Edit tour

Windows Analysis Report
http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/

Overview

General Information

Sample URL:	http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/
Analysis ID:	1521161
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2200,i,13603230231551288722,10975680519386894700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 28 Sep 2024 03:16:08 GMTContent-Length: 4288Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: chromecache_115.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_115.2.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: chromecache_115.2.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: chromecache_115.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_115.2.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62127

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@23/10@21/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2200,i,13603230231551288722,10975680519386894700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2200,i,13603230231551288722,10975680519386894700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/	14%	Virustotal		Browse
http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Link
code.jquery.com	1%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
ik.imagekit.io	0%	Virustotal	Browse
bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	14%	Virustotal	Browse
d28h3jm4r3crf8.cloudfront.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
alphatrade-options.com	1%	Virustotal	Browse
fac.corp.fortinet.com	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Link
https://code.jquery.com/jquery-2.2.4.min.js	1%	Virustotal	Browse
https://alphatrade-options.com/git/rand/favicon.png	0%	Virustotal	Browse
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	0%	Virustotal	Browse
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	0%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
code.jquery.com	151.101.130.137	true	false	1%, Virustotal, Browse	unknown
www.google.com	172.217.18.4	true	false	0%, Virustotal, Browse	unknown
fac.corp.fortinet.com	208.91.114.103	true	false	0%, Virustotal, Browse	unknown
d28h3jm4r3crf8.cloudfront.net	13.35.58.10	true	false	0%, Virustotal, Browse	unknown
bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	209.94.90.2	true	false	14%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
alphatrade-options.com	unknown	unknown	false	1%, Virustotal, Browse	unknown
ik.imagekit.io	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/	true		unknown
https://code.jquery.com/jquery-2.2.4.min.js	false	1%, Virustotal, Browse	unknown
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	false	0%, Virustotal, Browse	unknown
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alphatrade-options.com/git/rand/favicon.png	chromecache_115.2.dr	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.35.58.10	d28h3jm4r3crf8.cloudfront.net	United States	16509	AMAZON-02US	false
13.35.58.104	unknown	United States	16509	AMAZON-02US	false
208.91.114.103	fac.corp.fortinet.com	United States	40934	FORTINETUS	false
209.94.90.2	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521161
Start date and time:	2024-09-28 05:15:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@23/10@21/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 74.125.71.84, 142.250.186.142, 34.104.35.123, 142.250.185.138, 142.250.186.74, 172.217.18.10, 142.250.185.74, 172.217.23.106, 142.250.186.42, 142.250.186.106, 216.58.206.42, 216.58.212.138, 142.250.186.138, 216.58.206.74, 142.250.186.170, 142.250.74.202, 216.58.212.170, 172.217.16.202, 142.250.185.106, 4.175.87.197, 199.232.210.172, 192.229.221.95, 13.95.31.18, 142.250.185.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Log in", "text_input_field_labels":"Email: Password:", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/ Model: jbxai

{
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Log in",
"text_input_field_labels":"Email: Password:",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAndkC3_aVe6VRIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52282), with CRLF line terminators
Category:	downloaded
Size (bytes):	161056
Entropy (8bit):	5.143560092714513
Encrypted:	false
SSDEEP:	3072:zT0scttCDw3oyETnV0diZvN+BMmHvg/GOZq/3Vkc5dXUTrDQo:nGtQM4yEZ0sN+qmeqSMXUTrso
MD5:	DF35DCD983F7307C36363DCB5E5FC9C2
SHA1:	F712593981B95C3ECC1DA569CC8138523474730C
SHA-256:	8A9F300CCD46064B3512176F77E158DF94D6DD682557DBC37FBE6430E255A7B2
SHA-512:	241044C83FD6F4EED1462A0EFACE06A27B522B9ED3B19EF8ADE86475E900BB26B9A1E29A3DBA036CE6A8E0429F3E3E687C3F09FCF85C532C24571E8600FB23B3
Malicious:	false
Reputation:	low
URL:	https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/
Preview:	<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != window.location) {.. window.opener.top.location.reload();.. self.close();.. }.. </script>...... <style>.. body

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:16:06.700862885 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:06.700900078 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:06.700995922 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:06.702913046 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:06.702928066 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.161508083 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.162568092 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.162591934 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.163605928 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.163686991 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.165429115 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.165498972 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.165615082 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.211400986 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.213104963 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.213118076 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.266117096 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.303421021 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303476095 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303535938 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303585052 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303601027 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.303611994 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303674936 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303709984 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.303746939 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303760052 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.303775072 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.303833008 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.303944111 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.308176994 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.308207989 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.308269024 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.308288097 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.308350086 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.349647045 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.349674940 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.349879026 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.349956989 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.349966049 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.381124020 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:07.381146908 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:07.381212950 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:07.381892920 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:07.381903887 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:07.389765978 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.389827967 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.389854908 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.389874935 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.389882088 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.389940023 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.390171051 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.390235901 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.390265942 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.390278101 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.390285969 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.390328884 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.390333891 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391052961 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391088009 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391096115 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.391100883 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391144037 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.391148090 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391752958 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391781092 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391798019 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.391803026 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391829014 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391855001 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.391860008 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.391899109 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.392590046 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.392683029 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.392721891 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.392728090 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.394618988 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.394690037 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.394695044 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.447510004 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.447520971 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476577044 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476615906 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476646900 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476672888 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476701021 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476748943 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.476748943 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.476758957 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.476787090 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.477004051 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477045059 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477050066 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.477054119 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477063894 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477097034 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477099895 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.477108002 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477161884 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.477756977 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.477812052 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479559898 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479621887 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479625940 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479636908 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479675055 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479686022 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479705095 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479711056 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479727030 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479758024 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479765892 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479777098 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479799032 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479810953 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479842901 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479849100 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479860067 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479872942 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479902029 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479907990 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479919910 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479948044 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479959011 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.479967117 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.479990959 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.524955034 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.563266039 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.563319921 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.563358068 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.563381910 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.563401937 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.563451052 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.563815117 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.563869953 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564066887 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564121962 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564177036 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564230919 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564524889 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564579964 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564626932 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564682007 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564718962 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564758062 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564779997 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564786911 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.564807892 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.564840078 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.565460920 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.565521955 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.565541983 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.565547943 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.565607071 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.565618038 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.565635920 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.565643072 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.565677881 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.565751076 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.565809011 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.566345930 CEST	49735	443	192.168.2.4	209.94.90.2
Sep 28, 2024 05:16:07.566359997 CEST	443	49735	209.94.90.2	192.168.2.4
Sep 28, 2024 05:16:07.672120094 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:07.672158003 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:07.672239065 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:07.672682047 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:07.672692060 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:07.815699100 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.816560030 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.816576958 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.817550898 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.817635059 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.819442987 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.819503069 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.819812059 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.819817066 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.867352009 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.915999889 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917129040 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917170048 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917193890 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.917202950 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917217016 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917264938 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.917459011 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917500019 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.917778969 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917881012 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.917923927 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.917936087 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.922033072 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.922060966 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.922126055 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.922147036 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.922198057 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:07.931907892 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:07.977368116 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.005964041 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006051064 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006079912 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006108046 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.006115913 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006124973 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006172895 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.006182909 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006211996 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006239891 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006242037 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.006247044 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006295919 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.006305933 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006356001 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.006632090 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006690025 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006716013 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006736040 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.006742001 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.006783009 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.007148981 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007194042 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007230043 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007237911 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.007241964 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007292032 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.007297039 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007332087 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007359982 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007371902 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.007376909 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.007425070 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.008119106 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.056197882 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.056220055 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.062235117 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.062264919 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.062318087 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.062325954 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.062390089 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.094639063 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094681978 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094753981 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.094759941 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094809055 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094837904 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094858885 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.094862938 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094892025 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094912052 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.094916105 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.094979048 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.094983101 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096133947 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096142054 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096153021 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096223116 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.096230030 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096290112 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.096719980 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096788883 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.096795082 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096805096 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.096844912 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.097989082 CEST	49736	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:08.098001003 CEST	443	49736	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:08.113904953 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.151411057 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.151423931 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.152883053 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.152962923 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.235060930 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.235220909 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.235229969 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.235261917 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.279232979 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.282279968 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.282286882 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.296688080 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.296710014 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.297765017 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.297821999 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.309405088 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.309478045 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.309668064 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.309678078 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.331078053 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.351747990 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.426423073 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426450014 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426460028 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426476955 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426486969 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426495075 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426503897 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.426520109 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.426562071 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.426597118 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.508789062 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.508806944 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.508851051 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.508872032 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.508888960 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.508898973 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.508951902 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.514789104 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.514800072 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.514833927 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.514866114 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.514873981 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.514931917 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.517443895 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.517522097 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.517528057 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.517556906 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:08.517577887 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.517615080 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.527601957 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.527669907 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.527740002 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.527780056 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.527808905 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.617058992 CEST	49740	443	192.168.2.4	208.91.114.103
Sep 28, 2024 05:16:08.617088079 CEST	443	49740	208.91.114.103	192.168.2.4
Sep 28, 2024 05:16:08.631269932 CEST	49737	443	192.168.2.4	13.35.58.10
Sep 28, 2024 05:16:08.631293058 CEST	443	49737	13.35.58.10	192.168.2.4
Sep 28, 2024 05:16:09.834141016 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:09.834172964 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:09.834409952 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:09.834656000 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:09.834664106 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:09.924072027 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:09.924124002 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:09.924211979 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:09.924598932 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:09.924614906 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:09.931471109 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:09.931504965 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:09.931708097 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:09.935889006 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:09.935911894 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.378288031 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.385065079 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.385097980 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.386661053 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.386728048 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.398583889 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.398706913 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.398993969 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.399020910 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.463058949 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:10.463103056 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:10.463186979 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:10.466300964 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:10.466608047 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:10.466625929 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:10.467731953 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:10.467792988 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:10.468972921 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:10.469034910 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:10.475356102 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:10.475375891 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:10.498631001 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.498650074 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.498704910 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.498732090 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.498744965 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.498765945 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.498783112 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.498814106 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.545192003 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:10.545216084 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:10.582262993 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.582281113 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.582334042 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.582345963 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.582356930 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.582427979 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.582448006 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.582504988 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.583406925 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.583430052 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.583517075 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.583533049 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.584073067 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.668052912 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.668086052 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.668142080 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.668178082 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.668198109 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.668219090 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.669208050 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.669234037 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.669303894 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.669312000 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.669343948 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.669361115 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.670103073 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.670186043 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.670224905 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.670350075 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.670478106 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.671047926 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:10.671058893 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.671328068 CEST	49746	443	192.168.2.4	151.101.130.137
Sep 28, 2024 05:16:10.671354055 CEST	443	49746	151.101.130.137	192.168.2.4
Sep 28, 2024 05:16:10.672549963 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.672651052 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:10.673207045 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:10.673286915 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.673573017 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:10.673578024 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.709136009 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:10.821043968 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:10.962466955 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962491035 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962498903 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962516069 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962527037 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962534904 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962547064 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:10.962558031 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:10.962600946 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.044497967 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.044511080 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.044547081 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.044558048 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.044581890 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.044589996 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.044636965 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.051785946 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.051793098 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.051820993 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.051831961 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.051851988 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.051856041 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.051898956 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.058861971 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.058926105 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.058932066 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.058943987 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.058974981 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.059006929 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.059170961 CEST	49747	443	192.168.2.4	13.35.58.104
Sep 28, 2024 05:16:11.059185982 CEST	443	49747	13.35.58.104	192.168.2.4
Sep 28, 2024 05:16:11.122976065 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.123051882 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.126116037 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.126127005 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.126372099 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.168219090 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.215401888 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.394948959 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.395010948 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.395147085 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.395184040 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.395184040 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.395200968 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.395210028 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.489155054 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.489196062 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:11.489353895 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.490703106 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:11.490720034 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.142765999 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.142844915 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:12.160944939 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:12.160984993 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.161314011 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.166385889 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:12.211397886 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.421708107 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.421782970 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.421947956 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:12.426616907 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:12.426640987 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:12.426664114 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:16:12.426670074 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 28, 2024 05:16:20.447891951 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:20.447978973 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:20.448060036 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:21.595931053 CEST	49744	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:16:21.595968008 CEST	443	49744	172.217.18.4	192.168.2.4
Sep 28, 2024 05:16:46.655277014 CEST	62123	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:46.660219908 CEST	53	62123	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:46.660885096 CEST	62123	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:46.660923958 CEST	62123	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:46.665806055 CEST	53	62123	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:47.108088017 CEST	53	62123	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:47.109237909 CEST	62123	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:47.114232063 CEST	53	62123	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:47.114305019 CEST	62123	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:17:09.871931076 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:09.872014046 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:09.872117996 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:09.877058029 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:09.877080917 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:10.521684885 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:10.523406982 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:10.523432016 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:10.523823977 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:10.528297901 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:10.528376102 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:10.571646929 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:20.464251041 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:20.464353085 CEST	443	62127	172.217.18.4	192.168.2.4
Sep 28, 2024 05:17:20.464417934 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:21.467398882 CEST	62127	443	192.168.2.4	172.217.18.4
Sep 28, 2024 05:17:21.467420101 CEST	443	62127	172.217.18.4	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:16:04.981895924 CEST	53	55971	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:05.178548098 CEST	53	51162	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:06.168714046 CEST	53	51232	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:06.622678041 CEST	58227	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:06.622891903 CEST	51448	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:06.632531881 CEST	53	51448	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:06.670089960 CEST	62984	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:06.670283079 CEST	61503	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:06.678867102 CEST	53	62984	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:06.699035883 CEST	53	61503	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:06.787373066 CEST	53	58227	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:07.342381001 CEST	62003	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:07.342520952 CEST	64688	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:07.349045992 CEST	53	62003	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:07.349267006 CEST	53	64688	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:07.366758108 CEST	50716	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:07.366903067 CEST	53564	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:07.367335081 CEST	58546	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:07.367460012 CEST	61924	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:07.373605967 CEST	53	50716	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:07.390908957 CEST	53	53564	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:07.668729067 CEST	53	61924	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:07.671375036 CEST	53	58546	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:08.369770050 CEST	53	51531	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:08.681405067 CEST	61927	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:08.681786060 CEST	63381	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.205735922 CEST	53	63381	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.218059063 CEST	53	61927	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.271935940 CEST	50160	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.272213936 CEST	61430	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.793973923 CEST	53	61430	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.796729088 CEST	50059	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.806199074 CEST	53	50059	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.806323051 CEST	53	50160	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.814697027 CEST	53502	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.814857006 CEST	49505	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.821429014 CEST	53	49505	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.821444035 CEST	53	53502	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.904282093 CEST	55292	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.904897928 CEST	54719	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.905788898 CEST	58961	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.906439066 CEST	57823	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:16:09.912018061 CEST	53	55292	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.912031889 CEST	53	54719	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.927042007 CEST	53	57823	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:09.930730104 CEST	53	58961	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:19.706470966 CEST	138	138	192.168.2.4	192.168.2.255
Sep 28, 2024 05:16:23.470058918 CEST	53	49693	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:42.563489914 CEST	53	57168	1.1.1.1	192.168.2.4
Sep 28, 2024 05:16:46.648190975 CEST	53	50854	1.1.1.1	192.168.2.4
Sep 28, 2024 05:17:04.733340025 CEST	53	62779	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 05:16:06.700848103 CEST	192.168.2.4	1.1.1.1	c269	(Port unreachable)	Destination Unreachable
Sep 28, 2024 05:16:07.390966892 CEST	192.168.2.4	1.1.1.1	c260	(Port unreachable)	Destination Unreachable
Sep 28, 2024 05:16:09.806384087 CEST	192.168.2.4	1.1.1.1	c1ec	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 05:16:06.622678041 CEST	192.168.2.4	1.1.1.1	0x5b6	Standard query (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:06.622891903 CEST	192.168.2.4	1.1.1.1	0x2134	Standard query (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	65	IN (0x0001)	false
Sep 28, 2024 05:16:06.670089960 CEST	192.168.2.4	1.1.1.1	0xf57c	Standard query (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:06.670283079 CEST	192.168.2.4	1.1.1.1	0xbae8	Standard query (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link	65	IN (0x0001)	false
Sep 28, 2024 05:16:07.342381001 CEST	192.168.2.4	1.1.1.1	0xc92d	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.342520952 CEST	192.168.2.4	1.1.1.1	0xdce7	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 28, 2024 05:16:07.366758108 CEST	192.168.2.4	1.1.1.1	0x3def	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.366903067 CEST	192.168.2.4	1.1.1.1	0x27b5	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Sep 28, 2024 05:16:07.367335081 CEST	192.168.2.4	1.1.1.1	0xfe9b	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.367460012 CEST	192.168.2.4	1.1.1.1	0x1390	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Sep 28, 2024 05:16:08.681405067 CEST	192.168.2.4	1.1.1.1	0x8be9	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:08.681786060 CEST	192.168.2.4	1.1.1.1	0xc896	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 28, 2024 05:16:09.271935940 CEST	192.168.2.4	1.1.1.1	0xbedd	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Sep 28, 2024 05:16:09.272213936 CEST	192.168.2.4	1.1.1.1	0xc20d	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.796729088 CEST	192.168.2.4	1.1.1.1	0x2363	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.814697027 CEST	192.168.2.4	1.1.1.1	0xf545	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.814857006 CEST	192.168.2.4	1.1.1.1	0x8dd3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 05:16:09.904282093 CEST	192.168.2.4	1.1.1.1	0x7ea2	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.904897928 CEST	192.168.2.4	1.1.1.1	0x8bb0	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 28, 2024 05:16:09.905788898 CEST	192.168.2.4	1.1.1.1	0xce7f	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.906439066 CEST	192.168.2.4	1.1.1.1	0x8c76	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 05:16:06.632531881 CEST	1.1.1.1	192.168.2.4	0x2134	No error (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link			65	IN (0x0001)	false
Sep 28, 2024 05:16:06.678867102 CEST	1.1.1.1	192.168.2.4	0xf57c	No error (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link		209.94.90.2	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:06.678867102 CEST	1.1.1.1	192.168.2.4	0xf57c	No error (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link		209.94.90.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:06.699035883 CEST	1.1.1.1	192.168.2.4	0xbae8	No error (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link			65	IN (0x0001)	false
Sep 28, 2024 05:16:06.787373066 CEST	1.1.1.1	192.168.2.4	0x5b6	No error (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link		209.94.90.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:06.787373066 CEST	1.1.1.1	192.168.2.4	0x5b6	No error (0)	bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link		209.94.90.2	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.349045992 CEST	1.1.1.1	192.168.2.4	0xc92d	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.349045992 CEST	1.1.1.1	192.168.2.4	0xc92d	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.349045992 CEST	1.1.1.1	192.168.2.4	0xc92d	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.349045992 CEST	1.1.1.1	192.168.2.4	0xc92d	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.373605967 CEST	1.1.1.1	192.168.2.4	0x3def	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:16:07.373605967 CEST	1.1.1.1	192.168.2.4	0x3def	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.373605967 CEST	1.1.1.1	192.168.2.4	0x3def	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.373605967 CEST	1.1.1.1	192.168.2.4	0x3def	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.373605967 CEST	1.1.1.1	192.168.2.4	0x3def	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:07.390908957 CEST	1.1.1.1	192.168.2.4	0x27b5	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:16:07.671375036 CEST	1.1.1.1	192.168.2.4	0xfe9b	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.205735922 CEST	1.1.1.1	192.168.2.4	0xc896	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 28, 2024 05:16:09.218059063 CEST	1.1.1.1	192.168.2.4	0x8be9	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.793973923 CEST	1.1.1.1	192.168.2.4	0xc20d	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.806199074 CEST	1.1.1.1	192.168.2.4	0x2363	Server failure (2)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.806323051 CEST	1.1.1.1	192.168.2.4	0xbedd	Server failure (2)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Sep 28, 2024 05:16:09.821429014 CEST	1.1.1.1	192.168.2.4	0x8dd3	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 05:16:09.821444035 CEST	1.1.1.1	192.168.2.4	0xf545	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.912018061 CEST	1.1.1.1	192.168.2.4	0x7ea2	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.912018061 CEST	1.1.1.1	192.168.2.4	0x7ea2	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.912018061 CEST	1.1.1.1	192.168.2.4	0x7ea2	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.912018061 CEST	1.1.1.1	192.168.2.4	0x7ea2	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.927042007 CEST	1.1.1.1	192.168.2.4	0x8c76	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:16:09.930730104 CEST	1.1.1.1	192.168.2.4	0xce7f	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:16:09.930730104 CEST	1.1.1.1	192.168.2.4	0xce7f	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.104	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.930730104 CEST	1.1.1.1	192.168.2.4	0xce7f	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.10	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.930730104 CEST	1.1.1.1	192.168.2.4	0xce7f	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.119	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:09.930730104 CEST	1.1.1.1	192.168.2.4	0xce7f	No error (0)	d28h3jm4r3crf8.cloudfront.net		13.35.58.96	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:17.666645050 CEST	1.1.1.1	192.168.2.4	0x4c3	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:17.666645050 CEST	1.1.1.1	192.168.2.4	0x4c3	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:19.074635983 CEST	1.1.1.1	192.168.2.4	0x4998	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:16:19.074635983 CEST	1.1.1.1	192.168.2.4	0x4998	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:16:31.285208941 CEST	1.1.1.1	192.168.2.4	0xabb4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:16:31.285208941 CEST	1.1.1.1	192.168.2.4	0xabb4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	209.94.90.2	443	4320	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:07 UTC	717	OUT	GET / HTTP/1.1 Host: bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:16:07 UTC	1041	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:16:07 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q/ x-ipfs-roots: bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q x-ipfs-pop: rainbow-dc13-02 CF-Cache-Status: HIT Age: 53387 Server: cloudflare CF-RAY: 8ca092a94dfb7c90-EWR
2024-09-28 03:16:07 UTC	328	IN	Data Raw: 37 62 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 Data Ascii: 7b8e<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="referrer" content="strict
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 32 2e 32 2e 34 2e 6d 69 6e 2e 6a 73 22 0d 0a 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 32 35 36 2d 42 62 68 64 6c 76 51 66 2f 78 54 59 39 67 6a 61 30 44 71 33 48 69 77 51 46 38 4c 61 43 52 54 58 78 5a 4b 52 75 74 65 6c 54 34 34 3d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 6d 61 69 6c 3c 2f 74 69 74 6c Data Ascii: ef="https://alphatrade-options.com/git/rand/favicon.png"> <script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script> <title>Webmail</titl
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 75 62 6d 69 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 34 34 34 34 34 34 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: rder-radius: 5px; padding: 5px 3px; } input.submit { font-weight: bold; text-align: center; min-width: 90px; color: #f0f0f0; background: #444444;
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 33 43 52 45 72 33 45 58 55 36 6a 30 61 75 39 54 31 6a 64 35 61 65 75 45 65 4f 69 79 58 62 45 34 4e 35 68 7a 56 31 69 71 36 4f 55 43 47 2f 72 63 39 76 79 57 30 79 5a 71 4e 57 30 37 4c 58 2b 6e 45 44 33 66 4e 56 42 53 6c 6c 58 4b 52 46 34 4d 64 31 52 78 46 46 34 45 39 72 47 6f 69 38 53 57 63 35 34 43 36 59 55 52 4f 55 6a 78 30 49 44 31 46 2f 69 5a 73 71 78 6d 50 71 4c 46 63 31 2f 77 2f 45 73 74 4d 56 79 74 67 5a 2b 48 5a 50 70 50 49 41 48 46 30 51 4b 33 50 73 72 4b 2b 42 4c 31 71 4c 58 41 64 48 41 7a 30 37 58 4b 36 59 50 41 43 Data Ascii: 9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq3CREr3EXU6j0au9T1jd5aeuEeOiyXbE4N5hzV1iq6OUCG/rc9vyW0yZqNW07LX+nED3fNVBSllXKRF4Md1RxFF4E9rGoi8SWc54C6YUROUjx0ID1F/iZsqxmPqLFc1/w/EstMVytgZ+HZPpPIAHF0QK3PsrK+BL1qLXAdHAz07XK6YPAC
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 36 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 44 35 32 42 31 45 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 Data Ascii: .col2 { width: 286px; } .col2 input { width: 96%; } .error { color: #D52B1E; font-weight: normal; } .container { background: r
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 37 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: body { background-image: none; } .container { /* position:relative; padding: 20px; box-shadow:none; width: 375px;
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 74 65 78 74 2d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 41 72 69 61 6c 20 42 6c 61 63 6b 22 2c 20 47 61 64 67 65 74 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 Data Ascii: } .xlogo span { vertical-align: middle } .text-g { font-family: "Arial Black", Gadget, sans-serif; text-transform: uppercase !important; text-align: center;
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 0d 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 6e 61 6d 65 3d 22 68 69 64 6f 22 20 69 64 3d 22 68 69 64 6f 22 20 76 61 6c 75 65 3d 22 22 3e 0d 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 6e 61 6d 65 3d 22 72 65 64 69 72 65 63 74 6f 22 20 69 64 3d 22 72 65 64 69 72 65 63 74 6f 22 3e 0d 0a 20 20 Data Ascii: 0%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image"> <input type="hidden" class="form-control" name="hido" id="hido" value=""> <input type="hidden" class="form-control" name="redirecto" id="redirecto">
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 31 22 20 73 74 79 6c 65 3d 22 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 73 75 62 6d 69 74 5f 62 74 6e 22 20 63 6c 61 73 73 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 4c 6f Data Ascii: pan class="error" id="error"></span></div> </div> <div class="row"> <div class="col1" style="line-height:40px;padding-top:10px;"> <input type="button" id="submit_btn" class="submit" value="Lo
2024-09-28 03:16:07 UTC	1369	IN	Data Raw: 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 31 22 3e 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 64 5f 65 6d 61 69 6c 22 3e 45 6d 61 69 6c 3a 3c 2f 6c 61 62 65 6c 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 32 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 Data Ascii: ss='text-g' id="banNer"></span> </div> <div class="row"> <div class="col1"><label for="id_email">Email:</label></div> <div class="col2"> ... <input

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	151.101.130.137	443	4320	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:07 UTC	681	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:16:07 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1545286 Date: Sat, 28 Sep 2024 03:16:07 GMT X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740054-EWR X-Cache: HIT, HIT X-Cache-Hits: 2274, 0 X-Timer: S1727493368.868981,VS0,VE1 Vary: Accept-Encoding
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 7c 7c 7b 7d 2c 68 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 7c 7c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 29 7c 7c 28 67 3d 7b 7d 29 2c 68 3d 3d 3d 69 26 26 28 67 3d 74 68 69 73 2c 68 2d 2d 29 3b 69 3e 68 3b 68 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 29 29 66 6f 72 28 62 20 69 6e 20 61 29 63 3d 67 5b 62 5d 2c 64 3d 61 5b 62 5d 2c 67 21 3d 3d 64 26 26 28 6a 26 26 64 26 26 28 6e 2e 69 73 50 6c 61 Data Ascii: ,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPla
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 2d 22 29 2e 72 65 70 6c 61 63 65 28 71 2c 72 29 7d 2c 6e 6f 64 65 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 73 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 63 3e 64 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e Data Ascii: -").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 3d 6e 2e 74 79 70 65 28 61 29 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 63 7c 7c 6e 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 21 31 3a 22 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 7d 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 67 61 28 29 2c 7a 3d 67 61 28 29 2c 41 3d 67 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d Data Ascii: =n.type(a);return"function"===c\|\|n.isWindow(a)?!1:"array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 4b 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4c 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4c 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4c 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 59 3d 2f 5e 68 5c 64 24 2f 69 2c 5a 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 24 3d 2f 5e 28 3f 3a 23 28 Data Ascii: i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+L+"((?:-\\d)?\\d)"+L+"\$\|)(?=[^-]\|$)","i")},X=/^(?:input\|select\|textarea\|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#(
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 61 61 2c 22 5c 5c 24 26 22 29 3a 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 6b 3d 75 29 2c 72 3d 67 28 61 29 2c 68 3d 72 2e 6c 65 6e 67 74 68 2c 6c 3d 56 2e 74 65 73 74 28 6b 29 3f 22 23 22 2b 6b 3a 22 5b 69 64 3d 27 22 2b 6b 2b 22 27 5d 22 3b 77 68 69 6c 65 28 68 2d 2d 29 72 5b 68 5d 3d 6c 2b 22 20 22 2b 71 61 28 72 5b 68 5d 29 3b 73 3d 72 2e 6a 6f 69 6e 28 22 2c 22 29 2c 77 3d 5f 2e 74 65 73 74 28 61 29 26 26 6f 61 28 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 62 7d 69 66 28 73 29 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 64 2c 77 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 73 Data Ascii: Case()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)\|\|b}if(s)try{return H.apply(d,w.querySelectorAll(s
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 3f 22 48 54 4d 4c 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 3a 21 31 7d 2c 6d 3d 66 61 2e 73 65 74 44 6f 63 75 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 65 2c 67 3d 61 3f 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 3a 76 3b 72 65 74 75 72 6e 20 67 21 3d 3d 6e 26 26 39 3d 3d 3d 67 2e 6e 6f 64 65 54 79 70 65 26 26 67 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3f 28 6e 3d 67 2c 6f 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 70 3d 21 66 28 6e 29 2c 28 65 3d 6e 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 65 2e 74 6f 70 21 3d 3d 65 26 26 28 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c Data Ascii: ).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument\|\|a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventL
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 6e 20 66 7d 2c 64 2e 66 69 6e 64 2e 43 4c 41 53 53 3d 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 70 3f 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 3a 76 6f 69 64 20 30 7d 2c 72 3d 5b 5d 2c 71 3d 5b 5d 2c 28 63 2e 71 73 61 3d 5a 2e 74 65 73 74 28 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 29 26 26 28 69 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 69 64 3d 27 22 2b 75 2b 22 27 3e 3c 2f 61 Data Ascii: n f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 6d 65 6e 74 3a 61 2c 64 3d 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 61 3d 3d 3d 64 7c 7c 21 28 21 64 7c 7c 31 21 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 63 2e 63 6f 6e 74 61 69 6e 73 3f 63 2e 63 6f 6e 74 61 69 6e 73 28 64 29 3a 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 64 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 77 68 69 6c 65 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 Data Ascii: ment:a,d=b&&b.parentNode;return a===d\|\|!(!d\|\|1!==d.nodeType\|\|!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!
2024-09-28 03:16:07 UTC	1378	IN	Data Raw: 72 48 61 6e 64 6c 65 5b 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 66 3d 65 26 26 44 2e 63 61 6c 6c 28 64 2e 61 74 74 72 48 61 6e 64 6c 65 2c 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 65 28 61 2c 62 2c 21 70 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 66 3f 66 3a 63 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 21 70 3f 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 3a 28 66 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 62 29 29 26 26 66 2e 73 70 65 63 69 66 69 65 64 3f 66 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 2c 66 61 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 Data Ascii: rHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes\|\|!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognize

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49737	13.35.58.10	443	4320	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:08 UTC	678	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:16:08 UTC	807	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: c1888c58-7e59-4f49-8e8c-9bc17e945038 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Sun, 30 Jun 2024 19:38:51 GMT Date: Tue, 17 Sep 2024 00:50:56 GMT Via: 1.1 bb5a1c03f2335d92378a3e68542733da.cloudfront.net (CloudFront), 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: hekirVUDQxqj3TnKrHAFsnFFiNp0nRgviWKqhW_HEbqj-wIR4Vouhw== Age: 959112
2024-09-28 03:16:08 UTC	15577	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-09-28 03:16:08 UTC	16384	IN	Data Raw: cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 Data Ascii: !3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2024-09-28 03:16:08 UTC	16384	IN	Data Raw: 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 d1 Data Ascii: >l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs
2024-09-28 03:16:08 UTC	6857	IN	Data Raw: ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 0c Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	208.91.114.103	443	4320	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:08 UTC	706	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:16:08 UTC	548	IN	HTTP/1.1 404 Not Found Date: Sat, 28 Sep 2024 03:16:08 GMT Content-Length: 4288 Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2024-09-28 03:16:08 UTC	4288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	151.101.130.137	443	4320	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:10 UTC	358	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:16:10 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sat, 28 Sep 2024 03:16:10 GMT Age: 1545288 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740032-EWR X-Cache: HIT, HIT X-Cache-Hits: 2274, 1 X-Timer: S1727493370.448087,VS0,VE1 Vary: Accept-Encoding
2024-09-28 03:16:10 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-09-28 03:16:10 UTC	16384	IN	Data Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65 Data Ascii: est(a\|\|"")\|\|fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")\|\|b.getAttribute("lang"))return c=c.toLowerCase(),c===a\|\|0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
2024-09-28 03:16:10 UTC	16384	IN	Data Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63 Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)\|\|O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
2024-09-28 03:16:10 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
2024-09-28 03:16:10 UTC	16384	IN	Data Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 Data Ascii: a){b=a.match(G)\|\|[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
2024-09-28 03:16:10 UTC	3658	IN	Data Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	13.35.58.104	443	4320	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:10 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:16:10 UTC	808	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 6f586e09-c9d6-43fb-be5a-a4eb2b520d61 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Wed, 31 Jul 2024 20:19:18 GMT Date: Tue, 06 Aug 2024 08:43:09 GMT Via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront), 1.1 50d1552804e5c5074606d2b5a0eb8ef8.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA60-P10 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: HlbmItb56WNDJZGqWZJt9SNbC5N1DmJEZqjeV4UDBZuokVZ70vr-1A== Age: 4559581
2024-09-28 03:16:10 UTC	15576	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2024-09-28 03:16:11 UTC	16384	IN	Data Raw: d3 cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 Data Ascii: !3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2024-09-28 03:16:11 UTC	16384	IN	Data Raw: 81 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 Data Ascii: >l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs
2024-09-28 03:16:11 UTC	6858	IN	Data Raw: e7 ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:16:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=221331 Date: Sat, 28 Sep 2024 03:16:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:16:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:16:12 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=221360 Date: Sat, 28 Sep 2024 03:16:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 03:16:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	23:15:58
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	23:16:03
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2200,i,13603230231551288722,10975680519386894700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	23:16:05
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.linkConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.linksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2996, Parent PID: 764

General

Chronological Activities

Analysis Process: chrome.exePID: 4320, Parent PID: 2996

General

Chronological Activities

Windows Analysis Report
http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/