Edit tour

Windows Analysis Report
https://calvin.pentairrebate.com/

Overview

General Information

Sample URL:	https://calvin.pentairrebate.com/
Analysis ID:	1522250
Tags:	urlscan
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2448,i,8510997923148064608,10998195807398726473,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://calvin.pentairrebate.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://calvin.pentairrebate.com/

HTTP Parser: Base64 decoded: <svg fill='#D7D7D7' style="float: right" xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M5.88 4.12L13.76 12l-7.88 7.88L8 22l10-10L8 2z"/></svg>

Source: https://calvin.pentairrebate.com/

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.5:50623 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: calvin.pentairrebate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.php?domain=pentairrebate.com&toggle=browserjs&uid=MTcyNzYxNjA3OS4wMTc4OmEwYmMwMjMyNGU1ZDcxNjc1Y2UyNzAwYjAyZjQ2NGUwYzdhYzg2YWQyNjUzYjY4MTgxZWQ4MGRhNzY0NDUzMDg6NjZmOTU0NGYwNDVhMg%3D%3D HTTP/1.1Host: calvin.pentairrebate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"device-memory: 8rtt: 300sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280dpr: 1downlink: 1.35ect: 3gsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://calvin.pentairrebate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://calvin.pentairrebate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://calvin.pentairrebate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls.php?t=66f9544f&token=c65261e51c935d356bc27a97470dcd16d33b1baf HTTP/1.1Host: calvin.pentairrebate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"device-memory: 8rtt: 300sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280dpr: 1downlink: 1.35ect: 3gsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://calvin.pentairrebate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.php?domain=pentairrebate.com&toggle=browserjs&uid=MTcyNzYxNjA3OS4wMTc4OmEwYmMwMjMyNGU1ZDcxNjc1Y2UyNzAwYjAyZjQ2NGUwYzdhYzg2YWQyNjUzYjY4MTgxZWQ4MGRhNzY0NDUzMDg6NjZmOTU0NGYwNDVhMg%3D%3D HTTP/1.1Host: calvin.pentairrebate.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: calvin.pentairrebate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"device-memory: 8rtt: 300sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280dpr: 1downlink: 1.35ect: 3gsec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://calvin.pentairrebate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: calvin.pentairrebate.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: calvin.pentairrebate.com
Source: global traffic	DNS traffic detected: DNS query: d38psrni17bvxu.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: syndicatedsearch.goog

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1727616060801&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: chromecache_128.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_128.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
Source: chromecache_128.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion/16521530460/?gad_source=1&adview_type=3

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50627
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 50627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@21/15@14/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2448,i,8510997923148064608,10998195807398726473,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://calvin.pentairrebate.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2448,i,8510997923148064608,10998195807398726473,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
syndicatedsearch.goog	216.58.206.46	true	false	unknown
www.google.com	172.217.18.4	true	false	unknown
calvin.pentairrebate.com	185.53.179.172	true	false	unknown
d38psrni17bvxu.cloudfront.net	18.66.121.138	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	false	unknown
https://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png	false	unknown
https://calvin.pentairrebate.com/ls.php?t=66f9544f&token=c65261e51c935d356bc27a97470dcd16d33b1baf	false	unknown
https://calvin.pentairrebate.com/	false	unknown
https://calvin.pentairrebate.com/track.php?domain=pentairrebate.com&toggle=browserjs&uid=MTcyNzYxNjA3OS4wMTc4OmEwYmMwMjMyNGU1ZDcxNjc1Y2UyNzAwYjAyZjQ2NGUwYzdhYzg2YWQyNjUzYjY4MTgxZWQ4MGRhNzY0NDUzMDg6NjZmOTU0NGYwNDVhMg%3D%3D	false	unknown
https://calvin.pentairrebate.com/favicon.ico	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5	chromecache_128.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.66.121.138	d38psrni17bvxu.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
185.53.179.172	calvin.pentairrebate.com	Germany	61969	TEAMINTERNET-ASDE	false
216.58.206.46	syndicatedsearch.goog	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.66.121.69	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.181.228	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522250
Start date and time:	2024-09-29 15:20:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://calvin.pentairrebate.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@21/15@14/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.184.238, 66.102.1.84, 34.104.35.123, 4.175.87.197, 199.232.210.172, 192.229.221.95, 40.69.42.241, 20.242.39.171, 13.95.31.18, 142.250.185.227, 2.16.100.168, 88.221.110.91
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://calvin.pentairrebate.com/

Input	Output
URL: https://calvin.pentairrebate.com/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://calvin.pentairrebate.com/ Model: jbxai

{
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:21:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.97374635653018
Encrypted:	false
SSDEEP:	48:87dijTGKd8fH2idAKZdA19ehwiZUklqehKy+3:8I3TFy
MD5:	7DDAF51C1049E538AC1D960B8B76EA5F
SHA1:	0C0340AF91676A5C2AA10870C3954F767C6A8D02
SHA-256:	B738C5929AC3AC2F1BF7BDFCA80EC3CDA5726AA4E9C3C82C9881C53118977133
SHA-512:	48BDBECA61E7021BA01EC7B309D215C3CE3DFE2D0065FFB66C46485C9A3CECAE80A17DE5D719CF2E1C48582067C880717EED330B47CC43989F242798B1A612BB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....~..wr...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.j....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........%?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:21:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9904906213148266
Encrypted:	false
SSDEEP:	48:8BdijTGKd8fH2idAKZdA1weh/iZUkAQkqeh1y+2:8+3h9Qoy
MD5:	B6095CD60E66C86F60C103A560440B84
SHA1:	F8FFBAD1F2A376D3E64721AD1D441034CB21F3A4
SHA-256:	CDEAD2536412D24052C2E2AE2D93545C89EDF938BB968B5C3CDA39DAA9C18413
SHA-512:	3A3AF5D2FAB080E86C9CFB500A79FD096DE30D92779425035BC62F702D48130FD2DA18056B26D02F5FD13C0E1CD4A1E5710937E3C1B48F0675CAFC39178A68C2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......wr...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.j....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........%?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003903825890428
Encrypted:	false
SSDEEP:	48:8xDdijTGKsH2idAKZdA14tseh7sFiZUkmgqeh7sby+BX:8xw3Ln5y
MD5:	691C6749EC727F88E2A9A4C1C0B8789D
SHA1:	0C5A8647903DE996EEE6C7A367E65305387983F8
SHA-256:	1CB59161F6E0D5F65D8B2731B57437B5868C5FE5D2B64987A1708A9641C34A5B
SHA-512:	1EE7F5AA260D902E614F2B67B09E7FDB91B80AA6204E2E8733E3A8043DCBEBEBA59DCF47C0D1D4B9AD5792B3BA1D053CE7E0901DFE2C5996C9E23BA93CF16612
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.j....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........%?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:21:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.988766737919236
Encrypted:	false
SSDEEP:	48:8fdijTGKd8fH2idAKZdA1vehDiZUkwqehxy+R:883Czy
MD5:	5E855128477594031F4E1BE87B6D78B7
SHA1:	356BC3968556D3FEC61AD4E52213B157116D2C9F
SHA-256:	026E38A2E6471B7419644469A05059EEFA51C3E9A191CB8E5C41BB29DEA079A1
SHA-512:	173CFD24D7F2677843D30B07A426B5EF14BADA0BDBF921B9AE2361E0A7FCAE8EF2E8803592E6D1A56208049DDBB17BD9623D5D06280422C564D076B4970BD669
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<.wr...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.j....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........%?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:21:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.977785152097641
Encrypted:	false
SSDEEP:	48:8XdijTGKd8fH2idAKZdA1hehBiZUk1W1qehPy+C:803y9vy
MD5:	79A74ECF94C8ECD3A02DFE36E3EC6AC1
SHA1:	C17E8B6561CF73D961157963960343A7051F85F6
SHA-256:	550282172CFD988059E17678A7AF98ADE48BEFC284CB24CD2E09C1C8631FE1D8
SHA-512:	B9344A985DAA8460D473BD1E60E5A682127C64F7BFC6EBD80CE69D7E98BA93996910B8FF95643957876DC9074EB6CE265A469614CE5106FA2DC45EA637E92E02
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x.wr...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.j....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........%?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:21:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.987569082853952
Encrypted:	false
SSDEEP:	48:8zdijTGKd8fH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTb5y+yT+:8g3sT/TbxWOvTb5y7T
MD5:	67D756BEA3A4BD4A0230CA5BCE7C8858
SHA1:	8678D80E675C8BAB02063A7A0579F4903A21AAFB
SHA-256:	EC8A0F76E661BFA7FBD436477AF0FE89FEA72DBBC2F249CFF0E6797803F7D0AA
SHA-512:	F5FEFBA536CECF35C94C0B8C5B080934E020CD5F0D722C8F96C6F25221117A012041DCA7885220FBFD342FFA1D925CCC49822B362E36F1ACA2AB267F71E3086F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....l{wr...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.j....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........%?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11375
Entropy (8bit):	7.645494653990172
Encrypted:	false
SSDEEP:	192:Wg3JLNIdFb540f7mqTiLHrBjcCTN1MbaJD/RBse6ogkORdLv2Ha/:vD4N54IsHVjdN1tD7lODL/
MD5:	0CB2E5165DC9324EB462199F04E1FFA9
SHA1:	9E0F89847EC8A98D98A6020BC5C4ED32B7A48BF8
SHA-256:	67DFF0AAD873050F12609885F2264417CCDD0D438311000A704C89F0865F7865
SHA-512:	7A285C4A87B9F9093B7BA720D8FE08E0AD7E2EBDE9EF8C8D11B70AFA08245AF8F8A7281C7B3FBE8BAD21C3AFDE4F32634D3BD416822892AA47BA82C12F4B8191
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......X.....Om......tEXtSoftware.Adobe ImageReadyq.e<....PLTE......cdtIK^IK]IK\03IHK_acsceubdtcet..0=@SHK]IL]HK\MPbNQbORc.....0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes..-..0. 5.!6."7.#8."6.$9 %:!&;"'<"';$)>#(<%?$)=&+@%>',A&+?(-B).C(-A).B/C+0D,1E05I15G<@R=ASIM_HL]KO`HL\MQbaeu.....-../.....0../.....0../..1..1..2..3..4. 5.!6.#8.$9.%: &;"':$)<&+>',?(-@).A/B+0C,1D/A-2E.3F/4G05H16I/4F05G38K6;N49K;@S;@R<ASGL^bfuaetbft.....0.!5."6.#7.$8.%9 &:!';"(<!':#)=#)<$=&,@&,?+1E)/B06IGL]GL\HM]bfs..-.....0..1. 4.!5."6.#7.$8 '< ';*0B.4F06H06G..-..0.!5 (< (;...................................................................................................................................................................................................................................................t....tRNS..............................................................................................................................................

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.202819531114783
Encrypted:	false
SSDEEP:	3:YWQRAW64:YWQmq
MD5:	7363E85FE9EDEE6F053A4B319588C086
SHA1:	A15E2127145548437173FC17F3E980E3F3DEE2D0
SHA-256:	C955E57777EC0D73639DCA6748560D00AA5EB8E12F13EBB2ED9656ADD3908F97
SHA-512:	A2FD24056E3EC2F1628F89EB2F1B36A9FC2437AE58D34190630FE065DF2BBEDAF9BD8AEE5F8949A002070052CA68CC6C0167214DD55DF289783CFF682B808D85
Malicious:	false
Reputation:	low
URL:	https://calvin.pentairrebate.com/ls.php?t=66f9544f&token=c65261e51c935d356bc27a97470dcd16d33b1baf
Preview:	{"success":true}

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11375
Entropy (8bit):	7.645494653990172
Encrypted:	false
SSDEEP:	192:Wg3JLNIdFb540f7mqTiLHrBjcCTN1MbaJD/RBse6ogkORdLv2Ha/:vD4N54IsHVjdN1tD7lODL/
MD5:	0CB2E5165DC9324EB462199F04E1FFA9
SHA1:	9E0F89847EC8A98D98A6020BC5C4ED32B7A48BF8
SHA-256:	67DFF0AAD873050F12609885F2264417CCDD0D438311000A704C89F0865F7865
SHA-512:	7A285C4A87B9F9093B7BA720D8FE08E0AD7E2EBDE9EF8C8D11B70AFA08245AF8F8A7281C7B3FBE8BAD21C3AFDE4F32634D3BD416822892AA47BA82C12F4B8191
Malicious:	false
Reputation:	low
URL:	https://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
Preview:	.PNG........IHDR.......X.....Om......tEXtSoftware.Adobe ImageReadyq.e<....PLTE......cdtIK^IK]IK\03IHK_acsceubdtcet..0=@SHK]IL]HK\MPbNQbORc.....0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes..-..0. 5.!6."7.#8."6.$9 %:!&;"'<"';$)>#(<%?$)=&+@%>',A&+?(-B).C(-A).B/C+0D,1E05I15G<@R=ASIM_HL]KO`HL\MQbaeu.....-../.....0../.....0../..1..1..2..3..4. 5.!6.#8.$9.%: &;"':$)<&+>',?(-@).A/B+0C,1D/A-2E.3F/4G05H16I/4F05G38K6;N49K;@S;@R<ASGL^bfuaetbft.....0.!5."6.#7.$8.%9 &:!';"(<!':#)=#)<$=&,@&,?+1E)/B06IGL]GL\HM]bfs..-.....0..1. 4.!5."6.#7.$8 '< ';*0B.4F06H06G..-..0.!5 (< (;...................................................................................................................................................................................................................................................t....tRNS..............................................................................................................................................

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1879)
Category:	downloaded
Size (bytes):	124488
Entropy (8bit):	5.549094230145707
Encrypted:	false
SSDEEP:	1536:rni6+zNKofjr9PyfpK7fDH+7pSU6GZvu85pistHWvR3+2xwHzgmcfpUWgQABuucu:LqM7vptHWpu22H9dBuDj3dmf
MD5:	8144D8B4CFC6EAABF1D8586F43B2E9DA
SHA1:	434C8C885DF343CD02307BCB544812D3FEA0C9F4
SHA-256:	D25FB6792595AA3F7AE30911399F24B6B578001ADE7535D718F26AF93C68E59D
SHA-512:	09B5006114C1A560D2EB4B05FF9F49E1586F9C6CFB93D7D871E9763ABAE1AA5F96CCF660E828A40C02D9B82CDB2BB8E5BC53EA70817014509C6433A7868030C4
Malicious:	false
Reputation:	low
URL:	https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
Preview:	if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"17383633464370615553",packages:"domains",module:"ads",version:"1",m:{cei:"17301437,17301439,17301442,17301511,17301516,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_gpp_api":0}}};var n;function ba(a){var b=0;return function(){return b<a.

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7866)
Category:	downloaded
Size (bytes):	15502
Entropy (8bit):	5.578301581619258
Encrypted:	false
SSDEEP:	384:Ti8YoHMfOTh8WpdEgA26EHeDCtkGarTqWUdVpim7Ru6:TiiMfEf9uEHSCtkGarT7U3wm7c6
MD5:	8E76287C224241E543AC5235EB2B90CC
SHA1:	F9A385F4008CDDD09814ECFD8EB446ABCBE2279A
SHA-256:	5B3B39A1DBE5E589625F6E825A7520B18C87085400557D1AF555710A58BEEE1C
SHA-512:	089EF6C6E79D7AF3BF2590D741C591B3C33C1339FA70D9EE98B3546DCBED8A9115A2CA1AD0C9197EF37CE76FF4B1DF7E57AA029592EE0A40F203FDE2CD882AA9
Malicious:	false
Reputation:	low
URL:	https://calvin.pentairrebate.com/
Preview:	<!DOCTYPE html>.<html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_BeHcXRSnP6pMqARS3MdVUX4c3M15Hmw3SwUQNBiQXPMO6NEQbnnMGn1yrz/LtqmTuRSSn0HKh6b2eWwQIgnugQ==" xmlns="http://www.w3.org/1999/xhtml" lang="en">.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>. <title>pentairrebate.com</title>. <style media="screen">..asset_star0 {..background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star0.gif') no-repeat center;..width: 13px;..height: 12px;..display: inline-block;.}...asset_star1 {..background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star1.gif') no-repeat center;..width: 13px;..height: 12px;..display: inline-block;.}...asset_starH {..background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/starH.gif') no-repeat center;..width: 13px;..heig

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 15:21:10.635284901 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:10.635299921 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:10.744657993 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:18.078226089 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.078320026 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.078413963 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.078713894 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.078736067 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.078800917 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.078979015 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.079029083 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.079135895 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.079158068 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.774780035 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.775608063 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.775665045 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.776596069 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.776658058 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.778656960 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.778799057 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.778820038 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.818439960 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.818453074 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.839167118 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.839799881 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.839821100 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.840843916 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.840924978 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.841919899 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.842008114 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.863359928 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.894893885 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:18.894932032 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:18.941148043 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.150573969 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.150614977 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.150643110 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.150667906 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.150707960 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.150758982 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.151124001 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.151130915 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.151191950 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.248641014 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.248651028 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.248703957 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.248723984 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.248830080 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.248919010 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.312117100 CEST	49709	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.312135935 CEST	443	49709	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.329725981 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:19.329751968 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:19.329813957 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:19.330467939 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:19.330480099 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:19.337932110 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.383398056 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.555237055 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.555347919 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.555437088 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.632778883 CEST	49710	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.632822037 CEST	443	49710	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.662507057 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.662606955 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.662682056 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.663378954 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:19.663429022 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:19.675657034 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:19.675698042 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:19.675753117 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:19.677198887 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:19.677226067 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.058504105 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.103745937 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.157160997 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.157171011 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.158114910 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.158191919 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.240907907 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:20.245277882 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:20.267405987 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.267524958 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.267803907 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.267816067 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.309441090 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.312710047 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.313110113 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.313147068 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.314196110 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.314285040 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.316037893 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.316122055 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.316720009 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.316736937 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.338882923 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.339332104 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.339349031 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.339704990 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.340663910 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.340739012 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.341078043 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.353465080 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:20.357738018 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.357780933 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.357908010 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.358273983 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.358289003 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.363367081 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.383421898 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.457178116 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457199097 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457206964 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457262039 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457268953 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.457309961 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457334995 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457345009 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.457349062 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.457360983 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.457417011 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.458326101 CEST	49713	443	192.168.2.5	18.66.121.138
Sep 29, 2024 15:21:20.458343983 CEST	443	49713	18.66.121.138	192.168.2.5
Sep 29, 2024 15:21:20.586488962 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.586534977 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.586565018 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.586594105 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.586606026 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.586618900 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.586664915 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.592327118 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.592360020 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.592386007 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.592392921 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.592403889 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.592443943 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.598519087 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.598727942 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.598747015 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.604809046 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.604870081 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.604885101 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.649086952 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.673789024 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.674226999 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.674309969 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.674377918 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.674993038 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.675043106 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.675057888 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.681442022 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.681500912 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.681505919 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.681516886 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.681559086 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.687309027 CEST	49714	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:20.687340021 CEST	443	49714	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:20.687700033 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.693967104 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.694011927 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.694015980 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.694031954 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.694113970 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.700184107 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.706461906 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.706500053 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.706516981 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.706571102 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.706626892 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.712246895 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.718089104 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.718131065 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.718132973 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.718158007 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.718226910 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.724178076 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.729877949 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.729918003 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.729926109 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.735747099 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.735793114 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.735793114 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.735805035 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.735846043 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.735853910 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768461943 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768496990 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768507004 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.768537045 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768573046 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.768579006 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768589020 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768629074 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.768748999 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768877983 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.768909931 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.768919945 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.772030115 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.772093058 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.772109032 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.824084044 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.985518932 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985599995 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985656977 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985656023 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.985692024 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985702991 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985733032 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.985791922 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985826015 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985831976 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.985865116 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985915899 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.985918045 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985929012 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.985971928 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.985990047 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986063004 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986103058 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986105919 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986116886 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986179113 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986213923 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986228943 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986274958 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986279011 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986310959 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986351013 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986351967 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986362934 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986412048 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986427069 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986470938 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986512899 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986515999 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986530066 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.986588955 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.986603022 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990344048 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990397930 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.990413904 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990592003 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990631104 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990637064 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.990649939 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990700960 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.990708113 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990717888 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.990766048 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.991398096 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.991465092 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.991497040 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.991512060 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.991525888 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.991569042 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.992268085 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.992326975 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.992371082 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.992369890 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.992387056 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.992444038 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.993104935 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.993170023 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.993204117 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.993216038 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.993231058 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.993275881 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.993288994 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.993361950 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:20.993408918 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:20.994518042 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:20.994559050 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:20.994612932 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:20.995337963 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:20.995356083 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:20.997634888 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:20.997725010 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:20.997792006 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:20.999087095 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:20.999121904 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:21.017257929 CEST	49715	443	192.168.2.5	172.217.18.4
Sep 29, 2024 15:21:21.017297029 CEST	443	49715	172.217.18.4	192.168.2.5
Sep 29, 2024 15:21:21.043735981 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.043781042 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:21.043854952 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.048722982 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.048736095 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:21.050054073 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.050065041 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.050112009 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.051012039 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.051021099 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.074939013 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.084703922 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.084794998 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.084860086 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.085062027 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.085124969 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.085464001 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.085495949 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.086182117 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.086255074 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.087202072 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.087277889 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.087879896 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.087898016 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.130594969 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.411269903 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.411413908 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.411464930 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.448436022 CEST	49717	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.448453903 CEST	443	49717	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.635351896 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:21.636140108 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:21.662136078 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:21.662163019 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:21.662527084 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:21.662590027 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:21.663078070 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:21.663131952 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:21.665178061 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:21.665313959 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:21.666493893 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:21.666573048 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:21.667285919 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:21.667494059 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:21.687123060 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:21.687199116 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.694089890 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.694106102 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:21.694376945 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:21.707375050 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:21.707393885 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:21:21.707446098 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:21.707465887 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:21.721810102 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.723304987 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.723318100 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.723685026 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.724334955 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.724400997 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.724716902 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.754228115 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.754230022 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:21:21.754339933 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:21.769870043 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:21.769880056 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:21.800127983 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.801620960 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.801682949 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.803951025 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.804233074 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.810528994 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.810667038 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.810863018 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.824527025 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:21.855393887 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.863610983 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:21.863647938 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:21.867415905 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:21.910489082 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.009267092 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.009361029 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.009438992 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.009555101 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.009572983 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.009598017 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.009603977 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.040513039 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.040580034 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.040656090 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.040971041 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.040985107 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.051024914 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:22.051119089 CEST	443	49721	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:22.051861048 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:22.051861048 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:22.052145958 CEST	49721	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:22.077502012 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077569008 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077589989 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077622890 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077625990 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.077651024 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077656031 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.077691078 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077713013 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.077837944 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.077852964 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.078092098 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.079423904 CEST	49722	443	192.168.2.5	18.66.121.69
Sep 29, 2024 15:21:22.079444885 CEST	443	49722	18.66.121.69	192.168.2.5
Sep 29, 2024 15:21:22.696585894 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.696667910 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.762830019 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.762851000 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.763288975 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.766993999 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:22.811400890 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.976505995 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.976605892 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:22.976661921 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:23.051316023 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:23.051341057 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:23.051352024 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:21:23.051357031 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 29, 2024 15:21:23.435075045 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:23.435131073 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:23.435189962 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:23.435722113 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:23.435734034 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:23.583452940 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:23.583544016 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:24.125658989 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.126285076 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:24.126296997 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.126825094 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.130633116 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:24.130726099 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.133306026 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:24.175404072 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.458972931 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.459069014 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.460036993 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:24.460048914 CEST	443	49724	185.53.179.172	192.168.2.5
Sep 29, 2024 15:21:24.460099936 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:24.460611105 CEST	49724	443	192.168.2.5	185.53.179.172
Sep 29, 2024 15:21:31.375247955 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:31.375544071 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:31.375816107 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:31.375876904 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:31.375972033 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:31.380212069 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:31.380295992 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:31.380618095 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:31.380636930 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:31.537678957 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:31.537749052 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:31.537831068 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:31.968797922 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:31.968909025 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:32.503446102 CEST	49719	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:21:32.503521919 CEST	443	49719	142.250.181.228	192.168.2.5
Sep 29, 2024 15:21:32.625699997 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:32.625746965 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:32.626146078 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:32.626215935 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:32.626718998 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:32.626749039 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:32.626842022 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:32.626847982 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:32.935856104 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:32.935924053 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:32.936037064 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:33.010905981 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:33.010941029 CEST	443	49727	23.1.237.91	192.168.2.5
Sep 29, 2024 15:21:33.010953903 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:33.010994911 CEST	49727	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:21:57.403340101 CEST	50623	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:57.408318996 CEST	53	50623	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:57.408533096 CEST	50623	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:57.408533096 CEST	50623	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:57.413398981 CEST	53	50623	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:57.865838051 CEST	53	50623	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:57.871426105 CEST	50623	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:57.877489090 CEST	53	50623	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:57.877549887 CEST	50623	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:22:06.708275080 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:22:06.708291054 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:22:20.912782907 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:20.912885904 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:20.913027048 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:20.913259029 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:20.913310051 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:21.552294016 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:21.552707911 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:21.552791119 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:21.553132057 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:21.553494930 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:21.553575993 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:21.598933935 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:22.415981054 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:22:22.416083097 CEST	443	49718	216.58.206.46	192.168.2.5
Sep 29, 2024 15:22:22.416244030 CEST	49718	443	192.168.2.5	216.58.206.46
Sep 29, 2024 15:22:31.455620050 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:31.455698013 CEST	443	50627	142.250.181.228	192.168.2.5
Sep 29, 2024 15:22:31.455776930 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:32.432842970 CEST	50627	443	192.168.2.5	142.250.181.228
Sep 29, 2024 15:22:32.432929039 CEST	443	50627	142.250.181.228	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 15:21:15.991986036 CEST	53	63469	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:16.220272064 CEST	53	51412	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:17.351723909 CEST	53	63694	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:18.014306068 CEST	59178	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:18.014424086 CEST	50722	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:18.072881937 CEST	53	59178	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:18.077488899 CEST	53	50722	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:19.306097031 CEST	50534	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:19.306960106 CEST	55963	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:19.316205978 CEST	53	55963	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:19.328882933 CEST	53	50534	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:19.667340994 CEST	56365	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:19.667810917 CEST	59278	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:19.674123049 CEST	53	56365	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:19.674674034 CEST	53	59278	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:20.298559904 CEST	57365	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:20.299294949 CEST	58131	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:20.345890999 CEST	53	57365	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:20.356832027 CEST	53	58131	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:20.862222910 CEST	59298	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:20.863328934 CEST	54300	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:20.865436077 CEST	64044	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:20.867587090 CEST	58005	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:20.987540007 CEST	53	64044	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:20.987869978 CEST	53	54300	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:20.988060951 CEST	53	58005	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:20.990906954 CEST	53	59298	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:21.068280935 CEST	57394	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:21.069036961 CEST	59193	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:21:21.080127954 CEST	53	59193	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:21.080143929 CEST	53	57394	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:34.357040882 CEST	53	64310	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:53.357899904 CEST	53	52759	1.1.1.1	192.168.2.5
Sep 29, 2024 15:21:57.402661085 CEST	53	60453	1.1.1.1	192.168.2.5
Sep 29, 2024 15:22:15.695015907 CEST	53	54464	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 15:21:18.014306068 CEST	192.168.2.5	1.1.1.1	0x9d6e	Standard query (0)	calvin.pentairrebate.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:18.014424086 CEST	192.168.2.5	1.1.1.1	0x3cb8	Standard query (0)	calvin.pentairrebate.com	65	IN (0x0001)	false
Sep 29, 2024 15:21:19.306097031 CEST	192.168.2.5	1.1.1.1	0x3fca	Standard query (0)	d38psrni17bvxu.cloudfront.net	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.306960106 CEST	192.168.2.5	1.1.1.1	0x34b9	Standard query (0)	d38psrni17bvxu.cloudfront.net	65	IN (0x0001)	false
Sep 29, 2024 15:21:19.667340994 CEST	192.168.2.5	1.1.1.1	0x7349	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.667810917 CEST	192.168.2.5	1.1.1.1	0xae5c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 15:21:20.298559904 CEST	192.168.2.5	1.1.1.1	0x54b9	Standard query (0)	calvin.pentairrebate.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:20.299294949 CEST	192.168.2.5	1.1.1.1	0x7962	Standard query (0)	calvin.pentairrebate.com	65	IN (0x0001)	false
Sep 29, 2024 15:21:20.862222910 CEST	192.168.2.5	1.1.1.1	0x57dd	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:20.863328934 CEST	192.168.2.5	1.1.1.1	0x4d02	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 15:21:20.865436077 CEST	192.168.2.5	1.1.1.1	0x65e1	Standard query (0)	syndicatedsearch.goog	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:20.867587090 CEST	192.168.2.5	1.1.1.1	0xa2a1	Standard query (0)	syndicatedsearch.goog	65	IN (0x0001)	false
Sep 29, 2024 15:21:21.068280935 CEST	192.168.2.5	1.1.1.1	0x2af7	Standard query (0)	d38psrni17bvxu.cloudfront.net	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:21.069036961 CEST	192.168.2.5	1.1.1.1	0x75f0	Standard query (0)	d38psrni17bvxu.cloudfront.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 15:21:18.072881937 CEST	1.1.1.1	192.168.2.5	0x9d6e	No error (0)	calvin.pentairrebate.com		185.53.179.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.328882933 CEST	1.1.1.1	192.168.2.5	0x3fca	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.138	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.328882933 CEST	1.1.1.1	192.168.2.5	0x3fca	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.135	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.328882933 CEST	1.1.1.1	192.168.2.5	0x3fca	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.69	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.328882933 CEST	1.1.1.1	192.168.2.5	0x3fca	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.190	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.674123049 CEST	1.1.1.1	192.168.2.5	0x7349	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:19.674674034 CEST	1.1.1.1	192.168.2.5	0xae5c	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 15:21:20.345890999 CEST	1.1.1.1	192.168.2.5	0x54b9	No error (0)	calvin.pentairrebate.com		185.53.179.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:20.987540007 CEST	1.1.1.1	192.168.2.5	0x65e1	No error (0)	syndicatedsearch.goog		216.58.206.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:20.987869978 CEST	1.1.1.1	192.168.2.5	0x4d02	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 15:21:20.990906954 CEST	1.1.1.1	192.168.2.5	0x57dd	No error (0)	www.google.com		142.250.181.228	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:21.080143929 CEST	1.1.1.1	192.168.2.5	0x2af7	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.69	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:21.080143929 CEST	1.1.1.1	192.168.2.5	0x2af7	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.190	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:21.080143929 CEST	1.1.1.1	192.168.2.5	0x2af7	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.135	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:21.080143929 CEST	1.1.1.1	192.168.2.5	0x2af7	No error (0)	d38psrni17bvxu.cloudfront.net		18.66.121.138	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:31.886354923 CEST	1.1.1.1	192.168.2.5	0x2730	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:31.886354923 CEST	1.1.1.1	192.168.2.5	0x2730	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:32.419548988 CEST	1.1.1.1	192.168.2.5	0x8e0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:21:32.419548988 CEST	1.1.1.1	192.168.2.5	0x8e0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:21:45.715890884 CEST	1.1.1.1	192.168.2.5	0x97fc	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:21:45.715890884 CEST	1.1.1.1	192.168.2.5	0x97fc	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:22:40.983021021 CEST	1.1.1.1	192.168.2.5	0x51d1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:22:40.983021021 CEST	1.1.1.1	192.168.2.5	0x51d1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

calvin.pentairrebate.com

https:

d38psrni17bvxu.cloudfront.net

www.google.com

www.bing.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	185.53.179.172	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:18 UTC	667	OUT	GET / HTTP/1.1 Host: calvin.pentairrebate.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:19 UTC	1115	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Alt-Svc: h3=":8443"; ma=2592000 Content-Type: text/html; charset=UTF-8 Date: Sun, 29 Sep 2024 13:21:19 GMT Host: {http.reverse_proxy.upstream.hostport} Server: Caddy Server: nginx Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_BeHcXRSnP6pMqARS3MdVUX4c3M15Hmw3SwUQNBiQXPMO6NEQbnnMGn1yrz/LtqmTuRSSn0HKh6b2eWwQIgnugQ== X-Buckets: bucket011,bucket088,bucket089 X-Domain: pentairrebate.com X-Forwarded-Host: calvin.pentairrebate.com X-Language: english X-Pcrew-Blocked-Reason: X-Pcrew-Ip-Organization: CenturyLink X-Ssl-C: v1 X-Ssl-Proxy: v3 X-Subdomain: calvin X-Template: tpl_CleanPeppermintBlack_twoclick Connection: close Transfer-Encoding: chunked
2024-09-29 13:21:19 UTC	2372	IN	Data Raw: 33 63 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44 46 45 54 58 52 6e 30 48 72 30 35 66 55 50 37 45 4a 54 37 37 78 59 6e 50 6d 52 62 70 4d 79 34 76 6b 38 4b 59 69 48 6e 6b 4e 70 65 64 6e 6a 4f 41 4e 4a 63 61 58 44 58 63 4b 51 4a 4e 30 6e 58 4b 5a 4a 4c 37 54 63 69 4a 44 38 41 6f 48 58 4b 31 35 38 43 41 77 45 41 41 51 3d 3d 5f 42 65 48 63 58 52 53 6e 50 36 70 4d 71 41 52 53 33 4d 64 56 55 58 34 63 33 4d 31 35 48 6d 77 33 53 77 55 51 4e 42 69 51 58 50 4d 4f 36 4e 45 51 62 6e 6e 4d 47 6e 31 79 72 7a 2f 4c 74 71 6d 54 75 52 53 53 6e 30 48 4b 68 36 62 32 65 57 77 51 49 Data Ascii: 3c8e<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_BeHcXRSnP6pMqARS3MdVUX4c3M15Hmw3SwUQNBiQXPMO6NEQbnnMGn1yrz/LtqmTuRSSn0HKh6b2eWwQI
2024-09-29 13:21:19 UTC	1724	IN	Data Raw: 65 72 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 32 72 65 6d 3b 0a 7d 0a 0a 2e 61 64 73 48 6f 6c 64 65 72 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 72 65 6d 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 32 72 65 6d 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 7d 0a 0a 2e 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 36 32 36 35 37 34 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 32 72 65 6d 20 31 72 65 6d 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 72 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 34 34 30 70 78 3b 0a 7d 0a 0a 2e 66 6f 6f 74 65 72 20 61 3a 6c 69 6e 6b 2c 0a 2e 66 6f 6f 74 65 72 20 61 3a 76 69 Data Ascii: er { padding-top: 2rem;}.adsHolder { margin: 1rem 0; padding-top: 2rem; overflow:hidden;}.footer { color:#626574; padding:2rem 1rem; font-size:.8rem; margin:0 auto; max-width:440px;}.footer a:link,.footer a:vi
2024-09-29 13:21:19 UTC	4744	IN	Data Raw: 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 47 68 6c 61 57 64 6f 64 44 30 69 4d 6a 51 69 49 48 5a 70 5a 58 64 43 62 33 67 39 49 6a 41 67 4d 43 41 79 4e 43 41 79 4e 43 49 67 64 32 6c 6b 64 47 67 39 49 6a 49 30 49 6a 34 38 63 47 46 30 61 43 42 6b 50 53 4a 4e 4d 43 41 77 61 44 49 30 64 6a 49 30 53 44 42 36 49 69 42 6d 61 57 78 73 50 53 4a 75 62 32 35 6c 49 69 38 2b 50 48 42 68 64 47 67 67 5a 44 30 69 54 54 55 75 4f 44 67 67 4e 43 34 78 4d 6b 77 78 4d 79 34 33 4e 69 41 78 4d 6d 77 74 4e 79 34 34 4f 43 41 33 4c 6a 67 34 54 44 67 67 4d 6a 4a 73 4d 54 41 74 4d 54 42 4d 4f 43 41 79 65 69 49 76 50 6a 77 76 63 33 5a 6e 50 67 3d 3d 27 29 3b 0a 7d 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 Data Ascii: MjAwMC9zdmciIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0Ij48cGF0aCBkPSJNMCAwaDI0djI0SDB6IiBmaWxsPSJub25lIi8+PHBhdGggZD0iTTUuODggNC4xMkwxMy43NiAxMmwtNy44OCA3Ljg4TDggMjJsMTAtMTBMOCAyeiIvPjwvc3ZnPg==');}</style> <meta name="og:description" c
2024-09-29 13:21:19 UTC	5930	IN	Data Raw: 70 3f 64 6f 6d 61 69 6e 3d 22 20 2b 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 64 6f 6d 61 69 6e 29 20 2b 20 22 26 63 61 66 3d 31 26 74 6f 67 67 6c 65 3d 65 72 72 6f 72 63 6f 64 65 26 63 6f 64 65 3d 22 20 2b 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 73 74 61 74 75 73 2e 65 72 72 6f 72 5f 63 6f 64 65 29 20 2b 20 22 26 75 69 64 3d 22 20 2b 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 75 6e 69 71 75 65 54 72 61 63 6b 69 6e 67 49 44 29 29 3b 69 66 20 28 5b 31 38 2c 20 31 39 5d 2e 69 6e 64 65 78 4f 66 28 70 61 72 73 65 49 6e 74 28 73 74 61 74 75 73 2e 65 72 72 6f 72 5f 63 6f 64 65 29 29 20 21 3d 20 2d 31 20 26 26 20 66 61 6c 6c 62 61 63 6b 54 72 69 67 67 65 72 65 64 20 3d 3d 20 66 61 6c 73 65 29 20 7b 66 61 6c Data Ascii: p?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=errorcode&code=" + encodeURIComponent(status.error_code) + "&uid=" + encodeURIComponent(uniqueTrackingID));if ([18, 19].indexOf(parseInt(status.error_code)) != -1 && fallbackTriggered == false) {fal
2024-09-29 13:21:19 UTC	738	IN	Data Raw: 20 73 63 72 69 70 74 50 61 74 68 2c 20 27 63 36 35 32 36 31 65 35 31 63 39 33 35 64 33 35 36 62 63 32 37 61 39 37 34 37 30 64 63 64 31 36 64 33 33 62 31 62 61 66 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 78 28 70 61 67 65 4f 70 74 69 6f 6e 73 2c 20 7b 20 22 73 74 79 6c 65 49 64 22 3a 37 38 34 30 33 39 36 30 33 37 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 65 74 4c 6f 61 64 46 65 65 64 41 72 67 75 6d 65 6e 74 73 28 29 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 20 61 72 67 75 6d 65 6e 74 73 20 3d 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 67 65 4f 70 74 69 6f 6e 73 0a 20 20 20 20 20 20 20 20 5d 3b Data Ascii: scriptPath, 'c65261e51c935d356bc27a97470dcd16d33b1baf');</script><script type='text/javascript'>x(pageOptions, { "styleId":7840396037});</script><script> function getLoadFeedArguments() { let arguments = [ pageOptions ];
2024-09-29 13:21:19 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-09-29 13:21:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49710	185.53.179.172	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:19 UTC	800	OUT	GET /track.php?domain=pentairrebate.com&toggle=browserjs&uid=MTcyNzYxNjA3OS4wMTc4OmEwYmMwMjMyNGU1ZDcxNjc1Y2UyNzAwYjAyZjQ2NGUwYzdhYzg2YWQyNjUzYjY4MTgxZWQ4MGRhNzY0NDUzMDg6NjZmOTU0NGYwNDVhMg%3D%3D HTTP/1.1 Host: calvin.pentairrebate.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" device-memory: 8 rtt: 300 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 viewport-width: 1280 dpr: 1 downlink: 1.35 ect: 3g sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://calvin.pentairrebate.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:19 UTC	716	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Origin: * Alt-Svc: h3=":8443"; ma=2592000 Content-Type: text/html; charset=UTF-8 Date: Sun, 29 Sep 2024 13:21:19 GMT Host: {http.reverse_proxy.upstream.hostport} Server: Caddy Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs X-Forwarded-Host: calvin.pentairrebate.com X-Ssl-C: v1 X-Ssl-Proxy: v3 Connection: close Transfer-Encoding: chunked
2024-09-29 13:21:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	18.66.121.138	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:20 UTC	648	OUT	GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://calvin.pentairrebate.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:20 UTC	436	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 11375 Connection: close Server: nginx Date: Sun, 29 Sep 2024 11:32:41 GMT Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT Accept-Ranges: bytes ETag: "65fc1e7b-2c6f" X-Cache: Hit from cloudfront Via: 1.1 2816426ad1adbedbdd23d4cdf80c2de2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P2 X-Amz-Cf-Id: Ah9dr5ZdAfF4sw3J4F-Rmz-WQrOKh-hmyiidmqBRNEjh0sZTzKMPXg== Age: 6519
2024-09-29 13:21:20 UTC	11375	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 dc 00 00 02 58 08 03 00 00 00 4f 6d d4 16 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 00 50 4c 54 45 00 00 00 ff ff ff 63 64 74 49 4b 5e 49 4b 5d 49 4b 5c 30 33 49 48 4b 5f 61 63 73 63 65 75 62 64 74 63 65 74 15 19 30 3d 40 53 48 4b 5d 49 4c 5d 48 4b 5c 4d 50 62 4e 51 62 4f 52 63 12 17 2e 14 19 30 22 26 3b 28 2c 40 2b 2f 42 30 34 49 2e 32 46 2f 33 47 2d 31 44 30 34 48 2e 32 45 30 34 47 31 35 48 32 36 49 35 39 4c 38 3c 50 36 3a 4d 39 3d 51 37 3b 4e 3a 3e 52 3a 3e 51 3b 3f 52 3c 40 53 49 4c 5c 62 65 75 61 64 74 62 65 74 63 66 74 62 65 73 13 18 2d 15 1a 30 1b 20 35 1c 21 36 1d 22 37 1e 23 38 1d 22 36 1f 24 39 20 25 3a 21 26 3b Data Ascii: PNGIHDRXOmtEXtSoftwareAdobe ImageReadyqe<PLTEcdtIK^IK]IK\03IHK_acsceubdtcet0=@SHK]IL]HK\MPbNQbORc.0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes-0 5!6"7#8"6$9 %:!&;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49715	172.217.18.4	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:20 UTC	660	OUT	GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://calvin.pentairrebate.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:20 UTC	845	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 153198 Date: Sun, 29 Sep 2024 13:21:20 GMT Expires: Sun, 29 Sep 2024 13:21:20 GMT Cache-Control: private, max-age=3600 ETag: "16155903164772261079" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-29 13:21:20 UTC	545	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 68 61 73 68 3a 22 31 37 33 38 33 36 33 33 34 36 34 33 37 30 36 31 35 35 35 33 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 31 34 33 37 2c 31 37 33 30 31 34 33 39 2c 31 37 33 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"17383633464370615553",packages:"domains",module:"ads",version:"1",m:{cei:"17301437,17301439,173
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 6f 6d 61 69 6e 22 3a 74 72 75 65 2c 22 5f 77 61 69 74 4f 6e 43 6f 6e 73 65 6e 74 46 6f 72 46 69 72 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 45 6e 68 61 6e 63 65 64 54 61 72 67 65 74 69 6e 67 52 73 6f 6e 63 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 4e 6f 6e 62 6c 6f 63 6b 69 6e 67 53 61 73 43 6f 6f 6b 69 65 22 3a 74 72 75 65 7d 2c 6d 64 70 3a 31 38 30 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 69 35 75 5a 58 51 73 64 48 4a 68 62 6e 4e 73 59 Data Ascii: omain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsY
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 61 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6e 65 7d 3b 76 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 71 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 Data Ascii: a;c.prototype.toString=function(){return this.ne};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});q("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Arr
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 74 20 65 78 74 65 6e 73 69 62 6c 65 22 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 76 61 72 20 70 61 3d 6c 61 3b 0a 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6b 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 69 66 28 70 61 29 70 61 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 63 21 3d 22 70 72 6f 74 6f 74 79 70 65 22 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 Data Ascii: t extensible");return a}:null}var pa=la;function qa(a,b){a.prototype=ka(b.prototype);a.prototype.constructor=a;if(pa)pa(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProp
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 0a 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 55 66 28 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 66 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 62 64 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 67 67 28 68 2c 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 63 65 28 32 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 4c 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 Data Ascii: ion":h=!0;break a;default:h=!1}h?this.Uf(g):this.Ld(g)}};b.prototype.Uf=function(g){var h=void 0;try{h=g.then}catch(k){this.bd(k);return}typeof h=="function"?this.gg(h,g):this.Ld(g)};b.prototype.bd=function(g){this.ce(2,g)};b.prototype.Ld=function(g){thi
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 72 2c 74 29 7b 6c 3d 72 3b 6d 3d 74 7d 29 3b 74 68 69 73 2e 69 62 28 6b 28 67 2c 6c 29 2c 6b 28 68 2c 6d 29 29 3b 72 65 74 75 72 6e 20 70 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 62 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 0a 68 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 42 29 7b 63 61 73 65 20 31 3a 67 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 68 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 Data Ascii: new b(function(r,t){l=r;m=t});this.ib(k(g,l),k(h,m));return p};b.prototype.catch=function(g){return this.then(void 0,g)};b.prototype.ib=function(g,h){function k(){switch(l.B){case 1:g(l.Xa);break;case 2:h(l.Xa);break;default:throw Error("Unexpected state
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 65 28 6b 29 7b 69 66 28 21 73 61 28 6b 2c 67 29 29 7b 76 61 72 20 6c 3d 6e 65 77 20 63 3b 63 61 28 6b 2c 67 2c 7b 76 61 6c 75 65 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6c 3d 4f Data Ascii: unction e(k){if(!sa(k,g)){var l=new c;ca(k,g,{value:l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Object.seal({}),l=O
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 3a 68 2c 49 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 0a 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 49 3a 76 6f 69 64 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 68 29 7b 68 3d 75 28 68 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 68 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d Data Ascii: :h,I:p}}return{id:l,list:m,index:-1,I:void 0}}function e(h){this[0]={};this[1]=b();this.size=0;if(h){h=u(h);for(var k;!(k=h.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!=
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 79 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 68 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 67 3d 30 3b 72 Data Ascii: y})};e.prototype.values=function(){return c(this,function(h){return h.value})};e.prototype.forEach=function(h,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,h.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.entries;var g=0;r
2024-09-29 13:21:20 UTC	1390	IN	Data Raw: 5d 21 3d 62 5b 2d 2d 65 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 65 3c 3d 30 7d 7d 29 3b 0a 71 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 73 61 28 62 2c 64 29 26 26 63 2e 70 75 73 68 28 5b 64 2c 62 5b 64 5d 5d 29 3b 72 65 74 75 72 6e 20 63 7d 7d 29 3b 71 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 Data Ascii: ]!=b[--e])return!1;return e<=0}});q("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)sa(b,d)&&c.push([d,b[d]]);return c}});q("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49714	185.53.179.172	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:20 UTC	676	OUT	GET /ls.php?t=66f9544f&token=c65261e51c935d356bc27a97470dcd16d33b1baf HTTP/1.1 Host: calvin.pentairrebate.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" device-memory: 8 rtt: 300 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 viewport-width: 1280 dpr: 1 downlink: 1.35 ect: 3g sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://calvin.pentairrebate.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:20 UTC	1042	IN	HTTP/1.1 201 Created Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Origin: Access-Control-Max-Age: 86400 Alt-Svc: h3=":8443"; ma=2592000 Charset: utf-8 Content-Type: text/javascript;charset=UTF-8 Date: Sun, 29 Sep 2024 13:21:20 GMT Host: {http.reverse_proxy.upstream.hostport} Server: Caddy Server: nginx X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_bO2RoasiuI8hXrBG0uJ/I+qnH0aJMLsLLcG6mKpn4k+knU6xjGRxJdAZFuTaKy64jt1RNgxtDGSRmZ995k8C1w== X-Forwarded-Host: calvin.pentairrebate.com X-Log-Success: 66f95450cdd3fc974600d734 X-Ssl-C: v1 X-Ssl-Proxy: v3 Connection: close Transfer-Encoding: chunked
2024-09-29 13:21:20 UTC	22	IN	Data Raw: 31 30 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 7d 0d 0a Data Ascii: 10{"success":true}
2024-09-29 13:21:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49717	185.53.179.172	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:21 UTC	536	OUT	GET /track.php?domain=pentairrebate.com&toggle=browserjs&uid=MTcyNzYxNjA3OS4wMTc4OmEwYmMwMjMyNGU1ZDcxNjc1Y2UyNzAwYjAyZjQ2NGUwYzdhYzg2YWQyNjUzYjY4MTgxZWQ4MGRhNzY0NDUzMDg6NjZmOTU0NGYwNDVhMg%3D%3D HTTP/1.1 Host: calvin.pentairrebate.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:21 UTC	716	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Origin: * Alt-Svc: h3=":8443"; ma=2592000 Content-Type: text/html; charset=UTF-8 Date: Sun, 29 Sep 2024 13:21:21 GMT Host: {http.reverse_proxy.upstream.hostport} Server: Caddy Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs X-Forwarded-Host: calvin.pentairrebate.com X-Ssl-C: v1 X-Ssl-Proxy: v3 Connection: close Transfer-Encoding: chunked
2024-09-29 13:21:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49721	185.53.179.172	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:21 UTC	687	OUT	GET /favicon.ico HTTP/1.1 Host: calvin.pentairrebate.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" device-memory: 8 rtt: 300 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 viewport-width: 1280 dpr: 1 downlink: 1.35 ect: 3g sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://calvin.pentairrebate.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:22 UTC	393	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Alt-Svc: h3=":8443"; ma=2592000 Content-Length: 0 Content-Type: image/x-icon Date: Sun, 29 Sep 2024 13:21:21 GMT Etag: "66f513bb-0" Host: {http.reverse_proxy.upstream.hostport} Last-Modified: Thu, 26 Sep 2024 07:56:43 GMT Server: Caddy Server: nginx X-Forwarded-Host: calvin.pentairrebate.com X-Ssl-C: v1 X-Ssl-Proxy: v3 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49722	18.66.121.69	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:21 UTC	404	OUT	GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:22 UTC	436	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 11375 Connection: close Server: nginx Date: Sun, 29 Sep 2024 11:32:41 GMT Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT Accept-Ranges: bytes ETag: "65fc1e7b-2c6f" X-Cache: Hit from cloudfront Via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P2 X-Amz-Cf-Id: RMihP8TQ6hC7gnRZfwJHHUULXw2l_X2ihjIrlvcsHNuQBG8mO66EdQ== Age: 6520
2024-09-29 13:21:22 UTC	11375	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 dc 00 00 02 58 08 03 00 00 00 4f 6d d4 16 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 00 50 4c 54 45 00 00 00 ff ff ff 63 64 74 49 4b 5e 49 4b 5d 49 4b 5c 30 33 49 48 4b 5f 61 63 73 63 65 75 62 64 74 63 65 74 15 19 30 3d 40 53 48 4b 5d 49 4c 5d 48 4b 5c 4d 50 62 4e 51 62 4f 52 63 12 17 2e 14 19 30 22 26 3b 28 2c 40 2b 2f 42 30 34 49 2e 32 46 2f 33 47 2d 31 44 30 34 48 2e 32 45 30 34 47 31 35 48 32 36 49 35 39 4c 38 3c 50 36 3a 4d 39 3d 51 37 3b 4e 3a 3e 52 3a 3e 51 3b 3f 52 3c 40 53 49 4c 5c 62 65 75 61 64 74 62 65 74 63 66 74 62 65 73 13 18 2d 15 1a 30 1b 20 35 1c 21 36 1d 22 37 1e 23 38 1d 22 36 1f 24 39 20 25 3a 21 26 3b Data Ascii: PNGIHDRXOmtEXtSoftwareAdobe ImageReadyqe<PLTEcdtIK^IK]IK\03IHK_acsceubdtcet0=@SHK]IL]HK\MPbNQbORc.0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes-0 5!6"7#8"6$9 %:!&;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49720	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:21 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 13:21:22 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=98621 Date: Sun, 29 Sep 2024 13:21:21 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:22 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 13:21:22 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=98650 Date: Sun, 29 Sep 2024 13:21:22 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 13:21:22 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49724	185.53.179.172	443	3408	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:24 UTC	359	OUT	GET /favicon.ico HTTP/1.1 Host: calvin.pentairrebate.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:21:24 UTC	393	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Alt-Svc: h3=":8443"; ma=2592000 Content-Length: 0 Content-Type: image/x-icon Date: Sun, 29 Sep 2024 13:21:24 GMT Etag: "66f513bb-0" Host: {http.reverse_proxy.upstream.hostport} Last-Modified: Thu, 26 Sep 2024 07:56:43 GMT Server: Caddy Server: nginx X-Forwarded-Host: calvin.pentairrebate.com X-Ssl-C: v1 X-Ssl-Proxy: v3 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49727	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:21:32 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1727616060801&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-09-29 13:21:32 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-09-29 13:21:32 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-09-29 13:21:32 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9912578F7A9B4DEDA2E5094A9E646114 Ref B: LAX311000108033 Ref C: 2024-09-29T13:21:32Z Date: Sun, 29 Sep 2024 13:21:32 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1727616092.2b3994e8

Target ID:	0
Start time:	09:21:12
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:21:15
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2448,i,8510997923148064608,10998195807398726473,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:21:17
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://calvin.pentairrebate.com/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://calvin.pentairrebate.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3576, Parent PID: 5464

General

Windows Analysis Report
https://calvin.pentairrebate.com/