Edit tour

Windows Analysis Report
https://goqr.me/

Overview

General Information

Sample URL:	https://goqr.me/
Analysis ID:	1538299
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,538960023989471502,110857662081935292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://goqr.me/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://goqr.me/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1852,i,18311815613419120576,11550976993936465481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49763 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_mug.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_button.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_businesscard.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/Flags/de.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_default.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_error.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_loading.gif HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_nodata.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_tshirt.png HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goqr.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.woff HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goqr.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/general_foundicons.woff HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goqr.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regular-webfont.woff HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goqr.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regularitalic-webfont.woff HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goqr.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_tshirt.png HTTP/1.1Host: goqr.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.ttf HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goqr.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/general_foundicons.ttf HTTP/1.1Host: goqr.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goqr.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: goqr.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=32365-32365If-Range: "661e5c17-e036"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: goqr.meConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=32365-32365If-Range: "661e5c17-e036"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: goqr.meConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=32365-32365If-Range: "661e5c17-e036"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: goqr.meConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=32365-32365If-Range: "661e5c17-e036"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: goqr.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: goqr.me
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_38.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_38.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?tr%26ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDe
Source: chromecache_37.2.dr	String found in binary or memory: https://buy-me-a.coffee/paypal/coffee-donation-goQR.me/
Source: chromecache_37.2.dr	String found in binary or memory: https://goqr.me/
Source: chromecache_37.2.dr	String found in binary or memory: https://www.denso-wave.com/en/
Source: chromecache_37.2.dr	String found in binary or memory: https://www.zazzle.com/?rf=238299094483492343

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49763 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@24/13@8/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,538960023989471502,110857662081935292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://goqr.me/"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://goqr.me/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1852,i,18311815613419120576,11550976993936465481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,538960023989471502,110857662081935292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1852,i,18311815613419120576,11550976993936465481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://jqueryui.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
goqr.me	162.55.210.124	true	false	unknown
www.google.com	142.250.185.196	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_button.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_mug.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/qr_loading.gif	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/qr_default.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/general_foundicons.ttf	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.woff	false	unknown
https://goqr.me/	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.ttf	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/general_foundicons.woff	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regular-webfont.woff	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_tshirt.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/qr_nodata.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/qr_error.png	false	unknown
http://goqr.me/	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_businesscard.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/Flags/de.png	false	unknown
https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regularitalic-webfont.woff	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.zazzle.com/?rf=238299094483492343	chromecache_37.2.dr	false		unknown
https://buy-me-a.coffee/paypal/coffee-donation-goQR.me/	chromecache_37.2.dr	false		unknown
https://www.denso-wave.com/en/	chromecache_37.2.dr	false		unknown
http://jqueryui.com	chromecache_38.2.dr	false	URL Reputation: safe	unknown
http://jqueryui.com/themeroller/?tr%26ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDe	chromecache_38.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
162.55.210.124	goqr.me	United States	35893	ACPCA	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538299
Start date and time:	2024-10-20 23:50:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://goqr.me/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@24/13@8/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.206, 64.233.167.84, 34.104.35.123, 20.12.23.50, 217.20.57.18, 192.229.221.95
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, sls.update.microsoft.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://goqr.me/

Simulations

Behavior and APIs

⊘No simulations

QR Codes

Source	URL
Screenshot	http://goQR.me

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 36

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 26588, version 1.0
Category:	downloaded
Size (bytes):	26588
Entropy (8bit):	7.978994724982954
Encrypted:	false
SSDEEP:	768:GvP2P3edF+EywLRraKiIHK40/iUj5jOhn:wPQeaQh+r40/ZljOhn
MD5:	40E70084282FC3B2AAFF5D2B4D487CDE
SHA1:	6D6CA06B8F6B8D0D290A73AB34B4A1C0F6455102
SHA-256:	8DBE8457CC41E254CB7FCD4DFA77C52C16413C18F35A370B77C5F07B4895562A
SHA-512:	09F8D649514140BB0935D5535C5C4F622776FF374135086DF7057FE42F48DF86877863B6D763C61E9262A0D2C40ED6FD018A2DF145844347E1B3DB28F2CEC11A
Malicious:	false
Reputation:	low
URL:	https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regularitalic-webfont.woff
Preview:	wOFF......g.................................FFTM............a...GDEF........... ....GPOS.......]...v/...GSUB...D...M...h.. .OS/2.......O...`v.r.cmap.......x....w...cvt ...\...<...<....fpgm...........eS./.gasp...L............glyf...T..X....0-..head.._D...1...6.k.3hhea.._x..."...$... hmtx.._....Q....f...loca..a.........T.,2maxp..c.... ... ....name..c....x....FR`.post..eH........K/W.prep..g,........)mQ.webf..g.........&.O..........o1......Wz.......Mx.c`d``..b...`b`..@...1...!....x.c`d``.b0`.c`rq..a..I,.c.b`..3.....Gf3&...0p.X`...9......E......-P..a..Y........... ...\|f.....x.c`d``.b0`.c`rq..a..I,.c.b`..3.....Gf3..%&3p.X`.....9.......T.e...............x.c`f>.8............@4.2....Li.@.....@...z...y.......$k.8...&..X.X;.......#.S.x.c```f.`..F..8..1..,.+........P..1............).9.%.5.}.+.x.5.J......W`X...U. . . .Ug.P....C............=..`...v<..`.......)<........W...$................./ ($,"*&.!)%-#+'................o`hdlbjfnaiemckg.......................................=y...,[.\|..

Chrome Cache Entry: 37

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1082)
Category:	downloaded
Size (bytes):	32365
Entropy (8bit):	5.021165632956335
Encrypted:	false
SSDEEP:	384:m0gsX0BOcUzuIVO1TXk0OkKFOW6nGwtrLLcwtOCOfwtqW2OjO2VXO1LiOI8bJbY/:SSz6T+wgaHakbyEJm8z3x
MD5:	C58A1F173BD86414304E5E9E7B957DFE
SHA1:	6F565320E92210DBAFD7308208BD625B4F51F2A3
SHA-256:	7E99E8A7096615BB7B62A1EC85DC17B02B98DEF49B877422F17723526C84BDE9
SHA-512:	0485FB9F610FCA7093CC579B0099BABE7D17DD00197D760E8376E3C026A577B062BDE6DCF196849B4135C059D75328296D8F9FE559D8EFB6B016136BBB6956A3
Malicious:	false
Reputation:	low
URL:	https://goqr.me/
Preview:	<!DOCTYPE html><html version="HTML+RDFa 1.1" xmlns="http://www.w3.org/1999/xhtml" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" data-locale="en">.......<head><meta charset="UTF-8" /><meta name="description" content="Free for everyone (commercial and print usage allowed). QR codes on business cards, T-Shirts, mugs and more! Logo QR code possible." /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>QR Code Generator . create QR codes for free (Logo, T-Shirt, vCard, EPS)</title>........<link rel="stylesheet" href="//goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css"/>.......<link rel="canonical" href="https://goqr.me/" />........</head><body><a name="top"></a>..<div class="top-bar">...<div id="top-bar-contents">....<ul class="title-area">..........<li class="name" id="topbar-logo">......<h1><a href="/">QR Code Generator</a></h1>.....</li>..........<li class="toggle-topbar menu-icon"><a href="#"><span>Menu</span></a></li>....</ul>...

Chrome Cache Entry: 38

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (57981)
Category:	downloaded
Size (bytes):	84662
Entropy (8bit):	5.10623166876132
Encrypted:	false
SSDEEP:	768:gzQ4dpZFDq00LpqUXvs4tWY3TTxi8FpIpyKGMVE3Bh7ZUSXMEt:jmZFDGLpqUXvs4LTxi8Um1Bh7aSXMEt
MD5:	81DA5310CCF07CD7FFABCBC778D91F88
SHA1:	DAB640EFB25B4E4CFDD155292DBB457AC2195136
SHA-256:	CC69285225F0F94D6AED27313B1B4E4C37209D6847FF076E3A0D4EA57C66B09E
SHA-512:	AEB991353B92DD014A99710BA5875A5A505F1E16CA8E2675BEBEB5C70350308E5C0C2A28F8B6D9244B27C93009074FD830865F0A09509B6A5996ADE404D51246
Malicious:	false
Reputation:	low
URL:	https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css
Preview:	/* normalize.css v2.1.0 \| MIT License \| git.io/normalize */article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:focus{outline:thin dotted}a:active,a:hover{outline:0}h1{font-size:2em;margin:0.67em 0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}mark{background:#ff0;color:#000}code,kbd,pre,samp{font-family:monospace, serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"\201C" "\201D" "\2018" "\2019"}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}fieldset{border:1px solid #c0c0c0;margin:0 2px;pad

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 24696, version 1.0
Category:	downloaded
Size (bytes):	24696
Entropy (8bit):	7.9733991922598655
Encrypted:	false
SSDEEP:	384:vIP8Ep+dMmYkZd09ah/IsjgC5McOJHQCdMpmcBjoCJPm3eH1RJXCX3GgrZ:vc83dMm109tg5McAwCqpmcpjZ6dZ
MD5:	7E6B7AE325A8D232917AE617D7A2FD70
SHA1:	3CE4B566FADAB31917199ADBB379C80A5DF2414F
SHA-256:	8DAAA4ED16297478AF007774FEBEFE6CA3674FDA47ED73E913B1B583D34883FB
SHA-512:	40BAD8A41773AAF4D1A0E8D478FF8D0B3A5F1DD4B1EF5818E3500F432D42591D882784A95BFFD49D10C21DC3B1B5B964A77FC9011F21F2966BD5CACF5344FC7D
Malicious:	false
Reputation:	low
URL:	https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regular-webfont.woff
Preview:	wOFF......`x................................FFTM............a...GDEF........... ....GPOS.......]...v/...GSUB...D...M...h.. .OS/2.......M...`v.r.cmap.......x....w...cvt ...\...L...L..._fpgm...........eS./.gasp...\............glyf...d..Q.....7...head..W....1...6.H..hhea..X,... ...$...mhmtx..XL...F.....@U_loca..Z............maxp..\T... ... ...3name..\t...K....=.X.post..].........K(W.prep.._........b77mCwebf..`p........&.O..........o1......W\|.......Gx.c`d``..b...`b`..@...1...!....x.c`d``.b0`.c`rq..a..I,.c.b`..3.....Gf3&...0p.X`...9......E......-P..a..Y........... ...\|f.....x.c`d``.b0`.c`rq..a..I,.c.b`..3.....Gf3..%&3p.X`.....9.......T.e...............x.c`f~.8.......,...,..t...)...J..;.3.8...~..........$..8...&..X.X;......P..%...x.c```f.`..F..8..1..,.+........P..1............).9.%.5.}.+.x.5.J......W`X...U. . . .Ug.P....C............=..`...v<..`.......)<........W...$................./ ($,"*&.!)%-#+'................o`hdlbjfnaiemckg.......................................=y...,[.\|..

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	32617
Entropy (8bit):	7.990889671231334
Encrypted:	true
SSDEEP:	768:lrbpeWPj+VcElVw3XRpq/RRZiDf5LQvkyEEOuNbh1:xbBr+VcEfqBpq/RREb5LQkW3Nd1
MD5:	E5B010BC5E2D2001DC650A589E6123FA
SHA1:	EDDF9AE31C25BEB9B8569B926D8AA447FAC06E1A
SHA-256:	3DCBB647C078E9F69C014FDC69E9FD709400A8FE3DF334C01B997F95D9E349AC
SHA-512:	6F5A6E0C3EC374F22A8AE8C8A36BBA4D7743280625E87E335B2421E3C9E45B74F23F512A695C2B75A2CA98BEA5D2C24C1F266E276712621E9F5DEB70D11E0F99
Malicious:	false
Reputation:	low
URL:	https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_tshirt.png
Preview:	.PNG........IHDR................e....sRGB.........pHYs.................bKGD............~.IDATx....egU......&U..J...D..w...QA.$...D...E...+...O.>....EQ.......T..& AH#IHS...:.....7...{........&.O...........s.....?...a..%._.........9.`...V..h.?,.8..W..8n.q.........`0.r:J...(..<[_./...m....(/Ft\.h..m.Z%}7..y..../....G~..C.....A....W.8.~H6ID-&..~...$.I...v.$e...".2.SQ.e....%..,.+.,.K...(.. .b...([.H.Z.....J:aPF...+..N.Ga.%Q..Y.n...t..p....2`}!.;..q..76H,.+.p...n.%qDJ J.,...q..:....d.t.+.8yYd$<EA....$& ..d$.N.....I..gHG...B......x..'.X....+...{I..XZ..-u..Y.?....F.,-... ".Bo.,O..HI..G.l........(h.y..PD.... .\.B~El`."..p\|M...:.._0..E..3.c..h.]In.-..lw8...g..4#..Q...,h.i.Kz..`0..t..e.QLRF.#....,(...yDB.D.j.p_.._k....N..^(.....'+.2.G..V.\|..2Z."..v.&."...33...C.-...5.... ...(k../.wi...225..N.SMXS.:)..EN...:kA.%..sA.u......X.s...2..X:..L.K...R....[.6.H..V.eA..8 ;..I..&A\.3..n..^.....N...\|4.h.......]!;...d.. ?.,I.2h.p,.......=q..I..{.._.o..y..G."..:.6;.Z..F.V...

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	32617
Entropy (8bit):	7.990889671231334
Encrypted:	true
SSDEEP:	768:lrbpeWPj+VcElVw3XRpq/RRZiDf5LQvkyEEOuNbh1:xbBr+VcEfqBpq/RREb5LQkW3Nd1
MD5:	E5B010BC5E2D2001DC650A589E6123FA
SHA1:	EDDF9AE31C25BEB9B8569B926D8AA447FAC06E1A
SHA-256:	3DCBB647C078E9F69C014FDC69E9FD709400A8FE3DF334C01B997F95D9E349AC
SHA-512:	6F5A6E0C3EC374F22A8AE8C8A36BBA4D7743280625E87E335B2421E3C9E45B74F23F512A695C2B75A2CA98BEA5D2C24C1F266E276712621E9F5DEB70D11E0F99
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................e....sRGB.........pHYs.................bKGD............~.IDATx....egU......&U..J...D..w...QA.$...D...E...+...O.>....EQ.......T..& AH#IHS...:.....7...{........&.O...........s.....?...a..%._.........9.`...V..h.?,.8..W..8n.q.........`0.r:J...(..<[_./...m....(/Ft\.h..m.Z%}7..y..../....G~..C.....A....W.8.~H6ID-&..~...$.I...v.$e...".2.SQ.e....%..,.+.,.K...(.. .b...([.H.Z.....J:aPF...+..N.Ga.%Q..Y.n...t..p....2`}!.;..q..76H,.+.p...n.%qDJ J.,...q..:....d.t.+.8yYd$<EA....$& ..d$.N.....I..gHG...B......x..'.X....+...{I..XZ..-u..Y.?....F.,-... ".Bo.,O..HI..G.l........(h.y..PD.... .\.B~El`."..p\|M...:.._0..E..3.c..h.]In.-..lw8...g..4#..Q...,h.i.Kz..`0..t..e.QLRF.#....,(...yDB.D.j.p_.._k....N..^(.....'+.2.G..V.\|..2Z."..v.&."...33...C.-...5.... ...(k../.wi...225..N.SMXS.:)..EN...:kA.%..sA.u......X.s...2..X:..L.K...R....[.6.H..V.eA..8 ;..I..&A\.3..n..^.....N...\|4.h.......]!;...d.. ?.,I.2h.p,.......=q..I..{.._.o..y..G."..:.6;.Z..F.V...

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 24324, version 1.0
Category:	downloaded
Size (bytes):	15984
Entropy (8bit):	7.962339503720279
Encrypted:	false
SSDEEP:	384:LE70UD0lAVze86QpAGPV9Gx5H7FXCleNlXdYxH8MgD0Hgu:Lg0lAVzLlpAq9Gx5bFXClIXd+h17
MD5:	C5CC66B44C71EFD69B03AAEAADE61EE7
SHA1:	7112DED911DEAB380D111504BB8F6D27DD87B3D0
SHA-256:	2B9B018D22864781FB30957AB5D1D7EA3991D26B9F226DC5DBD40974D8BEAE43
SHA-512:	9A0795E38E9A35A15109119D8885E32A052A701CD2EE21F3E6F5EBF641BC357BB55C445DC61DC0FC849ECD72D75247531F3D93FDB8C24ACDD0F848DD7CF8ABAB
Malicious:	false
Reputation:	low
URL:	https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.woff
Preview:	wOFF......_........4........................FFTM............a...GDEF........... ....GPOS.......]...v/...GSUB...D...M...h.. .OS/2.......N...`w.u.cmap.......x....w...cvt ...\...D...D.r.1fpgm...........eS./.gasp...T............glyf...\..PA...\|~.E.head..V....1...6.9.hhea..V.... ...$...4hmtx..V....9......Cmloca..Y0........\|$YZmaxp..Z.... ... ....name..[....N....9aU.post..\d........K(W.prep..^D.......?QMW.webf..^.........&.O..........o1......W{.......Fx.c`d``..b...`b`..@...1...!....x.c`d``.b0`.c`rq..a..I,.c.b`..3.....Gf3&...0p.X`...9......E......-P..a..Y........... ...\|f.....x.c`d``.b0`.c`rq..a..I,.c.b`..3.....Gf3..%&3p.X`.....9.......T.e...............x.c`f.........,...,..t...)..g.`..v f.qB........0.1..I.3.)00L..0...)..&.h..^..x.c```f.`..F..8..1..,.+........P..1............).9.%.5.}.+.x.5.J......W`X...U. . . .Ug.P....C............=..`...v<..`.......)<........W...$................./ ($,"&.!)%-#+'................o`hdlbjfnaiemckg.......................................=y...,[.\|..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 23:51:32.345437050 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 20, 2024 23:51:34.635788918 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:34.635826111 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:34.635906935 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:34.636229038 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:34.636260986 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:34.636331081 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:34.636461020 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:34.636475086 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:34.636722088 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:34.636735916 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:35.999068022 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:35.999366999 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:35.999447107 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.001245022 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.001317024 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.002672911 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.002787113 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.002904892 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.002923012 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.015897036 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.016130924 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.016145945 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.017611027 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.017678976 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.018316984 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.018424034 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.045607090 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.064260960 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:36.064280987 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:36.112533092 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.107961893 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.107985020 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.107994080 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.108012915 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.108062983 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.108184099 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.108185053 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.108226061 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.108292103 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.109752893 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.109775066 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.109822989 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.109831095 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.109863043 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.109883070 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.110949993 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.111006975 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.111078978 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.137989998 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.138585091 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.138612986 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.138744116 CEST	49735	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.138761997 CEST	443	49735	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.138791084 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.139822960 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.139832973 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.161572933 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.161582947 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.161662102 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.161822081 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.161874056 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.162141085 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.162168980 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.162173986 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.162509918 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.162535906 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.162539005 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.163108110 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.163113117 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.163142920 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.163381100 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.163398981 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.163600922 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.163625956 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.163881063 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.163896084 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.183403969 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.401303053 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:37.401360035 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:37.401429892 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:37.401644945 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:37.401667118 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:37.600528002 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600560904 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600568056 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600610971 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600632906 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600641966 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600790977 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.600790977 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.600812912 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.600869894 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.602633953 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.602642059 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.602670908 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.602715015 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.602725983 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.602741003 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.602771044 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.754385948 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.754409075 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.754606962 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.754623890 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.754683018 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.756917953 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.756932974 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.757031918 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.757045984 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.757085085 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.759366989 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.759392023 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.759419918 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.759433985 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.759442091 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.759474039 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.759495974 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.759505033 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.759553909 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.759887934 CEST	49736	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.759898901 CEST	443	49736	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.779259920 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.779298067 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:37.779376030 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.779587030 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:37.779603004 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.152503967 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:38.152614117 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:38.152715921 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:38.154167891 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:38.154201984 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:38.190495014 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.190850973 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.190865993 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.191344976 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.191704035 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.191785097 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.191843033 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.217238903 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.217454910 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.217483044 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.217484951 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.217900991 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.217935085 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.218369961 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.218518019 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.218543053 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.218554020 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.218570948 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.218914032 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.218941927 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.218971968 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.219002008 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.219016075 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.219331026 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.219413996 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.219420910 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.220066071 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.220134020 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.220434904 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.220518112 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.220532894 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.223015070 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.223180056 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.223190069 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.223511934 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.223787069 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.223831892 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.223860025 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.239443064 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.263405085 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.263413906 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.263446093 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.266385078 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.266391993 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.266391993 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.266400099 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.266437054 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.266434908 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.266453028 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.266469002 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.313230038 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.313256979 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.313354969 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.476039886 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:38.476835966 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:38.476918936 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:38.478355885 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:38.478441954 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:38.479774952 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:38.479865074 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:38.497006893 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.497144938 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.497299910 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.498229980 CEST	49741	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.498249054 CEST	443	49741	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.498703003 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.498771906 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.498850107 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.499192953 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.499219894 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.521604061 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:38.521630049 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:38.525490999 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.525535107 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.525708914 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.525748014 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.525831938 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.525890112 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.526288033 CEST	49745	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.526329041 CEST	443	49745	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.526724100 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.526752949 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.526823997 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.527264118 CEST	49744	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.527282953 CEST	443	49744	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.527718067 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.527806044 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.527909040 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.528028965 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.528048992 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.528817892 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.528857946 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.535001993 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.535054922 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.535101891 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.536187887 CEST	49742	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.536197901 CEST	443	49742	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.564677954 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:38.673166990 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.673212051 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.673285961 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.674166918 CEST	49743	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.674181938 CEST	443	49743	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.676889896 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.676924944 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.677000999 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.677218914 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.677237034 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.677292109 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.677546024 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.677552938 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.678092957 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.678105116 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.830993891 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.831268072 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.831307888 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.832803965 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.832878113 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.833296061 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.833379030 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.833422899 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.875328064 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:38.875343084 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:38.922019005 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.135588884 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.135660887 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.135725975 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.136544943 CEST	49747	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.136585951 CEST	443	49747	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.137698889 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.137723923 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.137794971 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.138122082 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.138134956 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.227994919 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.228084087 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.232501984 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.232536077 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.232775927 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.282641888 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.327409029 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.547804117 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.548099995 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.548141956 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.548516035 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.549304962 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.549387932 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.549504995 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.574136019 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.574453115 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.574538946 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.575043917 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.575579882 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.575668097 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.575763941 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.585095882 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.585347891 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.585398912 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.586906910 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.586997986 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.587440014 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.587529898 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.587601900 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.587620020 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.588134050 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.588197947 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.588341951 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.588392973 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.588439941 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.588439941 CEST	49748	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.588462114 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.588480949 CEST	443	49748	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.591424942 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.594048023 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.623397112 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.632817030 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.632848978 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.632973909 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.633253098 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:39.633270025 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:39.640892982 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.729093075 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.729391098 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.729401112 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.730290890 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.730350018 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.730799913 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.730859041 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.730957031 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.730962992 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.781521082 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.854479074 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.854517937 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.854572058 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.855263948 CEST	49749	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.855279922 CEST	443	49749	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.856260061 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.856350899 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.856547117 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.856816053 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.856853962 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.876152992 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.876224041 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:39.876442909 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.877763033 CEST	49750	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:39.877783060 CEST	443	49750	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042543888 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042576075 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042584896 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042634964 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.042650938 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042681932 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.042687893 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042695999 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.042705059 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.042742968 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.042763948 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.044238091 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.044258118 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.044336081 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.044342995 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.044379950 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.044390917 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.044431925 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.044847012 CEST	49751	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.044857025 CEST	443	49751	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.070094109 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.070116997 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.070199013 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.070488930 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.070502996 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184407949 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184426069 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184431076 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184453011 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184479952 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184647083 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.184647083 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.184657097 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184703112 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.184966087 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.184999943 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.185631990 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.185689926 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.186440945 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.186451912 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.186904907 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.187561035 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.187633991 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.187764883 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.188220978 CEST	49753	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.188227892 CEST	443	49753	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.205945969 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.206048965 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.206227064 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.206346035 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.206374884 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.208226919 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.211520910 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.211534977 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.212600946 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.212723017 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.213022947 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.213071108 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.213164091 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.213170052 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.235404968 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.266525984 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.491595984 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.491646051 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.491734982 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.596246958 CEST	49754	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.596256971 CEST	443	49754	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.599237919 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.599349976 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.603411913 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.603625059 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.603661060 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662183046 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662204981 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662213087 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662241936 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662251949 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662260056 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662280083 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.662297964 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.662339926 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.662374020 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.663469076 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.663532019 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.663537979 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.663557053 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.663634062 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.675062895 CEST	49752	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.675081015 CEST	443	49752	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.687299967 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:40.687500000 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:40.713824034 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:40.713831902 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:40.714128017 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:40.715459108 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:40.759411097 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:40.921433926 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.940413952 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.940490961 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.940881968 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.941504002 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.941581011 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:40.941654921 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.984481096 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:40.984509945 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.018784046 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:41.018840075 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:41.018889904 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:41.031415939 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:41.031433105 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:41.067981005 CEST	49761	80	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.069303036 CEST	49762	80	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.072851896 CEST	80	49761	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.073040009 CEST	49761	80	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.074764967 CEST	80	49762	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.074842930 CEST	49762	80	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.106551886 CEST	49761	80	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.111619949 CEST	80	49761	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.119699955 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.122466087 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.122483015 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.124150038 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.124217033 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.124631882 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.124813080 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.125108957 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.125114918 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.174679041 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.185472012 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:41.185496092 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:41.185564041 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:41.185846090 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:41.185858011 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:41.267093897 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.267508984 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.267561913 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.267894983 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.269231081 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.269301891 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.269387007 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.311431885 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395062923 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395083904 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395091057 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395123005 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395138025 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395148039 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395184994 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.395262003 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.395304918 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.395332098 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.396547079 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.396583080 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.396605968 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.396635056 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.396665096 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.396907091 CEST	49756	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.396939039 CEST	443	49756	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579490900 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579525948 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579538107 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579561949 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579574108 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579582930 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579593897 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.579632998 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.579647064 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.579700947 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.581579924 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.581605911 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.581649065 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.581660032 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.581688881 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.581702948 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.581707001 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.581748009 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.581793070 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.586309910 CEST	49758	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.586321115 CEST	443	49758	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.639025927 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.643860102 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.643908024 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.644264936 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.663480043 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.663567066 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.664136887 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.707429886 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.719862938 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.729801893 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.729845047 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:41.729901075 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.835184097 CEST	49759	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:41.835222960 CEST	443	49759	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.244214058 CEST	80	49761	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.244281054 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.244328976 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.244396925 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:42.247278929 CEST	49760	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:42.247324944 CEST	443	49760	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.255134106 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:42.255175114 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.255309105 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:42.255608082 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:42.255623102 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:42.262278080 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:42.262353897 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:42.267119884 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:42.267129898 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:42.267396927 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:42.272599936 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:42.297072887 CEST	49761	80	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:42.319448948 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:42.580089092 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:42.580153942 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:42.580322981 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:42.583697081 CEST	49763	443	192.168.2.4	184.28.90.27
Oct 20, 2024 23:51:42.583719015 CEST	443	49763	184.28.90.27	192.168.2.4
Oct 20, 2024 23:51:43.318779945 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.359981060 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.387643099 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.387656927 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.388108969 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.440959930 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.448577881 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.448666096 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.449100018 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.495403051 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.753060102 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.753225088 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:43.753278971 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.755203962 CEST	49764	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:43.755229950 CEST	443	49764	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:45.781032085 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:45.781088114 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:45.781173944 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:45.781335115 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:45.781457901 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:45.781531096 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:45.781868935 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:45.781883001 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:45.782036066 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:45.782069921 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.844983101 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.845815897 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:46.845844984 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.846221924 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.847194910 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:46.847259998 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.847774029 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:46.853123903 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.853404045 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:46.853429079 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.853810072 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.855026960 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:46.855093956 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.891447067 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:46.906642914 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:47.158210993 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:47.158281088 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:47.158412933 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:47.158679008 CEST	49767	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:47.158699989 CEST	443	49767	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:48.480340004 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:48.480396986 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:48.480473042 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:49.628112078 CEST	49746	443	192.168.2.4	142.250.185.196
Oct 20, 2024 23:51:49.628190041 CEST	443	49746	142.250.185.196	192.168.2.4
Oct 20, 2024 23:51:50.263740063 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 20, 2024 23:51:50.271025896 CEST	80	49723	93.184.221.240	192.168.2.4
Oct 20, 2024 23:51:50.271153927 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 20, 2024 23:51:52.293965101 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:52.294017076 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:52.294235945 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:52.294598103 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:52.294615984 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:52.330666065 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:52.375413895 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:52.638370037 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:52.638464928 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:52.638530970 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:52.654303074 CEST	49768	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:52.654329062 CEST	443	49768	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:53.881299019 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:53.898035049 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:53.898072958 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:53.898477077 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:53.918453932 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:53.918530941 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:53.918612957 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:53.963396072 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:53.970307112 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:54.228225946 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:54.228287935 CEST	443	49775	162.55.210.124	192.168.2.4
Oct 20, 2024 23:51:54.228367090 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:54.244790077 CEST	49775	443	192.168.2.4	162.55.210.124
Oct 20, 2024 23:51:54.244817019 CEST	443	49775	162.55.210.124	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 23:51:33.576975107 CEST	53	62514	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:33.576986074 CEST	53	62574	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:34.611624002 CEST	51462	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:34.611792088 CEST	60980	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:34.624330997 CEST	53	60980	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:34.630587101 CEST	53	51462	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:37.392947912 CEST	61815	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:37.393096924 CEST	62619	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:37.400119066 CEST	53	61815	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:37.400382042 CEST	53	62619	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:40.056955099 CEST	60654	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:40.057279110 CEST	62616	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:40.068038940 CEST	53	62616	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:40.069576979 CEST	53	60654	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:41.049683094 CEST	65406	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:41.050029993 CEST	65357	53	192.168.2.4	1.1.1.1
Oct 20, 2024 23:51:41.059673071 CEST	53	65406	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:41.067240953 CEST	53	65357	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:44.045454025 CEST	53	63202	1.1.1.1	192.168.2.4
Oct 20, 2024 23:51:50.023061037 CEST	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 20, 2024 23:51:34.611624002 CEST	192.168.2.4	1.1.1.1	0x4e50	Standard query (0)	goqr.me	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:34.611792088 CEST	192.168.2.4	1.1.1.1	0x6ec3	Standard query (0)	goqr.me	65	IN (0x0001)	false
Oct 20, 2024 23:51:37.392947912 CEST	192.168.2.4	1.1.1.1	0x8346	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:37.393096924 CEST	192.168.2.4	1.1.1.1	0xc017	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 20, 2024 23:51:40.056955099 CEST	192.168.2.4	1.1.1.1	0x85a	Standard query (0)	goqr.me	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:40.057279110 CEST	192.168.2.4	1.1.1.1	0x4904	Standard query (0)	goqr.me	65	IN (0x0001)	false
Oct 20, 2024 23:51:41.049683094 CEST	192.168.2.4	1.1.1.1	0x6b0a	Standard query (0)	goqr.me	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:41.050029993 CEST	192.168.2.4	1.1.1.1	0xe40f	Standard query (0)	goqr.me	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 20, 2024 23:51:34.630587101 CEST	1.1.1.1	192.168.2.4	0x4e50	No error (0)	goqr.me		162.55.210.124	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:37.400119066 CEST	1.1.1.1	192.168.2.4	0x8346	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:37.400382042 CEST	1.1.1.1	192.168.2.4	0xc017	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 20, 2024 23:51:40.069576979 CEST	1.1.1.1	192.168.2.4	0x85a	No error (0)	goqr.me		162.55.210.124	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:41.059673071 CEST	1.1.1.1	192.168.2.4	0x6b0a	No error (0)	goqr.me		162.55.210.124	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:46.667785883 CEST	1.1.1.1	192.168.2.4	0x8f13	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 20, 2024 23:51:46.667785883 CEST	1.1.1.1	192.168.2.4	0x8f13	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:46.667785883 CEST	1.1.1.1	192.168.2.4	0x8f13	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:51:52.206923008 CEST	1.1.1.1	192.168.2.4	0x8461	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 20, 2024 23:51:52.206923008 CEST	1.1.1.1	192.168.2.4	0x8461	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

goqr.me

https:

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49761	162.55.210.124	80	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 20, 2024 23:51:41.106551886 CEST	422	OUT	GET / HTTP/1.1 Host: goqr.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 20, 2024 23:51:42.244214058 CEST	362	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sun, 20 Oct 2024 21:51:41 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://goqr.me/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:35 UTC	650	OUT	GET / HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:37 UTC	403	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:36 GMT Content-Type: text/html; charset=utf-8 Content-Length: 57398 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-e036" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:37 UTC	15981	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 48 54 4d 4c 2b 52 44 46 61 20 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 20 64 61 74 61 2d 6c 6f 63 61 6c 65 3d 22 65 6e 22 3e 0a 0a 0a 0a 0a 0a 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 72 65 65 20 66 6f 72 20 65 76 65 72 79 6f 6e 65 20 28 63 6f 6d 6d 65 72 63 69 61 6c 20 61 6e 64 20 70 72 69 6e 74 Data Ascii: <!DOCTYPE html><html version="HTML+RDFa 1.1" xmlns="http://www.w3.org/1999/xhtml" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" data-locale="en"><head><meta charset="UTF-8" /><meta name="description" content="Free for everyone (commercial and print
2024-10-20 21:51:37 UTC	16384	IN	Data Raw: 64 3d 22 73 65 6c 65 63 74 65 64 22 3e 31 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 32 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 33 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 34 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 35 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 36 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 37 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 38 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 39 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 3e 31 30 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 Data Ascii: d="selected">1</option><option>2</option><option>3</option><option>4</option><option>5</option><option>6</option><option>7</option><option>8</option><option>9</option><option>10</option>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:37 UTC	581	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:37 UTC	388	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:37 GMT Content-Type: text/css Content-Length: 84662 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-14ab6" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:37 UTC	15996	IN	Data Raw: 2f 2a 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 32 2e 31 2e 30 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 61 69 6e 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 Data Ascii: /* normalize.css v2.1.0 \| MIT License \| git.io/normalize */article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden]{dis
2024-10-20 21:51:37 UTC	16384	IN	Data Raw: 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2e 73 75 63 63 65 73 73 3a 66 6f 63 75 73 2c 2e 62 75 74 74 6f 6e 2e 64 69 73 61 62 6c 65 64 2e 73 75 63 63 65 73 73 3a 68 6f 76 65 72 2c 2e 62 75 74 74 6f 6e 2e 64 69 73 61 62 6c 65 64 2e 73 75 63 63 65 73 73 3a 66 6f 63 75 73 2c 2e 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2e 73 75 63 63 65 73 73 3a 68 6f 76 65 72 2c 2e 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2e 73 75 63 63 65 73 73 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 64 61 34 32 33 7d 62 75 74 74 6f 6e 2e 64 69 73 61 62 6c 65 64 2e 61 6c 65 72 74 2c 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2e 61 6c 65 72 74 2c 2e 62 75 74 74 6f 6e 2e 64 69 73 61 62 6c 65 64 2e 61 6c 65 72 74 2c 2e 62 75 74 74 6f Data Ascii: utton[disabled].success:focus,.button.disabled.success:hover,.button.disabled.success:focus,.button[disabled].success:hover,.button[disabled].success:focus{background-color:#5da423}button.disabled.alert,button[disabled].alert,.button.disabled.alert,.butto
2024-10-20 21:51:37 UTC	16384	IN	Data Raw: 6e 65 72 2e 61 75 74 6f 20 2e 73 65 63 74 69 6f 6e 2e 61 63 74 69 76 65 20 2e 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 73 65 63 74 69 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 73 65 63 74 69 6f 6e 2e 61 63 74 69 76 65 20 2e 74 69 74 6c 65 2c 2e 73 65 63 74 69 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 63 74 69 6f 6e 2e 61 63 74 69 76 65 20 2e 74 69 74 6c 65 2c 2e 73 65 63 74 69 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 2e 61 75 74 6f 20 73 65 63 74 69 6f 6e 2e 61 63 74 69 76 65 20 2e 74 69 74 6c 65 2c 2e 73 65 63 74 69 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 2e 61 75 74 6f 20 2e 73 65 63 74 69 6f 6e 2e 61 63 74 69 76 65 20 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 35 64 35 64 35 7d 2e 73 65 63 74 69 6f 6e 2d 63 6f 6e Data Ascii: ner.auto .section.active .content{display:block}.section-container section.active .title,.section-container .section.active .title,.section-container.auto section.active .title,.section-container.auto .section.active .title{background:#d5d5d5}.section-con
2024-10-20 21:51:37 UTC	16384	IN	Data Raw: 77 69 64 74 68 3a 6e 6f 6e 65 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 30 20 2d 31 35 70 78 7d 2e 6c 74 2d 69 65 39 20 2e 72 6f 77 20 2e 72 6f 77 2e 6c 61 72 67 65 2d 63 6f 6c 6c 61 70 73 65 7b 6d 61 72 67 69 6e 3a 30 7d 2e 6c 74 2d 69 65 39 20 2e 63 6f 6c 75 6d 6e 2c 2e 63 6f 6c 75 6d 6e 73 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 74 2d 69 65 39 20 2e 63 6f 6c 75 6d 6e 2e 6c 61 72 67 65 2d 63 65 6e 74 65 72 65 64 2c 2e 63 6f 6c 75 6d 6e 73 2e 6c 61 72 67 65 2d 63 65 6e 74 65 72 65 64 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 6c 74 2d 69 65 39 20 5b 63 6c Data Ascii: width:none;min-width:0;margin:0 -15px}.lt-ie9 .row .row.large-collapse{margin:0}.lt-ie9 .column,.columns{float:left;min-height:1px;padding:0 15px;position:relative}.lt-ie9 .column.large-centered,.columns.large-centered{float:none;margin:0 auto}.lt-ie9 [cl
2024-10-20 21:51:37 UTC	16384	IN	Data Raw: 68 6c 69 67 68 74 20 61 7b 63 6f 6c 6f 72 3a 23 63 63 63 63 63 63 7d 2e 75 69 2d 73 74 61 74 65 2d 65 72 72 6f 72 2c 2e 75 69 2d 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 2e 75 69 2d 73 74 61 74 65 2d 65 72 72 6f 72 2c 2e 75 69 2d 77 69 64 67 65 74 2d 68 65 61 64 65 72 20 2e 75 69 2d 73 74 61 74 65 2d 65 72 72 6f 72 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 64 30 61 30 61 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 65 66 31 65 63 20 75 72 6c 28 2e 2e 2f 49 6d 61 67 65 73 2f 6a 71 75 65 72 79 2d 75 69 2d 74 68 65 6d 65 2f 75 69 2d 62 67 5f 67 6c 61 73 73 5f 39 35 5f 66 65 66 31 65 63 5f 31 78 34 30 30 2e 70 6e 67 29 20 35 30 25 20 35 30 25 20 72 65 70 65 61 74 2d 78 3b 63 6f 6c 6f 72 3a 23 63 64 30 61 30 61 7d 2e 75 69 2d 73 74 61 74 65 Data Ascii: hlight a{color:#cccccc}.ui-state-error,.ui-widget-content .ui-state-error,.ui-widget-header .ui-state-error{border:1px solid #cd0a0a;background:#fef1ec url(../Images/jquery-ui-theme/ui-bg_glass_95_fef1ec_1x400.png) 50% 50% repeat-x;color:#cd0a0a}.ui-state
2024-10-20 21:51:37 UTC	3130	IN	Data Raw: 3a 33 2e 37 35 65 6d 3b 68 65 69 67 68 74 3a 33 2e 37 35 65 6d 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 2d 30 2e 36 32 35 65 6d 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 Data Ascii: :3.75em;height:3.75em;position:absolute;text-align:center;right:0;top:-0.625em;vertical-align:middle;font-weight:bold;-webkit-transform:rotate(-15deg);-moz-transform:rotate(-15deg);-ms-transform:rotate(-15deg);-o-transform:rotate(-15deg);transform:rotate(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:38 UTC	624	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_mug.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:38 UTC	627	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_button.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:38 UTC	633	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_businesscard.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:38 UTC	615	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/Flags/de.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:38 UTC	617	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_default.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:38 UTC	615	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_error.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:39 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-20 21:51:39 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=68043 Date: Sun, 20 Oct 2024 21:51:39 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:39 UTC	617	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_loading.gif HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49750	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:39 UTC	616	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/qr_nodata.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49751	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:39 UTC	627	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_tshirt.png HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://goqr.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:40 UTC	388	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:39 GMT Content-Type: image/png Content-Length: 32617 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-7f69" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:40 UTC	15996	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b4 00 00 00 b4 08 02 00 00 00 b2 af 91 65 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 7e fc 49 44 41 54 78 da ec bd 09 b4 65 67 55 2e ba ba dd 9d ae fa 26 55 95 aa 4a df d0 85 80 44 81 90 77 9f 06 11 51 41 04 24 11 87 17 44 bc 82 f7 45 ae a8 c4 2b e0 18 0a 4f bd 3e 89 80 10 15 45 51 1f fa 10 1b 08 dc 0c 54 94 c4 26 20 41 48 23 49 48 53 95 a4 fa 3a fd d9 cd ea fe 37 e7 fc d6 9a 7b ee 7f ed 0a 88 8a c4 c1 26 1e 4f ed b3 f7 ea fe f9 cf f6 9b df 0c 9d 73 c1 e3 f6 e5 e4 3f fa 11 96 61 18 04 25 fd 5f 18 84 2e a0 7f dc f3 91 f7 1d 39 fc 60 12 07 ad 56 ec c2 68 b5 3f 2c c3 38 0e 03 57 96 f4 Data Ascii: PNGIHDResRGBpHYsbKGD~IDATxegU.&UJDwQA$DE+O>EQT& AH#IHS:7{&Os?a%_.9`Vh?,8W
2024-10-20 21:51:40 UTC	16384	IN	Data Raw: c3 87 0f e1 ef ec f6 92 07 ce 61 61 54 61 b2 e3 84 c2 5d 52 b4 6c 35 b2 5c ec 7a 89 26 f4 0a c4 15 55 85 12 5a c5 b3 cf 3e 1b ed 08 4f 7d ea e5 e0 56 20 13 00 e5 a8 b0 34 01 ff 55 cb 46 9f 3c 70 f0 60 a7 d5 c1 1b d0 4f 74 f0 c3 87 0f 53 34 4d 77 74 e0 c0 01 d4 07 44 bc 02 f1 7e f8 f8 08 92 31 1e 96 ae 98 a5 38 cd ea 7e a1 b2 c5 61 7f a9 d3 71 35 d3 c0 99 29 99 3c 5c 04 b6 f5 97 4b bb 74 df 86 5e d2 21 d3 0a 6f 54 47 97 b3 70 e4 85 1a 14 a5 5a c9 65 d8 36 08 c5 e4 0c 01 bc d1 32 f0 e7 b9 78 d9 8a 44 2a 70 e7 9c 73 4e 62 79 01 f4 e8 56 b2 b4 f7 04 06 d8 fa 71 da c0 a2 88 ba 3a 6f 56 92 1e 99 45 c2 47 86 90 35 1b 62 bd f8 d9 63 96 a5 a5 fa e8 47 3f f6 a6 37 5d af 43 dd a2 90 fb d9 a3 38 b0 f5 5b 1d f1 67 23 2c bd 6c 7c f2 19 cf 78 c6 bb df fd 6e 3a 2c 3d d3 Data Ascii: aaTa]Rl5\z&UZ>O}V 4UF<p`OtS4MwtD~18~aq5)<\Kt^!oTGpZe62xD*psNbyVq:oVEG5bcG?7]C8[g#,l\|xn:,=
2024-10-20 21:51:40 UTC	237	IN	Data Raw: 95 3c 74 a3 63 c4 8a ab 9b a8 43 cd 72 75 33 63 53 1e b6 0f 97 ed 3a ee 83 a8 5a 01 44 05 cb a1 ef bb 08 04 54 bc 44 a2 92 d3 05 a6 10 70 fa b1 ff fc f9 33 d4 b6 5d 21 62 4c db 0a 6d 45 27 28 9e 02 ff 47 7b c1 62 36 e7 56 cc 62 b6 e4 e3 9b ad 6f d6 21 d9 f8 5e 62 a5 17 8b cf db bb 3b 91 1f 9a 68 51 f4 52 5c d1 57 a2 8d 09 2d 9a 26 fa 9b 4e 5c 9f b3 a0 5d 36 b5 aa ba 9f 99 a2 e8 b5 19 a9 9d 68 64 41 c5 22 9c 95 af 66 65 ce 61 33 50 f6 cd aa 47 f8 67 da 1b e3 13 1a 5f 7e 17 18 be d8 ba 49 3f 4b f1 de 07 f1 30 01 c6 6c bb bd a3 07 07 66 61 b1 9f 05 13 a4 c0 1f fd 1d b7 a8 f2 6f a5 75 32 5f 4a cd 21 b6 82 ec 89 cc d8 bf c5 2d 50 c9 a1 c8 49 ff 0b 94 6a ae 6e 49 9f a1 10 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: <tcCru3cS:ZDTDp3]!bLmE'(G{b6Vbo!^b;hQR\W-&N\]6hdA"fea3PGg_~I?K0lfaou2_J!-PIjnIIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49753	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:39 UTC	667	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.woff HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://goqr.me sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:40 UTC	400	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:39 GMT Content-Type: application/font-woff Content-Length: 24324 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-5f04" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:40 UTC	15984	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 5f 04 00 13 00 00 00 00 a3 34 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 46 54 4d 00 00 01 a8 00 00 00 1c 00 00 00 1c 61 8a 9d f3 47 44 45 46 00 00 01 c4 00 00 00 1e 00 00 00 20 01 13 00 04 47 50 4f 53 00 00 01 e4 00 00 00 5d 00 00 00 76 2f f1 1f d1 47 53 55 42 00 00 02 44 00 00 00 4d 00 00 00 68 1b 1d 20 a7 4f 53 2f 32 00 00 02 94 00 00 00 4e 00 00 00 60 77 dc 75 9e 63 6d 61 70 00 00 02 e4 00 00 01 78 00 00 01 ca 77 f8 86 e3 63 76 74 20 00 00 04 5c 00 00 00 44 00 00 00 44 14 72 13 31 66 70 67 6d 00 00 04 a0 00 00 01 b1 00 00 02 65 53 b4 2f a7 67 61 73 70 00 00 06 54 00 00 00 08 00 00 00 08 00 00 00 10 67 6c 79 66 00 00 06 5c 00 00 50 41 00 00 8f 7c 7e 85 45 f1 68 65 61 64 00 00 56 a0 00 00 00 Data Ascii: wOFF_4FFTMaGDEF GPOS]v/GSUBDMh OS/2N`wucmapxwcvt \DDr1fpgmeS/gaspTglyf\PA\|~EheadV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49754	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:40 UTC	653	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/general_foundicons.woff HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://goqr.me sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49752	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:40 UTC	670	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regular-webfont.woff HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://goqr.me sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:40 UTC	400	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:40 GMT Content-Type: application/font-woff Content-Length: 24696 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-6078" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:40 UTC	15984	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 60 78 00 13 00 00 00 00 a5 08 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 46 54 4d 00 00 01 a8 00 00 00 1c 00 00 00 1c 61 8a 9d f5 47 44 45 46 00 00 01 c4 00 00 00 1e 00 00 00 20 01 13 00 04 47 50 4f 53 00 00 01 e4 00 00 00 5d 00 00 00 76 2f f1 1f d1 47 53 55 42 00 00 02 44 00 00 00 4d 00 00 00 68 1b 1d 20 a7 4f 53 2f 32 00 00 02 94 00 00 00 4d 00 00 00 60 76 bb 72 8a 63 6d 61 70 00 00 02 e4 00 00 01 78 00 00 01 ca 77 f8 86 e3 63 76 74 20 00 00 04 5c 00 00 00 4c 00 00 00 4c 0e ce 0d 5f 66 70 67 6d 00 00 04 a8 00 00 01 b1 00 00 02 65 53 b4 2f a7 67 61 73 70 00 00 06 5c 00 00 00 08 00 00 00 08 00 00 00 10 67 6c 79 66 00 00 06 64 00 00 51 93 00 00 91 08 37 b0 19 aa 68 65 61 64 00 00 57 f8 00 00 00 Data Ascii: wOFF`xFFTMaGDEF GPOS]v/GSUBDMh OS/2M`vrcmapxwcvt \LL_fpgmeS/gasp\glyfdQ7headW
2024-10-20 21:51:40 UTC	8712	IN	Data Raw: b4 bf 35 8d 6f df ff 8a 50 ea 4b 82 98 45 02 34 e2 ef be a8 5c b5 63 03 e2 eb c8 e3 19 8c ad 3c 7c f8 ec 7a 60 c6 15 34 4c 98 a6 3f c3 3b 9c 0b ac f1 30 f7 95 8e 21 9b dd 85 18 0a d2 ae 2e 23 8e ba a2 bd 1c 74 48 61 a7 53 e6 78 40 94 3b 81 e5 1f 80 39 25 3f a6 1a ac 6c bc 0f 2a 23 0f 55 46 02 b8 fc 3e 16 00 f0 d1 f4 53 a7 99 bd 33 bb 68 e7 a2 cd 4d a7 00 f5 45 94 83 61 8a 8e c3 f2 02 aa c6 fe d9 40 51 65 c7 e9 58 74 f0 9c 15 3e f4 b8 3a 1c 1e 3b 9b 89 e5 74 79 01 59 32 be e2 79 37 9e 17 38 95 80 e0 22 af 10 2b 66 14 3c de be 34 9a e3 a3 13 6d 59 62 85 d6 b8 22 16 4b d2 23 10 8d 19 a9 16 4d 0f 8a 41 22 ad 25 ab 9a 1e 5e 74 eb c3 49 72 4f af 88 1b 57 5d 3e ae bc a6 65 e0 a0 e1 d2 b4 ab 66 cd 5d b6 6c ee b4 41 60 47 ea e2 ee cb 8a 24 18 71 e5 75 03 06 30 bd Data Ascii: 5oPKE4\c<\|z`4L?;0!.#tHaSx@;9%?l*#UF>S3hMEa@QeXt>:;tyY2y78"+f<4mYb"K#MA"%^tIrOW]>ef]lA`G$qu0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49755	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:40 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49756	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:40 UTC	676	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-regularitalic-webfont.woff HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://goqr.me sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:41 UTC	400	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:41 GMT Content-Type: application/font-woff Content-Length: 26588 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-67dc" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:41 UTC	15984	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 67 dc 00 13 00 00 00 00 ba 14 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 46 54 4d 00 00 01 a8 00 00 00 1c 00 00 00 1c 61 8a 9d f9 47 44 45 46 00 00 01 c4 00 00 00 1e 00 00 00 20 01 13 00 04 47 50 4f 53 00 00 01 e4 00 00 00 5d 00 00 00 76 2f f1 1f d1 47 53 55 42 00 00 02 44 00 00 00 4d 00 00 00 68 1b 1d 20 a7 4f 53 2f 32 00 00 02 94 00 00 00 4f 00 00 00 60 76 bc 72 b9 63 6d 61 70 00 00 02 e4 00 00 01 78 00 00 01 ca 77 f8 86 e3 63 76 74 20 00 00 04 5c 00 00 00 3c 00 00 00 3c 0c 87 0b cb 66 70 67 6d 00 00 04 98 00 00 01 b1 00 00 02 65 53 b4 2f a7 67 61 73 70 00 00 06 4c 00 00 00 08 00 00 00 08 00 00 00 10 67 6c 79 66 00 00 06 54 00 00 58 ee 00 00 a6 30 2d cd dd 86 68 65 61 64 00 00 5f 44 00 00 00 Data Ascii: wOFFgFFTMaGDEF GPOS]v/GSUBDMh OS/2O`vrcmapxwcvt \<<fpgmeS/gaspLglyfTX0-head_D
2024-10-20 21:51:41 UTC	10604	IN	Data Raw: 48 aa 87 02 c1 e0 38 46 61 0a ff 3c 64 84 c9 58 1d 0f ce 2c 2e 09 ac 9f b1 78 7c c0 79 c5 a4 bd 44 08 71 6f af 90 92 e3 ab ca 23 a0 e5 56 fb af 9c 33 ec ba e6 35 ab 54 19 28 e0 8e 71 a3 61 1c 15 cc 30 46 8a 82 d5 57 c7 61 80 17 7b 5c f6 e5 2b 36 2e 9a df eb c2 e0 94 0b 8b c0 f1 b0 d3 de 29 3e 27 6d d0 48 52 74 d7 47 15 58 9f 6c f7 c1 ec 20 75 f0 7f 11 6a 36 34 d2 a4 a0 6c c5 8c 6b dc be 39 9b 0a 36 86 06 19 f5 91 44 f9 dc 50 a1 67 dd 8c a5 d3 bd fe 56 96 14 17 59 ed c1 2d d7 f5 5d 5e 0a 43 b7 4d 9d be ac 21 5a 56 a2 e7 b9 15 ee cb 67 b6 36 11 62 0a 0d 49 2e b8 da a8 a3 73 00 67 f4 15 b0 ad 9d 17 ae 2d 35 74 cb 6f d4 27 b0 d5 e4 6d ab 52 2d 34 bf b8 49 a2 ba 6b 86 d2 c4 1f 04 ae 80 99 51 ab 2c 25 77 92 f6 30 94 4d ba 0e 1a d4 4b 73 4e 97 da 02 55 2a 4e d2 Data Ascii: H8Fa<dX,.x\|yDqo#V35T(qa0FWa{\+6.)>'mHRtGXl uj64lk96DPgVY-]^CM!ZVg6bI.sg-5to'mR-4IkQ,%w0MKsNU*N

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49758	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:41 UTC	399	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Images/zazzle/zazzle_tshirt.png HTTP/1.1 Host: goqr.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-20 21:51:41 UTC	388	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 20 Oct 2024 21:51:41 GMT Content-Type: image/png Content-Length: 32617 Last-Modified: Tue, 16 Apr 2024 11:08:07 GMT Connection: close ETag: "661e5c17-7f69" Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: sameorigin Accept-Ranges: bytes
2024-10-20 21:51:41 UTC	15996	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b4 00 00 00 b4 08 02 00 00 00 b2 af 91 65 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 7e fc 49 44 41 54 78 da ec bd 09 b4 65 67 55 2e ba ba dd 9d ae fa 26 55 95 aa 4a df d0 85 80 44 81 90 77 9f 06 11 51 41 04 24 11 87 17 44 bc 82 f7 45 ae a8 c4 2b e0 18 0a 4f bd 3e 89 80 10 15 45 51 1f fa 10 1b 08 dc 0c 54 94 c4 26 20 41 48 23 49 48 53 95 a4 fa 3a fd d9 cd ea fe 37 e7 fc d6 9a 7b ee 7f ed 0a 88 8a c4 c1 26 1e 4f ed b3 f7 ea fe f9 cf f6 9b df 0c 9d 73 c1 e3 f6 e5 e4 3f fa 11 96 61 18 04 25 fd 5f 18 84 2e a0 7f dc f3 91 f7 1d 39 fc 60 12 07 ad 56 ec c2 68 b5 3f 2c c3 38 0e 03 57 96 f4 Data Ascii: PNGIHDResRGBpHYsbKGD~IDATxegU.&UJDwQA$DE+O>EQT& AH#IHS:7{&Os?a%_.9`Vh?,8W
2024-10-20 21:51:41 UTC	16384	IN	Data Raw: c3 87 0f e1 ef ec f6 92 07 ce 61 61 54 61 b2 e3 84 c2 5d 52 b4 6c 35 b2 5c ec 7a 89 26 f4 0a c4 15 55 85 12 5a c5 b3 cf 3e 1b ed 08 4f 7d ea e5 e0 56 20 13 00 e5 a8 b0 34 01 ff 55 cb 46 9f 3c 70 f0 60 a7 d5 c1 1b d0 4f 74 f0 c3 87 0f 53 34 4d 77 74 e0 c0 01 d4 07 44 bc 02 f1 7e f8 f8 08 92 31 1e 96 ae 98 a5 38 cd ea 7e a1 b2 c5 61 7f a9 d3 71 35 d3 c0 99 29 99 3c 5c 04 b6 f5 97 4b bb 74 df 86 5e d2 21 d3 0a 6f 54 47 97 b3 70 e4 85 1a 14 a5 5a c9 65 d8 36 08 c5 e4 0c 01 bc d1 32 f0 e7 b9 78 d9 8a 44 2a 70 e7 9c 73 4e 62 79 01 f4 e8 56 b2 b4 f7 04 06 d8 fa 71 da c0 a2 88 ba 3a 6f 56 92 1e 99 45 c2 47 86 90 35 1b 62 bd f8 d9 63 96 a5 a5 fa e8 47 3f f6 a6 37 5d af 43 dd a2 90 fb d9 a3 38 b0 f5 5b 1d f1 67 23 2c bd 6c 7c f2 19 cf 78 c6 bb df fd 6e 3a 2c 3d d3 Data Ascii: aaTa]Rl5\z&UZ>O}V 4UF<p`OtS4MwtD~18~aq5)<\Kt^!oTGpZe62xD*psNbyVq:oVEG5bcG?7]C8[g#,l\|xn:,=
2024-10-20 21:51:41 UTC	237	IN	Data Raw: 95 3c 74 a3 63 c4 8a ab 9b a8 43 cd 72 75 33 63 53 1e b6 0f 97 ed 3a ee 83 a8 5a 01 44 05 cb a1 ef bb 08 04 54 bc 44 a2 92 d3 05 a6 10 70 fa b1 ff fc f9 33 d4 b6 5d 21 62 4c db 0a 6d 45 27 28 9e 02 ff 47 7b c1 62 36 e7 56 cc 62 b6 e4 e3 9b ad 6f d6 21 d9 f8 5e 62 a5 17 8b cf db bb 3b 91 1f 9a 68 51 f4 52 5c d1 57 a2 8d 09 2d 9a 26 fa 9b 4e 5c 9f b3 a0 5d 36 b5 aa ba 9f 99 a2 e8 b5 19 a9 9d 68 64 41 c5 22 9c 95 af 66 65 ce 61 33 50 f6 cd aa 47 f8 67 da 1b e3 13 1a 5f 7e 17 18 be d8 ba 49 3f 4b f1 de 07 f1 30 01 c6 6c bb bd a3 07 07 66 61 b1 9f 05 13 a4 c0 1f fd 1d b7 a8 f2 6f a5 75 32 5f 4a cd 21 b6 82 ec 89 cc d8 bf c5 2d 50 c9 a1 c8 49 ff 0b 94 6a ae 6e 49 9f a1 10 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: <tcCru3cS:ZDTDp3]!bLmE'(G{b6Vbo!^b;hQR\W-&N\]6hdA"fea3PGg_~I?K0lfaou2_J!-PIjnIIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49759	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:41 UTC	666	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/Titillium/titillium-bold-webfont.ttf HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://goqr.me sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49760	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:41 UTC	652	OUT	GET /_Resources/Static/Packages/GoQrMe.Ui/Fonts/general_foundicons.ttf HTTP/1.1 Host: goqr.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://goqr.me sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://goqr.me/_Resources/Static/Packages/GoQrMe.Ui/Stylesheets-built/app-1.3.0.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49763	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:42 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-20 21:51:42 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=68031 Date: Sun, 20 Oct 2024 21:51:42 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-20 21:51:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49764	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:43 UTC	703	OUT	GET / HTTP/1.1 Host: goqr.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Range: bytes=32365-32365 If-Range: "661e5c17-e036"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49767	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:46 UTC	729	OUT	GET / HTTP/1.1 Host: goqr.me Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Range: bytes=32365-32365 If-Range: "661e5c17-e036"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49768	162.55.210.124	443	5296	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:52 UTC	729	OUT	GET / HTTP/1.1 Host: goqr.me Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Range: bytes=32365-32365 If-Range: "661e5c17-e036"

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49775	162.55.210.124	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:51:53 UTC	729	OUT	GET / HTTP/1.1 Host: goqr.me Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Range: bytes=32365-32365 If-Range: "661e5c17-e036"

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2332, Parent PID: 772

General

Target ID:	0
Start time:	17:51:27
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5296, Parent PID: 2332

General

Target ID:	2
Start time:	17:51:31
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,538960023989471502,110857662081935292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6388, Parent PID: 772

General

Target ID:	3
Start time:	17:51:33
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://goqr.me/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6716, Parent PID: 3748

General

Target ID:	4
Start time:	17:51:39
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://goqr.me/
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6888, Parent PID: 6716

General

Target ID:	5
Start time:	17:51:40
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1852,i,18311815613419120576,11550976993936465481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://goqr.me/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 36

Chrome Cache Entry: 37

Chrome Cache Entry: 38

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2332, Parent PID: 772

General

Chronological Activities

Analysis Process: chrome.exePID: 5296, Parent PID: 2332

General

Chronological Activities

Windows Analysis Report
https://goqr.me/