ "error":"local variable 'brand_input' referenced before assignment"}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52259), with CRLF line terminators
Category:	downloaded
Size (bytes):	164790
Entropy (8bit):	5.159248742399107
Encrypted:	false
SSDEEP:	3072:HQeBW6h9jk7PVxUX557IZiIKrHTpKeQyg+UG7fLR+q30:weBW6h9Y7PVxo57IZ9KrHxQyghiLf30
MD5:	33BBAD823F94A5DD32132A4595EB0F82
SHA1:	9ADD470BC86B5FE50F265556F39ED140ED571121
SHA-256:	F0530F83499E0BEEE161B477F54E4B3A48EC1096B8B2DB8A31CFE5BB9722E8DE
SHA-512:	E750602A8D70CCB40052FA25942BE7E72D756EDCDE4C8A0A53FFF69BE933021B51283F58EB95F6D37DAE7CD633A4C0B52A97316CB451A932B110173C54444BCE
Malicious:	false
Reputation:	low
URL:	https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/
Preview:	<!DOCTYPE html>..<html lang="en">.. "ks607fje8su7hb"-->..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != window.location) {.. window.opener.top.location.reload();.. self.close();.. }.. </script>......

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlv8p3U80xp1BIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 03:19:56.979717016 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 28, 2024 03:19:58.452080965 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.452122927 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.452213049 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.452481985 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.452493906 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.912123919 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.916362047 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.916378021 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.917380095 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.917462111 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.930253029 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.930341959 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.930723906 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:58.930736065 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:58.981219053 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.062886000 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.062923908 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.062954903 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.062959909 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.062973976 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.062994003 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.063014984 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.063015938 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.063025951 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.063059092 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.063065052 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.063070059 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.063107967 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.063112020 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.063149929 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.068310022 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.108607054 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.108623981 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.123656988 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.123687983 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.123903990 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.124207020 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.124217987 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.142298937 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.142344952 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.142437935 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.142767906 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.142781019 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.149282932 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149419069 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149445057 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.149456024 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149498940 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.149738073 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149802923 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149832964 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149859905 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149880886 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.149887085 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.149897099 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.150512934 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.150717974 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.150722027 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151032925 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151062012 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151087046 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.151089907 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151102066 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151129961 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.151168108 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151197910 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.151201963 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151804924 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151829958 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151849985 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.151854038 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.151891947 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.151896000 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.194653988 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.236232996 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236334085 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236376047 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.236388922 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236655951 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236705065 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236721992 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.236730099 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236808062 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.236809015 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236819029 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.236871958 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.236877918 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.237232924 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.237262011 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.237296104 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.237304926 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.237333059 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.237346888 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.238001108 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238022089 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238066912 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.238071918 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238094091 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238115072 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.238118887 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238127947 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.238851070 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238898993 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238920927 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.238925934 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.238964081 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.239844084 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.239892960 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.239900112 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.239905119 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.239938021 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.240722895 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.240777016 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.240782022 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.240827084 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.311635017 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.311693907 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.311925888 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.312443018 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.312459946 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.322828054 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.322871923 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.322951078 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.322961092 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323009968 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.323240042 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323271990 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323302031 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323306084 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.323312998 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323331118 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.323338985 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323343039 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.323395967 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.323400974 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.323982954 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324014902 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324035883 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324040890 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.324044943 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324071884 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.324106932 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.324712038 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324769020 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.324845076 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324875116 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324892044 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.324897051 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.324915886 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.324935913 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.325637102 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325685978 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325697899 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.325701952 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325720072 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325746059 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.325751066 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325762033 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325763941 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.325829983 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.325834036 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.325874090 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.326478958 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.326508045 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.326534986 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.326539993 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.326566935 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.326615095 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.328545094 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.328602076 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 03:19:59.328615904 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 03:19:59.599354982 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.599793911 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.599821091 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.600676060 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.600750923 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.602106094 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.602159023 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.602556944 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.602570057 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.730525970 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.730551958 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.775742054 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795104027 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795121908 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795177937 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795192003 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795205116 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795238018 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795264006 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795298100 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795315027 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795687914 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795698881 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795726061 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795742035 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795753002 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795766115 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.795783043 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795793056 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.795809984 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.835870981 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.835885048 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.835925102 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.835963011 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.836031914 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.836091995 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.836091995 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.871974945 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.873130083 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.873146057 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.874161005 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.874228001 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.875601053 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.875653982 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.875891924 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.875900030 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:19:59.888320923 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.888354063 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.888441086 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.888458014 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.888484001 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.888499975 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.889326096 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.889345884 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.889381886 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.889384031 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.889393091 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.889436007 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.889440060 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.889461040 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.889472961 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.889499903 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.890635014 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 03:19:59.890647888 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 03:19:59.922147036 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:19:59.926585913 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.935590982 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.935659885 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.936850071 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.936949968 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.940717936 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.940846920 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.940943956 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:19:59.940973043 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:19:59.984932899 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:20:00.148443937 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.148477077 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.148483992 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.148519993 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.148538113 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.148561954 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.148571014 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.148582935 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.148601055 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.230823040 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.230846882 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.230891943 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.230916023 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.230938911 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.230956078 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.236679077 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.236696959 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.236742973 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.236757994 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.236795902 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.236814976 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.239013910 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.239075899 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.239084005 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.239099026 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:00.239154100 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:00.477829933 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:20:00.478080988 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:20:00.478149891 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:20:00.478149891 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:20:00.478199959 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:20:01.010674953 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 03:20:01.010691881 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 03:20:01.018445969 CEST	49738	443	192.168.2.4	13.35.58.104
Sep 28, 2024 03:20:01.018486023 CEST	443	49738	13.35.58.104	192.168.2.4
Sep 28, 2024 03:20:01.599875927 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:01.599934101 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:01.601330042 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:01.601871967 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:01.601893902 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:01.728214025 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:01.728245974 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:01.728369951 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:01.728612900 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:01.728626966 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:01.735017061 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:01.735065937 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:01.735140085 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:01.735455990 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:01.735470057 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:01.742844105 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:01.742861986 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:01.743098974 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:01.772742987 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:01.772768974 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.181210995 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.181710005 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.181734085 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.182775974 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.182831049 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.183590889 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.183640003 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.183882952 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.183887959 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.229867935 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.251983881 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:02.252607107 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:02.252646923 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:02.253664970 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:02.253730059 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:02.255249977 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:02.255320072 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:02.283380985 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.283456087 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.283494949 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.283507109 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.283526897 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.283612013 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.283617020 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.284317970 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.284360886 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.284396887 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.284398079 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.284409046 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.284432888 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.284468889 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.284576893 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.284580946 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.307988882 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:02.308020115 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:02.339308023 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.339329004 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.354883909 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:02.369960070 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.369998932 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370021105 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.370033979 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370074034 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.370078087 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370397091 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370443106 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370444059 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.370459080 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370497942 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.370501995 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.370992899 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371021986 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371038914 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.371042967 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371078968 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.371098995 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371154070 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371180058 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371221066 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.371225119 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.371257067 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.371957064 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.417398930 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.434767962 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.434835911 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.445808887 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.450167894 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.450185061 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.450568914 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.450737953 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.450773001 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.451932907 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.452017069 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.456089020 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.456204891 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.456387043 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.456396103 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.456968069 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.456981897 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457009077 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457020044 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.457026005 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457039118 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457056999 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457061052 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.457067966 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457087040 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.457112074 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.457191944 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457212925 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457243919 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.457248926 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.457267046 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.457284927 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.458060026 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.458086014 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.458127975 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.458132029 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.458153009 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.458180904 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.458201885 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.464015961 CEST	49746	443	192.168.2.4	151.101.66.137
Sep 28, 2024 03:20:02.464042902 CEST	443	49746	151.101.66.137	192.168.2.4
Sep 28, 2024 03:20:02.495672941 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.511126995 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.538032055 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.583400965 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.716221094 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725564003 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725573063 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725629091 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.725640059 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725687981 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725707054 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725749969 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.725773096 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.725773096 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.725773096 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.725796938 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.728059053 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.728214025 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.728266001 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.728503942 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.728522062 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.728533983 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.728539944 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.785768032 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.785809040 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.785948038 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.786231041 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:02.786245108 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:02.804629087 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.804651976 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.804698944 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.804725885 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.804754019 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.804771900 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.809648037 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.809667110 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.809743881 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.809756994 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.809798956 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.813097000 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.813146114 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.813189030 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.813261986 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.813312054 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.813424110 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.813445091 CEST	443	49747	13.35.58.119	192.168.2.4
Sep 28, 2024 03:20:02.813465118 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:02.813497066 CEST	49747	443	192.168.2.4	13.35.58.119
Sep 28, 2024 03:20:03.428975105 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.429050922 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:03.436234951 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:03.436247110 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.436475039 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.437640905 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:03.483413935 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.707068920 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.707151890 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.707247972 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:03.841651917 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:03.841682911 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:03.841696978 CEST	49751	443	192.168.2.4	184.28.90.27
Sep 28, 2024 03:20:03.841703892 CEST	443	49751	184.28.90.27	192.168.2.4
Sep 28, 2024 03:20:12.162689924 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:12.162760973 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:20:12.163048029 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:13.124840021 CEST	49745	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:20:13.124877930 CEST	443	49745	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:01.551127911 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:01.551175117 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:01.551235914 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:01.551883936 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:01.551898003 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:02.217575073 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:02.217890024 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:02.217921972 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:02.218241930 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:02.218621969 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:02.218741894 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:02.261626959 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:04.386935949 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 28, 2024 03:21:04.387154102 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 28, 2024 03:21:04.392292023 CEST	80	49723	93.184.221.240	192.168.2.4
Sep 28, 2024 03:21:04.392362118 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 28, 2024 03:21:04.392626047 CEST	80	49724	93.184.221.240	192.168.2.4
Sep 28, 2024 03:21:04.392683983 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 28, 2024 03:21:12.151293993 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:12.151410103 CEST	443	49760	172.217.18.4	192.168.2.4
Sep 28, 2024 03:21:12.151555061 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:13.211978912 CEST	49760	443	192.168.2.4	172.217.18.4
Sep 28, 2024 03:21:13.212054968 CEST	443	49760	172.217.18.4	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 03:19:56.763933897 CEST	53	50313	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:56.783170938 CEST	53	60514	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:57.835887909 CEST	53	54433	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:58.409298897 CEST	52906	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:58.409714937 CEST	57577	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:58.418410063 CEST	53	57577	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:58.418909073 CEST	53	52906	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:58.428980112 CEST	50357	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:58.429126978 CEST	53399	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:58.438729048 CEST	53	50357	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:58.451505899 CEST	53	53399	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:59.116163969 CEST	57449	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:59.116353989 CEST	53740	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:59.116879940 CEST	50719	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:59.117203951 CEST	64971	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:59.117857933 CEST	58334	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:59.118297100 CEST	63662	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:19:59.123085022 CEST	53	53740	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:59.123197079 CEST	53	57449	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:59.137871027 CEST	53	64971	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:59.141590118 CEST	53	50719	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:59.274337053 CEST	53	58334	1.1.1.1	192.168.2.4
Sep 28, 2024 03:19:59.426908016 CEST	53	63662	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:00.274853945 CEST	53	63108	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:01.571589947 CEST	55412	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.571837902 CEST	59214	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.578423023 CEST	53	55412	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:01.578505993 CEST	53	59214	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:01.606616974 CEST	53307	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.606939077 CEST	49853	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.720365047 CEST	59272	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.720582008 CEST	60067	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.724399090 CEST	63764	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.724580050 CEST	58853	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:01.727323055 CEST	53	59272	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:01.727744102 CEST	53	60067	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:01.731482983 CEST	53	58853	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:01.734288931 CEST	53	63764	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:02.105988979 CEST	53	49853	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:02.113735914 CEST	64847	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:02.127538919 CEST	53	53307	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:02.128549099 CEST	62288	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:02.655553102 CEST	53	62288	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:02.656594038 CEST	63862	53	192.168.2.4	1.1.1.1
Sep 28, 2024 03:20:02.662635088 CEST	53	64847	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:03.183567047 CEST	53	63862	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:14.827719927 CEST	53	63378	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:15.954379082 CEST	138	138	192.168.2.4	192.168.2.255
Sep 28, 2024 03:20:33.644427061 CEST	53	59096	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:56.071284056 CEST	53	54072	1.1.1.1	192.168.2.4
Sep 28, 2024 03:20:56.641711950 CEST	53	54438	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 03:19:59.427532911 CEST	192.168.2.4	1.1.1.1	c217	(Port unreachable)	Destination Unreachable
Sep 28, 2024 03:20:02.662739038 CEST	192.168.2.4	1.1.1.1	c1ec	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 03:19:58.409298897 CEST	192.168.2.4	1.1.1.1	0xcf6c	Standard query (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:58.409714937 CEST	192.168.2.4	1.1.1.1	0x1470	Standard query (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	65	IN (0x0001)	false
Sep 28, 2024 03:19:58.428980112 CEST	192.168.2.4	1.1.1.1	0x6612	Standard query (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:58.429126978 CEST	192.168.2.4	1.1.1.1	0x2745	Standard query (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link	65	IN (0x0001)	false
Sep 28, 2024 03:19:59.116163969 CEST	192.168.2.4	1.1.1.1	0x7885	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.116353989 CEST	192.168.2.4	1.1.1.1	0x774f	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 28, 2024 03:19:59.116879940 CEST	192.168.2.4	1.1.1.1	0x4b4	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.117203951 CEST	192.168.2.4	1.1.1.1	0x67c1	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Sep 28, 2024 03:19:59.117857933 CEST	192.168.2.4	1.1.1.1	0x5e20	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.118297100 CEST	192.168.2.4	1.1.1.1	0xe8ce	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Sep 28, 2024 03:20:01.571589947 CEST	192.168.2.4	1.1.1.1	0xa632	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.571837902 CEST	192.168.2.4	1.1.1.1	0x2bdd	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 03:20:01.606616974 CEST	192.168.2.4	1.1.1.1	0xaea1	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.606939077 CEST	192.168.2.4	1.1.1.1	0x29fc	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 28, 2024 03:20:01.720365047 CEST	192.168.2.4	1.1.1.1	0x56a5	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.720582008 CEST	192.168.2.4	1.1.1.1	0x7e2e	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 28, 2024 03:20:01.724399090 CEST	192.168.2.4	1.1.1.1	0x95ea	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.724580050 CEST	192.168.2.4	1.1.1.1	0x2836	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Sep 28, 2024 03:20:02.113735914 CEST	192.168.2.4	1.1.1.1	0x9c79	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 28, 2024 03:20:02.128549099 CEST	192.168.2.4	1.1.1.1	0xb38b	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:02.656594038 CEST	192.168.2.4	1.1.1.1	0xe976	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 03:19:58.418410063 CEST	1.1.1.1	192.168.2.4	0x1470	No error (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link			65	IN (0x0001)	false
Sep 28, 2024 03:19:58.418909073 CEST	1.1.1.1	192.168.2.4	0xcf6c	No error (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link		209.94.90.2	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:58.418909073 CEST	1.1.1.1	192.168.2.4	0xcf6c	No error (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link		209.94.90.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:58.438729048 CEST	1.1.1.1	192.168.2.4	0x6612	No error (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link		209.94.90.2	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:58.438729048 CEST	1.1.1.1	192.168.2.4	0x6612	No error (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link		209.94.90.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:58.451505899 CEST	1.1.1.1	192.168.2.4	0x2745	No error (0)	bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link			65	IN (0x0001)	false
Sep 28, 2024 03:19:59.123197079 CEST	1.1.1.1	192.168.2.4	0x7885	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.123197079 CEST	1.1.1.1	192.168.2.4	0x7885	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.123197079 CEST	1.1.1.1	192.168.2.4	0x7885	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.123197079 CEST	1.1.1.1	192.168.2.4	0x7885	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.137871027 CEST	1.1.1.1	192.168.2.4	0x67c1	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:19:59.141590118 CEST	1.1.1.1	192.168.2.4	0x4b4	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:19:59.141590118 CEST	1.1.1.1	192.168.2.4	0x4b4	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.141590118 CEST	1.1.1.1	192.168.2.4	0x4b4	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.141590118 CEST	1.1.1.1	192.168.2.4	0x4b4	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.141590118 CEST	1.1.1.1	192.168.2.4	0x4b4	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:19:59.274337053 CEST	1.1.1.1	192.168.2.4	0x5e20	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.578423023 CEST	1.1.1.1	192.168.2.4	0xa632	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.578505993 CEST	1.1.1.1	192.168.2.4	0x2bdd	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 03:20:01.727323055 CEST	1.1.1.1	192.168.2.4	0x56a5	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.727323055 CEST	1.1.1.1	192.168.2.4	0x56a5	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.727323055 CEST	1.1.1.1	192.168.2.4	0x56a5	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.727323055 CEST	1.1.1.1	192.168.2.4	0x56a5	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.731482983 CEST	1.1.1.1	192.168.2.4	0x2836	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:20:01.734288931 CEST	1.1.1.1	192.168.2.4	0x95ea	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:20:01.734288931 CEST	1.1.1.1	192.168.2.4	0x95ea	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.734288931 CEST	1.1.1.1	192.168.2.4	0x95ea	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.734288931 CEST	1.1.1.1	192.168.2.4	0x95ea	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:01.734288931 CEST	1.1.1.1	192.168.2.4	0x95ea	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:02.105988979 CEST	1.1.1.1	192.168.2.4	0x29fc	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 28, 2024 03:20:02.127538919 CEST	1.1.1.1	192.168.2.4	0xaea1	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:02.655553102 CEST	1.1.1.1	192.168.2.4	0xb38b	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:02.662635088 CEST	1.1.1.1	192.168.2.4	0x9c79	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 28, 2024 03:20:03.183567047 CEST	1.1.1.1	192.168.2.4	0xe976	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:10.980158091 CEST	1.1.1.1	192.168.2.4	0x1d65	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:10.980158091 CEST	1.1.1.1	192.168.2.4	0x1d65	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:11.496185064 CEST	1.1.1.1	192.168.2.4	0xb8cf	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:20:11.496185064 CEST	1.1.1.1	192.168.2.4	0xb8cf	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:24.894768000 CEST	1.1.1.1	192.168.2.4	0x6469	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:20:24.894768000 CEST	1.1.1.1	192.168.2.4	0x6469	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 03:20:48.711119890 CEST	1.1.1.1	192.168.2.4	0x9272	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 03:20:48.711119890 CEST	1.1.1.1	192.168.2.4	0x9272	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	209.94.90.2	443	4944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:19:58 UTC	717	OUT	GET / HTTP/1.1 Host: bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 01:19:59 UTC	1041	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 01:19:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky/ x-ipfs-roots: bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky x-ipfs-pop: rainbow-dc13-06 CF-Cache-Status: HIT Age: 84355 Server: cloudflare CF-RAY: 8c9fe889ba71425c-EWR
2024-09-28 01:19:59 UTC	328	IN	Data Raw: 37 62 38 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 22 6b 73 36 30 37 66 6a 65 38 73 75 37 68 62 22 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 Data Ascii: 7b8d<!DOCTYPE html><html lang="en">..."ks607fje8su7hb"--><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="re
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 32 2e 32 2e 34 2e 6d 69 6e 2e 6a 73 22 0d 0a 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 32 35 36 2d 42 62 68 64 6c 76 51 66 2f 78 54 59 39 67 6a 61 30 44 71 33 48 69 77 51 46 38 4c 61 43 52 54 58 78 5a 4b 52 75 74 65 6c 54 34 34 3d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 Data Ascii: on" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png"> <script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 75 62 6d 69 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e Data Ascii: input { border-radius: 5px; padding: 5px 3px; } input.submit { font-weight: bold; text-align: center; min-width: 90px; color: #f0f0f0; backgroun
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 7a 36 71 4f 69 50 47 78 56 4a 52 6c 44 66 5a 73 66 71 59 2b 6d 79 6e 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 33 43 52 45 72 33 45 58 55 36 6a 30 61 75 39 54 31 6a 64 35 61 65 75 45 65 4f 69 79 58 62 45 34 4e 35 68 7a 56 31 69 71 36 4f 55 43 47 2f 72 63 39 76 79 57 30 79 5a 71 4e 57 30 37 4c 58 2b 6e 45 44 33 66 4e 56 42 53 6c 6c 58 4b 52 46 34 4d 64 31 52 78 46 46 34 45 39 72 47 6f 69 38 53 57 63 35 34 43 36 59 55 52 4f 55 6a 78 30 49 44 31 46 2f 69 5a 73 71 78 6d 50 71 4c 46 63 31 2f 77 2f 45 73 74 4d 56 79 74 67 5a 2b 48 5a 50 70 50 49 41 48 46 30 51 4b 33 50 73 Data Ascii: z6qOiPGxVJRlDfZsfqY+myn9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq3CREr3EXU6j0au9T1jd5aeuEeOiyXbE4N5hzV1iq6OUCG/rc9vyW0yZqNW07LX+nED3fNVBSllXKRF4Md1RxFF4E9rGoi8SWc54C6YUROUjx0ID1F/iZsqxmPqLFc1/w/EstMVytgZ+HZPpPIAHF0QK3Ps
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 36 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 36 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 44 35 32 42 31 45 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 Data Ascii: 600; } .col2 { width: 286px; } .col2 input { width: 96%; } .error { color: #D52B1E; font-weight: normal; } .container {
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 68 3a 20 36 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: h: 600px) { body { background-image: none; } .container { /* position:relative; padding: 20px; box-shadow:none;
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 74 65 78 74 2d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 41 72 69 61 6c 20 42 6c 61 63 6b 22 2c 20 47 61 64 67 65 74 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 Data Ascii: object-fit: contain } .xlogo span { vertical-align: middle } .text-g { font-family: "Arial Black", Gadget, sans-serif; text-transform: uppercase !important; text
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 35 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 0d 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 6e 61 6d 65 3d 22 68 69 64 6f 22 20 69 64 3d 22 68 69 64 6f 22 20 76 61 6c 75 65 3d 22 22 3e 0d 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 6e 61 6d 65 3d 22 72 65 64 69 72 65 63 Data Ascii: osition:absolute; top:50%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image"> <input type="hidden" class="form-control" name="hido" id="hido" value=""> <input type="hidden" class="form-control" name="redirec
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 31 22 20 73 74 79 6c 65 3d 22 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 73 75 62 6d 69 74 5f 62 74 6e 22 20 63 Data Ascii: <div><span class="error" id="error"></span></div> </div> <div class="row"> <div class="col1" style="line-height:40px;padding-top:10px;"> <input type="button" id="submit_btn" c
2024-09-28 01:19:59 UTC	1369	IN	Data Raw: 74 61 6c 69 7a 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 22 20 63 6c 61 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 31 22 3e 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 64 5f 65 6d 61 69 6c 22 3e 45 6d 61 69 6c 3a 3c 2f 6c 61 62 65 6c 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 32 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 0d 0a 20 20 20 20 Data Ascii: talize !important;" class='text-g' id="banNer"></span> </div> <div class="row"> <div class="col1"><label for="id_email">Email:</label></div> <div class="col2"> ...

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	151.101.130.137	443	4944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:19:59 UTC	681	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 01:19:59 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1538317 Date: Sat, 28 Sep 2024 01:19:59 GMT X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740065-EWR X-Cache: HIT, HIT X-Cache-Hits: 2274, 0 X-Timer: S1727486400.653106,VS0,VE2 Vary: Accept-Encoding
2024-09-28 01:19:59 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-09-28 01:19:59 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2024-09-28 01:19:59 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2024-09-28 01:19:59 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2024-09-28 01:19:59 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2024-09-28 01:19:59 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	13.35.58.104	443	4944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:19:59 UTC	678	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 01:20:00 UTC	807	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: c1888c58-7e59-4f49-8e8c-9bc17e945038 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Sun, 30 Jun 2024 19:38:51 GMT Date: Tue, 17 Sep 2024 00:50:56 GMT Via: 1.1 bb5a1c03f2335d92378a3e68542733da.cloudfront.net (CloudFront), 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: dupXxuYyqW09T5p2QwVmvFAy7oBedM3EwGDeP8GyQYs18LxT1oOpdw== Age: 952144
2024-09-28 01:20:00 UTC	15577	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-09-28 01:20:00 UTC	16384	IN	Data Raw: cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 Data Ascii: !3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2024-09-28 01:20:00 UTC	16384	IN	Data Raw: 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 d1 Data Ascii: >l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs
2024-09-28 01:20:00 UTC	6857	IN	Data Raw: ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 0c Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	208.91.114.103	443	4944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:19:59 UTC	706	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 01:20:00 UTC	548	IN	HTTP/1.1 404 Not Found Date: Sat, 28 Sep 2024 01:20:00 GMT Content-Length: 4288 Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2024-09-28 01:20:00 UTC	4288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	151.101.66.137	443	4944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:20:02 UTC	358	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 01:20:02 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sat, 28 Sep 2024 01:20:02 GMT Age: 1538320 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740026-EWR X-Cache: HIT, HIT X-Cache-Hits: 2274, 1 X-Timer: S1727486402.237737,VS0,VE2 Vary: Accept-Encoding
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 7c 7c 7b 7d 2c 68 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 7c 7c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 29 7c 7c 28 67 3d 7b 7d 29 2c 68 3d 3d 3d 69 26 26 28 67 3d 74 68 69 73 2c 68 2d 2d 29 3b 69 3e 68 3b 68 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 29 29 66 6f 72 28 62 20 69 6e 20 61 29 63 3d 67 5b 62 5d 2c 64 3d 61 5b 62 5d 2c 67 21 3d 3d 64 26 26 28 6a 26 26 64 26 26 28 6e 2e 69 73 50 6c 61 Data Ascii: ,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPla
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 2d 22 29 2e 72 65 70 6c 61 63 65 28 71 2c 72 29 7d 2c 6e 6f 64 65 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 73 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 63 3e 64 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e Data Ascii: -").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 3d 6e 2e 74 79 70 65 28 61 29 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 63 7c 7c 6e 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 21 31 3a 22 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 7d 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 67 61 28 29 2c 7a 3d 67 61 28 29 2c 41 3d 67 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d Data Ascii: =n.type(a);return"function"===c\|\|n.isWindow(a)?!1:"array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 4b 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4c 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4c 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4c 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 59 3d 2f 5e 68 5c 64 24 2f 69 2c 5a 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 24 3d 2f 5e 28 3f 3a 23 28 Data Ascii: i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+L+"((?:-\\d)?\\d)"+L+"\$\|)(?=[^-]\|$)","i")},X=/^(?:input\|select\|textarea\|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#(
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 61 61 2c 22 5c 5c 24 26 22 29 3a 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 6b 3d 75 29 2c 72 3d 67 28 61 29 2c 68 3d 72 2e 6c 65 6e 67 74 68 2c 6c 3d 56 2e 74 65 73 74 28 6b 29 3f 22 23 22 2b 6b 3a 22 5b 69 64 3d 27 22 2b 6b 2b 22 27 5d 22 3b 77 68 69 6c 65 28 68 2d 2d 29 72 5b 68 5d 3d 6c 2b 22 20 22 2b 71 61 28 72 5b 68 5d 29 3b 73 3d 72 2e 6a 6f 69 6e 28 22 2c 22 29 2c 77 3d 5f 2e 74 65 73 74 28 61 29 26 26 6f 61 28 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 62 7d 69 66 28 73 29 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 64 2c 77 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 73 Data Ascii: Case()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)\|\|b}if(s)try{return H.apply(d,w.querySelectorAll(s
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 3f 22 48 54 4d 4c 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 3a 21 31 7d 2c 6d 3d 66 61 2e 73 65 74 44 6f 63 75 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 65 2c 67 3d 61 3f 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 3a 76 3b 72 65 74 75 72 6e 20 67 21 3d 3d 6e 26 26 39 3d 3d 3d 67 2e 6e 6f 64 65 54 79 70 65 26 26 67 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3f 28 6e 3d 67 2c 6f 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 70 3d 21 66 28 6e 29 2c 28 65 3d 6e 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 65 2e 74 6f 70 21 3d 3d 65 26 26 28 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c Data Ascii: ).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument\|\|a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventL
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 6e 20 66 7d 2c 64 2e 66 69 6e 64 2e 43 4c 41 53 53 3d 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 70 3f 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 3a 76 6f 69 64 20 30 7d 2c 72 3d 5b 5d 2c 71 3d 5b 5d 2c 28 63 2e 71 73 61 3d 5a 2e 74 65 73 74 28 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 29 26 26 28 69 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 69 64 3d 27 22 2b 75 2b 22 27 3e 3c 2f 61 Data Ascii: n f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 6d 65 6e 74 3a 61 2c 64 3d 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 61 3d 3d 3d 64 7c 7c 21 28 21 64 7c 7c 31 21 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 63 2e 63 6f 6e 74 61 69 6e 73 3f 63 2e 63 6f 6e 74 61 69 6e 73 28 64 29 3a 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 64 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 77 68 69 6c 65 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 Data Ascii: ment:a,d=b&&b.parentNode;return a===d\|\|!(!d\|\|1!==d.nodeType\|\|!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!
2024-09-28 01:20:02 UTC	1378	IN	Data Raw: 72 48 61 6e 64 6c 65 5b 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 66 3d 65 26 26 44 2e 63 61 6c 6c 28 64 2e 61 74 74 72 48 61 6e 64 6c 65 2c 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 65 28 61 2c 62 2c 21 70 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 66 3f 66 3a 63 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 21 70 3f 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 3a 28 66 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 62 29 29 26 26 66 2e 73 70 65 63 69 66 69 65 64 3f 66 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 2c 66 61 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 Data Ascii: rHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes\|\|!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognize

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	13.35.58.119	443	4944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:20:02 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 01:20:02 UTC	808	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 6f586e09-c9d6-43fb-be5a-a4eb2b520d61 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Wed, 31 Jul 2024 20:19:18 GMT Date: Tue, 06 Aug 2024 08:43:09 GMT Via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront), 1.1 6a5eda21ba47fc7b4d3ca7ac7a9ac958.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: OhvH3vy7up-4oD57HoxkYnGDAAbY8_rZYQoOpJVyua4E_yKsf9sgbg== Age: 4552613
2024-09-28 01:20:02 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-09-28 01:20:02 UTC	16384	IN	Data Raw: 06 15 30 ce 26 fd 80 69 00 09 a4 0c 34 c4 e0 aa 65 80 05 10 2b 22 fe c4 40 5a 12 86 9f 0d 66 3c 28 63 20 c5 d1 9f 01 2a 4f 72 80 13 83 2c 35 12 66 b4 bc 19 a0 75 23 13 37 7d c3 99 d0 20 79 a4 14 2f 45 fc 96 53 c1 c5 cb 19 8f 2a b8 3c 41 ec 8e 05 9b 24 39 34 f2 a0 7a 22 03 f1 7b 64 0c df 28 63 91 00 79 12 09 cc 30 8e 67 c0 08 92 04 66 23 1a d0 5c 63 03 86 81 64 d0 9f 79 82 19 f2 c1 46 23 d0 e7 c7 7d 1a 61 70 88 76 13 29 d0 de 21 31 68 96 10 7a 83 48 60 a1 3f 27 30 65 ff cc 06 13 11 00 60 20 03 7c 95 50 6e 8c 18 00 1e 42 0d 28 a8 c7 63 12 b5 f0 c8 00 17 4c 34 42 20 12 4c 64 42 24 9e 4d 44 d6 1f b7 21 84 61 24 57 9d f8 07 0a 12 ed 58 49 08 12 b1 c5 87 01 8b f5 73 a3 25 03 ac 48 0f 03 2e ce 51 24 45 99 18 60 62 3f 2a ec 51 42 42 2b 64 09 89 00 d8 f8 43 40 81 Data Ascii: 0&i4e+"@Zf<(c Or,5fu#7} y/ES<A$94z"{d(cy0gf#\cdyF#}apv)!1hzH`?'0e` \|PnB(cL4B LdB$MD!a$WXIs%H.Q$E`b?*QBB+dC@
2024-09-28 01:20:02 UTC	16384	IN	Data Raw: 08 bc 00 2e 7e 11 46 07 e8 f9 c2 a6 3a f5 a9 50 8d aa 54 a7 4a d5 aa 5a f5 aa 58 cd aa 56 b7 ca d5 ae 7a f5 ab 60 0d 2b 20 82 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 85 00 00 00 b5 b5 b5 f5 f5 f5 fd fd fd 9d 9d 9d f7 f7 f7 fb fb fb 99 99 99 9b 9b 9b ff ff ff a1 a1 a1 9f 9f 9f a5 a5 a5 ad ad ad c9 c9 c9 ed ed ed a3 a3 a3 f9 f9 f9 f3 f3 f3 df df df d1 d1 d1 e1 e1 e1 e9 e9 e9 b9 b9 b9 bd bd bd ef ef ef c3 c3 c3 a9 a9 a9 db db db eb eb eb e7 e7 e7 c7 c7 c7 cf cf cf c1 c1 c1 bb bb bb cb cb cb bf bf bf f1 f1 f1 d5 d5 d5 ab ab ab dd dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 Data Ascii: .~F:PTJZXVz`+ !,
2024-09-28 01:20:02 UTC	5214	IN	Data Raw: d8 d2 28 0d 17 5c 31 0d 0f c0 12 25 97 11 49 47 38 71 93 07 80 40 0b ec 38 86 01 70 80 74 94 4c e1 24 8e 08 4a 69 88 92 94 5c c8 80 0a 2e a0 c7 54 66 82 95 ad c4 86 0b 46 10 03 2e 26 c1 02 2a 10 c1 c4 72 79 00 55 5a 02 97 c4 c4 06 04 5c 10 02 10 a0 c0 03 1d c8 80 00 fc 26 81 0e c4 20 05 14 68 81 16 93 b9 bb 4c 70 80 8c c9 0c a7 60 08 50 b1 4d 74 e0 91 e2 4c e7 57 18 e0 43 4e 08 60 9b ea 8c 27 48 38 38 0a 03 ac 50 9e f8 4c 88 3b 4c 91 82 5a e6 13 9f 56 4c 85 04 06 f7 4f 7c 06 60 89 a8 50 01 38 0b da 4a 02 b0 71 15 59 64 68 3a 57 10 c8 54 a4 60 98 12 4d 23 04 1a 06 0b 3c 2e 34 a3 7c 1b 81 2f 53 51 00 97 81 d4 35 08 bd c5 03 20 78 52 ad b0 80 7b 9a be e8 80 26 5b ba 12 11 84 f0 17 8d c4 28 4d 97 b1 00 07 a4 14 19 03 40 01 41 5b 7a 02 1a 8c b4 17 12 a0 00 2a Data Ascii: (\1%IG8q@8ptL$Ji\.TfF.&ryUZ\& hLp`PMtLWCN`'H88PL;LZVLO\|`P8JqYdh:WT`M#<.4\|/SQ5 xR{&[(M@A[z
2024-09-28 01:20:02 UTC	836	IN	Data Raw: a3 2a bd c2 10 0d 6a 5c 58 2e 4c 98 32 e4 62 6d 1a 95 dc 91 9d 05 f5 7a c6 09 13 29 40 f0 43 9c fa a3 ee 1a 1c 4e d4 e6 43 2c 62 c8 86 c0 28 91 34 af d1 6c 4c 3b 11 01 3f 21 34 80 ca 05 21 50 b5 1a 53 fe 69 91 a2 f4 b2 21 e8 44 0a 06 c4 b3 79 6e 0c d7 21 42 4c 33 b4 f5 1a 95 c2 8b 90 7f 05 95 cd 06 ce 0c 45 5b 8e da 13 15 d7 c6 a7 13 69 5c 8e a1 0c 25 9b 06 dd fe 20 f0 b0 37 32 84 34 74 49 21 d9 5c 8c 6a 21 4d 1c 87 01 11 6b e3 96 35 ef 32 fb b3 1b d3 31 d4 c0 e7 a1 44 70 ab 48 74 00 3e 91 93 bc 14 3d f5 db 70 7c 8c ea e2 a2 54 ac ff 51 86 75 c4 3c 51 9a a2 44 30 6a 48 28 d3 01 9a 46 f8 72 32 f2 44 92 cf 61 bb 46 33 6e 82 e0 49 1e de 81 78 41 0a 04 8f 49 09 99 8f a3 47 d2 21 b9 40 fa 24 11 04 cd d0 02 86 cb 11 fa 44 ad 61 b2 14 71 7c e0 d5 92 7d 96 0c af Data Ascii: *j\X.L2bmz)@CNC,b(4lL;?!4!PSi!Dyn!BL3E[i\% 724tI!\j!Mk521DpHt>=p\|TQu<QD0jH(Fr2DaF3nIxAIG!@$Daq\|}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:20:02 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 01:20:02 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=228300 Date: Sat, 28 Sep 2024 01:20:02 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49751	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 01:20:03 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 01:20:03 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=228329 Date: Sat, 28 Sep 2024 01:20:03 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 01:20:03 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	21:19:53
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	21:19:55
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,710625568183230544,1241015653111021493,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:19:57
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.linkConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.linksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1184, Parent PID: 404

General

Chronological Activities

Analysis Process: chrome.exePID: 4944, Parent PID: 1184

General

Chronological Activities

Windows Analysis Report
http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/