Edit tour

Windows Analysis Report
https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back

Overview

General Information

Sample URL:	https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back
Analysis ID:	1431799
Infos:

Detection

GRQ Scam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected GRQ Scam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3160 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_104	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.2.pages.csv	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security
1.1.pages.csv	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://search.faykitturn.live/media/mainstream/icon.js	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/alert.mp3	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/2.js	Avira URL Cloud: Label: phishing
Source: https://faykitturn.live/lniqjebu/	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr1.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/u.js	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/top_red.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr6.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/sound.js	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr2.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/1102.css	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/flag-icon/flags/1x1/us.svg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/iphone15pro.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr3.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr11.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/x1.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/1102_2.css	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr4.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/box_open.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/flag-icon/css/flag-icon.css	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/like.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/1102_1.js	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/1102_3.js	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/fr5.jpg	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/box-iphone15pro.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/l.png	Avira URL Cloud: Label: phishing
Source: https://search.faykitturn.live/media/mainstream/all/ab/box_closed.png	Avira URL Cloud: Label: phishing

Source: https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.41
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.41
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back HTTP/1.1Host: colunroad.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: colunroad.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=backAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid=t3~44pcofiplxiueqkcwhk3adqc; p1=https://faykitturn.live/lniqjebu/; s1=kewoxunmweg6hjzc
Source: global traffic	HTTP traffic detected: GET /lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://colunroad.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_2.css HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102.css HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_3.js HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/icon.js HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/sound.js HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/u.js HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/2.js HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_1.js HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/l.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/iphone15pro.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/like.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/top_red.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/x1.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box-iphone15pro.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_open.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_closed.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://search.faykitturn.liveSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://search.faykitturn.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/media/mainstream/flag-icon/css/flag-icon.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: search.faykitturn.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/iphone15pro.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/l.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/like.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/top_red.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/x1.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_open.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box-iphone15pro.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_closed.png HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: search.faykitturn.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: colunroad.info
Source: global traffic	DNS traffic detected: DNS query: search.faykitturn.live
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: jsontdsexit2.com

Source: chromecache_90.2.dr, chromecache_77.2.dr	String found in binary or memory: http://www.gimp.org/xmp/
Source: chromecache_104.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_104.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_98.2.dr	String found in binary or memory: https://faykitturn.live/lniqjebu/
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFUZ0bf8pkAp6a.woff2)
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2)
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVp0bf8pkAp6a.woff2)
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFW50bf8pkAp6a.woff2)
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWJ0bf8pkAp6a.woff2)
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWZ0bf8pkAp6a.woff2)
Source: chromecache_97.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWp0bf8pkAp6a.woff2)
Source: chromecache_105.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_105.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_105.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49751 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected GRQ Scam

Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_104, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@19/82@14/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3160 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3160 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back	0%	Avira URL Cloud	safe
https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back	3%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://search.faykitturn.live/media/mainstream/icon.js	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/alert.mp3	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/2.js	100%	Avira URL Cloud	phishing
https://faykitturn.live/lniqjebu/	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/fr1.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/u.js	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/top_red.png	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/fr6.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/sound.js	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/fr2.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/1102.css	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/flag-icon/flags/1x1/us.svg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/iphone15pro.png	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/fr3.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/fr11.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/x1.png	100%	Avira URL Cloud	phishing
https://jsontdsexit2.com/ExtService.svc/getextparams	0%	Avira URL Cloud	safe
https://search.faykitturn.live/media/mainstream/all/ab/1102_2.css	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/fr4.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/box_open.png	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/flag-icon/css/flag-icon.css	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/like.png	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/1102_1.js	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/1102_3.js	100%	Avira URL Cloud	phishing
https://jsontdsexit2.com/ExtService.svc/getextparams	3%	Virustotal		Browse
https://search.faykitturn.live/media/mainstream/all/ab/fr5.jpg	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/box-iphone15pro.png	100%	Avira URL Cloud	phishing
https://colunroad.info/favicon.ico	0%	Avira URL Cloud	safe
https://search.faykitturn.live/media/mainstream/all/ab/l.png	100%	Avira URL Cloud	phishing
https://search.faykitturn.live/media/mainstream/all/ab/box_closed.png	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.65.229	true	false	unknown
colunroad.info	185.155.186.24	true	false	unknown
search.faykitturn.live	185.155.186.25	true	false	unknown
jsontdsexit2.com	136.243.216.235	true	false	unknown
www.google.com	142.250.9.104	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://search.faykitturn.live/media/mainstream/all/ab/fr1.jpg	false	Avira URL Cloud: phishing	unknown
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js	false		high
https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back	false		unknown
https://search.faykitturn.live/media/mainstream/icon.js	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/2.js	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D	false		unknown
https://search.faykitturn.live/media/mainstream/alert.mp3	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/u.js	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/top_red.png	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/fr6.jpg	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/sound.js	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/fr2.jpg	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/1102.css	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/flag-icon/flags/1x1/us.svg	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/iphone15pro.png	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/fr3.jpg	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/fr11.jpg	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/x1.png	false	Avira URL Cloud: phishing	unknown
https://jsontdsexit2.com/ExtService.svc/getextparams	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://search.faykitturn.live/media/mainstream/all/ab/1102_2.css	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/fr4.jpg	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/box_open.png	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/flag-icon/css/flag-icon.css	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/like.png	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/1102_1.js	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/1102_3.js	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/box-iphone15pro.png	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/fr5.jpg	false	Avira URL Cloud: phishing	unknown
https://colunroad.info/favicon.ico	false	Avira URL Cloud: safe	unknown
https://search.faykitturn.live/media/mainstream/all/ab/l.png	false	Avira URL Cloud: phishing	unknown
https://search.faykitturn.live/media/mainstream/all/ab/box_closed.png	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.jsdelivr.net/npm/bootstrap	chromecache_104.2.dr	false		high
https://faykitturn.live/lniqjebu/	chromecache_98.2.dr	false	Avira URL Cloud: phishing	unknown
http://www.gimp.org/xmp/	chromecache_90.2.dr, chromecache_77.2.dr	false		high
https://getbootstrap.com/)	chromecache_105.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_105.2.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_105.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.155.186.24	colunroad.info	Switzerland	6898	INTERNETONE_CH	false
185.155.186.25	search.faykitturn.live	Switzerland	6898	INTERNETONE_CH	false
185.155.184.55	unknown	Switzerland	44160	INTERNETONEInternetServicesProviderIT	false
142.250.9.104	www.google.com	United States	15169	GOOGLEUS	false
151.101.65.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
136.243.216.235	jsontdsexit2.com	Germany	24940	HETZNER-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431799
Start date and time:	2024-04-25 19:38:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@19/82@14/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.176.94, 108.177.122.102, 108.177.122.113, 108.177.122.101, 108.177.122.139, 108.177.122.138, 108.177.122.100, 108.177.122.84, 34.104.35.123, 74.125.136.95, 172.253.124.94, 20.114.59.183, 23.47.204.78, 23.47.204.79, 23.47.204.68, 23.47.204.82, 23.47.204.81, 23.47.204.69, 23.47.204.77, 23.47.204.70, 23.47.204.72, 192.229.211.108, 52.165.164.15, 13.85.23.206, 142.250.105.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, ajax.googleapis.com, fonts.gstatic.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
Category:	downloaded
Size (bytes):	8802
Entropy (8bit):	5.5946484836211505
Encrypted:	false
SSDEEP:	192:JN+X8ssZf/IQc5Vkm77EheIp9mLOrEZoz:vS2/PKNxdSnz
MD5:	6D2D3DA2EA28ACE816FA4A138829DC18
SHA1:	606E0EC3D7FB05C69F16233CFE1FF0A0EE760505
SHA-256:	D79BC81189750262716692ADE6CC4D6FB6C4FBC4AA01C2B9D0AA67E5788821FC
SHA-512:	69B4B77A4233D081DEECA7A19F9234C24AEAB11390988C222119356F5BAD406AED28C0EC25E9881031B51A930171F52C954F376E635DEFE10F244530D749895E
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/alert.mp3
Preview:	ID3.......TCON.......(12)..............+...dp ..WJ.m....'e.p..I...._d.0..........G(d.L].m..#l..B....oA....W...6.R.......`.H.>(r....nj d.h..0t."D..o..FX.!..LF.....Aw#....Eb.i..O.....rH......0..%.....w.v.j...\V.k.H.8..{).[.....V".......?r#a.>.e.......7....s....\|....N..B.ZK........M..s......E3.(..fN.!..eN.$...8d...&...K7.....Z.X....H/.........-..>...&.J....n.4l....K)C.y.@...}.'3_......t..N.J.Rj1...../8...8Q.J.E..]4.9..}.m...69.,.0Hz........j..tC!".f..$0 ....Z., ....0........K.......j/Lp.c.H.................~..p..""..'A.&.).......4.M9.M.....3`.4 c./.....4.......u......F.p.........&.X..........M...@.R+....0.@.Ep..a....`.......&.. (.q........<.D.........`...........r...`...@......`......&0.@......\|0...(Z7>.0.@....',....Yr..{..h.4ol....@.............)0.{y./.~.J..>.....4....b..M.x.g.Vo..u.S!....g.f.Y..]...1..O.d+.H....le.!..3.................!4 .....9.Bw.w.%.NnQ..-(O....Y..Eh........X.0V.D...&.6...e'.^.3g.9f...."S....2.I.Q...2..K...a..XT&.<~.D2lpt..ap...tdOLQ.

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5519
Entropy (8bit):	4.1479283018043205
Encrypted:	false
SSDEEP:	96:2mYOiC6onP7FiFzPfFiF8PKFiFAPuFiFn:2mYOiC68P7FiFzPfFiF8PKFiFAPuFiFn
MD5:	1067E4F544573A808DB9CF39397E3B8E
SHA1:	7D2A7929ED766649E6D09157371AFFAD5B9AE005
SHA-256:	442F2945EBCD2872EB28599AAD185E96A054C9FE611087EBC02398FADE385C48
SHA-512:	31CB0BD9F38A5A36DD0F5427E40068FECDF109BE9507C805C0006E4383E699892142E74D22A1BFB1399B2976E11A0ACFA7683D853B99114A9A231712FC274899
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/flag-icon/flags/1x1/us.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" height="512" width="512" viewBox="0 0 512 512">.. <g fill-rule="evenodd" transform="scale(3.9385)">.. <g stroke-width="1pt">.. <path d="M0 0h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0z" fill="#bd3d44"/>.. <path d="M0 10h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0z" fill="#fff"/>.. </g>.. <path fill="#192f5d" d="M0 0h98.8v70H0z"/>.. <g fill="#fff">.. <path d="M8.233 2.996l.9 2.767h2.908l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899 2.767h2.909l-2.353 1.71.898 2.766L24.7 8.53l-2.353 1.71.898-2.766-2.353-1.71h2.909zm16.467 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.466 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899 2.767h2.909l-2.354 1.71.9 2.766L74.1 8.53l-2.353 1.71.898-2.766-2.353-

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 185, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2685
Entropy (8bit):	7.811061274692416
Encrypted:	false
SSDEEP:	48:EEK7tdCRVEJAD/Mj+Zs7wz1i4THTb0/SrYZHmkZOzgwqf6NVGWCR6AqY8i:5KXi5D/MGgCHX0acZGkZ6gwqhWCgg
MD5:	99264BEE31A1ABDE5D0035468E53BBFB
SHA1:	D1F25383B68C3769EB3BDB36783E85C112078054
SHA-256:	8DA9180789C861B8D0D67D2BCA168DFCC6DE98F6999AB47400C38397D122157F
SHA-512:	DDDFCBD9F16AFBB594A1841AE00D69FA264B659B06AC4A7307008D1A7299AD6F658E282182A01B2B2EBCD9F51FB96AAF9D91025F0F131260719FE15A03090987
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/box_open.png
Preview:	.PNG........IHDR................`....PLTE......................................................................................................................................................................{\|~...................#tRNS.P.@..@....@@(....0@p`...niP.....c...IIDATx....N.0.....p..'.`..`F4c...e...].".P..#.........................................d6.....\|...K.F...U..oR.w........f..}......$.J...am:...8....>`.!.4......w...??........y..C..@ltu..e....2H.Uj\v......o..<.A.......C...E9...E.OF.o}........8t8.h....E..a...m.....+w.-.0O D...r..{..1..".u...go.Vjt..u.....!..8...G..z.\|.~../.....!..t!b..g.f..4..as...f....d...@.c..........KK.......4.t}....(..... ...q...4.X1...z.......}1.0..........8 .......Cw...Op..x+.a_.......\....o.]_./u....s^..W)..`D..D..wk.}9...!hH,`X..@hu..o.6...Y~..Z...."...Rc.@L.A....\|....TP.9....".8$....z.9.\.....b..[$.....(.9........hT9.Q/Z...t....1..}.\|.d..}.T.....+9.>.Th2...D&.?...{.. ]..............[.

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17374), with no line terminators
Category:	downloaded
Size (bytes):	17374
Entropy (8bit):	5.661193876077212
Encrypted:	false
SSDEEP:	384:gnxyuPXCjS8Rkzf5IqEQLC+38txpNoVtXNk6Yt4i6Kx17XJ8XL4WzoHx:gxyuPCjIfb38txpNoVtXNk6Yt4i6Kx1T
MD5:	A050517D2E76DC353AB4591805BC7E43
SHA1:	A5B1A19C84C5F91DC0BB9BEBA2B6339269CB3980
SHA-256:	05BB3B4C00A768232100B296F15B2087314183A9C4BF1819322B999550348B55
SHA-512:	2C316C5670FFAAC1B6660DA86D5C85001F9ECE5D6A3F57DE93A40DDA8A188D99CEF6F2E49AC871B413D9B9E00A8FDAA60FF7D6D7396BBC7A4912B9FFADC9854C
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/1102_3.js
Preview:	function _0x406c(_0x47cd69,_0x654374){var _0x51814d=_0x5181();return _0x406c=function(_0x406c07,_0x339f78){_0x406c07=_0x406c07-0x138;var _0xc3b465=_0x51814d[_0x406c07];if(_0x406c['IpDYfo']===undefined){var _0x5cfbe1=function(_0x100cc2){var _0x1e4dbf='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x3068f0='',_0x24e0a1='';for(var _0x38810c=0x0,_0x29b881,_0x228498,_0xb55c75=0x0;_0x228498=_0x100cc2['charAt'](_0xb55c75++);~_0x228498&&(_0x29b881=_0x38810c%0x4?_0x29b8810x40+_0x228498:_0x228498,_0x38810c++%0x4)?_0x3068f0+=String['fromCharCode'](0xff&_0x29b881>>(-0x2_0x38810c&0x6)):0x0){_0x228498=_0x1e4dbf['indexOf'](_0x228498);}for(var _0x5620e0=0x0,_0x48ad1d=_0x3068f0['length'];_0x5620e0<_0x48ad1d;_0x5620e0++){_0x24e0a1+='%'+('00'+_0x3068f0['charCodeAt'](_0x5620e0)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x24e0a1);};var _0x19ec83=function(_0x596ba5,_0x3d387e){var _0x327b70=[],_0x437cbe=0x0,_0x512ddb,_0x758d9='';_0x596ba5=_0x5cfbe1(_0x596ba5);v

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (614), with CRLF line terminators
Category:	downloaded
Size (bytes):	18815
Entropy (8bit):	5.118162363393546
Encrypted:	false
SSDEEP:	384:L4UkgHoqi/5E+JvYlzLW5aCDHY1ExNIOid9yhumeFblNc/50mNc/50RNc/500Ncc:tkgHoqi/5E+JvYlzLW5aCDHY1ExNIOi9
MD5:	CE0B4BEA0D6412BC189A4EBD96041C67
SHA1:	E6F0F8C0145DD6EDCD709AB17F6D7A1525B22B61
SHA-256:	681DB68B46949EE826D8B37CDD43B5627291ADAF311C39C6352E7BB603FE85B9
SHA-512:	118205B2999302335EA4B1F666D10B44E57F1F05095C5768556F4FD4B5F765BBEDA53B8F6CAB0938127F906862F74097267F120CC77A90726DE24D761661DA3D
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D
Preview:	<!DOCTYPE html>..<html>..<head><script>function requestLink(){return {sessionId:['sid','t3~44pcofiplxiueqkcwhk3adqc']};}var geoInfo={"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":".tats Unis","ja":"....","pt-BR":"EUA","ru":"...","zh-CN":".."},"city":{"de":"Atlanta","en":"Atlanta","es":"Atlanta","fr":"Atlanta","ja":".....","pt-BR":"Atlanta","ru":".......","zh-CN":"...."},"subdiv":{"de":"Georgia","en":"Georgia","es":"Georgia","fr":"G.orgie","ja":"......","pt-BR":"Ge.rgia","ru":"........","zh-CN":"..."},"pc":"30301","lat":33.7485,"long":-84.3871};var ip='185.152.66.230';var devInfo='Datacamp';</script>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta name="robots" content="noindex, follow">..<meta name="apple-mobile-web-app-capable" content="yes">..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="theme-color" content="#00529b">..

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65297)
Category:	downloaded
Size (bytes):	78635
Entropy (8bit):	5.263861622876498
Encrypted:	false
SSDEEP:	768:59YDXypxHVIg3Xeh2p0NH04UX+TG9qTXAdQ+fZMQnOwkqUNFJUIU7lW0+YVxiM+A:59YeHqTEZChY223CzWpV0ea7In
MD5:	A454220FC07088BF1FDD19313B6BFD50
SHA1:	265A733CB7FBC481FD2510A659A85AD55C93C895
SHA-256:	7F3145C87D3570154F633975E8A4F8D30AA38603EDABA145501E9C90DDBE186C
SHA-512:	4EA980874FEC49BC12B9504E0C46A002889421E191A3CBBDE5AE35CF29067EAE623E43BDA227BC20A0A0C7BC80AF56DF8818D97AE6A98CB80C769F5432909561
Malicious:	false
Reputation:	low
URL:	https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js
Preview:	/!. Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery")):"function"==typeof define&&define.amd?define(["exports","jquery"],e):e((t=t\|\|self).bootstrap={},t.jQuery)}(this,function(t,p){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(o){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},e=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(r).filter(function(t){return Object.getOwnPropertyDescriptor(r,t).enumerable}))),e.forEach(function(t){v

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	39806
Entropy (8bit):	4.892612926908833
Encrypted:	false
SSDEEP:	192:khGsNIpOSuav/Tqlg3mj6/GlQT5oubtAzv/JqFbNAqldll2ocGR:kh0pOSR/Tqlg3mj6/GlQ1ezvxqFbyqVD
MD5:	B7A46A018DCD21A4828BAE0B04DDCC6C
SHA1:	1D8418D6CC45E5C29E1AAB008C18EA633E7730C4
SHA-256:	299595FD56AA6A2FCFAC34FCF780D33B61785AD96F19485E65A33EAD8FD69CBC
SHA-512:	175F0BE8E75AA784BE09F1BF92B730D7BB7CF623999D17675F3BA7F103B30E904E6D80D73B8A01757E0BA2D1545D8C0A645646A222B665B6A808EC777C366743
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/flag-icon/css/flag-icon.css
Preview:	/* geo location css /..#userLocation {.. display: inline;.. position: relative;.. line-height: 1em;..}..#userLocation .flag-icon {.. display: inline-block;.. position: relative;.. top: -0.05em;.. margin-right: 0.3em;..}../ flag-icon css */...flag-icon-background {.. background-size: contain;.. background-position: 50%;.. background-repeat: no-repeat;..}...flag-icon {.. background-size: contain;.. background-position: 50%;.. background-repeat: no-repeat;.. position: relative;.. display: inline-block;.. width: 1.33333333em;.. line-height: 1em;..}...flag-icon:before {.. content: "\00a0";..}...flag-icon.flag-icon-squared {.. width: 1em;..}...flag-icon-ad {.. background-image: url(../flags/4x3/ad.svg);..}...flag-icon-ad.flag-icon-squared {.. background-image: url(../flags/1x1/ad.svg);..}...flag-icon-ae {.. background-image: url(../flags/4x3/ae.svg);..}...flag-icon-ae.flag-icon-squared {.. background-image: url(../flags/1x1/ae.svg);..}...flag-icon-af {.. background-

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	3601
Entropy (8bit):	7.815973019413374
Encrypted:	false
SSDEEP:	96:RHYz89aCbdm3mZE8qmCCk147EtLUDFWk1lo2kpdLR:RHYznCZmAq0ZYteF9lodpR
MD5:	C74A5BEFD416E24626972E88ED65526D
SHA1:	4E8C25553248600CF23C3D6BCEC488D986A129F8
SHA-256:	53BB570F4465306A78670ECBEA911BA0362251D2DC825D9EA0CB5D1C70F413AC
SHA-512:	BCC99E5266CC46054DD7A5CD061C87BE597FFD6885027B82FDE9883FE910AF222D50C2D1E33E17CC202733EA1F0DE6AB1B5720503D8FBB5A6CE069EBF3DA718B
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr3.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<.....................................................................................y(g...B..{P...!%7}5{..V...)z..E..L.....b.(.xo;.....jJ.!+.rw...5.[eS.yhe.?..]..A+a..qX...tVa.m..=ni%K".....}..$.US.6...v[F./....H.S^b.d......9....I.l,.M.=h........l..#-S..hJj..Tk8.CU. ......&.................................!%&...........~.m.E.V......6o.X...~.effgC...\|?.u..2.......,.....x..W.}.~c..&..}.W...7....O\y.......n...r..MdR........L.^.m(.:9.z...V........`-'.....k.O....".!..&9>.."..rZ..l.........=.....T...2>....+...5Y..."..wM.x..o.vg.Y"~..........;`.....0..uz..-.,G4BbI.+.#....S..._..oD.H^.b:.-....H...q.............<nH.@B?.K..c.....k..../...#Y.+y..H\.4E(t.t~..:.....Jka..J..zo.x...j}...\|yj..qa..=c)-g....}.......e.c..x7..._.eZ.`..,...j.eVb..,Nz...eH.......^...E..(..!.d.........f..c....%.X.I.y...X]i[.&

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
Category:	dropped
Size (bytes):	8802
Entropy (8bit):	5.5946484836211505
Encrypted:	false
SSDEEP:	192:JN+X8ssZf/IQc5Vkm77EheIp9mLOrEZoz:vS2/PKNxdSnz
MD5:	6D2D3DA2EA28ACE816FA4A138829DC18
SHA1:	606E0EC3D7FB05C69F16233CFE1FF0A0EE760505
SHA-256:	D79BC81189750262716692ADE6CC4D6FB6C4FBC4AA01C2B9D0AA67E5788821FC
SHA-512:	69B4B77A4233D081DEECA7A19F9234C24AEAB11390988C222119356F5BAD406AED28C0EC25E9881031B51A930171F52C954F376E635DEFE10F244530D749895E
Malicious:	false
Reputation:	low
Preview:	ID3.......TCON.......(12)..............+...dp ..WJ.m....'e.p..I...._d.0..........G(d.L].m..#l..B....oA....W...6.R.......`.H.>(r....nj d.h..0t."D..o..FX.!..LF.....Aw#....Eb.i..O.....rH......0..%.....w.v.j...\V.k.H.8..{).[.....V".......?r#a.>.e.......7....s....\|....N..B.ZK........M..s......E3.(..fN.!..eN.$...8d...&...K7.....Z.X....H/.........-..>...&.J....n.4l....K)C.y.@...}.'3_......t..N.J.Rj1...../8...8Q.J.E..]4.9..}.m...69.,.0Hz........j..tC!".f..$0 ....Z., ....0........K.......j/Lp.c.H.................~..p..""..'A.&.).......4.M9.M.....3`.4 c./.....4.......u......F.p.........&.X..........M...@.R+....0.@.Ep..a....`.......&.. (.q........<.D.........`...........r...`...@......`......&0.@......\|0...(Z7>.0.@....',....Yr..{..h.4ol....@.............)0.{y./.~.J..>.....4....b..M.x.g.Vo..u.S!....g.f.Y..]...1..O.d+.H....le.!..3.................!4 .....9.Bw.w.%.NnQ..-(O....Y..Eh........X.0V.D...&.6...e'.^.3g.9f...."S....2.I.Q...2..K...a..XT&.<~.D2lpt..ap...tdOLQ.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 184, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5836
Entropy (8bit):	7.913203736419961
Encrypted:	false
SSDEEP:	96:Dc5iJbjQKbV3zd+YdCtH5dEq6oxmFVfnm61tJP4ppUKhp/+jbytfyWGs:Dc5uPtbHHdIH5I9FtfpopUKCjby9t
MD5:	890D869DB1B3D28AF588BE81685214F2
SHA1:	5375BD0C2C75A6E40168F5561EB4ECA993D14505
SHA-256:	EA2521ADD13DEB769FB7ABEE364670A567E7A3DC7B3B4474B5F80510DC593212
SHA-512:	18F59F36A708EF22CCA24F8ED65146FEDBD28BF4D153D23D015ECDC1EDC929BAF5240B7A1BF50FF76A5E2335AD1818D98684C1807E5B56D4FE6FEE756BD42256
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............?.......PLTE............................................................................................................+(........................................................................................!............."............. ..!...........q..\|........u......JI.<:......h.............~}.mlNNN....+).$#_..............sttghh[\\.=<.....ut.+*...xx.jj.dc.ZY.US.ED.DB.75.31...........wv.vu.``.[[......'%..ecc=;NY.....5tRNS..@...@ .0..m...} ..P0zPC..``.......`....p@....l.......IDATx...mK#1.........=.X{r.....H.DB.,......d...g.vq......3...3g.9s..3g.9..z.)....-....)......WM.rH }...g..y.......xk...l.......O...H....b.)...P=?..x)..<..S6..^..C...HP.....0...'iP>h.l......@.$....&y5..`>`...3.h.5.`...8.S..Q ....D .>D.p$..m...."....u.k.....[.H...!...f[..{...@`..U1....1@.^....g....0..\|r..(U...........A0..2...RKO.A..Y...v...$.T...m/......Z1...r[...o..^`(.....E1.<B'`s....4.......8......`"k....Bl."...cy4.X....X

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2564), with no line terminators
Category:	downloaded
Size (bytes):	2564
Entropy (8bit):	5.340935901300875
Encrypted:	false
SSDEEP:	48:GpBgA5gncGjywYUUqbZ07OHj8mOBJnGMmIjde3Mfo46/VZ4CWMXAVn:2gA5gcGepUUqX8mOBxGMmIjPA4Mr4Hzh
MD5:	2832F0FF7EE2B8D871310202FFE7F5F4
SHA1:	9FF1C89B338FAEBFC1EBD10A72899C98AF7165D0
SHA-256:	CDD76972E0254FC58C898953EE47888137CF8A596C40D2FD9356A04CFE0ED76A
SHA-512:	778F5DA98D95FA174852BE9D62CA7CA171437E985359D11C9085836781D487C0B13E743601FCEE1B7E453EAE00B564520BDF7B5CC0907853891E826B849A12A7
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/sound.js
Preview:	var _0x2b8dd1=_0x2943;function _0x6ebf(){var _0x5499ef=['webkitAudioContext','addEventListener','AudioContext','response','load','2XjbQUv','154QcGMuj','883190DcPASn','createBufferSource','userAgent','orientation','888kZkjah','undefined','loop','open','destination','195534HVinSQ','3065gJxNWi','345487FTIqQR','4650vCVCTH','35768tjELmJ','send','GET','arraybuffer','responseType','1896SmzVxj','26939fIRKEs','connect','1506KOoMmi','start','decodeAudioData','/media/mainstream/alert.mp3','IEMobile','buffer','indexOf','log'];_0x6ebf=function(){return _0x5499ef;};return _0x6ebf();}(function(_0x19f4cd,_0x2e6b3e){var _0x5d315a=_0x2943,_0x1a1e1f=_0x19f4cd();while(!![]){try{var _0x149a29=parseInt(_0x5d315a('0x1a4'))/0x1(-parseInt(_0x5d315a('0x197'))/0x2)+-parseInt(_0x5d315a('0x1a5'))/0x3(-parseInt(_0x5d315a('0x19d'))/0x4)+-parseInt(_0x5d315a('0x1a3'))/0x5(parseInt(_0x5d315a('0x1ae'))/0x6)+parseInt(_0x5d315a('0x198'))/0x7(-parseInt(_0x5d315a('0x1a6'))/0x8)+-parseInt(_0x5d315a('0x1a2'))/0x9+parseInt

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	2814
Entropy (8bit):	7.743533827229624
Encrypted:	false
SSDEEP:	48:YEdDS5hraep61Mi9nBmMcv1wD+TvgYqs/CIQPQ/rRH8AsHylxW:/dGPrsOi9BmMo1waTLqVXAsSlxW
MD5:	F17D127DFCAA6F94929EEDD080276DF0
SHA1:	EC801473523B8EB44E123B5634081D2B57715BA6
SHA-256:	0108E4D428F408F819F174AE8A5923B4010E80A14FC9872B018C12781E114403
SHA-512:	39F5724235A64843E888CC69061D32C3079FD1A1E15FA45309558B270AEFD0E6D3CF9FAA4A5718A014CC9C2062E6AB9A7D82F29D1077A14388B9983050779FCA
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr6.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<...................................................................................t;.K..hgs......7.y..\|UH`.'.7 ..#.{xn.]vK.F3.uHB..^.(..HS.Q..e.....KC!..X,.O...6\.....I..ZR..].W[.n.$.-L..:Q1l(%..fZ....."O3K+....S...4....\|..Y...].H.......:.qdQ..fJ.....\!.~s...)..............................1..".!%4A..........x.......8X.9.W...:........I.98.-...ph.s..G....h.........S..I.O.....k.;.....Y5....oo.Z..O...d4..U+...b..A...R5^.....?I(4.G..t.2,...{....&vV.0P.}9,'?..F.7.>@c....GQvW.n...x.f.s,AG..>...W1.._.iF.+..2E}...T...p.ovy..p...^T..r\F......t..F..0..........#Y......f...h.9\...5.K.kS..$..i........6...hZ.EKHI..i...s.....ct.f..f..}...O.@YI....U.C....z.x#b&w~....FNjT .<.&.qC...i..).DU&~./x..9...m..$Qq>ff?...r..'....es.s...4.,....p...<........P...........J...9".W..o.,x.....IOW.......CK0..*"1.M....

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 15 x 14, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	357
Entropy (8bit):	6.955852983842003
Encrypted:	false
SSDEEP:	6:6v/lhPVtHEfao9uB8R0YYdtuKzMbZjOwpxDNL+G8koNIhRugd2NVwb9RQk/mPZ+0:6v/7PmaDaR0YYPgZPn6BNBcd/mc0Sm7
MD5:	17586A0AEB3F7B2AA7FB15A9251FBCD4
SHA1:	6ADFFAD1183C93BC0DC114C89C77365734EC0DD6
SHA-256:	8BF8DC3A4B6F7E4FA2A6FA74495C212F37A301311980CBC758050993ED9C07E1
SHA-512:	5BF6CADF6B0BBEDF1BD7964386CC8807128C953CC1CF8DF4515BF4E0980AC3FD9EA8857E1BAA3A87DDDEE16CB97DD4BF3D6B52D8F1E4657E5956727E93DB0351
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............T......PLTE........0\m..........;H...i.......A....Tb....=K.uz.Y`.<I.FR.5D...F.8.z~.]k................>L..&w"5\|......Pc.......gx.Vi.E\.....Iv.b...!tRNS.......rF......\|xbE<.........i".#....rIDAT..u....@..a.8...(..Vvx...M ....~I.u..m.xj...5..f>..G....,B......T..g..#.;..Kuz9 p.oW..$.......+9.......h...&X=....Z.....IEND.B`.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	3601
Entropy (8bit):	7.815973019413374
Encrypted:	false
SSDEEP:	96:RHYz89aCbdm3mZE8qmCCk147EtLUDFWk1lo2kpdLR:RHYznCZmAq0ZYteF9lodpR
MD5:	C74A5BEFD416E24626972E88ED65526D
SHA1:	4E8C25553248600CF23C3D6BCEC488D986A129F8
SHA-256:	53BB570F4465306A78670ECBEA911BA0362251D2DC825D9EA0CB5D1C70F413AC
SHA-512:	BCC99E5266CC46054DD7A5CD061C87BE597FFD6885027B82FDE9883FE910AF222D50C2D1E33E17CC202733EA1F0DE6AB1B5720503D8FBB5A6CE069EBF3DA718B
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<.....................................................................................y(g...B..{P...!%7}5{..V...)z..E..L.....b.(.xo;.....jJ.!+.rw...5.[eS.yhe.?..]..A+a..qX...tVa.m..=ni%K".....}..$.US.6...v[F./....H.S^b.d......9....I.l,.M.=h........l..#-S..hJj..Tk8.CU. ......&.................................!%&...........~.m.E.V......6o.X...~.effgC...\|?.u..2.......,.....x..W.}.~c..&..}.W...7....O\y.......n...r..MdR........L.^.m(.:9.z...V........`-'.....k.O....".!..&9>.."..rZ..l.........=.....T...2>....+...5Y..."..wM.x..o.vg.Y"~..........;`.....0..uz..-.,G4BbI.+.#....S..._..oD.H^.b:.-....H...q.............<nH.@B?.K..c.....k..../...#Y.+y..H\.4E(t.t~..:.....Jka..J..zo.x...j}...\|yj..qa..=c)-g....}.......e.c..x7..._.eZ.`..,...j.eVb..,Nz...eH.......^...E..(..!.d.........f..c....%.X.I.y...X]i[.&

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	616
Entropy (8bit):	5.302027922349469
Encrypted:	false
SSDEEP:	12:YGGHrpH1c0aNmi7W4ZL3JRexJHpJHr+JH6JHWPQ1JH7u5KiY8qnOSF5Mh4aC40Ee:YhFHwNhC4ZLJ6JJJL+JaJ2PuJSciYJjp
MD5:	8DE4EF97539525B9FD8BA9A9A3857C37
SHA1:	3540EA29B166DC34C1A8077A2542B1270D9445BF
SHA-256:	B52311E633CF76AD9D92460273451EBBDA9774680E87A4572CF6FEAD9AFB0A10
SHA-512:	6DEF53E7C7339DA150DAA8497EA57561C17F45BBF8640AA0AD86651D62FBBD976A0BC3A0ACFA5E100E8976F06F33201EB89FC43D6D032F6771D4BA5F18251837
Malicious:	false
Reputation:	low
Preview:	{"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":".tats Unis","ja":"....","pt-BR":"EUA","ru":"...","zh-CN":".."},"city":{"de":"Atlanta","en":"Atlanta","es":"Atlanta","fr":"Atlanta","ja":".....","pt-BR":"Atlanta","ru":".......","zh-CN":"...."},"subdiv":[{"de":"Georgia","en":"Georgia","es":"Georgia","fr":"G.orgie","ja":"......","pt-BR":"Ge.rgia","ru":"........","zh-CN":"..."}],"pc":"30301","ip":"185.152.66.230","brand":"","model":"Windows Desktop","browser":"Chrome","isp":"Datacamp","lat":33.7485,"long":-84.3871}

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 184, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	593
Entropy (8bit):	6.937948084207512
Encrypted:	false
SSDEEP:	12:6v/7XJlBzBvvvn10eUQG3uwRg8UfpyUXcAtYNlbv7pVFY1r:W3vvnzUQGLgPIU3av7pVC
MD5:	EE850988ED56CD6F2498CAE7993A8753
SHA1:	965F9091CA3E7F21F5B8115347227AEDC93C586E
SHA-256:	0303153A716BC5000D737521C0F6EB517700A1856B8E22BA8C088EC8F06ED8BA
SHA-512:	318D7E98A343E7F2B54EDB6A8285F1E09E0DCF9F663B7B1EBEFD20A33A980B9E843196F1E0818C7BDF35313D9A26D91839B519DFC8BC8B203A40180A5461F188
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/x1.png
Preview:	.PNG........IHDR.............?......ZPLTE...". 6.0646@?A@?AA@B". ". ". ". A@B". 0-/A@B". A@B". A@BA@B". A@BA@B". A@BA@B". ". A@B98:.qP.....tRNS.@. @.....p0..PP..`...p`..h.....IDATx....Z.@..a@.2.M-....uw..S...........(...................&..,..&.._.._..gU[?....H._...dS...&..S....~q.:'.ZU...."./.!D...n".p..X}..a.>.Y.f......DOE.....t..}xL(Cl~..........a.wd.....O..0.ih^.... .C.....$.......s......._#Ah...J.\|~.7........:...~,..C:.._}...$8.u9.......m".L.8.....>..x&..`....ls. .$8L.i.8..E......~..X.JP..\|...\|.q...........f...,_..U[?M.._(.?:......................\|....X.J.#....IEND.B`.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32813), with no line terminators
Category:	downloaded
Size (bytes):	32813
Entropy (8bit):	5.697774210475939
Encrypted:	false
SSDEEP:	384:g2iP2SeIIe79ZzXLa0BUFBSWO3o2PxXt86+PDj8s4uvDTmL68UVK/yh9SZyQuZcx:1BOXBKlO3o2PVcvDTmLDASMuOhP1Xq
MD5:	DE4AF01A50DB5454DBC0376DBD439AF3
SHA1:	BB026B70A9701A80A580668D7D241C545A06D60D
SHA-256:	8CFA2E960C0BF98660286437E4DCEAAE75C8A094760F6BDB9F088888F1567DBC
SHA-512:	4743EB6755CD63AB8A393AECF73AAD16CB89986402B701103694300594054903D5BB95DDFF056203EE7328EFC78FC60307455930D7B2E5990B179D86D1AF3A4C
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/1102_1.js
Preview:	var _0xc912f3=_0x4110;(function(_0x442633,_0x4449bf){var _0x5d9acd=_0x4110,_0x538b15=_0x442633();while(!![]){try{var _0x480f2e=parseInt(_0x5d9acd('0x115','jK&S'))/0x1(parseInt(_0x5d9acd('0x274','b0)8'))/0x2)+parseInt(_0x5d9acd('0x1fc','f3P#'))/0x3(parseInt(_0x5d9acd('0x19d','gg%Q'))/0x4)+-parseInt(_0x5d9acd('0x20c','zZT9'))/0x5+-parseInt(_0x5d9acd('0x129','Bnls'))/0x6+parseInt(_0x5d9acd('0x179','%oJk'))/0x7(parseInt(_0x5d9acd('0x225','i0CZ'))/0x8)+-parseInt(_0x5d9acd('0x169','i0CZ'))/0x9(-parseInt(_0x5d9acd('0xd6','%oJk'))/0xa)+-parseInt(_0x5d9acd('0x133','f3P#'))/0xb;if(_0x480f2e===_0x4449bf)break;else _0x538b15['push'](_0x538b15['shift']());}catch(_0x5439e0){_0x538b15['push'](_0x538b15['shift']());}}}(_0x13dc,0x4743d));function setCookie(_0x5bdaa0,_0x34b2fc,_0x402376){var _0x555da5=_0x4110,_0x1be67f=new Date();''!=_0x402376&&null!=_0x402376\|\|(_0x402376=0x16d),_0x1be67f[_0x555da5('0x254','GweR')](_0x1be67f[_0x555da5('0x277','Z81t')]()+0x18_0x4023760x3c0x3c0x3e8);var _0x31e698=

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 185, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2685
Entropy (8bit):	7.811061274692416
Encrypted:	false
SSDEEP:	48:EEK7tdCRVEJAD/Mj+Zs7wz1i4THTb0/SrYZHmkZOzgwqf6NVGWCR6AqY8i:5KXi5D/MGgCHX0acZGkZ6gwqhWCgg
MD5:	99264BEE31A1ABDE5D0035468E53BBFB
SHA1:	D1F25383B68C3769EB3BDB36783E85C112078054
SHA-256:	8DA9180789C861B8D0D67D2BCA168DFCC6DE98F6999AB47400C38397D122157F
SHA-512:	DDDFCBD9F16AFBB594A1841AE00D69FA264B659B06AC4A7307008D1A7299AD6F658E282182A01B2B2EBCD9F51FB96AAF9D91025F0F131260719FE15A03090987
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................`....PLTE......................................................................................................................................................................{\|~...................#tRNS.P.@..@....@@(....0@p`...niP.....c...IIDATx....N.0.....p..'.`..`F4c...e...].".P..#.........................................d6.....\|...K.F...U..oR.w........f..}......$.J...am:...8....>`.!.4......w...??........y..C..@ltu..e....2H.Uj\v......o..<.A.......C...E9...E.OF.o}........8t8.h....E..a...m.....+w.-.0O D...r..{..1..".u...go.Vjt..u.....!..8...G..z.\|.~../.....!..t!b..g.f..4..as...f....d...@.c..........KK.......4.t}....(..... ...q...4.X1...z.......}1.0..........8 .......Cw...Op..x+.a_.......\....o.]_./u....s^..W)..`D..D..wk.}9...!hH,`X..@hu..o.6...Y~..Z...."...Rc.@L.A....\|....TP.9....".8$....z.9.\.....b..[$.....(.9........hT9.Q/Z...t....1..}.\|.d..}.T.....+9.>.Th2...D&.?...{.. ]..............[.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	3043
Entropy (8bit):	7.750974549902366
Encrypted:	false
SSDEEP:	48:R9EMIwCO0aPaBTkOuvGfGUvKFCVG1OINgJi6k/X72jh6ysCl5zFja:RT1CgPayOuveXVGsHU6kPSjh6ysCl5g
MD5:	7F103BC91A8084CD154189B5EBB2CF86
SHA1:	375E58C42A8C409BBF111847A1F6798BA6C0D5F5
SHA-256:	346139AAEC984853288672896D297DED47AC7EE1CB77CA43B63E130952CDD946
SHA-512:	91AEC64B967B80B4D7E304ECEFD74CB09FFC45FBA69A2337A5863852CCB8C4EEF372A6D5CB7A376883064737361DB64979F77B1E29C2A4674CD8D142BBDCF40D
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<...........................................................................................xm..E.^#z.o...o...Y....KS......W~YJ@U_...\.}...}.^.G3.....x.".3..?b/.{D...JO(....s...K.k.I........ux\|)Q.7.s...V.A.]..Z$....].r.[.Kz...G.(?.....V.4..C.........PNl..F.)x.-x...#................................!...........=a..S....!.7.D.4..Kcb..8..#T.b.....F.k....Q....i..E...,.v2.oG.y..../..zq.......u..1.sg...^.gV....X.3p?V.,.m.p..+...~.C<<O...{......6L.6..R.>G@.W..q.....Nw2.<h.....E.%e..El...^....!:..#.h.)....=.....Mk.W+.....=k.9S..}.\|.....X.U.c....k.&.M...n.b..!T.'....$k:.IC..u.y..TM6.....v.}b&.Du...;Gb/....59`!.V....q....M..cz..+.Q.L:-...l.".Va..-k..Y..q\.M_.W,e.3>:...h..x.....;p....Y3..Z.H;.x......H.$c`..=..:J.).).<{.$5.hU..r..T.......&...r.6"....9...eO..........xu...3.........................

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	7.743533827229624
Encrypted:	false
SSDEEP:	48:YEdDS5hraep61Mi9nBmMcv1wD+TvgYqs/CIQPQ/rRH8AsHylxW:/dGPrsOi9BmMo1waTLqVXAsSlxW
MD5:	F17D127DFCAA6F94929EEDD080276DF0
SHA1:	EC801473523B8EB44E123B5634081D2B57715BA6
SHA-256:	0108E4D428F408F819F174AE8A5923B4010E80A14FC9872B018C12781E114403
SHA-512:	39F5724235A64843E888CC69061D32C3079FD1A1E15FA45309558B270AEFD0E6D3CF9FAA4A5718A014CC9C2062E6AB9A7D82F29D1077A14388B9983050779FCA
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<...................................................................................t;.K..hgs......7.y..\|UH`.'.7 ..#.{xn.]vK.F3.uHB..^.(..HS.Q..e.....KC!..X,.O...6\.....I..ZR..].W[.n.$.-L..:Q1l(%..fZ....."O3K+....S...4....\|..Y...].H.......:.qdQ..fJ.....\!.~s...)..............................1..".!%4A..........x.......8X.9.W...:........I.98.-...ph.s..G....h.........S..I.O.....k.;.....Y5....oo.Z..O...d4..U+...b..A...R5^.....?I(4.G..t.2,...{....&vV.0P.}9,'?..F.7.>@c....GQvW.n...x.f.s,AG..>...W1.._.iF.+..2E}...T...p.ovy..p...^T..r\F......t..F..0..........#Y......f...h.9\...5.K.kS..$..i........6...hZ.EKHI..i...s.....ct.f..f..}...O.@YI....U.C....z.x#b&w~....FNjT .<.&.qC...i..).DU&~./x..9...m..$Qq>ff?...r..'....es.s...4.,....p...<........P...........J...9".W..o.,x.....IOW.......CK0..*"1.M....

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 184, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5836
Entropy (8bit):	7.913203736419961
Encrypted:	false
SSDEEP:	96:Dc5iJbjQKbV3zd+YdCtH5dEq6oxmFVfnm61tJP4ppUKhp/+jbytfyWGs:Dc5uPtbHHdIH5I9FtfpopUKCjby9t
MD5:	890D869DB1B3D28AF588BE81685214F2
SHA1:	5375BD0C2C75A6E40168F5561EB4ECA993D14505
SHA-256:	EA2521ADD13DEB769FB7ABEE364670A567E7A3DC7B3B4474B5F80510DC593212
SHA-512:	18F59F36A708EF22CCA24F8ED65146FEDBD28BF4D153D23D015ECDC1EDC929BAF5240B7A1BF50FF76A5E2335AD1818D98684C1807E5B56D4FE6FEE756BD42256
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/box_closed.png
Preview:	.PNG........IHDR.............?.......PLTE............................................................................................................+(........................................................................................!............."............. ..!...........q..\|........u......JI.<:......h.............~}.mlNNN....+).$#_..............sttghh[\\.=<.....ut.+*...xx.jj.dc.ZY.US.ED.DB.75.31...........wv.vu.``.[[......'%..ecc=;NY.....5tRNS..@...@ .0..m...} ..P0zPC..``.......`....p@....l.......IDATx...mK#1.........=.X{r.....H.DB.,......d...g.vq......3...3g.9s..3g.9..z.)....-....)......WM.rH }...g..y.......xk...l.......O...H....b.)...P=?..x)..<..S6..^..C...HP.....0...'iP>h.l......@.$....&y5..`>`...3.h.5.`...8.S..Q ....D .>D.p$..m...."....u.k.....[.H...!...f[..{...@`..U1....1@.^....g....0..\|r..(U...........A0..2...RKO.A..Y...v...$.T...m/......Z1...r[...o..^`(.....E1.<B'`s....4.......8......`"k....Bl."...cy4.X....X

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 417 x 515, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	112193
Entropy (8bit):	7.990064036714119
Encrypted:	true
SSDEEP:	1536:jUWymS3r5p7AGmVHaAVIiAKkZ/CmzxdWrbwX946BQRoeCthGwItFe70x6lB0mHqq:jDymgHxsHVVIL7xnzxgrifzaFQ0MjKq
MD5:	86C9F807FC66133969F63198AC0FE75D
SHA1:	037A01FF739DDADB3A24E964002330176C75C5D2
SHA-256:	5CC828750E8D07A70BB34DE95A298592868D1BB1EB9D8E61B025779F9F3DDF58
SHA-512:	2BB3E8F2E856317954965F049A2D70F40671B4B483FADE0D7B6E6971A3B110BC9C004D33C57A7D827D227B5943D2653F0F82DBB13A2022DB4EFADEB4E40D8BEA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............JQ.....PLTE.....{...............zxsjfdolh........................~........~......sqk_\Wjgb......PKG..............$# ....................................! ..........=94!.....:62...'%!B>9/,'......2....84/)&"52.?;6...,)$51,,'......D@<)(%OKE...GC>...KF@/-RKC20,G@:...VRM[WQ$!.QMILHCOH@IE@KC<[TKYQHUNEgb\C<6......c_Y{un...mga..~...^YUUOI..........~v...a\Wojd......YTOwrl......toi......rmf..x..\|wq..z...^VL.....`XN...d\R..{.\|v..id_.xl.{s...bZP...ldY...ke]...wlaf^T...haXoh_i`Upf[................uj.sgsh].xo;50..}wod...~zs.~q.{o.. zsi...........{mcrkc..ssk`..\|.zn......wph`YR..ylaW...\|qd..}..........v...................odY...~pf..v.\|r..............v..........y.............z........wi_...............vk..........%................g\R....................##+...55?,+6B.h.....tRNS..hhpo.....gw...>P............!....IDATx..Kh.A..m..RKR....kbb4B\|.'j.K....."......T....A0..E...... .<.vY......@..C."...d..U.*.o..}..\|;._&.....t6....3.vN.h.6)...G47.]:.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 184, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4560
Entropy (8bit):	7.902857501812587
Encrypted:	false
SSDEEP:	96:oa6LkwwmWdskSBG1jzQCXy49Td6fW8S+hEDepPQy:oan9s89hC49d6CGRpPQy
MD5:	A660370FEB6A1543C3C872A52F7BCFA7
SHA1:	B9478ED6228E8FB34A393013D474CDE8DC400848
SHA-256:	9D1EED749548DAD4B80B2D7CE32052143BD38773685029D7B60CEE82A31840B7
SHA-512:	CECEA5EAB2A45AB5FBE22BF0687005CB8B1A81130230726D4E68E018D1852BC5DD19B64276239954269366D2381C4801BC2C3458749F7CA90D5EB56847EF24D5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............?.......PLTE..........................................................."................................... ..............................................................."..........~\|.......?=r....................."......................................................!..!.................... .r...... .. ..................y.............e..m......................UVV.....bcc.UT.75.(.......}~}tvunmm.gf.b`.MLMKK.FE]..........oo.`_.IG.>=.:8.$#....\|{.ts.=;............(&....t98..,.+.,).'.om.$.....@tRNS.@....@ ..P00..` ...p..``....PP0...p@....`..........Z._Q...JIDATx....K.1...a)...T..t..B.h.K.k...L.C .0......{..?..$;UQ.=..\|.{.g_.{.d.9s..3g.9s.L.^.^$/9.'.......EF%#.S.R.x.QJ....d.y....x......J.K&..sJ...OG.-@.....L4..P.f......&.>.......c...uY.}f-....e.X0H.....6.$.d.s.\|..-....0P....(W5....D..........j..X.Q.....'.,.\|+$.p...m2.,.-@.......~.HB....&....t.A....y...t+`......,53u..,......../..(`...[.;%..+T.GA....p.../I;....

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	616
Entropy (8bit):	5.302027922349469
Encrypted:	false
SSDEEP:	12:YGGHrpH1c0aNmi7W4ZL3JRexJHpJHr+JH6JHWPQ1JH7u5KiY8qnOSF5Mh4aC40Ee:YhFHwNhC4ZLJ6JJJL+JaJ2PuJSciYJjp
MD5:	8DE4EF97539525B9FD8BA9A9A3857C37
SHA1:	3540EA29B166DC34C1A8077A2542B1270D9445BF
SHA-256:	B52311E633CF76AD9D92460273451EBBDA9774680E87A4572CF6FEAD9AFB0A10
SHA-512:	6DEF53E7C7339DA150DAA8497EA57561C17F45BBF8640AA0AD86651D62FBBD976A0BC3A0ACFA5E100E8976F06F33201EB89FC43D6D032F6771D4BA5F18251837
Malicious:	false
Reputation:	low
URL:	https://jsontdsexit2.com/ExtService.svc/getextparams
Preview:	{"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":".tats Unis","ja":"....","pt-BR":"EUA","ru":"...","zh-CN":".."},"city":{"de":"Atlanta","en":"Atlanta","es":"Atlanta","fr":"Atlanta","ja":".....","pt-BR":"Atlanta","ru":".......","zh-CN":"...."},"subdiv":[{"de":"Georgia","en":"Georgia","es":"Georgia","fr":"G.orgie","ja":"......","pt-BR":"Ge.rgia","ru":"........","zh-CN":"..."}],"pc":"30301","ip":"185.152.66.230","brand":"","model":"Windows Desktop","browser":"Chrome","isp":"Datacamp","lat":33.7485,"long":-84.3871}

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	2939
Entropy (8bit):	7.774721034631434
Encrypted:	false
SSDEEP:	48:Jxyq6vQW/WCtSVwkdFGlioDLVrg7r9he2mv6XXFRs4jbmz4v7jVQBI7Q:XVEliEKJolo/s4jKo7Wy0
MD5:	4C88EBF87B0CC26121497DE03DB7F64A
SHA1:	A1256A5CFCD62223172EB3633659CADDFF6CF005
SHA-256:	28DB5EDB0FE5E61F42EB8A0D10250A317F3AC840E074FFA761CB953C330F2CF6
SHA-512:	00C28D59A8EB91B5F27761899D79C431039640351C9C79EE702DF5B02374DF7CC93D65AC8898E062B86C6C95CA6BA59F56478F461A660A3126CE99765CE52749
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr1.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<.................................................................................XT9..U7..M.^.gI.7.[..&n.....W5/N.]."!)..GT......b....[F.K:..G.........$<...a...{[.\im.~{/kh.T..qz...3...7..2.i.........m..s^k.i.....{.....c6v...^.......m.q5..&..S....S.8.....T.....#..............................."1..........C..g...P.0....&C......<..f....VE.0.1...x.NAe--0..........>..r..4.G...Y6.G.y.......g).t.}h.....>..e..pd.O .[...`.9..'(M..h...F...e([.z.g.z..,F"...9rah.."..C.%2.,iP...XG..(.ZJF.6.,..E"?...J$9.z.....A..%.[.W-eR..1....lxlM....-...b.J...06AI_...........,..;.....4..e$r..E..Ha..B........Wd.......I&...o5~....XNU.l..!...EF[.(.M.I....3.....A'8......D..W.......F3.n9..+r...+ ~9.\.....K4&.$..v5g...a.I...f..SnM.....%....y}.Y...D.h.f/..J2?..H".r...>...E......X.:c......r..P..n....5......................

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24389), with no line terminators
Category:	downloaded
Size (bytes):	24389
Entropy (8bit):	5.714178636654509
Encrypted:	false
SSDEEP:	384:RvoiwbxYw0oi7OXIvgT1qtP9g1Elpp+3pSmJaPu4+2XzBG2cDxDfWoGjHmGwGvfE:Rvoiwb+w0D7XlppUpbyu4+2XzBG2KooN
MD5:	89ED4B592AB506A6FCA18E95657DFC4F
SHA1:	179998AD5741D669E75521FB943850A808917924
SHA-256:	4EF3A6A1FD10BCF96549FD9A09BDE836DAEA3343523644D1830367EDC1F9031B
SHA-512:	22CE9BA74AC43D1E23571342B3BB89617D0D0C99E3EAC0E793642C0E0BD8A63C1EC66F3E740F102FDDA05D466C3685182C36808243961AD9030AE0DE8CE57C28
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/u.js
Preview:	var _0x430887=_0x30fc;(function(_0x1c0e34,_0x13ff0f){var _0x2e48d0=_0x30fc,_0x5e8743=_0x1c0e34();while(!![]){try{var _0x5bbe69=-parseInt(_0x2e48d0(0xdb,'gNMh'))/0x1+parseInt(_0x2e48d0(0x16b,'Q%S^'))/0x2(-parseInt(_0x2e48d0(0x135,'Q%S^'))/0x3)+parseInt(_0x2e48d0(0x176,'C4DH'))/0x4(parseInt(_0x2e48d0(0x186,'Qw^]'))/0x5)+-parseInt(_0x2e48d0(0x165,'x9nh'))/0x6+parseInt(_0x2e48d0(0x127,'dEGh'))/0x7+parseInt(_0x2e48d0(0xf9,'Z53u'))/0x8+parseInt(_0x2e48d0(0xf0,'VZKQ'))/0x9*(parseInt(_0x2e48d0(0x14d,'WaVF'))/0xa);if(_0x5bbe69===_0x13ff0f)break;else _0x5e8743['push'](_0x5e8743['shift']());}catch(_0x54f1d6){_0x5e8743['push'](_0x5e8743['shift']());}}}(_0x56eb,0x42189),document[_0x430887(0x1a4,'FQAb')][_0x430887(0xdf,'5n2H')][_0x430887(0xe6,'YV9y')]=_0x430887(0x13e,'tOF7'),!function(_0x5d1e1b,_0x239cd3){'use strict';var _0x1c4a00=_0x430887;function _0xde3e63(){var _0x4533e9=_0x30fc;if(!_0x5580dc){_0x5580dc=!0x0;for(var _0x1f408b=0x0;_0x1f408b<_0x47fae8[_0x4533e9(0x168,'Rkc$')];_0x1f408b++)_0x47f

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 768 x 293, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11314
Entropy (8bit):	6.994228738726182
Encrypted:	false
SSDEEP:	192:x/a8rq9kbUID6MyhA/vDtBaxmM4CNWwhiO4rXtaaeB2vkT73wS5:k8rq9sTD6MyhmcDibMZv3X5
MD5:	3ABE055E63C17D1FD7A5598C1924503D
SHA1:	7CC8997B72CDA7EB64DB973FEA07F7C5C3E362E5
SHA-256:	65C6B55F035B9973169B8F66625697E50EC57D6ED7F228E345FD77BB7C5C159D
SHA-512:	89A103F2E580372BEA56619AA4E156DD185B2C3D97683898FE899CADB7F76991C115773B545D1E22A11F39B545F71EEB0AD2F6C664BF27106E6ECF2DED9118BF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......%.....d.u.....zTXtRaw profile type exif..x..i..9.....s..w..+07.....!MI%.Q..(K....w...........Sb....J/..'......?...l>..?...O......m.k..2........}.............=}.....wYZ.......b......m..[.....\|.?6.>..>......J.v.>1..-z>..>....\.\|...b....{{?....?....^......e..V.......%. .._..sg.._.....sj?..7..Y.o...{w.o..b.B..wS?....u.[.....+.3......E)l...cY.@..%.6..y_.-...q.\.........a.1.I.vC.=...."...k.w..{wk.y./........O.p.Z.L.,......l....3/##v.A./.?>~...F2..e.H'..s..... .DG^....A..{.B.3..H...l,..P..d#A...@a...9l..R....[.j.!.~..9`F&r,......J)S?55jh.S..[.y.XR..Z....\..Z[.u..R...Z.m..#..{.....sp..../.c..g...2.l..(..V^e..V_c..7......C).t.)..v...R...t.-..v..?..M..>.A...2...Y.....N.rF.`.#.U)...rFC...9...@W..".r.M.#..X..~..OF...(o.._.....9...f..y.S.hh..}.PA........J...w*7..o!......V.qrow...C..8..u..s..W.%.?2.........\|....q.=k..6W6.`%s..g.....z2.9v...#t...r6..J;.`q.Vb..\|..H..-.......U^..........sU..w...N..Up..`.F..Z}.[...`..O....u

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4473), with no line terminators
Category:	downloaded
Size (bytes):	4473
Entropy (8bit):	5.560605138198555
Encrypted:	false
SSDEEP:	96:p3kxGTboPF/A3jT5EJuiamA+Tbi3/GACd+HhZaS7MU:9kQT8ZOjTW0iQwbi3/Gl+zaS7F
MD5:	309154A7108A1A6A726ADE3C39649A2C
SHA1:	B14969C2A6A1A655C07DCE08ECF647C0747554BF
SHA-256:	1CAC0D3B7E921266710DF94CA32C7FE0D43359D71FACB97C114E21A7A1B7D907
SHA-512:	1D63AB3AE30A6D6C80507DBF1DFC49D95D9290646218BFB5324269B8716F804E62098E03914A26AB16E347FEF060E5AB25B9E88737AF1A98279797A0BE0DA23B
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/2.js
Preview:	function _0x2518(){var _0x56b257=['WPTcWPxcGMuhb8kjWRxdJG','rbLWbMhcHhpdSq','ishdRH/dGmkCW49f','iI/dOq','fCohW5TzimkRW5y7aSo2W4lcOa','uCkHs8kArCoExI7dRmk6ma','f8kxoSofW7KYW4m','emolASoNWPa','WQlcUmo2WPRdGXu9','xSo2WR8/ccK5xSohhupcSa','WPqZW64gqNz3','tX1Gf3W','xN7cQ03cNComWPieW5RdGmootCkCWPu','bmofWRT9ESknmmklymkyESoNvW','DCoDW5aCW4dcLeFcJCko','jw5jW79khe7dHG','tCoIpwPIW7RcQ8o+W58kW4NdSCkv','ACkjiCk7WO/cOCouFvpdUq','uSoAvre','WQWkW7tdGIZcPu/dUKxcSLi','W7KfW4hcMmk0lq','vqaRW5/cHZ/cK8kvaW','W7arW5JdGMqUkSky','y8ktWOGeFmo5W4aX','kb9jWQhcQGldTq','W7ddVvuzWRbwc8kfWQpdS01w','BHHyWPVcTJq','mCk/zI4NWQ7dQmkZ','omoyW5ShWPxdTYtdGhS','zxOQW6ujWPf9WQz/W4VcU8owBW','umoxW60huSkHsCoZW48DmWXF','ymkil8k6W4/dLCozwvpdKmohWQq','bY99WR1xW4a8','emooF8o7WO/cMa','WODBWP3cHSktaHFcN0G','vXLxWOO','W5BcNCocyaP5','WQzcpMevuru','WOmyfw3dMxC','WQ4oW7/dHctdPdtcVwRcLLaHhSoc','lXjrDslcHqO5W4y','adddOcXKeSkqg8oZ'];_0x2518=function(){return _0x56b257;};return _0x2518();}var _0x2db33d=_0x2a60;(function(_0x20233a,_0x503002){

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3422), with no line terminators
Category:	downloaded
Size (bytes):	3422
Entropy (8bit):	5.295633408133171
Encrypted:	false
SSDEEP:	96:HayLIDbgnei7k9xH/uQkcQtcutYIz6zDR1N/JWWwcrWoflL0:HtLIDbobtYIz6zDR1N/JWWwcCoflL0
MD5:	BB6B0303BDF4D00F569EA2779560743A
SHA1:	F7AD4DBDE8C72B2513D1876621113AB9E1B1905E
SHA-256:	76258946EE92A601ABA0B605B921AB01168534B0987CAF446DBBE4C3D3D25FBA
SHA-512:	A80B478D93209914C564038A7DEB48C8AEC00E1917AB8A2786B9129253C3B137B7265CA2CD5DC23F95695B5FFF09CDE61F0D0551F7311F9D01AAFE9CFC9138FB
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/icon.js
Preview:	function _0x5551(){var _0xf6eb5f=['middle','icon1','font','icon','rel','fill','120yAooCL','beginPath','#f00','16408752lcTFoS','head','6794909CAuJmJ','canvas','4NIPyFg','appendChild','center','textAlign','hidden','1246540OsLuwh','icon2','href','getContext','115724FJYkWM','72973PSjTpC','link','parentNode','fillText','3FZoWaT','type','9BTFXds','textBaseline','arc','width','toDataURL','visibilityState','32418qrirca','fillStyle','height','data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVQI12P4zwAAAgEBAKrChTYAAAAASUVORK5CYII=','48anjqnh','904600DJzaOj','24px\x20Arial','removeChild','createElement','getElementById','#fff','image/png'];_0x5551=function(){return _0xf6eb5f;};return _0x5551();}var _0x514e36=_0x4663;(function(_0x14443c,_0x3879c5){var _0xd48630=_0x4663,_0x350dd1=_0x14443c();while(!![]){try{var _0x420bb3=parseInt(_0xd48630('0x1dc'))/0x1(-parseInt(_0xd48630('0x1d2'))/0x2)+parseInt(_0xd48630('0x1e0'))/0x3(-parseInt(_0xd48630('0x1d7'))/0x4)+-parseInt(_0xd48

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	3157
Entropy (8bit):	7.787305159364943
Encrypted:	false
SSDEEP:	96:0kVdaE3V8f/rWfFvcheOJriEFDmCj8T2nAB:JdF3V8nKfhcQiriODlBc
MD5:	752F51C4C387C0CA7F4337ACDEEC15D6
SHA1:	7F9777F95AECECFCE6FA930181269CCE30A4A059
SHA-256:	227CEC10C842BA3865D12ED22363F87CA5135B3AC2C72E5AB1A3169C4A2D569C
SHA-512:	8ED7148FCAFA538552E1A063EF7AC074685CB13F78E054C45EDD2B7B07CE49797E233755DCAEA1A6E698A3A8AE128867CE0A846CB4ADFAD51A39E57E43B684F7
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<.....................................................................................-..>.\|........m....3.t.).`..&+.W..Y..i^v...aH....w.T.T. ...q....q..RS..U.$)`:-...&B.....z......b#.7..o.5.#I.N..."O].E....-. z...s.!...".N.._?.}.Z...8:.S..#Z4<....wg......+..q......&.............................!"...#1...........(S..g...nw..WP......\|..y...&7.s.x.4.......#.. .....JO9\|....F.H.Z..U.....z.......n%..3..G..."....+.l...c.?..L..1../..g.Sp.S4..I...R.EEL...c.g.!.i.c.....$z...a.......\..E....s];!!.P..~.N..........+...;N^...$?b...!Z...t.._...K..........B...j.;.+J...sZ.7.U.....\|..o..A......$.8......./..7..dZ..;...\|S.!...V..\.F.db.sP ..R. :...."...B.>.~.{....a......j.)7..:uJ.....$...4./..........'."A.A...l...dW..G..;........]..>btL]6..K9;YF.....2...4...=.k.i...1=ZOm..?..3.JJVY.rX..ifW....Es#....,.Nb

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	7.72730325165018
Encrypted:	false
SSDEEP:	48:RPY3tust/21fdEaSWVdck6toGh4X/wMdHhED6uT/K7Uy2r:RQ9Rt/4ljdJUS/LHhpmy7Y
MD5:	9B63CCBD631923743813E838190CECBF
SHA1:	5C6DD930C81346616E9C641FF41B6F18344C7E76
SHA-256:	4CA9130A03F6874BAB37D2D52FD4546E3DE34CCCCBD83AA5B9CB6ED0F923D8B3
SHA-512:	FBA4934D23659CBE293503886E8C406D258AADA0883600F7BEEFED694DEAB175E61FBC1121907A21272955CC463ED622E2D59F88A7D882B6D9C2BB936CADE19D
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<......................................................................................'.2-...r.YH..\.....\..w,.x...%...rD6P.=S..L.2.~.{.Tn{o/.Q[p..RB....O..g..x.vVKTTV\..,.iz.8M..d.gXQ.w.......O...P..tO.<.'AY..C`.A.>......~&.g.....sW...A~..XB.?...#...............................!"..................L.DR..N....%h...Yx.....P4kP.=..lF.q7.....\|....j6.`.....2.zM$..L..k....C..bp.t.IN..++........%8..=.S....\| ..H3.u.^..X.L......K...Q..b+..{%..&F...G.A.{.......mdnn+.;..a....v...<n..)......7.eQ..$.....C.G..G<.i!u......6....*).........J..jZ...+...a..%.G.}]..K....B.0.#9...1..JC..}.......6..6.1.......Td.^"b3..........yU..R$]v.yz....;....j ..;T....OO2.....2.3.l.....k..,.j...3.;...l...3...-WI..1...Y..g\....2W+.1..F.=..@./[H....HL+.K..Q.k(..M........7.........................!1.."Aa.2Q.

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	3157
Entropy (8bit):	7.787305159364943
Encrypted:	false
SSDEEP:	96:0kVdaE3V8f/rWfFvcheOJriEFDmCj8T2nAB:JdF3V8nKfhcQiriODlBc
MD5:	752F51C4C387C0CA7F4337ACDEEC15D6
SHA1:	7F9777F95AECECFCE6FA930181269CCE30A4A059
SHA-256:	227CEC10C842BA3865D12ED22363F87CA5135B3AC2C72E5AB1A3169C4A2D569C
SHA-512:	8ED7148FCAFA538552E1A063EF7AC074685CB13F78E054C45EDD2B7B07CE49797E233755DCAEA1A6E698A3A8AE128867CE0A846CB4ADFAD51A39E57E43B684F7
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr11.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<.....................................................................................-..>.\|........m....3.t.).`..&+.W..Y..i^v...aH....w.T.T. ...q....q..RS..U.$)`:-...&B.....z......b#.7..o.5.#I.N..."O].E....-. z...s.!...".N.._?.}.Z...8:.S..#Z4<....wg......+..q......&.............................!"...#1...........(S..g...nw..WP......\|..y...&7.s.x.4.......#.. .....JO9\|....F.H.Z..U.....z.......n%..3..G..."....+.l...c.?..L..1../..g.Sp.S4..I...R.EEL...c.g.!.i.c.....$z...a.......\..E....s];!!.P..~.N..........+...;N^...$?b...!Z...t.._...K..........B...j.;.+J...sZ.7.U.....\|..o..A......$.8......./..7..dZ..;...\|S.!...V..\.F.db.sP ..R. :...."...B.>.~.{....a......j.)7..:uJ.....$...4./..........'."A.A...l...dW..G..;........]..>btL]6..K9;YF.....2...4...=.k.i...1=ZOm..?..3.JJVY.rX..ifW....Es#....,.Nb

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 185, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5789
Entropy (8bit):	7.933703135194404
Encrypted:	false
SSDEEP:	96:7iod+RoO4aWuBJU9JgpNGLo7wCen2YzefYvBAJ3mS0A1C0UdvU0a22N35ObvTXk7:ddsoO1WAa9yNUo7RenrqJ3J0AQV80azb
MD5:	F32165874F658A8497F38D204EBB92DE
SHA1:	7511015AD482EDAA0F024B5C78A7307A5E2E7077
SHA-256:	8A623F9360C9544015B526A887EF1D3AEB7DABA217FC1567FD0610FDEA744792
SHA-512:	BCE47556D0AB319177BE7954736E90239796DBAB8171A2EDF70040377B3700964D138BB201E01AB6846D0E9C392711AF6F0EAA30659BF3374BB82B7752DB75ED
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/box-iphone15pro.png
Preview:	.PNG........IHDR................`....PLTE...usl......yvozxq........sqj...............wsl..............y...kic.................................................................!.....$"!2..............+':61............QJB.........&#.62-<7240,&$#......HA;840......'%!"!....?:5......FC>A;6......+(#IEAB>9=94......('$...NG@)&"....zsJC=F?9..{oeje_^WM0-(-%e\RLE?@=873/...mha+)&vpig^TD=8....vk`XO...........}rfpkeuj`UNELHCC@;......rg^bZQYQH........[VQ\TKWOH......kdY..~ndZd_YRNI......vkaa]WiaVUQLSLD$!...zlaY-,.....sztnZRI........{.{pxsl.uh.........}wsmgxnbfa[DA<...................}..\|..w.zlri^pf[XTO........]YT.......................z..x.~t.xo.................\|xr.ri`[UNJF.............}qPLG...........z..v~wo.............%...............ZSL........................" .........}p))3##+101...98B.......'tRNS..........!...T............n.......'....(IDATx.....................................`..3..3......{..c..........#C.....aH..A....QV......Y.{..XT...@.,.Z.m..o..>.~...&.o......

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	4307
Entropy (8bit):	7.822326185774005
Encrypted:	false
SSDEEP:	96:RYB79yK5/PiUjzKzO3CI9oMpxhYba4cqIWHA9eUzGd4:RGsUjyJi/I24bnA9DzM4
MD5:	F96150CBBB80AC607B3F264141A7FAEF
SHA1:	9ED21CB4E5C552F29BC23DB55684C945E7582071
SHA-256:	F013C5F2D9AEDD8072D4BF01749C7DFCBACB80A43D06AA579403ADFD8FD21FD3
SHA-512:	38D945BF5C43425A8C7DE1B3D940FD747CDFD1DB67CA621FAF75EBF4FCCF7FC5FD4C8D06054BB57EE2A3C8C864045F73C248AFA80A965B46048BBBCBF81DD954
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<...................................................................................6......M.`..U7L...5..>v..r.....'g.j....Cr4......-_.G.....w.......h...u".A6.29}xkK....V-....\|7..;H'...{....PF.b. ..\.}..@z...J...r..S....akT.A.#l.....U..D."......!.7Y3.t.&.[J..;4......(................................!.1.$B..........S....fp.Z(..L.f..`a..gc.....b......Q.n...4y.F........&...l1.u.....xzz.Y......vU.$[!3..[.~SS..l..\|.`.1....qLp....X.j.!...c.v;......L[.SsQ.....Q.V...T...'..v.....ml....}.$.X...V..7.........n..........4.f..o.-...UI.IfA.+...*3...kA....g(I..Gw%...E.........d...!....x.}`~..m"L.I....[...v..........B.....8>...O.`.1{..B.\..@....8.v..4.w....!...[.=..6......?0^).75y.....:...C......\.O(.P.............j..p./...W;..\|J..$..Kq-X..>..0h......M...yZD.....7OLk....i^..i.z.q..]...<?.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	5519
Entropy (8bit):	4.1479283018043205
Encrypted:	false
SSDEEP:	96:2mYOiC6onP7FiFzPfFiF8PKFiFAPuFiFn:2mYOiC68P7FiFzPfFiF8PKFiFAPuFiFn
MD5:	1067E4F544573A808DB9CF39397E3B8E
SHA1:	7D2A7929ED766649E6D09157371AFFAD5B9AE005
SHA-256:	442F2945EBCD2872EB28599AAD185E96A054C9FE611087EBC02398FADE385C48
SHA-512:	31CB0BD9F38A5A36DD0F5427E40068FECDF109BE9507C805C0006E4383E699892142E74D22A1BFB1399B2976E11A0ACFA7683D853B99114A9A231712FC274899
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" height="512" width="512" viewBox="0 0 512 512">.. <g fill-rule="evenodd" transform="scale(3.9385)">.. <g stroke-width="1pt">.. <path d="M0 0h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0z" fill="#bd3d44"/>.. <path d="M0 10h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0z" fill="#fff"/>.. </g>.. <path fill="#192f5d" d="M0 0h98.8v70H0z"/>.. <g fill="#fff">.. <path d="M8.233 2.996l.9 2.767h2.908l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899 2.767h2.909l-2.353 1.71.898 2.766L24.7 8.53l-2.353 1.71.898-2.766-2.353-1.71h2.909zm16.467 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.466 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899 2.767h2.909l-2.354 1.71.9 2.766L74.1 8.53l-2.353 1.71.898-2.766-2.353-

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	4307
Entropy (8bit):	7.822326185774005
Encrypted:	false
SSDEEP:	96:RYB79yK5/PiUjzKzO3CI9oMpxhYba4cqIWHA9eUzGd4:RGsUjyJi/I24bnA9DzM4
MD5:	F96150CBBB80AC607B3F264141A7FAEF
SHA1:	9ED21CB4E5C552F29BC23DB55684C945E7582071
SHA-256:	F013C5F2D9AEDD8072D4BF01749C7DFCBACB80A43D06AA579403ADFD8FD21FD3
SHA-512:	38D945BF5C43425A8C7DE1B3D940FD747CDFD1DB67CA621FAF75EBF4FCCF7FC5FD4C8D06054BB57EE2A3C8C864045F73C248AFA80A965B46048BBBCBF81DD954
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr4.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<...................................................................................6......M.`..U7L...5..>v..r.....'g.j....Cr4......-_.G.....w.......h...u".A6.29}xkK....V-....\|7..;H'...{....PF.b. ..\.}..@z...J...r..S....akT.A.#l.....U..D."......!.7Y3.t.&.[J..;4......(................................!.1.$B..........S....fp.Z(..L.f..`a..gc.....b......Q.n...4y.F........&...l1.u.....xzz.Y......vU.$[!3..[.~SS..l..\|.`.1....qLp....X.j.!...c.v;......L[.SsQ.....Q.V...T...'..v.....ml....}.$.X...V..7.........n..........4.f..o.-...UI.IfA.+...*3...kA....g(I..Gw%...E.........d...!....x.}`~..m"L.I....[...v..........B.....8>...O.`.1{..B.\..@....8.v..4.w....!...[.=..6......?0^).75y.....:...C......\.O(.P.............j..p./...W;..\|J..$..Kq-X..>..0h......M...yZD.....7OLk....i^..i.z.q..]...<?.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	2939
Entropy (8bit):	7.774721034631434
Encrypted:	false
SSDEEP:	48:Jxyq6vQW/WCtSVwkdFGlioDLVrg7r9he2mv6XXFRs4jbmz4v7jVQBI7Q:XVEliEKJolo/s4jKo7Wy0
MD5:	4C88EBF87B0CC26121497DE03DB7F64A
SHA1:	A1256A5CFCD62223172EB3633659CADDFF6CF005
SHA-256:	28DB5EDB0FE5E61F42EB8A0D10250A317F3AC840E074FFA761CB953C330F2CF6
SHA-512:	00C28D59A8EB91B5F27761899D79C431039640351C9C79EE702DF5B02374DF7CC93D65AC8898E062B86C6C95CA6BA59F56478F461A660A3126CE99765CE52749
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................<.<.................................................................................XT9..U7..M.^.gI.7.[..&n.....W5/N.]."!)..GT......b....[F.K:..G.........$<...a...{[.\im.~{/kh.T..qz...3...7..2.i.........m..s^k.i.....{.....c6v...^.......m.q5..&..S....S.8.....T.....#..............................."1..........C..g...P.0....&C......<..f....VE.0.1...x.NAe--0..........>..r..4.G...Y6.G.y.......g).t.}h.....>..e..pd.O .[...`.9..'(M..h...F...e([.z.g.z..,F"...9rah.."..C.%2.,iP...XG..(.ZJF.6.,..E"?...J$9.z.....A..%.[.W-eR..1....lxlM....-...b.J...06AI_...........,..;.....4..e$r..E..Ha..B........Wd.......I&...o5~....XNU.l..!...EF[.(.M.I....3.....A'8......D..W.......F3.n9..+r...+ ~9.\.....K4&.$..v5g...a.I...f..SnM.....%....y}.Y...D.h.f/..J2?..H".r...>...E......X.:c......r..P..n....5......................

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	2815
Entropy (8bit):	7.72730325165018
Encrypted:	false
SSDEEP:	48:RPY3tust/21fdEaSWVdck6toGh4X/wMdHhED6uT/K7Uy2r:RQ9Rt/4ljdJUS/LHhpmy7Y
MD5:	9B63CCBD631923743813E838190CECBF
SHA1:	5C6DD930C81346616E9C641FF41B6F18344C7E76
SHA-256:	4CA9130A03F6874BAB37D2D52FD4546E3DE34CCCCBD83AA5B9CB6ED0F923D8B3
SHA-512:	FBA4934D23659CBE293503886E8C406D258AADA0883600F7BEEFED694DEAB175E61FBC1121907A21272955CC463ED622E2D59F88A7D882B6D9C2BB936CADE19D
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr2.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<......................................................................................'.2-...r.YH..\.....\..w,.x...%...rD6P.=S..L.2.~.{.Tn{o/.Q[p..RB....O..g..x.vVKTTV\..,.iz.8M..d.gXQ.w.......O...P..tO.<.'AY..C`.A.>......~&.g.....sW...A~..XB.?...#...............................!"..................L.DR..N....%h...Yx.....P4kP.=..lF.q7.....\|....j6.`.....2.zM$..L..k....C..bp.t.IN..++........%8..=.S....\| ..H3.u.^..X.L......K...Q..b+..{%..&F...G.A.{.......mdnn+.;..a....v...<n..)......7.eQ..$.....C.G..G<.i!u......6....*).........J..jZ...+...a..%.G.}]..K....B.0.#9...1..JC..}.......6..6.1.......Td.^"b3..........yU..R$]v.yz....;....j ..;T....OO2.....2.3.l.....k..,.j...3.;...l...3...-WI..1...Y..g\....2W+.1..F.=..@./[H....HL+.K..Q.k(..M........7.........................!1.."Aa.2Q.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 185, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5789
Entropy (8bit):	7.933703135194404
Encrypted:	false
SSDEEP:	96:7iod+RoO4aWuBJU9JgpNGLo7wCen2YzefYvBAJ3mS0A1C0UdvU0a22N35ObvTXk7:ddsoO1WAa9yNUo7RenrqJ3J0AQV80azb
MD5:	F32165874F658A8497F38D204EBB92DE
SHA1:	7511015AD482EDAA0F024B5C78A7307A5E2E7077
SHA-256:	8A623F9360C9544015B526A887EF1D3AEB7DABA217FC1567FD0610FDEA744792
SHA-512:	BCE47556D0AB319177BE7954736E90239796DBAB8171A2EDF70040377B3700964D138BB201E01AB6846D0E9C392711AF6F0EAA30659BF3374BB82B7752DB75ED
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................`....PLTE...usl......yvozxq........sqj...............wsl..............y...kic.................................................................!.....$"!2..............+':61............QJB.........&#.62-<7240,&$#......HA;840......'%!"!....?:5......FC>A;6......+(#IEAB>9=94......('$...NG@)&"....zsJC=F?9..{oeje_^WM0-(-%e\RLE?@=873/...mha+)&vpig^TD=8....vk`XO...........}rfpkeuj`UNELHCC@;......rg^bZQYQH........[VQ\TKWOH......kdY..~ndZd_YRNI......vkaa]WiaVUQLSLD$!...zlaY-,.....sztnZRI........{.{pxsl.uh.........}wsmgxnbfa[DA<...................}..\|..w.zlri^pf[XTO........]YT.......................z..x.~t.xo.................\|xr.ri`[UNJF.............}qPLG...........z..v~wo.............%...............ZSL........................" .........}p))3##+101...98B.......'tRNS..........!...T............n.......'....(IDATx.....................................`..3..3......{..c..........#C.....aH..A....QV......Y.{..XT...@.,.Z.m..o..>.~...&.o......

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 768 x 293, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11314
Entropy (8bit):	6.994228738726182
Encrypted:	false
SSDEEP:	192:x/a8rq9kbUID6MyhA/vDtBaxmM4CNWwhiO4rXtaaeB2vkT73wS5:k8rq9sTD6MyhmcDibMZv3X5
MD5:	3ABE055E63C17D1FD7A5598C1924503D
SHA1:	7CC8997B72CDA7EB64DB973FEA07F7C5C3E362E5
SHA-256:	65C6B55F035B9973169B8F66625697E50EC57D6ED7F228E345FD77BB7C5C159D
SHA-512:	89A103F2E580372BEA56619AA4E156DD185B2C3D97683898FE899CADB7F76991C115773B545D1E22A11F39B545F71EEB0AD2F6C664BF27106E6ECF2DED9118BF
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/l.png
Preview:	.PNG........IHDR.......%.....d.u.....zTXtRaw profile type exif..x..i..9.....s..w..+07.....!MI%.Q..(K....w...........Sb....J/..'......?...l>..?...O......m.k..2........}.............=}.....wYZ.......b......m..[.....\|.?6.>..>......J.v.>1..-z>..>....\.\|...b....{{?....?....^......e..V.......%. .._..sg.._.....sj?..7..Y.o...{w.o..b.B..wS?....u.[.....+.3......E)l...cY.@..%.6..y_.-...q.\.........a.1.I.vC.=...."...k.w..{wk.y./........O.p.Z.L.,......l....3/##v.A./.?>~...F2..e.H'..s..... .DG^....A..{.B.3..H...l,..P..d#A...@a...9l..R....[.j.!.~..9`F&r,......J)S?55jh.S..[.y.XR..Z....\..Z[.u..R...Z.m..#..{.....sp..../.c..g...2.l..(..V^e..V_c..7......C).t.)..v...R...t.-..v..?..M..>.A...2...Y.....N.rF.`.#.U)...rFC...9...@W..".r.M.#..X..~..OF...(o.._.....9...f..y.S.hh..}.PA........J...w*7..o!......V.qrow...C..8..u..s..W.%.?2.........\|....q.=k..6W6.`%s..g.....z2.9v...#t...r6..J;.`q.Vb..\|..H..-.......U^..........sU..w...N..Up..`.F..Z}.[...`..O....u

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	7969
Entropy (8bit):	4.945234232673543
Encrypted:	false
SSDEEP:	192:JHURZTVWkKGcokYhQIrPEyqG3ypGdvOn5hk:J0RZTN
MD5:	9A13F3506156BF7084AA380C75FDA671
SHA1:	117AB6DE499A40ABBFE8B7C56A6F40D812F0E309
SHA-256:	FE71A9AA3271DD1850F74BBD853F9A9FAEDA64350652141C2FF6EB4DD8187AD5
SHA-512:	2FDD4BF837910EE3E85D87995F6F21C1C827EA77D2237BD5234DEAB2B5BD9BB2F3AC430281E3AFC1C43DD3469E7E296A3E4D602ED5A54489977A3754426F0030
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/1102_2.css
Preview:	.:root {. --blue: #007bff;. --indigo: #6610f2;. --purple: #6f42c1;. --pink: #e83e8c;. --red: #dc3545;. --orange: #fd7e14;. --yellow: #ffc107;. --green: #28a745;. --teal: #20c997;. --cyan: #17a2b8;. --white: #fff;. --gray: #6c757d;. --gray-dark: #343a40;. --primary: #007bff;. --secondary: #6c757d;. --success: #28a745;. --info: #17a2b8;. --warning: #ffc107;. --danger: #dc3545;. --light: #f8f9fa;. --dark: #343a40;. --breakpoint-xs: 0;. --breakpoint-sm: 576px;. --breakpoint-md: 768px;. --breakpoint-lg: 992px;. --breakpoint-xl: 1200px;. --font-family-sans-serif: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";. --font-family-monospace: SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace.}..*,::after,::before {. box-sizing: border-box.}..html {. font-famil

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	3043
Entropy (8bit):	7.750974549902366
Encrypted:	false
SSDEEP:	48:R9EMIwCO0aPaBTkOuvGfGUvKFCVG1OINgJi6k/X72jh6ysCl5zFja:RT1CgPayOuveXVGsHU6kPSjh6ysCl5g
MD5:	7F103BC91A8084CD154189B5EBB2CF86
SHA1:	375E58C42A8C409BBF111847A1F6798BA6C0D5F5
SHA-256:	346139AAEC984853288672896D297DED47AC7EE1CB77CA43B63E130952CDD946
SHA-512:	91AEC64B967B80B4D7E304ECEFD74CB09FFC45FBA69A2337A5863852CCB8C4EEF372A6D5CB7A376883064737361DB64979F77B1E29C2A4674CD8D142BBDCF40D
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/fr5.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................<.<...........................................................................................xm..E.^#z.o...o...Y....KS......W~YJ@U_...\.}...}.^.G3.....x.".3..?b/.{D...JO(....s...K.k.I........ux\|)Q.7.s...V.A.]..Z$....].r.[.Kz...G.(?.....V.4..C.........PNl..F.)x.-x...#................................!...........=a..S....!.7.D.4..Kcb..8..#T.b.....F.k....Q....i..E...,.v2.oG.y..../..zq.......u..1.sg...^.gV....X.3p?V.,.m.p..+...~.C<<O...{......6L.6..R.>G@.W..q.....Nw2.<h.....E.%e..El...^....!:..#.h.)....=.....Mk.W+.....=k.9S..}.\|.....X.U.c....k.&.M...n.b..!T.'....$k:.IC..u.y..TM6.....v.}b&.Du...;Gb/....59`!.V....q....M..cz..+.Q.L:-...l.".Va..-k..Y..q\.M_.W,e.3>:...h..x.....;p....Y3..Z.H;.x......H.$c`..=..:J.).).<{.$5.hU..r..T.......&...r.6"....9...eO..........xu...3.........................

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 184, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	593
Entropy (8bit):	6.937948084207512
Encrypted:	false
SSDEEP:	12:6v/7XJlBzBvvvn10eUQG3uwRg8UfpyUXcAtYNlbv7pVFY1r:W3vvnzUQGLgPIU3av7pVC
MD5:	EE850988ED56CD6F2498CAE7993A8753
SHA1:	965F9091CA3E7F21F5B8115347227AEDC93C586E
SHA-256:	0303153A716BC5000D737521C0F6EB517700A1856B8E22BA8C088EC8F06ED8BA
SHA-512:	318D7E98A343E7F2B54EDB6A8285F1E09E0DCF9F663B7B1EBEFD20A33A980B9E843196F1E0818C7BDF35313D9A26D91839B519DFC8BC8B203A40180A5461F188
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............?......ZPLTE...". 6.0646@?A@?AA@B". ". ". ". A@B". 0-/A@B". A@B". A@BA@B". A@BA@B". A@BA@B". ". A@B98:.qP.....tRNS.@. @.....p0..PP..`...p`..h.....IDATx....Z.@..a@.2.M-....uw..S...........(...................&..,..&.._.._..gU[?....H._...dS...&..S....~q.:'.ZU...."./.!D...n".p..X}..a.>.Y.f......DOE.....t..}xL(Cl~..........a.wd.....O..0.ih^.... .C.....$.......s......._#Ah...J.\|~.7........:...~,..C:.._}...$8.u9.......m".L.8.....>..x&..`....ls. .$8L.i.8..E......~..X.JP..\|...\|.q...........f...,_..U[?M.._(.?:......................\|....X.J.#....IEND.B`.

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 417 x 515, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	112193
Entropy (8bit):	7.990064036714119
Encrypted:	true
SSDEEP:	1536:jUWymS3r5p7AGmVHaAVIiAKkZ/CmzxdWrbwX946BQRoeCthGwItFe70x6lB0mHqq:jDymgHxsHVVIL7xnzxgrifzaFQ0MjKq
MD5:	86C9F807FC66133969F63198AC0FE75D
SHA1:	037A01FF739DDADB3A24E964002330176C75C5D2
SHA-256:	5CC828750E8D07A70BB34DE95A298592868D1BB1EB9D8E61B025779F9F3DDF58
SHA-512:	2BB3E8F2E856317954965F049A2D70F40671B4B483FADE0D7B6E6971A3B110BC9C004D33C57A7D827D227B5943D2653F0F82DBB13A2022DB4EFADEB4E40D8BEA
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/iphone15pro.png
Preview:	.PNG........IHDR..............JQ.....PLTE.....{...............zxsjfdolh........................~........~......sqk_\Wjgb......PKG..............$# ....................................! ..........=94!.....:62...'%!B>9/,'......2....84/)&"52.?;6...,)$51,,'......D@<)(%OKE...GC>...KF@/-RKC20,G@:...VRM[WQ$!.QMILHCOH@IE@KC<[TKYQHUNEgb\C<6......c_Y{un...mga..~...^YUUOI..........~v...a\Wojd......YTOwrl......toi......rmf..x..\|wq..z...^VL.....`XN...d\R..{.\|v..id_.xl.{s...bZP...ldY...ke]...wlaf^T...haXoh_i`Upf[................uj.sgsh].xo;50..}wod...~zs.~q.{o.. zsi...........{mcrkc..ssk`..\|.zn......wph`YR..ylaW...\|qd..}..........v...................odY...~pf..v.\|r..............v..........y.............z........wi_...............vk..........%................g\R....................##+...55?,+6B.h.....tRNS..hhpo.....gw...>P............!....IDATx..Kh.A..m..RKR....kbb4B\|.'j.K....."......T....A0..E...... .<.vY......@..C."...d..U.*.o..}..\|;._&.....t6....3.vN.h.6)...G47.]:.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 258 x 184, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4560
Entropy (8bit):	7.902857501812587
Encrypted:	false
SSDEEP:	96:oa6LkwwmWdskSBG1jzQCXy49Td6fW8S+hEDepPQy:oan9s89hC49d6CGRpPQy
MD5:	A660370FEB6A1543C3C872A52F7BCFA7
SHA1:	B9478ED6228E8FB34A393013D474CDE8DC400848
SHA-256:	9D1EED749548DAD4B80B2D7CE32052143BD38773685029D7B60CEE82A31840B7
SHA-512:	CECEA5EAB2A45AB5FBE22BF0687005CB8B1A81130230726D4E68E018D1852BC5DD19B64276239954269366D2381C4801BC2C3458749F7CA90D5EB56847EF24D5
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/top_red.png
Preview:	.PNG........IHDR.............?.......PLTE..........................................................."................................... ..............................................................."..........~\|.......?=r....................."......................................................!..!.................... .r...... .. ..................y.............e..m......................UVV.....bcc.UT.75.(.......}~}tvunmm.gf.b`.MLMKK.FE]..........oo.`_.IG.>=.:8.$#....\|{.ts.=;............(&....t98..,.+.,).'.om.$.....@tRNS.@....@ ..P00..` ...p..``....PP0...p@....`..........Z._Q...JIDATx....K.1...a)...T..t..B.h.K.k...L.C .0......{..?..$;UQ.=..\|.{.g_.{.d.9s..3g.9s.L.^.^$/9.'.......EF%#.S.R.x.QJ....d.y....x......J.K&..sJ...OG.-@.....L4..P.f......&.>.......c...uY.}f-....e.X0H.....6.$.d.s.\|..-....0P....(W5....D..........j..X.Q.....'.,.\|+$.p...m2.,.-@.......~.HB....&....t.A....y...t+`......,53u..,......../..(`...[.;%..+T.GA....p.../I;....

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 9132, version 1.0
Category:	downloaded
Size (bytes):	9132
Entropy (8bit):	7.976558054614219
Encrypted:	false
SSDEEP:	192:KAN15BF1l/I2llt5iPqqAr0nnpGZVHnkf4WLjJYY1a5RKnpwDpl:TN71l/BEPqqY0nUZ5kf4KjJYJ5Rl
MD5:	358D3070946A90B4960CD111154FDC12
SHA1:	A0BA0BF47A7F905F9AA1A3CE15A39CDAC62466EE
SHA-256:	54C64F3C66372027154F01FC9F24B4E25FDFE405B70D1994C79ABBC2576FF775
SHA-512:	DFD522323FB1FDE8BF8FE03D295B40E169F2C0430D2A4F6D75E19577C65255544A6D4CDC90C278EC0AFE0E2002EB5889B0ADFBAE8A2AF8E86F41A12E561B78B9
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Preview:	wOF2......#.......B...#V.............................t.`.......@.U..N..6.$.... ..Z..x..4EE]`...(...DQ.'A.............(.B..8..YRr._;.+...t.}Zl...j.......&..p..W.Jzf...T....P'....@..r...w.`....tm... l.DA.Hlf.F.:{......d...T.......S.]....@.'j....=.]....B...J....$K....Q&A...yp.}...M.7@..=.._.....204./5]1.].t.Y...^U.5...m...Q.I...acL.o....\.9.%.>....;@..rg..$........h.VQ..&>...N..@....qsiV8E....!l......w.Z.\|ce.C].'R..Y.../..LVS..,..G..C.....U.kR..H...d@.8...K/.?6<..L..e.Hy.7..2 K..}O.....\|..?..;W....c?.BL......:...t..U1.y#...h.2.5p.p5p..+.D @.....xS..'.H'.(]..D.@...G...K..^..I..n._...<.W.~><I..E.F.A)..QZ(]..e."......Z{......8q..[...w.F).T...e.....w>....Y5.W...}./\3.G...<...c......'......."P........ZT........#y..>2).)......Q..Q........y.........lW.Y.........%..M.@.s.....g..8^...N\|D.Q.5..,.....8..$A..j..........$.n.....Uj.4..Y..Zv\..K.h.K.+T....}9..=..-.c.,...#7.\|..Xo.L.C2.&M...iPrq.l..)..dE.A...3d..xt.c.(.3.Z.{n...M[.cE..........m!.@...'p

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	21546
Entropy (8bit):	5.369941818211811
Encrypted:	false
SSDEEP:	384:+b0VQ8VNLRsYf93CJ5wEdEu1XWqSpQGflVrKEX9EPJBMJBAzy6M8kAit:+b0W87LB8m7QGflxtEPJBMJBAHkX
MD5:	A42AF1908408284441961EE5FAC7891E
SHA1:	9C4E5D6EEA95A03464380779A7AB9764E163F3A9
SHA-256:	36A93A8003AB142DC7446633CF75524283582968CE207F8B773BE234C4ED5CF6
SHA-512:	9BDBE19CE1DBAF579DF2565249EC84AFED88219737ADCD843F6F967456BCA1A8D111E11A21276954E7D438BB72FC670237EF079B6F1FC936FAE50F8B9441D774
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/1102.css
Preview:	.css1102_5 {...background: #232f3f..}....#content1,..#content2,..#content3,..#content4 {...width: 50%;...margin: auto;...padding: 15px..}....#content1,..#content2,..#content3 {...border-top: 2px solid #232f3e;...border-right: 2px solid #232f3e;...border-left: 2px solid #232f3e..}....#content4 {...border-right: 2px solid #232f3e;...border-left: 2px solid #232f3e;...border-bottom: 2px solid #232f3e..}.....css1102_6 {...background: #fff no-repeat top left fixed;...border-radius: 10px..}....#congrats {...font-weight: 700..}....#main-logo {...float: left;...max-width: 34vw;...max-height: 55px..}....#css1102_8 {...float: right;...padding-right: 5px;...width: 90px;...max-height: 65px..}....@media only screen and (max-width:800px) {.....#content1,...#content2,...#content3,...#content4 {....width: 61%;....margin: auto;....padding: 10px...}..}....@media only screen and (max-width:630px) {.....#content1,...#content2,...#content3,...#content4 {....width: 95%;....margin: auto;....padding: 10px...}.

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (47858), with CRLF line terminators
Category:	downloaded
Size (bytes):	62694
Entropy (8bit):	5.809189264132439
Encrypted:	false
SSDEEP:	1536:cXl9bfLRyq52NTTSRz1NRmnBFAdhGpHni:cHRyq52NTTSRz1+nBFAdhGpC
MD5:	19620D1048A1C90D3A0CF325735A52A4
SHA1:	D65AFF5086E2EC559FA05E7A46DBD10E401CDD34
SHA-256:	593E3F3A9B898F98B633A2321635076DF64871E97338694FFEF8C645EFDD7167
SHA-512:	4CE50E443EDA6710F57A24369FBE0514C89C66E6C2BCC807FE4D708BAA4590DBC219FA3FEFE18EE84996758BD8C01707C5FFD9ECB25A39B57DA40BD6EF8A08EF
Malicious:	false
Reputation:	low
URL:	https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">....<html xmlns="http://www.w3.org/1999/xhtml">..<head><script>function requestLink(){return {sessionId:['sid','t3~44pcofiplxiueqkcwhk3adqc'],p1:['','https://faykitturn.live/lniqjebu/'],jsFpCryptoKey:['','kewoxunmweg6hjzc']};}</script>...<title></title>...<meta name="viewport" content="width=320,initial-scale=1"/>.....<style type="text/css">..*{margin:0;padding:0}body{display:flex;flex-direction:column;font:300 100%/1.5 Helvetica Neue,sans-serif;background:#e0e0e0;color:#333;min-height:100vh;justify-content:center;align-items:center}section{text-align:center;animation:2s infinite pulse}@keyframes pulse{0%,100%{transform:scale(1)}50%{transform:scale(1.1)}}..</style>..</head>......<body class="redirecting"><div id='r1'></div>..<section class="redirecting">...<h1>Please Wait...</h1>...<p>Preparing everything you need. Just a moment.</p>..</section>..<p id="demo"></p>......<script

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 15 x 14, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	357
Entropy (8bit):	6.955852983842003
Encrypted:	false
SSDEEP:	6:6v/lhPVtHEfao9uB8R0YYdtuKzMbZjOwpxDNL+G8koNIhRugd2NVwb9RQk/mPZ+0:6v/7PmaDaR0YYPgZPn6BNBcd/mc0Sm7
MD5:	17586A0AEB3F7B2AA7FB15A9251FBCD4
SHA1:	6ADFFAD1183C93BC0DC114C89C77365734EC0DD6
SHA-256:	8BF8DC3A4B6F7E4FA2A6FA74495C212F37A301311980CBC758050993ED9C07E1
SHA-512:	5BF6CADF6B0BBEDF1BD7964386CC8807128C953CC1CF8DF4515BF4E0980AC3FD9EA8857E1BAA3A87DDDEE16CB97DD4BF3D6B52D8F1E4657E5956727E93DB0351
Malicious:	false
Reputation:	low
URL:	https://search.faykitturn.live/media/mainstream/all/ab/like.png
Preview:	.PNG........IHDR..............T......PLTE........0\m..........;H...i.......A....Tb....=K.uz.Y`.<I.FR.5D...F.8.z~.]k................>L..&w"5\|......Pc.......gx.Vi.E\.....Iv.b...!tRNS.......rF......\|xbE<.........i".#....rIDAT..u....@..a.8...(..Vvx...M ....~I.u..m.xj...5..f>..G....,B......T..g..#.;..Kuz9 p.oW..$.......+9.......h...&X=....Z.....IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 19:39:27.783670902 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 25, 2024 19:39:37.107283115 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.107312918 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.107419968 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.107867002 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.107932091 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.108010054 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.108062029 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.108074903 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.108393908 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.108412981 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.393165112 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 25, 2024 19:39:37.762676954 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.762991905 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.763005972 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.764015913 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.764103889 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.765129089 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.765217066 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.765305042 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.765311003 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.766088963 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.766285896 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.766316891 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.767405987 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.767478943 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.767848969 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.767910957 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.817976952 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.817977905 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:37.817994118 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:37.864814043 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.059767962 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.059822083 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.059910059 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.059925079 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.059967995 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.059973955 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.060012102 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.060060978 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.060066938 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.060115099 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.060120106 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.060148001 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.060168028 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.101274014 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.275855064 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.275867939 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.275919914 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.276005983 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.276026011 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.276042938 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.276120901 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.276161909 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.276170015 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.276201963 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.276716948 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.276766062 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.276910067 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.276957989 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.277045965 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.277101994 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.277121067 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.277163029 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.490183115 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490283012 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490323067 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490349054 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490349054 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.490360022 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490470886 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.490474939 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490485907 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490528107 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.490565062 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.490613937 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.491101027 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.491153955 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.491265059 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.491331100 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.491344929 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.491386890 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.491472006 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.491513968 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.641046047 CEST	49735	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.641071081 CEST	443	49735	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:38.949007034 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:38.996119976 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:39.041076899 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.041107893 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.041174889 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.042037964 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.042072058 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.042135000 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.042690039 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.042700052 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.042864084 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.042875051 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.165074110 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:39.165244102 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:39.165311098 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:39.166373968 CEST	49736	443	192.168.2.4	185.155.186.24
Apr 25, 2024 19:39:39.166403055 CEST	443	49736	185.155.186.24	192.168.2.4
Apr 25, 2024 19:39:39.707704067 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.708035946 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.708058119 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.709074020 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.709137917 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.709289074 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.709871054 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:39.709888935 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.711589098 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:39.711669922 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.023670912 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.023933887 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.023946047 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.024046898 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.027412891 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.027765036 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.066514969 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.066533089 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.072958946 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.072981119 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.108971119 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.125797033 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.139625072 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.139656067 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.139791012 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.140125990 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.140137911 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.316144943 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316163063 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316205978 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316214085 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316260099 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.316293001 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316356897 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.316437006 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316445112 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.316488981 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.380203009 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.380616903 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.380664110 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.382378101 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.382447004 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.385596037 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.385689020 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.385776043 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.387787104 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.387821913 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.388036966 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.388309956 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.388324022 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.389189959 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.389272928 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.389343977 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.389919996 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.389957905 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.390655041 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.390676022 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.390804052 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.424137115 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.424144030 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.424415112 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.427587032 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.427598953 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.428044081 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.428080082 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.428117990 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.437948942 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.438015938 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:40.486633062 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:40.507349014 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.507412910 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.507481098 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.507837057 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.507865906 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.531929970 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.531940937 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.531997919 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.532044888 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.532111883 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.532130957 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.532233000 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.532284021 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.541132927 CEST	49739	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.541151047 CEST	443	49739	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.541421890 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.541467905 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.541548014 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.542246103 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.542262077 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657561064 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657588005 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657656908 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.657674074 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657716036 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.657718897 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657733917 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657769918 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.657778025 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657838106 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.657844067 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657856941 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.657905102 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.666635990 CEST	49740	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.666657925 CEST	443	49740	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.667382956 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.667418957 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.667498112 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.668709993 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.668725967 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.745507002 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.745961905 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.745985031 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.746975899 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.747036934 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.748039961 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.748142004 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.748235941 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.748245001 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.765805960 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:40.765834093 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:40.766192913 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:40.773253918 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:40.773266077 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:40.795496941 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.821938038 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.822427034 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.822443962 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.823261976 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.823667049 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.823813915 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.823832989 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.823950052 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.824187994 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.824218035 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.824596882 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.824986935 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.825059891 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.825278997 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.859905005 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.860727072 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.860742092 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.862224102 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.862308025 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.863506079 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.864121914 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.864311934 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.864419937 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.864758968 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.864789963 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.864896059 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.864902973 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.865803957 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.865889072 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.866453886 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.866513968 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.866820097 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.866831064 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.868120909 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.907269001 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.907383919 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.961042881 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.961925983 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.961994886 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.962007999 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.962022066 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.962066889 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.962068081 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.962101936 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.962156057 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.965457916 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.969099045 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.969130039 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.969181061 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.969198942 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.969254971 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.972774982 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.975250959 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.975496054 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.975523949 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.976419926 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.976505041 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.976521015 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.976543903 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.976608992 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.977507114 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.977570057 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.977902889 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:40.977910995 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:40.998380899 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.998406887 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.998487949 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:40.998507023 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:40.998569012 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.000263929 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.000422955 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.010286093 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.010302067 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.010626078 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.017926931 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.064583063 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.084219933 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.084245920 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.084331989 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.084369898 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.084419966 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.101008892 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.101073980 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.101115942 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.101138115 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.101155043 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.101186991 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.102313042 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.110866070 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.110975981 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.110986948 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.111031055 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.111047983 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.111169100 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.115313053 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.115330935 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.116928101 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.116987944 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.117486954 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.117578030 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.117738962 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.117748976 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.118253946 CEST	49747	443	192.168.2.4	151.101.65.229
Apr 25, 2024 19:39:41.118272066 CEST	443	49747	151.101.65.229	192.168.2.4
Apr 25, 2024 19:39:41.157773972 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.183434010 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.228118896 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.293726921 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.293788910 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.293926954 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.293971062 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.293997049 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.293998003 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.294008970 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.294018030 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.334295034 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.334351063 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.334409952 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.334434986 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.334522963 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.334538937 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.334593058 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.337289095 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.337348938 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.337418079 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.337748051 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.337768078 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.340789080 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.340847969 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.340910912 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.340964079 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.341037989 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.341053009 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.341144085 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.341250896 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.341588974 CEST	49744	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.341617107 CEST	443	49744	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.341921091 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.341989994 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.342067003 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.342458010 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.342489958 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.345988035 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.346036911 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.346101999 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.346120119 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.346137047 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.346185923 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.346190929 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.354296923 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.354362965 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.354476929 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.354506016 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.354554892 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.354557037 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.354599953 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.354615927 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.395425081 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.395430088 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.449852943 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.449875116 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.449928999 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.449958086 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.450023890 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.450074911 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.450810909 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.450824022 CEST	443	49748	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.450834036 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.450866938 CEST	49748	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.451232910 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.451261044 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.451329947 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.451751947 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.451767921 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.548371077 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.548453093 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.548497915 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.548552036 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.548618078 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.548667908 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.548680067 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.548796892 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.548849106 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.549021959 CEST	49745	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.549037933 CEST	443	49745	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.560039997 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.560125113 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.560817003 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.560863972 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.560863972 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.560873985 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.560914993 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.561197996 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.561240911 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.561247110 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.561260939 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.561297894 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.561405897 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.561415911 CEST	443	49742	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.561424971 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.561549902 CEST	49742	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.568496943 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.568572044 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.568855047 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.568941116 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.569065094 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.569118977 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.569205999 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.569258928 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.569345951 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.569399118 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.570511103 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.570530891 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.571336031 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.572758913 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.576972008 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.577002048 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.577040911 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.577045918 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.577068090 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.577085972 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.583839893 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.583918095 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.583945990 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.584006071 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.620119095 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.620501995 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.779779911 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.783499002 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.783570051 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.783567905 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.783621073 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.783651114 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.783653975 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.783704042 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.784238100 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.784318924 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.784931898 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.792675018 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.792691946 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.792747974 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.792769909 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.792788029 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.792804003 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.792805910 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.792829037 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.792835951 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.792846918 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.793046951 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.793093920 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.793100119 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.793114901 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.793157101 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.793164015 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.793198109 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.793204069 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.793247938 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.821384907 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.885377884 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.889106035 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.889118910 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.889607906 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.889919043 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.889935017 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.890430927 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.896374941 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.896475077 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.897265911 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.897356033 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.897705078 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.897753954 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.937880993 CEST	49743	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.937911034 CEST	443	49743	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.940119982 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.940119982 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.943126917 CEST	49749	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:41.943149090 CEST	443	49749	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:41.999011040 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.999047995 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:41.999063015 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 25, 2024 19:39:41.999069929 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 25, 2024 19:39:42.024867058 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.024914980 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.024995089 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.025435925 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.025468111 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.025698900 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.025906086 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.025927067 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.026179075 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.026194096 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.254210949 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.254262924 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.254336119 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.254379988 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.254407883 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.254437923 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.254455090 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.254486084 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.299406052 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.362880945 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.362950087 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.363008976 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.363027096 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.363125086 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.363130093 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.363208055 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.363270044 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.367273092 CEST	49753	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.367290974 CEST	443	49753	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.459311962 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.460710049 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.467788935 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.467806101 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.468004942 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.468034029 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.468430042 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.469005108 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.470262051 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.470359087 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.470366001 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.470396996 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.470465899 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471241951 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471411943 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471435070 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471474886 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471529961 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471548080 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471606016 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471641064 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471702099 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471726894 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471810102 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471810102 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471837044 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.471873999 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471903086 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.471921921 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.472018003 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.472052097 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.472131014 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.474931002 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.475343943 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.477726936 CEST	49752	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.477771044 CEST	443	49752	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.520119905 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.520121098 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.924372911 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.924438000 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.924510956 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.925056934 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.925086975 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.925182104 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.925573111 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.925602913 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.925652981 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.925997019 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.926058054 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.926219940 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.934916973 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.934962034 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.935029984 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.935029030 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.935072899 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.935091019 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.938218117 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.938251972 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.938787937 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.938807011 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.938987017 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.938999891 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.939395905 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.939412117 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.982435942 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.982459068 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.982532024 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.982570887 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.982605934 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.982661009 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.982673883 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.983339071 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.983409882 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.983423948 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.983448029 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:42.983495951 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:42.995939970 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.068260908 CEST	49754	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.068300009 CEST	443	49754	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.068803072 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.068851948 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.068917990 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.069459915 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.069470882 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.149561882 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.149588108 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.149668932 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.149739027 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.149765968 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.149846077 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.156411886 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.156450033 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.156462908 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.156529903 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.194840908 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.194941044 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364377975 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364459991 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364497900 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364547968 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364573002 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364633083 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364633083 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364658117 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364681959 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364701033 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364721060 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364777088 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364845037 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.364893913 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.364975929 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.365015984 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.365176916 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.365241051 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.365287066 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.365346909 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.365354061 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.365365028 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.365401030 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.365417004 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.372250080 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.373572111 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.374701023 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.376264095 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.409468889 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.409523010 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.409538031 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.409565926 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.409600973 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.409626961 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.412286043 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.414318085 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.429600000 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.429980040 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.503981113 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.544658899 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.578974962 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579039097 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579068899 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579117060 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579142094 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579190969 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579205036 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579250097 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579260111 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579308033 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579308987 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579324007 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579351902 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579369068 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579372883 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579381943 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579421997 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.579432011 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579483032 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.579736948 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.916413069 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.916701078 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.916735888 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.916930914 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.916961908 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.917103052 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.917176962 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.917231083 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.917252064 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.917320013 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.917331934 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.918209076 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.918380976 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.918447971 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.918597937 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.918927908 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.918943882 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.919066906 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.920916080 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.921036959 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.921319008 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.921408892 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.921724081 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.921932936 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.922230005 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.922430038 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.922734022 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.922852039 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.942240000 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.942444086 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.945323944 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.945339918 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.945403099 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.945477009 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.945518017 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.945529938 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.945698977 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.945712090 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.967170954 CEST	49755	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.967199087 CEST	443	49755	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.967641115 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.967684031 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.967889071 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.968733072 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:43.968767881 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.988130093 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.988147020 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:43.988917112 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.069833040 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.069971085 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.162810087 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.162863970 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.162919044 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.162940025 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.162992001 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.163033009 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.163091898 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.165005922 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.165188074 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.165347099 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.166076899 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.166105986 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.166167974 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.166197062 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.166316032 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.191770077 CEST	49756	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.191826105 CEST	443	49756	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.192311049 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.192363024 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.192440033 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.210506916 CEST	49760	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.210531950 CEST	443	49760	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.211029053 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.211066008 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.211126089 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.211462021 CEST	49757	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.211476088 CEST	443	49757	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.211962938 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.212001085 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.212223053 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.212239981 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.218533993 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.218569994 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.218728065 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.218772888 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.218772888 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.218931913 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.218986034 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.219043016 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.219054937 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.219094992 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.219099998 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.219213009 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.219284058 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.403574944 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.454669952 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.484424114 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.484460115 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.484632015 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.484658003 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.484668970 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.484997034 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.485013008 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.485343933 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.533488035 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.558022022 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.558190107 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.558950901 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.563159943 CEST	49758	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.563189983 CEST	443	49758	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.563577890 CEST	49759	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.563612938 CEST	443	49759	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.566052914 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.566085100 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.566162109 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.566401958 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.566416979 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.604118109 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.619142056 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.619230032 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.619307995 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.619755983 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.619791985 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.643110037 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.643418074 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.643438101 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.644489050 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.644551039 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.644973040 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.645035982 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.645066977 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.647018909 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.647309065 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.647350073 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.647867918 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.648160934 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.648257971 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.648482084 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.692126036 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.692145109 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.715506077 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.715526104 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.824755907 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.882169962 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.882280111 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.882374048 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.883775949 CEST	49761	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.883800030 CEST	443	49761	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.886043072 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.886080027 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.886137009 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.886383057 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.886400938 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.922971964 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.924465895 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.924494028 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.928062916 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.928144932 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.943243980 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.943514109 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.943533897 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.943569899 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:44.985025883 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:44.985044003 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.003673077 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.034157991 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.042783976 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.042810917 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.044063091 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.054095030 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.085582972 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.085777044 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.085839987 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.085921049 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.086020947 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.089975119 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.090058088 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.115490913 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.115511894 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.115549088 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.115565062 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.115590096 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.115617990 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.115633965 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.115639925 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.115657091 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.115688086 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.132117033 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.175061941 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.175121069 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.175194979 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.175236940 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.175292969 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.175564051 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.322987080 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397228956 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397283077 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397352934 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.397393942 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397428036 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397463083 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.397479057 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397536039 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.397582054 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.397651911 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.482352972 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.482402086 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.482498884 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.482518911 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.482595921 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.483800888 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.483959913 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.484970093 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:45.532129049 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:45.533209085 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.597876072 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.598093033 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:48.636899948 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.636929035 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:48.637471914 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:48.713290930 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.713356972 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:48.735452890 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.757283926 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.757457018 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:48.757468939 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.757533073 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:48.800121069 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:48.804121971 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.026966095 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.026992083 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.027048111 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:49.027056932 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.027097940 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:49.028341055 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.028364897 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.028420925 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:49.028445959 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:49.028506994 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:49.703430891 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:49.703489065 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:49.703567982 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:49.703907967 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:49.703926086 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.376991034 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:50.377156019 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:50.377240896 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:50.377707958 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.417167902 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:50.566823959 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:50.566857100 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.568068981 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.568156004 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:50.591291904 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:50.591367960 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.591479063 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:50.636127949 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.724117041 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:50.724138975 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.812412024 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:50.812504053 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:51.095873117 CEST	49762	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:51.095905066 CEST	443	49762	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:51.597479105 CEST	49766	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:51.597516060 CEST	443	49766	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:51.599091053 CEST	49767	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:51.599123955 CEST	443	49767	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:51.599426031 CEST	49763	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:51.599457026 CEST	443	49763	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:51.600136042 CEST	49764	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:51.600182056 CEST	443	49764	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:51.601027966 CEST	49765	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:51.601051092 CEST	443	49765	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:52.734415054 CEST	49768	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:52.734453917 CEST	443	49768	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:52.768866062 CEST	49741	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:39:52.768929958 CEST	443	49741	142.250.9.104	192.168.2.4
Apr 25, 2024 19:39:52.769674063 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:52.769717932 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:52.769793034 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:52.806081057 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:52.806103945 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:52.857038021 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:52.857085943 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:52.857323885 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:52.857563019 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:52.857575893 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.236711025 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.266069889 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.266089916 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.266504049 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.269623995 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.269696951 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.269889116 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.291620016 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.299303055 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.299335003 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.300518036 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.301724911 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.301894903 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.302053928 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.316107988 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.348114967 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.711452961 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.711473942 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.711517096 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.711529970 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.711544037 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.711553097 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.711596966 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.711646080 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.732975006 CEST	49769	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.732992887 CEST	443	49769	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.802747965 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:53.802838087 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:53.802917004 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:53.803323030 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:53.803359985 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:53.813056946 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.813085079 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.813146114 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.813499928 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.813536882 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.813606024 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.813781977 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.813812017 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.813868046 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814363956 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814373016 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.814486027 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814492941 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.814496994 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814532995 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814542055 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.814544916 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814579964 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814918041 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.814929962 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.815336943 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.815349102 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.815574884 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.815587044 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.815918922 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.815932035 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.816061020 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.816070080 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.816325903 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:53.816334963 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:53.824887991 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.824939013 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.824991941 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.825005054 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.825040102 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.825093985 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.825143099 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.847728968 CEST	49770	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.847750902 CEST	443	49770	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.991916895 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.991956949 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:53.992039919 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.992353916 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:53.992362976 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.068484068 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 25, 2024 19:39:54.068525076 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 25, 2024 19:39:54.245613098 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.246085882 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.246162891 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.247334957 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.247417927 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.247840881 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.247914076 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.248071909 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.248090029 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.329883099 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.429222107 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.429644108 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.429652929 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.429979086 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.430526972 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.430593967 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.430685997 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.449556112 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.449796915 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.449806929 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.451093912 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.451318979 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.451348066 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.452367067 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.452423096 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.452811003 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.452873945 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.452991962 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.453402042 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.453495026 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.453810930 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.453980923 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.454066992 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.456062078 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.456551075 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.456563950 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.460270882 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.460335016 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.461059093 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.461152077 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.461342096 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.461380005 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.461666107 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.461673021 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.461967945 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.462176085 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.462188005 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.462757111 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.462802887 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.463212967 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.463274956 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.463758945 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.463821888 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.464764118 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.464834929 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.465272903 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.465280056 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.465317011 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.465329885 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.465333939 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.465717077 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.465723991 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.469309092 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.469403028 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.469883919 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.470056057 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.471780062 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.471786976 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.472119093 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.500118971 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.500133038 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.516757965 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.516758919 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.516758919 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.516771078 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.531876087 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.531884909 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.531893969 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.531896114 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.531904936 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.531907082 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.625658989 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.666132927 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.666198969 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.666205883 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.666223049 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.666254044 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.666273117 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.682518959 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.682602882 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.682730913 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.683267117 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.683290958 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.683331966 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.683342934 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.683355093 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.683387995 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.683706045 CEST	49774	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.683725119 CEST	443	49774	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.684129953 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.684168100 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.684240103 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.684747934 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.684765100 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.686413050 CEST	49776	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.686427116 CEST	443	49776	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.686734915 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.686772108 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.686877012 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.687468052 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.687484026 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.687803030 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.687859058 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.687931061 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.687939882 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.687983990 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.687988997 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.688091040 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.688153982 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.688925982 CEST	49778	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.688941002 CEST	443	49778	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.689246893 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.689277887 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.689480066 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.689786911 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.689801931 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.720058918 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.720136881 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.720185995 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.720196009 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.720242977 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.720292091 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.720297098 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.727425098 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.727511883 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.727586985 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.728355885 CEST	49772	443	192.168.2.4	136.243.216.235
Apr 25, 2024 19:39:54.728380919 CEST	443	49772	136.243.216.235	192.168.2.4
Apr 25, 2024 19:39:54.730247974 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.730318069 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.730345011 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.730375051 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.730889082 CEST	49773	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.730906010 CEST	443	49773	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.731281042 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.731306076 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.731364965 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.731688976 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.731703043 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.735033035 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.813189983 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.876863003 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.876878977 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.876940012 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.876980066 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.876986027 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877019882 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.877113104 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877120972 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877167940 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.877425909 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877435923 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877482891 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.877517939 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877537012 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877572060 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.877671003 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877676964 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.877718925 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.929095030 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.929112911 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.929167986 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.929179907 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.929202080 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.929214001 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.929241896 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.929745913 CEST	49775	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.929763079 CEST	443	49775	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.930138111 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.930186987 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.930267096 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.930986881 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:54.931004047 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:54.967869997 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.967890024 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.967936993 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.967941999 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.967964888 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.967972994 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.967978001 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.967995882 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.968085051 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:54.968139887 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.969386101 CEST	49780	443	192.168.2.4	185.155.186.25
Apr 25, 2024 19:39:54.969398022 CEST	443	49780	185.155.186.25	192.168.2.4
Apr 25, 2024 19:39:55.087435007 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087445974 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087497950 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087510109 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.087542057 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087557077 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.087580919 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087583065 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.087590933 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087620974 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.087652922 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087691069 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.087697983 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087738991 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.087812901 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.087857962 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088011980 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088059902 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088077068 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088116884 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088212967 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088265896 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088330984 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088380098 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088395119 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088463068 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088505030 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088546991 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088568926 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088613033 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088635921 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.088790894 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.088836908 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.105680943 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.106064081 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.106091976 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.106451035 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.106868982 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.106937885 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.107073069 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.111800909 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.112092972 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.112113953 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.112484932 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.112870932 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.112929106 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.112962961 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.116547108 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.116764069 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.116787910 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.119074106 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.119168997 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.119524002 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.119637012 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.119656086 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.148121119 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.155235052 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.155966997 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.155987978 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.157509089 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.157571077 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.158256054 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.158337116 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.158548117 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.158557892 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.219475985 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.235064983 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.235105038 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.235124111 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.235155106 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298208952 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298283100 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298289061 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298314095 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298332930 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298342943 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298356056 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298362970 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298388004 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298388958 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298428059 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298434973 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298484087 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298595905 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298634052 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298645973 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298650980 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298686981 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298686981 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298710108 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298715115 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298753977 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.298768997 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.298814058 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.299017906 CEST	49777	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.299036026 CEST	443	49777	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.299535036 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.299582958 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.299645901 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.300066948 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.300081968 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.359272957 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.359556913 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.359575033 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.361072063 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.361152887 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.361625910 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.361710072 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.361793041 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.361802101 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.422524929 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.422548056 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.570031881 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.570058107 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.570118904 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.570144892 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.570189953 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.570192099 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.570230961 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.571350098 CEST	49783	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.571371078 CEST	443	49783	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.572000027 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.572047949 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.572117090 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.572576046 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.572592974 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.584780931 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.584805965 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.584861040 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.584867001 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.584902048 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.585436106 CEST	49785	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.585459948 CEST	443	49785	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.585819960 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.585848093 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.585921049 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.586283922 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.586307049 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.631469011 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.631544113 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.631663084 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.632437944 CEST	49784	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.632464886 CEST	443	49784	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.632838964 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.632870913 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.632947922 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.633506060 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.633521080 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.663345098 CEST	49723	80	192.168.2.4	23.40.205.41
Apr 25, 2024 19:39:55.679908991 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.679934025 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.680006981 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.680012941 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.680064917 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.681229115 CEST	49786	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.681243896 CEST	443	49786	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.681515932 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.681550026 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.681613922 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.682070017 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.682085037 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.723510027 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.723915100 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.723933935 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.724298954 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.725024939 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.725092888 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.725364923 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.772111893 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.773047924 CEST	80	49723	23.40.205.41	192.168.2.4
Apr 25, 2024 19:39:55.773197889 CEST	49723	80	192.168.2.4	23.40.205.41
Apr 25, 2024 19:39:55.830136061 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.830161095 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.830248117 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.830307961 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.831398010 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.831398010 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.831687927 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.831775904 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.831881046 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.832272053 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.832309008 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.993731022 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.994128942 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.994146109 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.994488001 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.995018005 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:55.995095968 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:55.995217085 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.018224001 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.018640995 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.018680096 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.019165993 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.019547939 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.019635916 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.019851923 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.040128946 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.060128927 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.063160896 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.063448906 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.063477039 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.064531088 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.064646006 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.065114975 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.065181017 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.065329075 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.102437973 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.102724075 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.102750063 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.103781939 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.103851080 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.104264021 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.104327917 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.104481936 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.104489088 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.108160019 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.128496885 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.128528118 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189852953 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189877033 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189915895 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189932108 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189934969 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.189951897 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189975977 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.189989090 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.189990997 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.190026045 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.191587925 CEST	49790	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.191601992 CEST	443	49790	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.222242117 CEST	49788	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.222242117 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.222259045 CEST	443	49788	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.222297907 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.257015944 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.257307053 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.257369995 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.257873058 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.258219957 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.258322954 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.258367062 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.300158024 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.425362110 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.456944942 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.456971884 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.457017899 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.457053900 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.457083941 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.457103968 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.457104921 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.457150936 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.459105015 CEST	49792	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.459139109 CEST	443	49792	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.532325029 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.532347918 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.532398939 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.532419920 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.532448053 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.532464981 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.532471895 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.532525063 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.534137964 CEST	49794	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.534207106 CEST	443	49794	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.546471119 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.546489000 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.546536922 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.546556950 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.546597004 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.546597958 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.546636105 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.547698021 CEST	49793	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.547710896 CEST	443	49793	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.618344069 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.618361950 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.618412971 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.618428946 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.618446112 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.618484020 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.619438887 CEST	49796	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.619446993 CEST	443	49796	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.774899960 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.774924040 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.774980068 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.774990082 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.775017023 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.775036097 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.775064945 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.775070906 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.775136948 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:39:56.775186062 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.783860922 CEST	49797	443	192.168.2.4	185.155.184.55
Apr 25, 2024 19:39:56.783909082 CEST	443	49797	185.155.184.55	192.168.2.4
Apr 25, 2024 19:40:40.083091021 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:40.083134890 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:40.083201885 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:40.083571911 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:40.083592892 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:40.314207077 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:40.314770937 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:40.314800024 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:40.315123081 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:40.315609932 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:40.315687895 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:40.360275030 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:44.892398119 CEST	49724	80	192.168.2.4	199.232.210.172
Apr 25, 2024 19:40:45.002094030 CEST	80	49724	199.232.210.172	192.168.2.4
Apr 25, 2024 19:40:45.002233982 CEST	80	49724	199.232.210.172	192.168.2.4
Apr 25, 2024 19:40:45.005523920 CEST	49724	80	192.168.2.4	199.232.210.172
Apr 25, 2024 19:40:50.344346046 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:50.344430923 CEST	443	49801	142.250.9.104	192.168.2.4
Apr 25, 2024 19:40:50.344490051 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:51.862914085 CEST	49801	443	192.168.2.4	142.250.9.104
Apr 25, 2024 19:40:51.862962008 CEST	443	49801	142.250.9.104	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 19:39:35.533377886 CEST	53	57763	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:35.701898098 CEST	53	50808	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:36.341049910 CEST	53	64084	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:36.778284073 CEST	56504	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:36.778462887 CEST	65049	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:37.096859932 CEST	53	65049	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:37.106456995 CEST	53	56504	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:38.843424082 CEST	62397	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:38.844206095 CEST	59503	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:39.032916069 CEST	53	59503	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:39.039700985 CEST	53	62397	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:40.026954889 CEST	64992	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:40.027117968 CEST	64543	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:40.137002945 CEST	53	64992	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:40.137051105 CEST	53	64543	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:40.386658907 CEST	54462	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:40.387233019 CEST	54372	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:40.492955923 CEST	53	63977	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:40.496419907 CEST	53	54462	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:40.498418093 CEST	53	54372	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:49.583241940 CEST	63623	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:49.583548069 CEST	57111	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:49.695242882 CEST	53	57111	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:49.695691109 CEST	53	63623	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:52.881422997 CEST	53	59081	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:53.614243031 CEST	62497	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:53.614654064 CEST	57076	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:53.687205076 CEST	53105	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:53.687750101 CEST	58123	53	192.168.2.4	1.1.1.1
Apr 25, 2024 19:39:53.725195885 CEST	53	57076	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:53.798268080 CEST	53	58123	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:53.798732996 CEST	53	53105	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:53.811959982 CEST	53	62497	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:55.300393105 CEST	53	50588	1.1.1.1	192.168.2.4
Apr 25, 2024 19:39:56.467844963 CEST	138	138	192.168.2.4	192.168.2.255
Apr 25, 2024 19:40:14.347868919 CEST	53	65482	1.1.1.1	192.168.2.4
Apr 25, 2024 19:40:35.214421988 CEST	53	65185	1.1.1.1	192.168.2.4
Apr 25, 2024 19:40:37.089260101 CEST	53	63312	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 25, 2024 19:39:36.778284073 CEST	192.168.2.4	1.1.1.1	0x6ae7	Standard query (0)	colunroad.info	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:36.778462887 CEST	192.168.2.4	1.1.1.1	0xfc7d	Standard query (0)	colunroad.info	65	IN (0x0001)	false
Apr 25, 2024 19:39:38.843424082 CEST	192.168.2.4	1.1.1.1	0xecfd	Standard query (0)	search.faykitturn.live	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:38.844206095 CEST	192.168.2.4	1.1.1.1	0x15d9	Standard query (0)	search.faykitturn.live	65	IN (0x0001)	false
Apr 25, 2024 19:39:40.026954889 CEST	192.168.2.4	1.1.1.1	0xbfb6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.027117968 CEST	192.168.2.4	1.1.1.1	0x8cb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 25, 2024 19:39:40.386658907 CEST	192.168.2.4	1.1.1.1	0x5c68	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.387233019 CEST	192.168.2.4	1.1.1.1	0xc4f4	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Apr 25, 2024 19:39:49.583241940 CEST	192.168.2.4	1.1.1.1	0x9819	Standard query (0)	jsontdsexit2.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:49.583548069 CEST	192.168.2.4	1.1.1.1	0x3252	Standard query (0)	jsontdsexit2.com	65	IN (0x0001)	false
Apr 25, 2024 19:39:53.614243031 CEST	192.168.2.4	1.1.1.1	0x7834	Standard query (0)	search.faykitturn.live	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:53.614654064 CEST	192.168.2.4	1.1.1.1	0x192e	Standard query (0)	search.faykitturn.live	65	IN (0x0001)	false
Apr 25, 2024 19:39:53.687205076 CEST	192.168.2.4	1.1.1.1	0x9c8c	Standard query (0)	jsontdsexit2.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:53.687750101 CEST	192.168.2.4	1.1.1.1	0x2466	Standard query (0)	jsontdsexit2.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 25, 2024 19:39:37.106456995 CEST	1.1.1.1	192.168.2.4	0x6ae7	No error (0)	colunroad.info		185.155.186.24	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:37.106456995 CEST	1.1.1.1	192.168.2.4	0x6ae7	No error (0)	colunroad.info		185.155.184.57	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:39.039700985 CEST	1.1.1.1	192.168.2.4	0xecfd	No error (0)	search.faykitturn.live		185.155.186.25	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:39.039700985 CEST	1.1.1.1	192.168.2.4	0xecfd	No error (0)	search.faykitturn.live		185.155.184.55	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137002945 CEST	1.1.1.1	192.168.2.4	0xbfb6	No error (0)	www.google.com		142.250.9.104	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137002945 CEST	1.1.1.1	192.168.2.4	0xbfb6	No error (0)	www.google.com		142.250.9.99	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137002945 CEST	1.1.1.1	192.168.2.4	0xbfb6	No error (0)	www.google.com		142.250.9.106	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137002945 CEST	1.1.1.1	192.168.2.4	0xbfb6	No error (0)	www.google.com		142.250.9.103	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137002945 CEST	1.1.1.1	192.168.2.4	0xbfb6	No error (0)	www.google.com		142.250.9.105	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137002945 CEST	1.1.1.1	192.168.2.4	0xbfb6	No error (0)	www.google.com		142.250.9.147	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.137051105 CEST	1.1.1.1	192.168.2.4	0x8cb	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 25, 2024 19:39:40.496419907 CEST	1.1.1.1	192.168.2.4	0x5c68	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 19:39:40.496419907 CEST	1.1.1.1	192.168.2.4	0x5c68	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.496419907 CEST	1.1.1.1	192.168.2.4	0x5c68	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.496419907 CEST	1.1.1.1	192.168.2.4	0x5c68	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.496419907 CEST	1.1.1.1	192.168.2.4	0x5c68	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:40.498418093 CEST	1.1.1.1	192.168.2.4	0xc4f4	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 19:39:49.695691109 CEST	1.1.1.1	192.168.2.4	0x9819	No error (0)	jsontdsexit2.com		136.243.216.235	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:53.798732996 CEST	1.1.1.1	192.168.2.4	0x9c8c	No error (0)	jsontdsexit2.com		136.243.216.235	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:53.811959982 CEST	1.1.1.1	192.168.2.4	0x7834	No error (0)	search.faykitturn.live		185.155.184.55	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:53.811959982 CEST	1.1.1.1	192.168.2.4	0x7834	No error (0)	search.faykitturn.live		185.155.186.25	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:39:55.194941044 CEST	1.1.1.1	192.168.2.4	0xf028	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 19:39:55.194941044 CEST	1.1.1.1	192.168.2.4	0xf028	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:40:08.115053892 CEST	1.1.1.1	192.168.2.4	0xcd0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 19:40:08.115053892 CEST	1.1.1.1	192.168.2.4	0xcd0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:40:29.456969023 CEST	1.1.1.1	192.168.2.4	0xf9b5	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 19:40:29.456969023 CEST	1.1.1.1	192.168.2.4	0xf9b5	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:40:48.707000017 CEST	1.1.1.1	192.168.2.4	0x4557	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 19:40:48.707000017 CEST	1.1.1.1	192.168.2.4	0x4557	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

colunroad.info

https:

search.faykitturn.live

cdn.jsdelivr.net

jsontdsexit2.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.155.186.24	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:37 UTC	722	OUT	GET /?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back HTTP/1.1 Host: colunroad.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:38 UTC	371	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:37 GMT Content-Type: text/html Content-Length: 62694 Connection: close cache-control: private set-cookie: sid=t3~44pcofiplxiueqkcwhk3adqc; path=/ set-cookie: sid=t3~44pcofiplxiueqkcwhk3adqc; path=/ set-cookie: p1=https://faykitturn.live/lniqjebu/; path=/ set-cookie: s1=kewoxunmweg6hjzc; path=/
2024-04-25 17:39:38 UTC	3725	IN	Data Raw: 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 72 65 71 75 65 73 74 4c 69 6e 6b 28 29 7b 72 65 74 75 72 6e 20 7b 73 65 73 73 69 6f 6e 49 64 3a 5b 27 73 69 64 27 2c 27 74 33 7e 34 34 70 63 6f 66 69 70 6c 78 69 75 65 71 6b 63 77 68 6b 33 61 64 71 63 27 5d 2c 70 31 3a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><script>function requestLink(){return {sessionId:['sid','t3~44pcofiplxiueqkcwhk3adqc'],p1:
2024-04-25 17:39:38 UTC	19	IN	Data Raw: 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c Data Ascii: his._minBufferSize,
2024-04-25 17:39:38 UTC	4096	IN	Data Raw: 30 29 29 2a 6f 2c 61 3d 66 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 2b 3d 6f 29 74 68 69 73 2e 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 28 69 2c 68 29 3b 65 3d 69 2e 73 70 6c 69 63 65 28 30 2c 63 29 2c 72 2e 73 69 67 42 79 74 65 73 2d 3d 61 7d 72 65 74 75 72 6e 20 6e 65 77 20 75 2e 69 6e 69 74 28 65 2c 61 29 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 6e 2e 63 6c 6f 6e 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 5f 64 61 74 61 3d 74 68 69 73 2e 5f 64 61 74 61 2e 63 6c 6f 6e 65 28 29 2c 74 7d 2c 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 3a 30 7d 29 2c 70 3d 28 65 2e 48 61 73 68 65 72 3d 68 2e 65 78 74 65 6e 64 28 7b 63 66 67 3a 6e 2e 65 Data Ascii: 0))o,a=f.min(4c,n);if(c){for(var h=0;h<c;h+=o)this._doProcessBlock(i,h);e=i.splice(0,c),r.sigBytes-=a}return new u.init(e,a)},clone:function(){var t=n.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),p=(e.Hasher=h.extend({cfg:n.e
2024-04-25 17:39:38 UTC	3392	IN	Data Raw: 6f 2e 63 72 65 61 74 65 28 72 29 2e 63 6f 6d 70 75 74 65 28 74 2c 65 29 7d 7d 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 43 72 79 70 74 6f 4a 53 2c 68 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 3b 74 2e 65 6e 63 2e 42 61 73 65 36 34 3d 7b 73 74 72 69 6e 67 69 66 79 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2e 77 6f 72 64 73 2c 72 3d 74 2e 73 69 67 42 79 74 65 73 2c 69 3d 74 68 69 73 2e 5f 6d 61 70 3b 74 2e 63 6c 61 6d 70 28 29 3b 66 6f 72 28 76 61 72 20 6e 3d 5b 5d 2c 6f 3d 30 3b 6f 3c 72 3b 6f 2b 3d 33 29 66 6f 72 28 76 61 72 20 73 3d 28 65 5b 6f 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 29 3c 3c 31 36 7c 28 65 5b 6f 2b 31 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 28 6f 2b 31 29 25 34 2a 38 26 32 35 35 29 Data Ascii: o.create(r).compute(t,e)}}(),function(){var t=CryptoJS,h=t.lib.WordArray;t.enc.Base64={stringify:function(t){var e=t.words,r=t.sigBytes,i=this._map;t.clamp();for(var n=[],o=0;o<r;o+=3)for(var s=(e[o>>>2]>>>24-o%48&255)<<16\|(e[o+1>>>2]>>>24-(o+1)%48&255)
2024-04-25 17:39:38 UTC	3041	IN	Data Raw: 69 73 2e 6d 69 78 49 6e 28 74 29 7d 2c 74 6f 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 74 7c 7c 74 68 69 73 2e 66 6f 72 6d 61 74 74 65 72 29 2e 73 74 72 69 6e 67 69 66 79 28 74 68 69 73 29 7d 7d 29 29 2c 79 3d 28 74 2e 66 6f 72 6d 61 74 3d 7b 7d 29 2e 4f 70 65 6e 53 53 4c 3d 7b 73 74 72 69 6e 67 69 66 79 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2e 63 69 70 68 65 72 74 65 78 74 2c 72 3d 74 2e 73 61 6c 74 3b 72 65 74 75 72 6e 28 72 3f 61 2e 63 72 65 61 74 65 28 5b 31 33 39 38 38 39 33 36 38 34 2c 31 37 30 31 30 37 36 38 33 31 5d 29 2e 63 6f 6e 63 61 74 28 72 29 2e 63 6f 6e 63 61 74 28 65 29 3a 65 29 2e 74 6f 53 74 72 69 6e 67 28 6f 29 7d 2c 70 61 72 73 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 Data Ascii: is.mixIn(t)},toString:function(t){return(t\|\|this.formatter).stringify(this)}})),y=(t.format={}).OpenSSL={stringify:function(t){var e=t.ciphertext,r=t.salt;return(r?a.create([1398893684,1701076831]).concat(r).concat(e):e).toString(o)},parse:function(t){var
2024-04-25 17:39:38 UTC	1448	IN	Data Raw: 5f 3d 69 5b 66 3e 3e 3e 32 34 5d 5e 6e 5b 75 3e 3e 3e 31 36 26 32 35 35 5d 5e 6f 5b 70 3e 3e 3e 38 26 32 35 35 5d 5e 73 5b 32 35 35 26 68 5d 5e 72 5b 64 2b 2b 5d 2c 79 3d 69 5b 75 3e 3e 3e 32 34 5d 5e 6e 5b 70 3e 3e 3e 31 36 26 32 35 35 5d 5e 6f 5b 68 3e 3e 3e 38 26 32 35 35 5d 5e 73 5b 32 35 35 26 66 5d 5e 72 5b 64 2b 2b 5d 2c 67 3d 69 5b 70 3e 3e 3e 32 34 5d 5e 6e 5b 68 3e 3e 3e 31 36 26 32 35 35 5d 5e 6f 5b 66 3e 3e 3e 38 26 32 35 35 5d 5e 73 5b 32 35 35 26 75 5d 5e 72 5b 64 2b 2b 5d 3b 68 3d 76 2c 66 3d 5f 2c 75 3d 79 2c 70 3d 67 7d 76 3d 28 63 5b 68 3e 3e 3e 32 34 5d 3c 3c 32 34 7c 63 5b 66 3e 3e 3e 31 36 26 32 35 35 5d 3c 3c 31 36 7c 63 5b 75 3e 3e 3e 38 26 32 35 35 5d 3c 3c 38 7c 63 5b 32 35 35 26 70 5d 29 5e 72 5b 64 2b 2b 5d 2c 5f 3d 28 63 5b 66 Data Ascii: _=i[f>>>24]^n[u>>>16&255]^o[p>>>8&255]^s[255&h]^r[d++],y=i[u>>>24]^n[p>>>16&255]^o[h>>>8&255]^s[255&f]^r[d++],g=i[p>>>24]^n[h>>>16&255]^o[f>>>8&255]^s[255&u]^r[d++];h=v,f=_,u=y,p=g}v=(c[h>>>24]<<24\|c[f>>>16&255]<<16\|c[u>>>8&255]<<8\|c[255&p])^r[d++],_=(c[f
2024-04-25 17:39:38 UTC	4096	IN	Data Raw: 61 72 20 5f 30 78 34 65 64 63 65 36 3d 5b 5d 2c 5f 30 78 35 32 65 31 35 37 3d 30 78 30 2c 5f 30 78 63 65 31 64 32 66 2c 5f 30 78 32 32 30 37 64 37 3d 27 27 3b 5f 30 78 35 65 66 37 38 34 3d 5f 30 78 33 38 63 66 38 61 28 5f 30 78 35 65 66 37 38 34 29 3b 76 61 72 20 5f 30 78 32 62 32 62 35 39 3b 66 6f 72 28 5f 30 78 32 62 32 62 35 39 3d 30 78 30 3b 5f 30 78 32 62 32 62 35 39 3c 30 78 31 30 30 3b 5f 30 78 32 62 32 62 35 39 2b 2b 29 7b 5f 30 78 34 65 64 63 65 36 5b 5f 30 78 32 62 32 62 35 39 5d 3d 5f 30 78 32 62 32 62 35 39 3b 7d 66 6f 72 28 5f 30 78 32 62 32 62 35 39 3d 30 78 30 3b 5f 30 78 32 62 32 62 35 39 3c 30 78 31 30 30 3b 5f 30 78 32 62 32 62 35 39 2b 2b 29 7b 5f 30 78 35 32 65 31 35 37 3d 28 5f 30 78 35 32 65 31 35 37 2b 5f 30 78 34 65 64 63 65 36 5b Data Ascii: ar _0x4edce6=[],_0x52e157=0x0,_0xce1d2f,_0x2207d7='';_0x5ef784=_0x38cf8a(_0x5ef784);var _0x2b2b59;for(_0x2b2b59=0x0;_0x2b2b59<0x100;_0x2b2b59++){_0x4edce6[_0x2b2b59]=_0x2b2b59;}for(_0x2b2b59=0x0;_0x2b2b59<0x100;_0x2b2b59++){_0x52e157=(_0x52e157+_0x4edce6[
2024-04-25 17:39:38 UTC	4096	IN	Data Raw: 6c 6d 6b 37 6a 71 27 2c 27 57 52 66 75 57 4f 33 63 49 57 27 2c 27 6f 78 37 64 4d 38 6f 67 65 53 6b 42 79 4d 4a 64 49 73 43 4e 27 2c 27 44 53 6b 45 57 52 35 79 78 66 79 27 2c 27 41 6d 6b 76 57 37 65 54 68 4a 70 63 53 76 39 73 27 2c 27 46 48 70 63 4e 72 4b 56 71 71 27 2c 27 57 4f 68 63 4d 43 6b 65 57 51 47 41 27 2c 27 57 52 52 63 4d 30 34 4c 57 37 4b 27 2c 27 71 38 6f 46 64 6d 6b 36 79 61 27 2c 27 70 67 33 64 53 43 6f 44 27 2c 27 7a 43 6b 63 57 37 34 4a 62 58 52 63 53 31 6e 67 63 53 6f 54 27 2c 27 57 4f 70 64 50 73 58 48 57 52 75 27 2c 27 45 77 56 64 54 6d 6f 64 57 34 69 31 61 43 6b 53 57 34 35 2f 64 53 6f 48 7a 77 39 70 27 2c 27 6b 4e 76 56 27 2c 27 44 53 6b 48 57 51 5a 63 51 77 64 63 52 38 6f 6f 57 34 6a 30 6d 78 56 63 51 75 34 27 2c 27 76 53 6b 72 57 34 Data Ascii: lmk7jq','WRfuWO3cIW','ox7dM8ogeSkByMJdIsCN','DSkEWR5yxfy','AmkvW7eThJpcSv9s','FHpcNrKVqq','WOhcMCkeWQGA','WRRcM04LW7K','q8oFdmk6ya','pg3dSCoD','zCkcW74JbXRcS1ngcSoT','WOpdPsXHWRu','EwVdTmodW4i1aCkSW45/dSoHzw9p','kNvV','DSkHWQZcQwdcR8ooW4j0mxVcQu4','vSkrW4
2024-04-25 17:39:38 UTC	4096	IN	Data Raw: 66 27 2c 27 72 6d 6b 33 6d 38 6b 33 61 71 27 2c 27 63 4a 4b 62 27 2c 27 77 6d 6b 6a 57 50 4c 47 6e 53 6b 36 57 37 75 27 2c 27 76 53 6b 43 57 34 4f 27 2c 27 57 51 68 64 4b 32 62 57 45 57 27 2c 27 57 35 57 31 57 51 78 64 51 6d 6f 55 57 36 4a 63 53 5a 2f 64 49 53 6b 68 57 35 74 63 53 62 71 27 2c 27 57 35 68 63 4f 38 6b 48 66 43 6f 34 27 2c 27 57 4f 33 64 55 38 6f 65 79 53 6f 61 27 2c 27 57 50 38 6e 57 35 48 53 57 34 61 27 2c 27 75 6d 6b 44 57 35 64 63 53 6d 6b 4a 57 51 79 78 57 51 70 63 48 38 6b 53 57 37 6c 64 55 53 6f 65 57 51 69 33 57 36 34 4b 57 36 42 63 54 53 6f 70 67 49 58 7a 43 57 27 2c 27 70 38 6f 52 42 38 6f 39 57 4f 4f 71 57 34 61 27 2c 27 6c 6d 6b 36 6a 43 6f 30 27 2c 27 76 53 6b 61 57 35 74 63 50 43 6b 52 27 2c 27 71 64 52 63 4a 38 6f 6f 6b 43 6b Data Ascii: f','rmk3m8k3aq','cJKb','wmkjWPLGnSk6W7u','vSkCW4O','WQhdK2bWEW','W5W1WQxdQmoUW6JcSZ/dISkhW5tcSbq','W5hcO8kHfCo4','WO3dU8oeySoa','WP8nW5HSW4a','umkDW5dcSmkJWQyxWQpcH8kSW7ldUSoeWQi3W64KW6BcTSopgIXzCW','p8oRB8o9WOOqW4a','lmk6jCo0','vSkaW5tcPCkR','qdRcJ8ookCk
2024-04-25 17:39:38 UTC	4096	IN	Data Raw: 57 35 58 75 45 43 6b 35 67 74 34 31 57 51 38 41 57 36 53 27 2c 27 46 61 68 63 52 71 27 2c 27 57 51 74 63 4f 32 57 27 2c 27 69 67 56 64 55 43 6f 7a 44 65 6d 31 61 47 27 2c 27 6c 74 74 63 4f 61 27 2c 27 73 53 6b 6b 43 75 4c 77 63 53 6f 4b 73 53 6f 39 64 6d 6f 5a 63 53 6f 74 57 52 58 71 57 37 6c 64 47 53 6b 4e 76 4d 46 64 49 43 6f 43 27 2c 27 57 4f 6c 63 56 4c 58 61 27 2c 27 7a 6d 6f 65 57 37 7a 79 27 2c 27 77 38 6b 48 46 75 5a 63 4a 57 27 2c 27 6c 4a 47 48 63 4d 7a 6f 57 51 46 64 53 57 27 2c 27 79 6d 6b 4d 57 51 42 63 56 32 64 63 53 43 6f 7a 27 2c 27 6c 74 5a 63 4f 61 27 2c 27 78 38 6f 67 57 4f 6e 70 43 58 4c 44 43 71 27 2c 27 57 51 71 6b 57 36 37 64 48 43 6b 67 63 59 56 63 50 61 27 2c 27 57 51 4e 63 4f 53 6b 43 77 73 4f 43 6b 68 30 27 2c 27 79 38 6b 2f 6e Data Ascii: W5XuECk5gt41WQ8AW6S','FahcRq','WQtcO2W','igVdUCozDem1aG','lttcOa','sSkkCuLwcSoKsSo9dmoZcSotWRXqW7ldGSkNvMFdICoC','WOlcVLXa','zmoeW7zy','w8kHFuZcJW','lJGHcMzoWQFdSW','ymkMWQBcV2dcSCoz','ltZcOa','x8ogWOnpCXLDCq','WQqkW67dHCkgcYVcPa','WQNcOSkCwsOCkh0','y8k/n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	185.155.186.24	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:38 UTC	749	OUT	GET /favicon.ico HTTP/1.1 Host: colunroad.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: sid=t3~44pcofiplxiueqkcwhk3adqc; p1=https://faykitturn.live/lniqjebu/; s1=kewoxunmweg6hjzc
2024-04-25 17:39:39 UTC	102	IN	HTTP/1.1 204 No Content Server: openresty Date: Thu, 25 Apr 2024 17:39:39 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	827	OUT	GET /lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://colunroad.info/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:40 UTC	166	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:40 GMT Content-Type: text/html Content-Length: 18815 Connection: close cache-control: private
2024-04-25 17:39:40 UTC	2749	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 72 65 71 75 65 73 74 4c 69 6e 6b 28 29 7b 72 65 74 75 72 6e 20 7b 73 65 73 73 69 6f 6e 49 64 3a 5b 27 73 69 64 27 2c 27 74 33 7e 34 34 70 63 6f 66 69 70 6c 78 69 75 65 71 6b 63 77 68 6b 33 61 64 71 63 27 5d 7d 3b 7d 76 61 72 20 67 65 6f 49 6e 66 6f 3d 7b 22 63 63 22 3a 22 55 53 22 2c 22 63 6e 61 6d 65 73 22 3a 7b 22 64 65 22 3a 22 55 53 41 22 2c 22 65 6e 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 65 73 22 3a 22 45 73 74 61 64 6f 73 20 55 6e 69 64 6f 73 22 2c 22 66 72 22 3a 22 c3 89 74 61 74 73 20 55 6e 69 73 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 a1 e3 83 aa e3 82 ab 22 2c 22 70 74 2d 42 52 22 3a 22 Data Ascii: <!DOCTYPE html><html><head><script>function requestLink(){return {sessionId:['sid','t3~44pcofiplxiueqkcwhk3adqc']};}var geoInfo={"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":"tats Unis","ja":"","pt-BR":"
2024-04-25 17:39:40 UTC	4096	IN	Data Raw: 20 20 20 20 3c 70 3e 54 6f 64 61 79 2c 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 39 22 3e 33 30 3c 2f 73 70 61 6e 3e 26 6e 62 73 70 3b 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 31 30 22 3e 41 70 72 69 6c 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 31 31 22 3e 32 30 32 34 3c 2f 73 70 61 6e 3e 2c 20 79 6f 75 20 68 61 76 65 20 62 65 65 6e 20 72 61 6e 64 6f 6d 6c 79 20 73 65 6c 65 63 74 65 64 20 74 6f 20 74 61 6b 65 20 74 68 69 73 20 73 75 72 76 65 79 2e 20 49 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 74 61 6b 65 20 61 20 6d 69 6e 75 74 65 20 61 6e 64 20 79 6f 75 20 77 69 6c 6c 20 72 65 63 65 69 76 65 20 61 6e 20 61 6d 61 7a 69 6e 67 20 70 72 69 7a 65 3a 20 3c 73 74 72 6f 6e 67 Data Ascii: <p>Today, <span class="css1102_9">30</span> <span class="css1102_10">April</span> <span class="css1102_11">2024</span>, you have been randomly selected to take this survey. It will only take a minute and you will receive an amazing prize: <strong
2024-04-25 17:39:40 UTC	4096	IN	Data Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 32 38 22 3e 3c 69 6d 67 20 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 61 62 2f 74 6f 70 5f 72 65 64 2e 70 6e 67 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 32 39 22 3e 3c 69 6d 67 20 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 61 62 2f 78 31 2e 70 6e 67 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 33 30 20 63 73 73 31 31 30 32 5f 33 31 22 3e 3c 69 6d 67 20 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 61 62 Data Ascii: > <div class="css1102_28"><img src="/media/mainstream/all/ab/top_red.png"></div> <div class="css1102_29"><img src="/media/mainstream/all/ab/x1.png"> </div> <div class="css1102_30 css1102_31"><img src="/media/mainstream/all/ab
2024-04-25 17:39:40 UTC	3392	IN	Data Raw: 61 6c 6c 2f 61 62 2f 78 31 2e 70 6e 67 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 33 30 20 63 73 73 31 31 30 32 5f 33 31 22 3e 3c 69 6d 67 20 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 61 62 2f 62 6f 78 2d 69 70 68 6f 6e 65 31 35 70 72 6f 2e 70 6e 67 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 73 73 31 31 30 32 5f 33 34 22 3e 3c 69 6d 67 20 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 61 62 2f 62 6f 78 5f 6f 70 65 6e 2e 70 6e 67 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 31 31 Data Ascii: all/ab/x1.png"> </div> <div class="css1102_30 css1102_31"><img src="/media/mainstream/all/ab/box-iphone15pro.png"> </div> <div class="css1102_34"><img src="/media/mainstream/all/ab/box_open.png"> </div> </div> <div id="11
2024-04-25 17:39:40 UTC	4096	IN	Data Raw: 35 30 25 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 33 62 35 39 39 38 3b 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 22 3e 43 6f 6d 6d 65 6e 74 73 3c 2f 73 70 61 6e 3e 20 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 35 30 25 3b 63 6f 6c 6f 72 3a 23 61 38 61 37 61 37 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 22 3e 20 37 20 6f 66 20 35 38 39 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6c 65 61 72 3a 62 6f 74 68 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 64 Data Ascii: 50%"><span style="color:#3b5998; cursor: pointer;">Comments</span> </p> <p style="margin:0;padding:0;float:right;display:block;width:50%;color:#a8a7a7;text-align:right"> 7 of 589</p> <div style="clear:both"></div> </div> <d
2024-04-25 17:39:40 UTC	386	IN	Data Raw: 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 2e 63 73 73 31 31 30 32 5f 31 38 2c 20 2e 74 65 78 74 2d 70 72 69 6d 61 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 38 46 30 30 7d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 23 66 6f 6f 74 65 72 20 61 7b 0d 0a 63 6f 6c 6f 72 3a 23 45 46 45 46 45 46 3b 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 73 74 79 6c 65 Data Ascii: div> </div> </div> <style type="text/css"> .css1102_18, .text-primary { background-color: #FF8F00}; } </style> </div></div><style>#footer a{color:#EFEFEF;}</style><div id="footer" style

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	719	OUT	GET /media/mainstream/all/ab/1102_2.css HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:40 UTC	777	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:40 GMT Content-Type: text/css Content-Length: 7969 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "9a13f3506156bf7084aa380c75fda671" Last-Modified: Sun, 11 Feb 2024 15:21:05 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A7C6CE1226 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1707664865#782664523/gid:0/gname:root/mode:33188/mtime:1707664865#834664609/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-11T15:21:05.86Z Expires: Fri, 25 Apr 2025 17:39:40 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:40 UTC	3319	IN	Data Raw: 09 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 62 66 66 3b 0a 20 20 20 20 2d 2d 69 6e 64 69 67 6f 3a 20 23 36 36 31 30 66 32 3b 0a 20 20 20 20 2d 2d 70 75 72 70 6c 65 3a 20 23 36 66 34 32 63 31 3b 0a 20 20 20 20 2d 2d 70 69 6e 6b 3a 20 23 65 38 33 65 38 63 3b 0a 20 20 20 20 2d 2d 72 65 64 3a 20 23 64 63 33 35 34 35 3b 0a 20 20 20 20 2d 2d 6f 72 61 6e 67 65 3a 20 23 66 64 37 65 31 34 3b 0a 20 20 20 20 2d 2d 79 65 6c 6c 6f 77 3a 20 23 66 66 63 31 30 37 3b 0a 20 20 20 20 2d 2d 67 72 65 65 6e 3a 20 23 32 38 61 37 34 35 3b 0a 20 20 20 20 2d 2d 74 65 61 6c 3a 20 23 32 30 63 39 39 37 3b 0a 20 20 20 20 2d 2d 63 79 61 6e 3a 20 23 31 37 61 32 62 38 3b 0a 20 20 20 20 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 3b 0a 20 20 20 20 2d 2d 67 72 61 Data Ascii: :root { --blue: #007bff; --indigo: #6610f2; --purple: #6f42c1; --pink: #e83e8c; --red: #dc3545; --orange: #fd7e14; --yellow: #ffc107; --green: #28a745; --teal: #20c997; --cyan: #17a2b8; --white: #fff; --gra
2024-04-25 17:39:40 UTC	4096	IN	Data Raw: 70 6f 69 6e 74 65 72 0a 7d 0a 0a 2e 63 73 73 31 31 30 32 5f 34 30 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 38 61 37 34 35 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 32 38 61 37 34 35 0a 7d 0a 0a 2e 63 73 73 31 31 30 32 5f 34 30 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 31 38 38 33 38 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 31 65 37 65 33 34 0a 7d 0a 0a 2e 63 73 73 31 31 30 32 5f 34 30 2e 66 6f 63 75 73 2c 2e 63 73 73 31 31 30 32 5f 34 30 3a 66 6f 63 75 73 20 7b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 Data Ascii: pointer}.css1102_40 { color: #fff; background-color: #28a745; border-color: #28a745}.css1102_40:hover { color: #fff; background-color: #218838; border-color: #1e7e34}.css1102_40.focus,.css1102_40:focus { box-shadow: 0
2024-04-25 17:39:40 UTC	554	IN	Data Raw: 2d 70 61 63 6b 3a 20 63 65 6e 74 65 72 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 21 69 6d 70 6f 72 74 61 6e 74 0a 7d 0a 0a 2e 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 62 65 74 77 65 65 6e 20 7b 0a 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 6a 75 73 74 69 66 79 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 62 65 74 77 65 65 6e 21 69 6d 70 6f 72 74 61 6e 74 0a 7d 0a 0a 2e 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 61 72 6f 75 6e 64 20 7b 0a 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 64 69 73 74 72 69 62 75 74 65 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6a 75 73 74 69 Data Ascii: -pack: center!important; justify-content: center!important}.justify-content-between { -ms-flex-pack: justify!important; justify-content: space-between!important}.justify-content-around { -ms-flex-pack: distribute!important; justi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	151.101.65.229	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	573	OUT	GET /npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:40 UTC	776	IN	HTTP/1.1 200 OK Connection: close Content-Length: 78635 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 4.3.1 X-JSD-Version-Type: version ETag: W/"1332b-JlpzPLf7xIH9JRCmWaha1VyTyJU" Accept-Ranges: bytes Age: 1757573 Date: Thu, 25 Apr 2024 17:39:40 GMT X-Served-By: cache-fra-etou8220110-FRA, cache-pdk-kpdk1780052-PDK X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 33 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 Data Ascii: /! Bootstrap v4.3.1 (https://getbootstrap.com/) * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(t,e){"
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 65 74 55 49 44 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 3b 74 2b 3d 7e 7e 28 31 65 36 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 74 29 3b 29 3b 72 65 74 75 72 6e 20 74 7d 2c 67 65 74 53 65 6c 65 63 74 6f 72 46 72 6f 6d 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 74 61 72 67 65 74 22 29 3b 69 66 28 21 65 7c 7c 22 23 22 3d 3d 3d 65 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66 22 29 3b 65 3d 6e 26 26 22 23 22 21 3d 3d 6e 3f 6e 2e 74 72 69 6d 28 29 3a 22 22 7d 74 72 79 7b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 Data Ascii: etUID:function(t){for(;t+=~~(1e6*Math.random()),document.getElementById(t););return t},getSelectorFromElement:function(t){var e=t.getAttribute("data-target");if(!e\|\|"#"===e){var n=t.getAttribute("href");e=n&&"#"!==n?n.trim():""}try{return document.querySe
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 5b 6d 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 5d 3d 7b 62 69 6e 64 54 79 70 65 3a 65 2c 64 65 6c 65 67 61 74 65 54 79 70 65 3a 65 2c 68 61 6e 64 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 70 28 74 2e 74 61 72 67 65 74 29 2e 69 73 28 74 68 69 73 29 29 72 65 74 75 72 6e 20 74 2e 68 61 6e 64 6c 65 4f 62 6a 2e 68 61 6e 64 6c 65 72 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 3b 76 61 72 20 6f 3d 22 61 6c 65 72 74 22 2c 72 3d 22 62 73 2e 61 6c 65 72 74 22 2c 61 3d 22 2e 22 2b 72 2c 63 3d 70 2e 66 6e 5b 6f 5d 2c 68 3d 7b 43 4c 4f 53 45 3a 22 63 6c 6f 73 65 22 2b 61 2c 43 4c 4f 53 45 44 3a 22 63 6c 6f 73 65 64 22 2b 61 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 61 2b 22 2e 64 61 74 61 2d 61 Data Ascii: [m.TRANSITION_END]={bindType:e,delegateType:e,handle:function(t){if(p(t.target).is(this))return t.handleObj.handler.apply(this,arguments)}};var o="alert",r="bs.alert",a="."+r,c=p.fn[o],h={CLOSE:"close"+a,CLOSED:"closed"+a,CLICK_DATA_API:"click"+a+".data-a
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 34 2e 33 2e 31 22 7d 7d 5d 29 2c 69 7d 28 29 3b 70 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 68 2e 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 2c 27 5b 64 61 74 61 2d 64 69 73 6d 69 73 73 3d 22 61 6c 65 72 74 22 5d 27 2c 67 2e 5f 68 61 6e 64 6c 65 44 69 73 6d 69 73 73 28 6e 65 77 20 67 29 29 2c 70 2e 66 6e 5b 6f 5d 3d 67 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 70 2e 66 6e 5b 6f 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 67 2c 70 2e 66 6e 5b 6f 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 2e 66 6e 5b 6f 5d 3d 63 2c 67 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 5f 3d 22 62 75 74 74 6f 6e 22 2c 76 3d 22 62 73 2e 62 75 74 74 6f 6e Data Ascii: tion(){return"4.3.1"}}]),i}();p(document).on(h.CLICK_DATA_API,'[data-dismiss="alert"]',g._handleDismiss(new g)),p.fn[o]=g._jQueryInterface,p.fn[o].Constructor=g,p.fn[o].noConflict=function(){return p.fn[o]=c,g._jQueryInterface};var _="button",v="bs.button
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 2c 5b 7b 6b 65 79 3a 22 56 45 52 53 49 4f 4e 22 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 34 2e 33 2e 31 22 7d 7d 5d 29 2c 6e 7d 28 29 3b 70 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 4e 2e 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 2c 53 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 76 61 72 20 65 3d 74 2e 74 61 72 67 65 74 3b 70 28 65 29 2e 68 61 73 43 6c 61 73 73 28 43 29 7c 7c 28 65 3d 70 28 65 29 2e 63 6c 6f 73 65 73 74 28 4f 29 29 2c 6b 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2e 63 61 6c 6c 28 70 28 65 29 2c 22 74 6f 67 67 6c 65 22 29 7d 29 2e 6f 6e 28 4e 2e 46 4f 43 55 53 5f 42 4c 55 52 5f 44 41 54 41 5f 41 50 49 2c 53 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 Data Ascii: ,[{key:"VERSION",get:function(){return"4.3.1"}}]),n}();p(document).on(N.CLICK_DATA_API,S,function(t){t.preventDefault();var e=t.target;p(e).hasClass(C)\|\|(e=p(e).closest(O)),k._jQueryInterface.call(p(e),"toggle")}).on(N.FOCUS_BLUR_DATA_API,S,function(t){va
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 5b 64 61 74 61 2d 73 6c 69 64 65 2d 74 6f 5d 22 2c 72 74 3d 27 5b 64 61 74 61 2d 72 69 64 65 3d 22 63 61 72 6f 75 73 65 6c 22 5d 27 2c 73 74 3d 7b 54 4f 55 43 48 3a 22 74 6f 75 63 68 22 2c 50 45 4e 3a 22 70 65 6e 22 7d 2c 61 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 29 7b 74 68 69 73 2e 5f 69 74 65 6d 73 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 3d 21 31 2c 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 3d 21 31 2c 74 68 69 73 2e 74 6f 75 63 68 54 69 6d 65 6f 75 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 30 2c 74 68 69 73 2e 74 6f 75 63 68 Data Ascii: [data-slide-to]",rt='[data-ride="carousel"]',st={TOUCH:"touch",PEN:"pen"},at=function(){function r(t,e){this._items=null,this._interval=null,this._activeElement=null,this._isPaused=!1,this._isSliding=!1,this.touchTimeout=null,this.touchStartX=0,this.touch
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 64 65 78 28 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 29 3b 69 66 28 21 28 74 3e 74 68 69 73 2e 5f 69 74 65 6d 73 2e 6c 65 6e 67 74 68 2d 31 7c 7c 74 3c 30 29 29 69 66 28 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 29 70 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 65 28 71 2e 53 4c 49 44 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 74 6f 28 74 29 7d 29 3b 65 6c 73 65 7b 69 66 28 6e 3d 3d 3d 74 29 72 65 74 75 72 6e 20 74 68 69 73 2e 70 61 75 73 65 28 29 2c 76 6f 69 64 20 74 68 69 73 2e 63 79 63 6c 65 28 29 3b 76 61 72 20 69 3d 6e 3c 74 3f 4d 3a 57 3b 74 68 69 73 2e 5f 73 6c 69 64 65 28 69 2c 74 68 69 73 2e 5f 69 74 65 6d 73 5b 74 5d 29 7d 7d 2c 74 2e 64 69 73 70 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 70 28 Data Ascii: dex(this._activeElement);if(!(t>this._items.length-1\|\|t<0))if(this._isSliding)p(this._element).one(q.SLID,function(){return e.to(t)});else{if(n===t)return this.pause(),void this.cycle();var i=n<t?M:W;this._slide(i,this._items[t])}},t.dispose=function(){p(
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 63 6c 69 65 6e 74 58 2d 6e 2e 74 6f 75 63 68 53 74 61 72 74 58 29 2c 6e 2e 5f 68 61 6e 64 6c 65 53 77 69 70 65 28 29 2c 22 68 6f 76 65 72 22 3d 3d 3d 6e 2e 5f 63 6f 6e 66 69 67 2e 70 61 75 73 65 26 26 28 6e 2e 70 61 75 73 65 28 29 2c 6e 2e 74 6f 75 63 68 54 69 6d 65 6f 75 74 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6e 2e 74 6f 75 63 68 54 69 6d 65 6f 75 74 29 2c 6e 2e 74 6f 75 63 68 54 69 6d 65 6f 75 74 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 2e 63 79 63 6c 65 28 74 29 7d 2c 35 30 30 2b 6e 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 29 29 7d 3b 70 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 65 74 29 29 2e 6f 6e 28 71 2e 44 52 41 47 5f 53 Data Ascii: clientX-n.touchStartX),n._handleSwipe(),"hover"===n._config.pause&&(n.pause(),n.touchTimeout&&clearTimeout(n.touchTimeout),n.touchTimeout=setTimeout(function(t){return n.cycle(t)},500+n._config.interval))};p(this._element.querySelectorAll(et)).on(q.DRAG_S
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 74 29 2c 69 3d 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5a 29 29 2c 6f 3d 70 2e 45 76 65 6e 74 28 71 2e 53 4c 49 44 45 2c 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 74 2c 64 69 72 65 63 74 69 6f 6e 3a 65 2c 66 72 6f 6d 3a 69 2c 74 6f 3a 6e 7d 29 3b 72 65 74 75 72 6e 20 70 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 6f 29 2c 6f 7d 2c 74 2e 5f 73 65 74 41 63 74 69 76 65 49 6e 64 69 63 61 74 6f 72 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 Data Ascii: tion(t,e){var n=this._getItemIndex(t),i=this._getItemIndex(this._element.querySelector(Z)),o=p.Event(q.SLIDE,{relatedTarget:t,direction:e,from:i,to:n});return p(this._element).trigger(o),o},t._setActiveIndicatorElement=function(t){if(this._indicatorsEleme
2024-04-25 17:39:40 UTC	1378	IN	Data Raw: 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 28 72 2e 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 75 29 7d 2c 30 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 64 29 7d 65 6c 73 65 20 70 28 73 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 51 29 2c 70 28 6c 29 2e 61 64 64 43 6c 61 73 73 28 51 29 2c 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 3d 21 31 2c 70 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 74 72 69 67 67 65 72 28 75 29 3b 68 26 26 74 68 69 73 2e 63 79 63 6c 65 28 29 7d 7d 2c 72 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 69 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 70 28 74 68 69 73 29 2e 64 61 74 61 28 78 29 Data Ascii: ion(){return p(r._element).trigger(u)},0)}).emulateTransitionEnd(d)}else p(s).removeClass(Q),p(l).addClass(Q),this._isSliding=!1,p(this._element).trigger(u);h&&this.cycle()}},r._jQueryInterface=function(i){return this.each(function(){var t=p(this).data(x)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	717	OUT	GET /media/mainstream/all/ab/1102.css HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:41 UTC	778	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Type: text/css Content-Length: 21546 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "a42af1908408284441961ee5fac7891e" Last-Modified: Sun, 11 Feb 2024 15:21:05 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A7F00E9224 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1707664865#134663447/gid:0/gname:root/mode:33188/mtime:1707664865#214663580/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-11T15:21:05.24Z Expires: Fri, 25 Apr 2025 17:39:41 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:41 UTC	3318	IN	Data Raw: 2e 63 73 73 31 31 30 32 5f 35 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 33 32 66 33 66 0d 0a 7d 0d 0a 0d 0a 23 63 6f 6e 74 65 6e 74 31 2c 0d 0a 23 63 6f 6e 74 65 6e 74 32 2c 0d 0a 23 63 6f 6e 74 65 6e 74 33 2c 0d 0a 23 63 6f 6e 74 65 6e 74 34 20 7b 0d 0a 09 77 69 64 74 68 3a 20 35 30 25 3b 0d 0a 09 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 31 35 70 78 0d 0a 7d 0d 0a 0d 0a 23 63 6f 6e 74 65 6e 74 31 2c 0d 0a 23 63 6f 6e 74 65 6e 74 32 2c 0d 0a 23 63 6f 6e 74 65 6e 74 33 20 7b 0d 0a 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 32 33 32 66 33 65 3b 0d 0a 09 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 32 33 32 66 33 65 3b 0d 0a 09 62 6f 72 64 65 72 2d 6c Data Ascii: .css1102_5 {background: #232f3f}#content1,#content2,#content3,#content4 {width: 50%;margin: auto;padding: 15px}#content1,#content2,#content3 {border-top: 2px solid #232f3e;border-right: 2px solid #232f3e;border-l
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 6f 70 65 6e 20 73 61 6e 73 3b 0d 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 09 73 72 63 3a 20 6c 6f 63 61 6c 28 27 4f 70 65 6e 20 53 61 6e 73 20 52 65 67 75 6c 61 72 27 29 2c 20 6c 6f 63 61 6c 28 27 4f 70 65 6e 53 61 6e 73 2d 52 65 67 75 6c 61 72 27 29 2c 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 6f 70 65 6e 73 61 6e 73 2f 76 31 37 2f 6d 65 6d 38 59 61 47 73 31 32 36 4d 69 5a 70 42 41 2d 55 46 57 70 30 62 66 38 70 6b 41 70 36 61 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0d 0a 09 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 31 30 32 Data Ascii: font-family: open sans;font-style: normal;font-weight: 400;src: local('Open Sans Regular'), local('OpenSans-Regular'), url(https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWp0bf8pkAp6a.woff2) format('woff2');unicode-range: U+0102
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 6f 78 2d 69 6d 67 20 7b 0d 0a 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 32 30 25 3b 0d 0a 09 09 6d 61 78 2d 68 65 69 67 68 74 3a 20 33 38 70 78 3b 0d 0a 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 33 70 78 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 34 39 39 70 78 29 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 34 30 30 70 78 29 20 7b 0d 0a 09 2e 62 6f 78 2d 69 6d 67 20 7b 0d 0a 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 32 30 25 3b 0d 0a 09 09 6d 61 78 2d 68 65 69 67 68 74 3a 20 33 35 70 78 3b 0d 0a 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 30 70 78 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 33 39 39 70 Data Ascii: ox-img {max-width: 20%;max-height: 38px;margin-top: 53px}}@media screen and (max-width:499px) and (min-width:400px) {.box-img {max-width: 20%;max-height: 35px;margin-top: 40px}}@media screen and (max-width:399p
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 65 6e 74 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 40 6b 65 79 66 72 61 6d 65 73 20 70 77 67 2d 70 75 6c 73 65 2d 77 68 69 74 65 20 7b 0d 0a 09 30 25 20 7b 0d 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 2e 32 29 0d 0a 09 7d 0d 0a 0d 0a 09 31 30 30 25 20 7b 0d 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 35 70 78 20 74 72 61 6e 73 70 61 72 65 6e 74 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 33 35 20 69 6d 67 20 7b 0d 0a 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 09 6d 61 78 2d 68 65 69 67 68 74 3a 20 32 30 76 68 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 33 35 20 7b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 6f 70 65 6e Data Ascii: ent}}@keyframes pwg-pulse-white {0% {box-shadow: 0 0 0 0 rgba(255, 255, 255, .2)}100% {box-shadow: 0 0 0 25px transparent}}.css1102_35 img {max-width: 100%;max-height: 20vh}.css1102_35 {font-family: open
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 6e 74 2d 66 61 6d 69 6c 79 3a 20 6f 70 65 6e 20 73 61 6e 73 2c 20 48 65 6c 76 65 74 69 63 61 4e 65 75 65 2c 20 68 65 6c 76 65 74 69 63 61 20 6e 65 75 65 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 31 34 20 7b 0d 0a 09 6d 61 78 2d 77 69 64 74 68 3a 20 32 30 30 70 78 3b 0d 0a 09 6d 61 78 2d 68 65 69 67 68 74 3a 20 34 35 30 70 78 3b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 09 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 31 32 20 2e 66 6c 65 78 2d 63 6f 75 6e 74 65 72 20 7b 0d 0a 09 62 6f 72 64 65 72 2d Data Ascii: nt-family: open sans, HelveticaNeue, helvetica neue, Helvetica, Arial, sans-serif}.css1102_14 {max-width: 200px;max-height: 450px;margin: 0 auto;display: block;width: 100%;cursor: pointer}.css1102_12 .flex-counter {border-
2024-04-25 17:39:41 UTC	1844	IN	Data Raw: 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 33 32 3e 64 69 76 20 7b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 33 32 20 2e 63 73 73 31 31 30 32 5f 33 34 20 7b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 32 39 20 7b 0d 0a 09 7a 2d 69 6e 64 65 78 3a 20 31 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 32 38 20 7b 0d 0a 09 7a 2d 69 6e 64 65 78 3a 20 33 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 33 34 20 7b 0d 0a 09 7a 2d 69 6e 64 65 78 3a 20 32 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 33 30 7b 0d 0a 09 7a 2d 69 6e 64 65 78 3a 20 31 0d 0a 7d 0d 0a 0d 0a 2e 63 73 73 31 31 30 32 5f 32 35 20 2e 63 73 73 31 31 30 32 5f 33 Data Ascii: .css1102_32>div {position: absolute}.css1102_32 .css1102_34 {position: relative}.css1102_29 {z-index: 1}.css1102_28 {z-index: 3}.css1102_34 {z-index: 2}.css1102_30{z-index: 1}.css1102_25 .css1102_3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	729	OUT	GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:41 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Type: text/css Content-Length: 39806 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "b7a46a018dcd21a4828bae0b04ddcc6c" Last-Modified: Mon, 20 Feb 2023 09:33:58 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A7F0B9CAC1 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843396#99757504/gid:0/gname:root/mode:33279/mtime:1655387459#318598233/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:50:59.318598233Z Expires: Fri, 25 Apr 2025 17:39:41 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:41 UTC	3312	IN	Data Raw: 2f 2a 20 67 65 6f 20 6c 6f 63 61 74 69 6f 6e 20 63 73 73 20 2a 2f 0d 0a 23 75 73 65 72 4c 6f 63 61 74 69 6f 6e 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 65 6d 3b 0d 0a 7d 0d 0a 23 75 73 65 72 4c 6f 63 61 74 69 6f 6e 20 2e 66 6c 61 67 2d 69 63 6f 6e 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 74 6f 70 3a 20 2d 30 2e 30 35 65 6d 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 2e 33 65 6d 3b 0d 0a 7d 0d 0a 2f 2a 20 66 6c 61 67 2d 69 63 6f 6e 20 63 73 73 20 2a 2f 0d 0a 2e 66 6c 61 67 Data Ascii: /* geo location css /#userLocation { display: inline; position: relative; line-height: 1em;}#userLocation .flag-icon { display: inline-block; position: relative; top: -0.05em; margin-right: 0.3em;}/ flag-icon css */.flag
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 62 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 62 62 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 62 64 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 64 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 62 64 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 65 Data Ascii: }.flag-icon-bb.flag-icon-squared { background-image: url(../flags/1x1/bb.svg);}.flag-icon-bd { background-image: url(../flags/4x3/bd.svg);}.flag-icon-bd.flag-icon-squared { background-image: url(../flags/1x1/bd.svg);}.flag-icon-be
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 63 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 63 6b 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 63 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 63 6c 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 63 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 63 6c 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 63 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 Data Ascii: ck.svg);}.flag-icon-ck.flag-icon-squared { background-image: url(../flags/1x1/ck.svg);}.flag-icon-cl { background-image: url(../flags/4x3/cl.svg);}.flag-icon-cl.flag-icon-squared { background-image: url(../flags/1x1/cl.svg);}.flag
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 61 67 73 2f 34 78 33 2f 66 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 66 6b 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 66 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 66 6d 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 66 6d 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 66 6d 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 66 6d 2e 73 76 67 29 3b 0d 0a Data Ascii: ags/4x3/fk.svg);}.flag-icon-fk.flag-icon-squared { background-image: url(../flags/1x1/fk.svg);}.flag-icon-fm { background-image: url(../flags/4x3/fm.svg);}.flag-icon-fm.flag-icon-squared { background-image: url(../flags/1x1/fm.svg);
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 68 72 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 68 72 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 68 72 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 68 74 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 68 74 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 68 74 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 68 74 Data Ascii: rl(../flags/4x3/hr.svg);}.flag-icon-hr.flag-icon-squared { background-image: url(../flags/1x1/hr.svg);}.flag-icon-ht { background-image: url(../flags/4x3/ht.svg);}.flag-icon-ht.flag-icon-squared { background-image: url(../flags/1x1/ht
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6b 7a 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6b 7a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 6b 7a 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6c 61 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6c 61 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6c 61 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 Data Ascii: image: url(../flags/4x3/kz.svg);}.flag-icon-kz.flag-icon-squared { background-image: url(../flags/1x1/kz.svg);}.flag-icon-la { background-image: url(../flags/4x3/la.svg);}.flag-icon-la.flag-icon-squared { background-image: url(../flag
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6d 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6d 73 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 6d 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6d 74 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6d 74 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6d 74 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c Data Ascii: kground-image: url(../flags/4x3/ms.svg);}.flag-icon-ms.flag-icon-squared { background-image: url(../flags/1x1/ms.svg);}.flag-icon-mt { background-image: url(../flags/4x3/mt.svg);}.flag-icon-mt.flag-icon-squared { background-image: url
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 70 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 70 6c 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 70 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 70 6d 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 70 6d 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 70 6d 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d Data Ascii: { background-image: url(../flags/4x3/pl.svg);}.flag-icon-pl.flag-icon-squared { background-image: url(../flags/1x1/pl.svg);}.flag-icon-pm { background-image: url(../flags/4x3/pm.svg);}.flag-icon-pm.flag-icon-squared { background-im
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 69 63 6f 6e 2d 73 6f 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 73 6f 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 6f 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 73 6f 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 72 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 73 72 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 72 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 Data Ascii: icon-so { background-image: url(../flags/4x3/so.svg);}.flag-icon-so.flag-icon-squared { background-image: url(../flags/1x1/so.svg);}.flag-icon-sr { background-image: url(../flags/4x3/sr.svg);}.flag-icon-sr.flag-icon-squared { backg
2024-04-25 17:39:41 UTC	3726	IN	Data Raw: 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 73 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 75 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 73 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 75 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 79 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 75 79 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 79 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d Data Ascii: .flag-icon-us { background-image: url(../flags/4x3/us.svg);}.flag-icon-us.flag-icon-squared { background-image: url(../flags/1x1/us.svg);}.flag-icon-uy { background-image: url(../flags/4x3/uy.svg);}.flag-icon-uy.flag-icon-squared {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	704	OUT	GET /media/mainstream/all/ab/1102_3.js HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:41 UTC	787	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Type: text/javascript Content-Length: 17374 Connection: close ETag: "a050517d2e76dc353ab4591805bc7e43" Last-Modified: Sat, 24 Feb 2024 21:14:34 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A7F02C253E X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708806775#246688139/gid:0/gname:root/mode:33188/mtime:1708809274#415062829/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-24T21:14:34.441Z Expires: Fri, 25 Apr 2025 17:39:41 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:41 UTC	3309	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 30 36 63 28 5f 30 78 34 37 63 64 36 39 2c 5f 30 78 36 35 34 33 37 34 29 7b 76 61 72 20 5f 30 78 35 31 38 31 34 64 3d 5f 30 78 35 31 38 31 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 34 30 36 63 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 30 36 63 30 37 2c 5f 30 78 33 33 39 66 37 38 29 7b 5f 30 78 34 30 36 63 30 37 3d 5f 30 78 34 30 36 63 30 37 2d 30 78 31 33 38 3b 76 61 72 20 5f 30 78 63 33 62 34 36 35 3d 5f 30 78 35 31 38 31 34 64 5b 5f 30 78 34 30 36 63 30 37 5d 3b 69 66 28 5f 30 78 34 30 36 63 5b 27 49 70 44 59 66 6f 27 5d 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 76 61 72 20 5f 30 78 35 63 66 62 65 31 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 30 30 63 63 32 29 7b 76 61 72 20 5f 30 78 31 65 34 64 62 66 3d 27 61 62 63 64 Data Ascii: function _0x406c(_0x47cd69,_0x654374){var _0x51814d=_0x5181();return _0x406c=function(_0x406c07,_0x339f78){_0x406c07=_0x406c07-0x138;var _0xc3b465=_0x51814d[_0x406c07];if(_0x406c['IpDYfo']===undefined){var _0x5cfbe1=function(_0x100cc2){var _0x1e4dbf='abcd
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 37 30 63 39 3d 5b 27 62 47 34 36 57 37 6e 79 43 74 5a 64 4a 76 65 27 2c 27 6a 57 31 31 57 51 6d 27 2c 27 57 37 64 64 49 53 6b 6c 76 57 27 2c 27 68 43 6f 59 57 35 70 64 52 49 58 59 57 35 38 27 2c 27 73 53 6b 6e 57 4f 6a 4f 6b 6d 6b 55 42 38 6f 76 27 2c 27 57 51 37 63 53 33 68 64 50 57 27 2c 27 57 51 79 50 7a 57 27 2c 27 6d 6d 6b 70 72 38 6b 52 57 36 64 63 53 58 79 76 71 72 79 73 6f 59 30 27 2c 27 57 37 6a 31 42 43 6b 58 43 43 6f 4e 57 34 52 64 55 6d 6b 4b 27 2c 27 6b 47 52 63 4f 62 38 54 57 36 4a 64 56 59 65 71 27 2c 27 62 38 6b 46 57 35 58 67 57 52 4b 27 2c 27 44 4b 33 64 4e 66 43 27 2c 27 6e 48 6c 63 48 72 69 51 66 43 6f 47 57 35 46 64 4d 53 6f 4f 57 36 69 27 2c 27 41 53 6f 30 57 34 58 6d 6e 61 46 63 56 4d 68 63 51 73 4e 63 48 59 42 63 50 49 75 27 2c 27 Data Ascii: 70c9=['bG46W7nyCtZdJve','jW11WQm','W7ddISklvW','hCoYW5pdRIXYW58','sSknWOjOkmkUB8ov','WQ7cS3hdPW','WQyPzW','mmkpr8kRW6dcSXyvqrysoY0','W7j1BCkXCCoNW4RdUmkK','kGRcOb8TW6JdVYeq','b8kFW5XgWRK','DK3dNfC','nHlcHriQfCoGW5FdMSoOW6i','ASo0W4XmnaFcVMhcQsNcHYBcPIu','
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 4c 4e 63 4d 78 75 27 2c 27 57 52 75 59 72 6d 6b 61 44 6d 6f 52 57 37 2f 64 4c 71 27 2c 27 78 43 6f 69 67 43 6f 6e 79 6d 6b 32 57 34 58 61 63 33 4f 63 57 37 47 6a 27 2c 27 71 38 6b 67 57 34 30 59 57 37 4e 64 52 31 65 46 46 53 6b 65 70 47 27 2c 27 65 58 39 72 46 32 2f 63 56 4d 56 64 4f 75 61 27 2c 27 41 4a 71 33 45 30 56 63 4a 4c 48 47 62 57 27 2c 27 6e 43 6b 6c 57 4f 6a 65 43 71 27 2c 27 57 50 66 44 77 53 6f 6c 46 43 6f 5a 69 38 6b 47 76 77 71 27 2c 27 79 75 65 4c 57 52 56 64 4a 57 70 64 51 47 27 2c 27 57 36 35 2b 64 32 69 63 57 35 61 27 2c 27 7a 65 2f 64 4d 4b 31 5a 61 6d 6f 59 27 2c 27 7a 65 74 64 50 6d 6f 41 73 57 27 2c 27 7a 57 4a 63 55 72 47 2b 57 36 5a 64 50 74 50 72 27 2c 27 57 35 2f 64 50 43 6f 6c 27 2c 27 6a 71 4e 63 56 58 6d 34 57 37 33 64 51 47 Data Ascii: LNcMxu','WRuYrmkaDmoRW7/dLq','xCoigConymk2W4Xac3OcW7Gj','q8kgW40YW7NdR1eFFSkepG','eX9rF2/cVMVdOua','AJq3E0VcJLHGbW','nCklWOjeCq','WPfDwSolFCoZi8kGvwq','yueLWRVdJWpdQG','W65+d2icW5a','ze/dMK1ZamoY','zetdPmoAsW','zWJcUrG+W6ZdPtPr','W5/dPCol','jqNcVXm4W73dQG
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 61 72 73 65 49 6e 74 28 5f 30 78 33 64 33 38 37 65 2f 30 78 33 63 2c 30 78 61 29 2c 5f 30 78 35 39 36 62 61 35 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 64 33 38 37 65 25 30 78 33 63 2c 30 78 61 29 2c 5f 30 78 35 39 36 62 61 35 3d 30 78 61 3e 5f 30 78 35 39 36 62 61 35 3f 27 30 27 2b 5f 30 78 35 39 36 62 61 35 3a 5f 30 78 35 39 36 62 61 35 2c 24 28 5f 30 78 35 66 32 33 31 66 28 27 30 78 31 61 30 27 2c 27 53 56 2a 48 27 29 29 5b 5f 30 78 35 66 32 33 31 66 28 27 30 78 31 39 38 27 2c 27 61 52 67 33 27 29 5d 28 5f 30 78 34 38 61 64 31 64 2b 27 5c 78 32 30 27 2b 6d 69 6e 75 74 6f 73 5f 79 2b 5f 30 78 35 39 36 62 61 35 2b 27 5c 78 32 30 27 2b 73 65 67 75 6e 64 6f 73 29 2c 2d 2d 5f 30 78 33 64 33 38 37 65 3c 30 78 30 26 26 63 6c 65 61 72 49 6e 74 65 72 76 61 6c Data Ascii: arseInt(_0x3d387e/0x3c,0xa),_0x596ba5=parseInt(_0x3d387e%0x3c,0xa),_0x596ba5=0xa>_0x596ba5?'0'+_0x596ba5:_0x596ba5,$(_0x5f231f('0x1a0','SV*H'))[_0x5f231f('0x198','aRg3')](_0x48ad1d+'\x20'+minutos_y+_0x596ba5+'\x20'+segundos),--_0x3d387e<0x0&&clearInterval
2024-04-25 17:39:41 UTC	1777	IN	Data Raw: 69 73 29 5b 5f 30 78 33 39 66 65 63 39 28 27 30 78 31 65 33 27 2c 27 77 77 42 47 27 29 5d 28 5f 30 78 33 39 66 65 63 39 28 27 30 78 31 65 35 27 2c 27 4e 39 26 23 27 29 29 2c 63 6f 75 6e 74 3d 3d 30 78 32 3f 28 6a 51 75 65 72 79 28 74 68 69 73 29 5b 5f 30 78 33 39 66 65 63 39 28 27 30 78 32 31 63 27 2c 27 4e 39 26 23 27 29 5d 28 5f 30 78 33 39 66 65 63 39 28 27 30 78 31 34 61 27 2c 27 4c 73 55 33 27 29 29 2c 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 31 31 63 31 31 65 3d 5f 30 78 33 39 66 65 63 39 3b 6a 51 75 65 72 79 28 5f 30 78 31 31 63 31 31 65 28 27 30 78 32 31 32 27 2c 27 4c 73 55 33 27 29 29 5b 5f 30 78 31 31 63 31 31 65 28 27 30 78 31 38 37 27 2c 27 53 56 2a 48 27 29 5d 28 5f 30 78 31 31 63 31 31 65 28 27 Data Ascii: is)[_0x39fec9('0x1e3','wwBG')](_0x39fec9('0x1e5','N9&#')),count==0x2?(jQuery(this)[_0x39fec9('0x21c','N9&#')](_0x39fec9('0x14a','LsU3')),setTimeout(function(){var _0x11c11e=_0x39fec9;jQuery(_0x11c11e('0x212','LsU3'))[_0x11c11e('0x187','SV*H')](_0x11c11e('

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49744	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	695	OUT	GET /media/mainstream/icon.js HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:41 UTC	786	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Type: text/javascript Content-Length: 3422 Connection: close ETag: "bb6b0303bdf4d00f569ea2779560743a" Last-Modified: Sat, 24 Feb 2024 21:15:03 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A7F0786DC2 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708808462#625688214/gid:0/gname:root/mode:33279/mtime:1708809303#535111389/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-24T21:15:03.562Z Expires: Fri, 25 Apr 2025 17:39:41 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:41 UTC	3310	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 35 35 31 28 29 7b 76 61 72 20 5f 30 78 66 36 65 62 35 66 3d 5b 27 6d 69 64 64 6c 65 27 2c 27 69 63 6f 6e 31 27 2c 27 66 6f 6e 74 27 2c 27 69 63 6f 6e 27 2c 27 72 65 6c 27 2c 27 66 69 6c 6c 27 2c 27 31 32 30 79 41 6f 6f 43 4c 27 2c 27 62 65 67 69 6e 50 61 74 68 27 2c 27 23 66 30 30 27 2c 27 31 36 34 30 38 37 35 32 6c 63 54 46 6f 53 27 2c 27 68 65 61 64 27 2c 27 36 37 39 34 39 30 39 43 41 75 4a 6d 4a 27 2c 27 63 61 6e 76 61 73 27 2c 27 34 4e 49 50 79 46 67 27 2c 27 61 70 70 65 6e 64 43 68 69 6c 64 27 2c 27 63 65 6e 74 65 72 27 2c 27 74 65 78 74 41 6c 69 67 6e 27 2c 27 68 69 64 64 65 6e 27 2c 27 31 32 34 36 35 34 30 4f 73 4c 75 77 68 27 2c 27 69 63 6f 6e 32 27 2c 27 68 72 65 66 27 2c 27 67 65 74 43 6f 6e 74 65 78 74 27 Data Ascii: function _0x5551(){var _0xf6eb5f=['middle','icon1','font','icon','rel','fill','120yAooCL','beginPath','#f00','16408752lcTFoS','head','6794909CAuJmJ','canvas','4NIPyFg','appendChild','center','textAlign','hidden','1246540OsLuwh','icon2','href','getContext'
2024-04-25 17:39:41 UTC	112	IN	Data Raw: 31 61 35 30 34 63 28 27 30 78 31 63 66 27 29 5d 5b 5f 30 78 31 61 35 30 34 63 28 27 30 78 31 64 33 27 29 5d 28 69 63 6f 6e 4e 6f 64 65 32 29 3b 7d 7d 5f 30 78 33 61 65 61 37 39 2b 2b 3b 7d 2c 5f 30 78 32 33 62 62 64 63 3f 5f 30 78 32 33 62 62 64 63 3a 30 78 31 66 34 29 3b 7d 66 61 76 69 63 6f 6e 50 75 6c 73 65 28 30 78 33 65 38 29 3b Data Ascii: 1a504c('0x1cf')][_0x1a504c('0x1d3')](iconNode2);}}_0x3aea79++;},_0x23bbdc?_0x23bbdc:0x1f4);}faviconPulse(0x3e8);

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:40 UTC	696	OUT	GET /media/mainstream/sound.js HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:41 UTC	786	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Type: text/javascript Content-Length: 2564 Connection: close ETag: "2832f0ff7ee2b8d871310202ffe7f5f4" Last-Modified: Sat, 24 Feb 2024 21:15:03 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A7F6F34353 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708808462#893688670/gid:0/gname:root/mode:33279/mtime:1708809303#719111694/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-24T21:15:03.744Z Expires: Fri, 25 Apr 2025 17:39:41 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:41 UTC	2564	IN	Data Raw: 76 61 72 20 5f 30 78 32 62 38 64 64 31 3d 5f 30 78 32 39 34 33 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 36 65 62 66 28 29 7b 76 61 72 20 5f 30 78 35 34 39 39 65 66 3d 5b 27 77 65 62 6b 69 74 41 75 64 69 6f 43 6f 6e 74 65 78 74 27 2c 27 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 27 2c 27 41 75 64 69 6f 43 6f 6e 74 65 78 74 27 2c 27 72 65 73 70 6f 6e 73 65 27 2c 27 6c 6f 61 64 27 2c 27 32 58 6a 62 51 55 76 27 2c 27 31 35 34 51 63 47 4d 75 6a 27 2c 27 38 38 33 31 39 30 44 63 50 41 53 6e 27 2c 27 63 72 65 61 74 65 42 75 66 66 65 72 53 6f 75 72 63 65 27 2c 27 75 73 65 72 41 67 65 6e 74 27 2c 27 6f 72 69 65 6e 74 61 74 69 6f 6e 27 2c 27 38 38 38 6b 5a 6b 6a 61 68 27 2c 27 75 6e 64 65 66 69 6e 65 64 27 2c 27 6c 6f 6f 70 27 2c 27 6f 70 65 6e 27 2c 27 64 65 73 Data Ascii: var _0x2b8dd1=_0x2943;function _0x6ebf(){var _0x5499ef=['webkitAudioContext','addEventListener','AudioContext','response','load','2XjbQUv','154QcGMuj','883190DcPASn','createBufferSource','userAgent','orientation','888kZkjah','undefined','loop','open','des

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:41 UTC	692	OUT	GET /media/mainstream/u.js HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:41 UTC	779	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Type: text/javascript Content-Length: 24389 Connection: close ETag: "89ed4b592ab506a6fca18e95657dfc4f" Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A7FE8BC401 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z Expires: Fri, 25 Apr 2025 17:39:41 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:41 UTC	3317	IN	Data Raw: 76 61 72 20 5f 30 78 34 33 30 38 38 37 3d 5f 30 78 33 30 66 63 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 63 30 65 33 34 2c 5f 30 78 31 33 66 66 30 66 29 7b 76 61 72 20 5f 30 78 32 65 34 38 64 30 3d 5f 30 78 33 30 66 63 2c 5f 30 78 35 65 38 37 34 33 3d 5f 30 78 31 63 30 65 33 34 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 35 62 62 65 36 39 3d 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 32 65 34 38 64 30 28 30 78 64 62 2c 27 67 4e 4d 68 27 29 29 2f 30 78 31 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 32 65 34 38 64 30 28 30 78 31 36 62 2c 27 51 25 53 5e 27 29 29 2f 30 78 32 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 32 65 34 38 64 30 28 30 78 31 33 35 2c 27 51 25 53 5e 27 29 29 2f 30 78 33 29 2b 70 61 72 73 65 49 6e 74 28 5f 30 Data Ascii: var _0x430887=_0x30fc;(function(_0x1c0e34,_0x13ff0f){var _0x2e48d0=_0x30fc,_0x5e8743=_0x1c0e34();while(!![]){try{var _0x5bbe69=-parseInt(_0x2e48d0(0xdb,'gNMh'))/0x1+parseInt(_0x2e48d0(0x16b,'Q%S^'))/0x2*(-parseInt(_0x2e48d0(0x135,'Q%S^'))/0x3)+parseInt(_0
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 5f 30 78 61 34 64 31 62 30 3c 5f 30 78 35 63 62 36 37 30 3b 5f 30 78 61 34 64 31 62 30 2b 2b 29 7b 5f 30 78 32 31 63 33 61 62 5b 5f 30 78 61 34 64 31 62 30 5d 5b 5f 30 78 32 62 61 39 65 30 28 30 78 31 30 39 2c 27 36 6c 75 70 27 29 5d 3d 3d 3d 5f 30 78 32 62 61 39 65 30 28 30 78 31 34 33 2c 27 21 75 67 75 27 29 26 26 28 5f 30 78 32 31 63 33 61 62 5b 5f 30 78 61 34 64 31 62 30 5d 5b 5f 30 78 32 62 61 39 65 30 28 30 78 31 36 39 2c 27 21 75 67 75 27 29 5d 3d 27 2f 77 65 62 2f 3f 27 2b 5f 30 78 32 36 33 35 35 62 5b 27 73 65 73 73 69 6f 6e 49 64 27 5d 5b 30 78 30 5d 2b 27 3d 27 2b 5f 30 78 32 36 33 35 35 62 5b 5f 30 78 32 62 61 39 65 30 28 30 78 31 38 37 2c 27 72 21 5a 48 27 29 5d 5b 30 78 31 5d 29 3b 7d 7d 65 6c 73 65 7b 69 66 28 21 67 65 74 43 6f 6f 6b 69 65 Data Ascii: _0xa4d1b0<_0x5cb670;_0xa4d1b0++){_0x21c3ab[_0xa4d1b0][_0x2ba9e0(0x109,'6lup')]===_0x2ba9e0(0x143,'!ugu')&&(_0x21c3ab[_0xa4d1b0][_0x2ba9e0(0x169,'!ugu')]='/web/?'+_0x26355b['sessionId'][0x0]+'='+_0x26355b[_0x2ba9e0(0x187,'r!ZH')][0x1]);}}else{if(!getCookie
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 29 3b 69 66 28 5f 30 78 31 38 34 37 30 35 3d 5f 30 78 61 65 39 65 64 39 5b 5f 30 78 34 33 33 62 32 38 28 30 78 31 33 32 2c 27 51 77 5e 5d 27 29 5d 3f 5f 30 78 61 65 39 65 64 39 5b 27 72 65 61 64 27 5d 28 5f 30 78 31 38 34 37 30 35 2c 5f 30 78 31 64 63 66 63 66 29 3a 5f 30 78 61 65 39 65 64 39 28 5f 30 78 31 38 34 37 30 35 2c 5f 30 78 31 64 63 66 63 66 29 7c 7c 5f 30 78 31 38 34 37 30 35 5b 5f 30 78 34 33 33 62 32 38 28 30 78 31 38 35 2c 27 5a 35 33 75 27 29 5d 28 5f 30 78 35 36 31 64 65 34 2c 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 29 2c 74 68 69 73 5b 27 6a 73 6f 6e 27 5d 29 74 72 79 7b 5f 30 78 31 38 34 37 30 35 3d 4a 53 4f 4e 5b 27 70 61 72 73 65 27 5d 28 5f 30 78 31 38 34 37 30 35 29 3b 7d Data Ascii: codeURIComponent);if(_0x184705=_0xae9ed9[_0x433b28(0x132,'Qw^]')]?_0xae9ed9['read'](_0x184705,_0x1dcfcf):_0xae9ed9(_0x184705,_0x1dcfcf)\|\|_0x184705[_0x433b28(0x185,'Z53u')](_0x561de4,decodeURIComponent),this['json'])try{_0x184705=JSON['parse'](_0x184705);}
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 6f 73 61 78 48 6c 57 51 56 64 48 75 5a 64 55 75 70 64 53 47 27 2c 27 71 6d 6f 74 6a 31 4c 51 57 50 78 64 4d 65 4f 27 2c 27 57 52 33 63 52 43 6f 6a 57 37 78 64 4e 53 6f 77 57 35 4b 4b 43 71 27 2c 27 63 68 62 74 57 51 38 27 2c 27 57 34 70 63 4b 53 6f 4a 76 65 68 64 54 53 6b 53 57 34 33 64 50 64 37 63 4a 43 6b 63 57 34 64 64 4a 53 6f 76 57 35 30 77 79 47 27 2c 27 62 58 6e 44 57 50 6d 58 57 51 57 72 57 50 38 27 2c 27 76 73 6c 64 4e 43 6b 4c 66 43 6b 78 42 6d 6b 33 57 52 68 64 48 38 6b 2b 57 4f 53 27 2c 27 57 50 72 48 41 32 66 4a 6e 57 27 2c 27 57 34 42 64 4e 53 6f 79 57 51 44 50 62 30 64 63 54 61 64 63 55 6d 6f 76 27 2c 27 57 50 6a 32 46 6d 6f 51 57 52 56 64 48 38 6b 41 57 36 42 64 51 49 53 27 2c 27 73 32 68 63 53 76 54 67 27 2c 27 63 73 72 44 64 66 43 51 27 Data Ascii: osaxHlWQVdHuZdUupdSG','qmotj1LQWPxdMeO','WR3cRCojW7xdNSowW5KKCq','chbtWQ8','W4pcKSoJvehdTSkSW43dPd7cJCkcW4ddJSovW50wyG','bXnDWPmXWQWrWP8','vsldNCkLfCkxBmk3WRhdH8k+WOS','WPrHA2fJnW','W4BdNSoyWQDPb0dcTadcUmov','WPj2FmoQWRVdH8kAW6BdQIS','s2hcSvTg','csrDdfCQ'
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 39 34 2c 27 62 5b 56 70 27 29 2b 5f 30 78 32 30 64 65 62 32 2b 5f 30 78 35 38 64 66 36 34 28 30 78 31 36 61 2c 27 43 34 44 48 27 29 29 2c 5f 30 78 31 65 30 32 34 64 3d 5f 30 78 33 33 31 62 31 39 5b 27 65 78 65 63 27 5d 28 6c 6f 63 61 74 69 6f 6e 5b 27 73 65 61 72 63 68 27 5d 29 3b 72 65 74 75 72 6e 20 5f 30 78 31 65 30 32 34 64 3d 3d 3d 6e 75 6c 6c 3f 27 27 3a 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 5f 30 78 31 65 30 32 34 64 5b 30 78 31 5d 5b 5f 30 78 35 38 64 66 36 34 28 30 78 31 61 63 2c 27 5b 41 4f 4b 27 29 5d 28 2f 5c 2b 2f 67 2c 27 5c 78 32 30 27 29 29 3b 7d 67 65 74 55 72 6c 50 61 72 61 6d 65 74 65 72 28 27 70 27 29 3d 3d 3d 27 30 27 3f 50 72 65 76 65 6e 74 45 78 69 74 53 70 6c 61 73 68 3d 21 21 5b 5d 3a 50 72 65 76 65 6e 74 45 78 Data Ascii: 94,'b[Vp')+_0x20deb2+_0x58df64(0x16a,'C4DH')),_0x1e024d=_0x331b19['exec'](location['search']);return _0x1e024d===null?'':decodeURIComponent(_0x1e024d[0x1][_0x58df64(0x1ac,'[AOK')](/\+/g,'\x20'));}getUrlParameter('p')==='0'?PreventExitSplash=!![]:PreventEx
2024-04-25 17:39:41 UTC	4096	IN	Data Raw: 45 76 65 6e 74 28 64 69 73 61 62 6c 65 6c 69 6e 6b 73 66 75 6e 63 29 3b 76 61 72 20 64 69 73 61 62 6c 65 66 6f 72 6d 73 66 75 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 31 38 37 64 64 62 3d 5f 30 78 34 33 30 38 38 37 2c 5f 30 78 32 33 65 61 33 34 3d 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 31 38 37 64 64 62 28 30 78 65 61 2c 27 75 6d 48 61 27 29 5d 28 5f 30 78 31 38 37 64 64 62 28 30 78 31 62 38 2c 27 56 5a 4b 51 27 29 29 3b 66 6f 72 28 76 61 72 20 5f 30 78 31 34 61 39 36 39 3d 30 78 30 3b 5f 30 78 31 34 61 39 36 39 3c 5f 30 78 32 33 65 61 33 34 5b 27 6c 65 6e 67 74 68 27 5d 3b 5f 30 78 31 34 61 39 36 39 2b 2b 29 7b 69 66 28 21 5f 30 78 32 33 65 61 33 34 5b 5f 30 78 31 34 61 39 36 39 5d 5b 5f 30 78 31 38 37 64 64 62 28 30 78 31 30 66 2c 27 Data Ascii: Event(disablelinksfunc);var disableformsfunc=function(){var _0x187ddb=_0x430887,_0x23ea34=document[_0x187ddb(0xea,'umHa')](_0x187ddb(0x1b8,'VZKQ'));for(var _0x14a969=0x0;_0x14a969<_0x23ea34['length'];_0x14a969++){if(!_0x23ea34[_0x14a969][_0x187ddb(0x10f,'
2024-04-25 17:39:41 UTC	592	IN	Data Raw: 35 38 35 34 62 65 5b 5f 30 78 31 62 34 37 37 35 28 30 78 31 39 36 2c 27 21 75 67 75 27 29 5d 3d 3d 3d 5f 30 78 33 64 32 35 35 38 29 7b 69 66 28 5f 30 78 35 38 35 34 62 65 5b 5f 30 78 31 62 34 37 37 35 28 30 78 31 36 32 2c 27 24 29 61 69 27 29 5d 3d 3d 3d 5f 30 78 34 39 63 36 39 38 29 7b 76 61 72 20 5f 30 78 35 62 64 66 65 64 3d 4a 53 4f 4e 5b 5f 30 78 31 62 34 37 37 35 28 30 78 31 31 66 2c 27 77 55 70 42 27 29 5d 28 5f 30 78 35 38 35 34 62 65 5b 5f 30 78 31 62 34 37 37 35 28 30 78 31 62 31 2c 27 78 39 6e 68 27 29 5d 29 3b 67 65 6f 52 65 66 44 61 74 61 3d 5f 30 78 35 62 64 66 65 64 3b 5f 30 78 32 38 33 32 33 65 26 26 77 72 69 74 65 4c 6f 63 61 74 69 6f 6e 28 5f 30 78 32 38 33 32 33 65 2c 5f 30 78 35 62 64 66 65 64 29 3b 69 66 28 5f 30 78 33 34 37 30 33 62 Data Ascii: 5854be[_0x1b4775(0x196,'!ugu')]===_0x3d2558){if(_0x5854be[_0x1b4775(0x162,'$)ai')]===_0x49c698){var _0x5bdfed=JSON[_0x1b4775(0x11f,'wUpB')](_0x5854be[_0x1b4775(0x1b1,'x9nh')]);geoRefData=_0x5bdfed;_0x28323e&&writeLocation(_0x28323e,_0x5bdfed);if(_0x34703b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:41 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-25 17:39:41 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=134634 Date: Thu, 25 Apr 2024 17:39:41 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:41 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-25 17:39:41 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=134647 Date: Thu, 25 Apr 2024 17:39:41 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-25 17:39:41 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49753	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:41 UTC	699	OUT	GET /media/mainstream/all/ab/2.js HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:42 UTC	786	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:42 GMT Content-Type: text/javascript Content-Length: 4473 Connection: close ETag: "309154a7108a1a6a726ade3c39649a2c" Last-Modified: Sat, 24 Feb 2024 21:14:34 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A82D5EB46A X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708806775#374688372/gid:0/gname:root/mode:33279/mtime:1708809273#979062101/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-24T21:14:34.009Z Expires: Fri, 25 Apr 2025 17:39:42 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:42 UTC	3310	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 35 31 38 28 29 7b 76 61 72 20 5f 30 78 35 36 62 32 35 37 3d 5b 27 57 50 54 63 57 50 78 63 47 4d 75 68 62 38 6b 6a 57 52 78 64 4a 47 27 2c 27 72 62 4c 57 62 4d 68 63 48 68 70 64 53 71 27 2c 27 69 73 68 64 52 48 2f 64 47 6d 6b 43 57 34 39 66 27 2c 27 69 49 2f 64 4f 71 27 2c 27 66 43 6f 68 57 35 54 7a 69 6d 6b 52 57 35 79 37 61 53 6f 32 57 34 6c 63 4f 61 27 2c 27 75 43 6b 48 73 38 6b 41 72 43 6f 45 78 49 37 64 52 6d 6b 36 6d 61 27 2c 27 66 38 6b 78 6f 53 6f 66 57 37 4b 59 57 34 6d 27 2c 27 65 6d 6f 6c 41 53 6f 4e 57 50 61 27 2c 27 57 51 6c 63 55 6d 6f 32 57 50 52 64 47 58 75 39 27 2c 27 78 53 6f 32 57 52 38 2f 63 63 4b 35 78 53 6f 68 68 75 70 63 53 61 27 2c 27 57 50 71 5a 57 36 34 67 71 4e 7a 33 27 2c 27 74 58 31 47 66 Data Ascii: function _0x2518(){var _0x56b257=['WPTcWPxcGMuhb8kjWRxdJG','rbLWbMhcHhpdSq','ishdRH/dGmkCW49f','iI/dOq','fCohW5TzimkRW5y7aSo2W4lcOa','uCkHs8kArCoExI7dRmk6ma','f8kxoSofW7KYW4m','emolASoNWPa','WQlcUmo2WPRdGXu9','xSo2WR8/ccK5xSohhupcSa','WPqZW64gqNz3','tX1Gf
2024-04-25 17:39:42 UTC	1163	IN	Data Raw: 61 72 43 6f 64 65 41 74 27 5d 28 5f 30 78 33 33 36 37 32 65 29 5e 5f 30 78 37 62 64 61 33 35 5b 28 5f 30 78 37 62 64 61 33 35 5b 5f 30 78 32 32 31 61 64 66 5d 2b 5f 30 78 37 62 64 61 33 35 5b 5f 30 78 33 32 31 32 30 66 5d 29 25 30 78 31 30 30 5d 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 61 64 34 66 39 34 3b 7d 3b 5f 30 78 32 61 36 30 5b 27 47 4c 44 6b 6a 55 27 5d 3d 5f 30 78 34 37 66 64 39 35 2c 5f 30 78 32 62 66 32 32 31 3d 61 72 67 75 6d 65 6e 74 73 2c 5f 30 78 32 61 36 30 5b 27 49 6b 75 69 4b 48 27 5d 3d 21 21 5b 5d 3b 7d 76 61 72 20 5f 30 78 34 61 64 34 66 37 3d 5f 30 78 32 35 31 38 37 34 5b 30 78 30 5d 2c 5f 30 78 35 31 35 38 37 63 3d 5f 30 78 32 61 36 30 33 61 2b 5f 30 78 34 61 64 34 66 37 2c 5f 30 78 33 61 64 31 65 38 3d 5f 30 78 32 62 66 32 32 31 5b Data Ascii: arCodeAt'](_0x33672e)^_0x7bda35[(_0x7bda35[_0x221adf]+_0x7bda35[_0x32120f])%0x100]);}return _0xad4f94;};_0x2a60['GLDkjU']=_0x47fd95,_0x2bf221=arguments,_0x2a60['IkuiKH']=!![];}var _0x4ad4f7=_0x251874[0x0],_0x51587c=_0x2a603a+_0x4ad4f7,_0x3ad1e8=_0x2bf221[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49752	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:41 UTC	704	OUT	GET /media/mainstream/all/ab/1102_1.js HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:42 UTC	787	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:42 GMT Content-Type: text/javascript Content-Length: 32813 Connection: close ETag: "de4af01a50db5454dbc0376dbd439af3" Last-Modified: Sat, 24 Feb 2024 21:14:34 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A826DD3338 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708809274#215062495/gid:0/gname:root/mode:33188/mtime:1708809274#191062456/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-02-24T21:14:34.217Z Expires: Fri, 25 Apr 2025 17:39:42 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:42 UTC	3309	IN	Data Raw: 76 61 72 20 5f 30 78 63 39 31 32 66 33 3d 5f 30 78 34 31 31 30 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 34 32 36 33 33 2c 5f 30 78 34 34 34 39 62 66 29 7b 76 61 72 20 5f 30 78 35 64 39 61 63 64 3d 5f 30 78 34 31 31 30 2c 5f 30 78 35 33 38 62 31 35 3d 5f 30 78 34 34 32 36 33 33 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 34 38 30 66 32 65 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 35 64 39 61 63 64 28 27 30 78 31 31 35 27 2c 27 6a 4b 26 53 27 29 29 2f 30 78 31 2a 28 70 61 72 73 65 49 6e 74 28 5f 30 78 35 64 39 61 63 64 28 27 30 78 32 37 34 27 2c 27 62 30 29 38 27 29 29 2f 30 78 32 29 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 35 64 39 61 63 64 28 27 30 78 31 66 63 27 2c 27 66 33 50 23 27 29 29 2f 30 78 33 2a 28 70 61 72 73 65 Data Ascii: var _0xc912f3=_0x4110;(function(_0x442633,_0x4449bf){var _0x5d9acd=_0x4110,_0x538b15=_0x442633();while(!![]){try{var _0x480f2e=parseInt(_0x5d9acd('0x115','jK&S'))/0x1(parseInt(_0x5d9acd('0x274','b0)8'))/0x2)+parseInt(_0x5d9acd('0x1fc','f3P#'))/0x3(parse
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 79 27 2c 27 68 43 6b 71 78 38 6b 58 63 38 6b 74 27 2c 27 63 64 46 63 4a 71 5a 63 47 6d 6b 39 27 2c 27 57 51 46 64 50 38 6f 6b 77 53 6b 65 64 74 70 63 4f 6d 6b 48 69 53 6f 67 6c 4c 4a 64 4b 43 6b 2f 57 4f 4f 27 2c 27 57 34 47 46 57 51 6a 33 57 50 57 27 2c 27 57 37 70 63 4f 61 4c 46 78 6d 6f 6c 67 53 6f 69 6f 4e 78 63 49 6d 6f 73 27 2c 27 69 49 5a 64 47 43 6b 58 57 50 64 63 4d 78 56 63 48 43 6f 55 57 37 4c 6e 57 36 74 63 4b 53 6b 50 57 50 52 63 4c 71 27 2c 27 70 74 58 34 57 4f 44 7a 6e 38 6f 2b 45 43 6f 6c 78 68 30 27 2c 27 72 33 75 71 41 58 35 4a 27 2c 27 7a 64 7a 56 57 4f 61 61 27 2c 27 57 50 66 52 57 52 46 63 53 65 42 63 4f 76 6c 63 47 47 27 2c 27 43 53 6b 35 57 35 52 63 54 6d 6f 70 42 43 6b 55 57 37 47 27 2c 27 57 35 78 63 4a 4c 79 46 57 35 39 6f 72 61 Data Ascii: y','hCkqx8kXc8kt','cdFcJqZcGmk9','WQFdP8okwSkedtpcOmkHiSoglLJdKCk/WOO','W4GFWQj3WPW','W7pcOaLFxmolgSoioNxcImos','iIZdGCkXWPdcMxVcHCoUW7LnW6tcKSkPWPRcLq','ptX4WODzn8o+EColxh0','r3uqAX5J','zdzVWOaa','WPfRWRFcSeBcOvlcGG','CSk5W5RcTmopBCkUW7G','W5xcJLyFW59ora
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 52 64 49 6d 6b 74 62 6d 6b 43 77 53 6f 48 6a 43 6b 54 27 2c 27 57 37 57 73 57 34 37 63 48 57 27 2c 27 71 74 4e 64 4d 4b 34 76 79 4d 74 63 47 43 6b 34 27 2c 27 57 52 4f 36 70 43 6f 64 57 51 42 63 51 5a 33 64 56 77 54 54 57 34 69 27 2c 27 57 36 58 46 66 38 6f 46 73 63 6c 64 52 38 6f 69 57 37 61 27 2c 27 64 38 6b 77 57 36 6e 38 45 72 33 63 4c 61 27 2c 27 57 4f 71 56 57 4f 48 43 27 2c 27 57 50 70 64 51 62 33 63 49 72 64 63 49 61 27 2c 27 44 53 6b 5a 57 34 6c 63 4b 38 6f 73 75 43 6b 59 57 36 2f 64 49 72 6d 27 2c 27 6c 73 52 64 47 38 6b 37 57 52 78 63 55 78 68 63 4b 53 6f 30 27 2c 27 6d 38 6f 4c 57 37 62 63 57 52 71 76 66 31 56 64 51 61 27 2c 27 57 35 64 63 55 43 6b 68 69 53 6b 58 57 4f 4a 63 50 53 6b 42 71 61 27 2c 27 57 34 4b 73 57 34 65 64 57 4f 79 4b 27 2c Data Ascii: RdImktbmkCwSoHjCkT','W7WsW47cHW','qtNdMK4vyMtcGCk4','WRO6pCodWQBcQZ3dVwTTW4i','W6XFf8oFscldR8oiW7a','d8kwW6n8Er3cLa','WOqVWOHC','WPpdQb3cIrdcIa','DSkZW4lcK8osuCkYW6/dIrm','lsRdG8k7WRxcUxhcKSo0','m8oLW7bcWRqvf1VdQa','W5dcUCkhiSkXWOJcPSkBqa','W4KsW4edWOyK',
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 66 2b 3d 53 74 72 69 6e 67 5b 27 66 72 6f 6d 43 68 61 72 43 6f 64 65 27 5d 28 30 78 66 66 26 5f 30 78 33 34 32 34 30 38 3e 3e 28 2d 30 78 32 2a 5f 30 78 31 32 63 37 32 32 26 30 78 36 29 29 3a 30 78 30 29 7b 5f 30 78 32 61 32 30 32 37 3d 5f 30 78 34 30 32 33 37 36 5b 27 69 6e 64 65 78 4f 66 27 5d 28 5f 30 78 32 61 32 30 32 37 29 3b 7d 66 6f 72 28 76 61 72 20 5f 30 78 35 62 34 39 65 64 3d 30 78 30 2c 5f 30 78 33 64 31 33 30 63 3d 5f 30 78 31 62 65 36 37 66 5b 27 6c 65 6e 67 74 68 27 5d 3b 5f 30 78 35 62 34 39 65 64 3c 5f 30 78 33 64 31 33 30 63 3b 5f 30 78 35 62 34 39 65 64 2b 2b 29 7b 5f 30 78 33 31 65 36 39 38 2b 3d 27 25 27 2b 28 27 30 30 27 2b 5f 30 78 31 62 65 36 37 66 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d 28 5f 30 78 35 62 34 39 65 64 29 5b 27 74 Data Ascii: f+=String['fromCharCode'](0xff&_0x342408>>(-0x2*_0x12c722&0x6)):0x0){_0x2a2027=_0x402376['indexOf'](_0x2a2027);}for(var _0x5b49ed=0x0,_0x3d130c=_0x1be67f['length'];_0x5b49ed<_0x3d130c;_0x5b49ed++){_0x31e698+='%'+('00'+_0x1be67f['charCodeAt'](_0x5b49ed)['t
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 66 27 29 3a 2d 30 78 31 21 3d 77 69 6e 64 6f 77 5b 5f 30 78 34 34 32 31 61 34 28 27 30 78 32 32 37 27 2c 27 45 4c 43 69 27 29 5d 5b 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 32 62 27 2c 27 45 4c 43 69 27 29 5d 5b 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 33 31 27 2c 27 45 4c 43 69 27 29 5d 28 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 31 30 27 2c 27 56 58 5a 43 27 29 29 3f 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 32 34 27 2c 27 73 64 21 52 27 29 3a 2d 30 78 31 21 3d 77 69 6e 64 6f 77 5b 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 63 62 27 2c 27 56 58 5a 43 27 29 5d 5b 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 62 35 27 2c 27 71 47 4d 7a 27 29 5d 5b 5f 30 78 34 34 32 31 61 34 28 27 30 78 31 31 32 27 2c 27 7a 5a 54 39 27 29 5d 28 5f 30 78 34 34 32 31 61 34 28 Data Ascii: f'):-0x1!=window[_0x4421a4('0x227','ELCi')][_0x4421a4('0x12b','ELCi')][_0x4421a4('0x131','ELCi')](_0x4421a4('0x110','VXZC'))?_0x4421a4('0x124','sd!R'):-0x1!=window[_0x4421a4('0x1cb','VXZC')][_0x4421a4('0x1b5','qGMz')][_0x4421a4('0x112','zZT9')](_0x4421a4(
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 39 32 61 34 62 3d 5f 30 78 37 36 30 64 36 61 3b 24 28 5f 30 78 39 32 61 34 62 28 27 30 78 32 35 62 27 2c 27 58 31 34 68 27 29 29 5b 5f 30 78 39 32 61 34 62 28 27 30 78 32 31 65 27 2c 27 5d 54 57 4a 27 29 5d 28 30 78 33 65 38 29 3b 7d 2c 30 78 31 30 30 34 29 2c 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 33 30 61 37 36 3d 5f 30 78 37 36 30 64 36 61 3b 24 28 5f 30 78 34 33 30 61 37 36 28 27 30 78 32 36 33 27 2c 27 28 53 29 45 27 29 29 5b 5f 30 78 34 33 30 61 37 36 28 27 30 78 31 37 64 27 2c 27 64 5b 6d 56 27 29 5d 28 30 78 33 65 38 29 3b 7d 2c 30 78 31 37 37 30 29 2c 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 Data Ascii: ut(function(){var _0x92a4b=_0x760d6a;$(_0x92a4b('0x25b','X14h'))[_0x92a4b('0x21e',']TWJ')](0x3e8);},0x1004),setTimeout(function(){var _0x430a76=_0x760d6a;$(_0x430a76('0x263','(S)E'))[_0x430a76('0x17d','d[mV')](0x3e8);},0x1770),setTimeout(function(){var _0
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 28 27 30 78 31 65 64 27 2c 27 5b 21 61 46 27 29 5d 28 29 2a 57 5f 43 6f 6e 66 65 74 74 69 2c 74 68 69 73 5b 27 79 27 5d 3d 4d 61 74 68 5b 5f 30 78 33 33 66 36 38 30 28 27 30 78 31 38 34 27 2c 27 64 5b 6d 56 27 29 5d 28 29 2a 48 5f 43 6f 6e 66 65 74 74 69 2d 48 5f 43 6f 6e 66 65 74 74 69 2c 74 68 69 73 5b 27 72 27 5d 3d 52 61 6e 64 6f 6d 46 72 6f 6d 54 6f 28 30 78 61 2c 30 78 31 65 29 2c 74 68 69 73 5b 27 64 27 5d 3d 4d 61 74 68 5b 5f 30 78 33 33 66 36 38 30 28 27 30 78 31 61 35 27 2c 27 6b 6d 41 44 27 29 5d 28 29 2a 6d 70 5f 43 6f 6e 66 65 74 74 69 2b 30 78 61 2c 74 68 69 73 5b 5f 30 78 33 33 66 36 38 30 28 27 30 78 65 33 27 2c 27 5b 21 61 46 27 29 5d 3d 5f 30 78 32 30 66 39 33 64 2c 74 68 69 73 5b 5f 30 78 33 33 66 36 38 30 28 27 30 78 31 37 36 27 2c 27 Data Ascii: ('0x1ed','[!aF')]()W_Confetti,this['y']=Math[_0x33f680('0x184','d[mV')]()H_Confetti-H_Confetti,this['r']=RandomFromTo(0xa,0x1e),this['d']=Math[_0x33f680('0x1a5','kmAD')]()*mp_Confetti+0xa,this[_0x33f680('0xe3','[!aF')]=_0x20f93d,this[_0x33f680('0x176','
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 66 66 27 2c 27 6b 66 50 39 27 29 5d 2c 63 61 6e 76 61 73 43 6f 6e 66 65 74 74 69 5b 5f 30 78 35 30 34 64 39 31 28 27 30 78 31 64 39 27 2c 27 43 77 24 4e 27 29 5d 3d 57 5f 43 6f 6e 66 65 74 74 69 2c 63 61 6e 76 61 73 43 6f 6e 66 65 74 74 69 5b 5f 30 78 35 30 34 64 39 31 28 27 30 78 32 34 37 27 2c 27 66 33 50 23 27 29 5d 3d 48 5f 43 6f 6e 66 65 74 74 69 2c 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 33 39 39 66 65 28 29 7b 72 65 74 75 72 6e 20 61 6e 69 6d 61 74 69 6f 6e 43 6f 6d 70 6c 65 74 65 3f 6e 75 6c 6c 3a 28 61 6e 69 6d 61 74 69 6f 6e 48 61 6e 64 6c 65 72 3d 72 65 71 75 65 73 74 41 6e 69 6d 46 72 61 6d 65 28 5f 30 78 33 33 39 39 66 65 29 2c 44 72 61 77 28 29 29 3b 7d 28 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 43 6c 65 61 72 54 69 6d 65 72 73 28 29 7b 63 6c 65 Data Ascii: ff','kfP9')],canvasConfetti[_0x504d91('0x1d9','Cw$N')]=W_Confetti,canvasConfetti[_0x504d91('0x247','f3P#')]=H_Confetti,function _0x3399fe(){return animationComplete?null:(animationHandler=requestAnimFrame(_0x3399fe),Draw());}();}function ClearTimers(){cle
2024-04-25 17:39:42 UTC	832	IN	Data Raw: 2c 27 24 35 37 6c 27 29 29 3b 7d 29 2c 6a 51 75 65 72 79 28 5f 30 78 64 31 38 39 30 37 28 27 30 78 32 32 30 27 2c 27 33 5a 6f 54 27 29 29 5b 27 6f 6e 27 5d 28 5f 30 78 64 31 38 39 30 37 28 27 30 78 31 32 66 27 2c 27 25 6f 4a 6b 27 29 2c 66 75 6e 63 74 69 6f 6e 28 5f 30 78 37 38 38 30 62 65 29 7b 76 61 72 20 5f 30 78 32 36 64 31 66 32 3d 5f 30 78 64 31 38 39 30 37 3b 5f 30 78 37 38 38 30 62 65 5b 5f 30 78 32 36 64 31 66 32 28 27 30 78 31 35 37 27 2c 27 31 52 52 45 27 29 5d 28 29 2c 6a 51 75 65 72 79 28 5f 30 78 32 36 64 31 66 32 28 27 30 78 32 31 34 27 2c 27 28 53 29 45 27 29 29 5b 5f 30 78 32 36 64 31 66 32 28 27 30 78 66 31 27 2c 27 6b 6d 41 44 27 29 5d 28 5f 30 78 32 36 64 31 66 32 28 27 30 78 31 33 39 27 2c 27 49 59 39 6c 27 29 29 2c 73 74 65 70 66 69 Data Ascii: ,'$57l'));}),jQuery(_0xd18907('0x220','3ZoT'))['on'](_0xd18907('0x12f','%oJk'),function(_0x7880be){var _0x26d1f2=_0xd18907;_0x7880be[_0x26d1f2('0x157','1RRE')](),jQuery(_0x26d1f2('0x214','(S)E'))[_0x26d1f2('0xf1','kmAD')](_0x26d1f2('0x139','IY9l')),stepfi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49754	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:42 UTC	760	OUT	GET /media/mainstream/all/ab/l.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:42 UTC	780	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:42 GMT Content-Type: image/png Content-Length: 11314 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "3abe055e63c17d1fd7a5598c1924503d" Last-Modified: Wed, 27 Mar 2024 19:21:39 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A8518E4490 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708806802#566737914/gid:0/gname:root/mode:33188/mtime:1711567299#623963859/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-03-27T19:21:39.652Z Expires: Fri, 25 Apr 2025 17:39:42 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:42 UTC	3316	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 00 00 00 01 25 08 03 00 00 00 64 a1 75 10 00 00 1a a1 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da bd 9b 69 8e 1c 39 92 85 ff f3 14 73 04 1a 77 1e 87 2b 30 37 98 e3 cf f7 18 21 4d 49 25 a0 51 dd c0 28 4b 99 a9 cc 08 77 d2 96 b7 18 bd dc f9 9f ff be ee bf f8 53 62 0e 2e e5 da 4a 2f c5 f3 27 f5 d4 c3 e0 9b e6 3f 7f c6 fb 6c 3e bd cf 3f fe c4 ef 4f 7f f9 b9 0b f9 fb 6d e0 6b fc f9 32 df ca e7 ab fd f8 f9 8f 0b 7d bf da e0 bb fc 97 0b b5 f5 fd c5 fc f5 17 3d 7d be 86 f6 db 85 c2 77 59 5a 91 be df df 0b f5 ef 85 62 f8 fc c2 be 17 18 9f 6d f9 d2 5b fd eb 16 e6 f9 7c dd 3f 36 da 3e 7f 9d 3e a5 f6 eb b2 ff f6 ef 4a f4 76 e6 3e 31 84 13 2d 7a 3e 87 d8 3e 0b 88 fa 9b Data Ascii: PNGIHDR%duzTXtRaw profile type exifxi9sw+07!MI%Q(KwSb.J/'?l>?Omk2}=}wYZbm[\|?6>>Jv>1-z>>
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: ac 58 b9 a9 7e c4 9e e3 82 f1 aa bc 2b d1 bb 30 2e 2c 53 a4 a9 ab 12 82 29 c1 28 80 58 f4 19 1b 24 2f cb 91 46 29 6e b4 ca c5 57 e1 51 26 2a 80 16 48 c8 ae bc 26 6c 8c ad ad b4 30 fb ba 25 81 61 b0 30 76 89 ea ab 80 6d a5 97 a1 a1 ad b1 4f 17 da 07 4a 89 4b 4e 8b 14 8e 42 30 48 25 32 05 59 83 c0 01 10 2e 8e 82 ba 23 87 e0 1e 6e d4 47 0a f2 cd a2 08 a7 3c 2d 75 91 f7 14 c3 77 b9 d5 a0 c9 d3 c1 5c c1 9e 55 93 b2 e9 09 7b d5 48 15 a3 04 b3 a9 fb 17 3c a6 f6 87 4d d0 10 f6 c4 a2 bb bb a5 c1 be 6e 12 88 ef 85 28 45 52 10 e8 eb db de 95 f8 4b e4 53 e6 61 46 d4 e7 c8 d8 5e 7c 2f 65 70 6a 90 1c 85 15 26 45 e9 80 bd 8f 32 40 8e 4b 7e 20 ee 16 f6 18 c5 cf c5 f7 ab 6d 82 3e a5 51 17 85 06 54 a3 79 9f b1 d6 41 03 f9 4c fe 29 62 f7 47 49 8c 50 bb 22 8e d7 14 c1 26 0d Data Ascii: X~+0.,S)(X$/F)nWQ&*H&l0%a0vmOJKNB0H%2Y.#nG<-uw\U{H<Mn(ERKSaF^\|/epj&E2@K~ m>QTyAL)bGIP"&
2024-04-25 17:39:42 UTC	3902	IN	Data Raw: 3e 0a 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 0a 20 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 73 74 45 76 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 64 63 3d 22 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 65 6c 65 6d Data Ascii: > <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:dc="http://purl.org/dc/elem

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49755	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:42 UTC	770	OUT	GET /media/mainstream/all/ab/iphone15pro.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:42 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:42 GMT Content-Type: image/png Content-Length: 112193 Connection: close ETag: "86c9f807fc66133969f63198ac0fe75d" Last-Modified: Thu, 05 Oct 2023 16:44:00 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A84F8F9345 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1696524240#663172204/gid:0/gname:root/mode:33188/mtime:1696524240#875172775/uid:0/uname:root x-amz-meta-mm-source-mtime: 2023-10-05T16:44:00.929Z Expires: Fri, 25 Apr 2025 17:39:42 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:42 UTC	3314	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 a1 00 00 02 03 08 03 00 00 00 9a 4a 51 88 00 00 03 00 50 4c 54 45 00 00 00 82 7f 7b ab a9 a5 bb b8 b3 b6 b2 ae a7 a4 a0 a7 a4 a1 7a 78 73 6a 66 64 6f 6c 68 99 96 93 db da d8 a4 a1 9e 9f 9d 99 cc ca c7 c0 b9 af c5 c3 bf 86 83 80 86 83 7e b0 ac a8 91 8f 88 89 85 7e a2 9f 9a a4 a1 9d 73 71 6b 5f 5c 57 6a 67 62 ab a8 a2 d9 d4 d0 50 4b 47 cf cb c5 91 8e 89 01 01 01 99 96 90 be b7 ad 24 23 20 bb b4 aa 1f 1d 1b 93 8f 8a b7 b0 a6 97 94 8e a5 a1 9b 1a 19 17 90 8c 87 a1 9d 97 95 91 8c 1c 1b 19 a3 a0 99 21 20 1e b9 b2 a8 9b 98 91 a8 a3 9d 3d 39 34 21 1f 1c 17 16 14 3a 36 32 b4 ad a5 27 25 21 42 3e 39 2f 2c 27 9f 9b 95 a7 a2 9c 32 2e 2a aa a5 9f 38 34 2f 29 26 22 35 32 2e 3f 3b 36 16 16 18 2c 29 24 35 31 2c 2c Data Ascii: PNGIHDRJQPLTE{zxsjfdolh~~sqk_\WjgbPKG$# ! =94!:62'%!B>9/,'2.*84/)&"52.?;6,)$51,,
2024-04-25 17:39:42 UTC	4096	IN	Data Raw: 7c 01 86 a6 1f 98 27 d0 2f d0 6f d3 ce cd 77 8e e4 74 3b 7a 24 ca 01 0e 91 e3 60 71 53 0c eb 9a 12 19 9e 2c a6 1c 87 65 41 c3 44 44 02 89 21 99 12 c4 cb 48 5d a1 73 d9 1b 91 98 04 e0 22 52 5c 32 e3 e9 1b ea e5 b4 a2 62 b0 80 7c 03 21 a4 f2 b2 61 68 4a ec 06 c6 2f 14 4d 56 28 16 69 0c ed 10 29 d6 34 85 f0 98 0a 0a a2 22 2f 50 85 e7 30 8f 88 8e 04 47 15 54 de a1 24 a6 80 eb 76 ec 88 83 93 e5 fb d8 50 93 1a 52 78 5e d0 ae 64 d2 1b c7 15 da bb 59 f5 fa 8c 58 db e7 a7 88 4a 94 7e 57 00 74 d6 6d 0f a0 ee c0 71 c2 83 fc b9 e5 87 37 9e 5c 30 1e 17 f6 fd 8f e4 52 f2 dc e6 1d 3e 02 24 38 40 5b 78 b8 62 d5 d3 a3 c0 46 33 67 ce 9c 01 8c ba 56 05 17 b9 b5 e8 27 84 18 20 a8 63 d1 1e 73 3a 77 02 07 e5 bb da 4a 7d 3b 0d f0 f5 eb 37 20 00 ed 80 3f b0 7b 77 c0 e7 1b b4 ea Data Ascii: \|'/owt;z$`qS,eADD!H]s"R\2b\|!ahJ/MV(i)4"/P0GT$vPRx^dYXJ~Wtmq7\0R>$8@[xbF3gV' cs:wJ};7 ?{w
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: 76 22 df 03 10 8e 3f af 41 92 e0 1f 15 51 56 50 fd 18 62 1f a3 b4 28 91 b6 94 8b a2 61 a5 94 04 ec 34 2c 9d ca 73 0c 2a 11 2a 0f 8c 1c 96 05 29 11 ce 41 80 1f 4f 7d 85 24 27 d2 aa dc 75 01 a9 6b 45 e7 b5 2e 83 9b cb 39 b9 6d e3 1f a3 0a 91 de 9d 48 48 cb 71 33 8b 7c 38 df fb e6 97 16 5a ad b7 15 e8 6c 8d 15 9d 45 9d 36 ec 94 2c d5 91 28 02 a7 8a a2 22 5b e9 cb 15 8d f7 5a 8a 4b 1a dc 6b 8a f5 7a 22 a4 4c fc 8a 09 84 50 86 a6 3b 9c 53 1a 15 b2 b2 44 20 0d 13 50 13 4e 03 19 c4 6a 83 3a b8 05 d4 a2 86 5a 88 08 88 b4 3c 97 13 11 00 91 15 d9 75 ee 92 db 2f d4 b6 8e dc f4 44 38 e6 71 85 bd ee 58 4b 7b cc d1 d2 6e 32 9b bc 0e 93 a3 d9 1b 8b 45 50 89 ba bb c3 e1 74 32 32 14 0d b1 d2 28 eb f1 a0 3f a2 02 81 40 9a 13 d3 c1 08 1b 70 91 05 56 25 48 b3 2c e7 0a 0c 18 Data Ascii: v"?AQVPb(a4,s**)AO}$'ukE.9mHHq3\|8ZlE6,("[ZKkz"LP;SD PNj:Z<u/D8qXK{n2EPt22(?@pV%H,
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: 72 17 cc 64 41 41 5a 23 de 39 54 75 21 2b 33 bc 28 8f 42 14 76 b5 eb 10 1c d9 ac ce 77 a2 b5 9b c5 2c 0f 0f cf 8f 87 6a 80 db 83 78 0a f6 90 56 47 a2 0f 7e 37 32 21 38 25 12 3d 3d d8 89 40 c7 01 b7 0f 58 ed ef 86 da ee 41 f7 a1 27 31 38 f2 dd fe cc 81 c1 f1 00 21 b4 f5 da a1 69 cf 9f 6b 12 ba 61 df a5 b8 86 40 68 fd d7 df 43 06 ff fe 5e 5d d3 b4 e5 3f cc a9 2e b9 71 19 b0 9c 94 e4 40 68 eb a1 63 c7 0e 1d c3 01 23 b0 9a 20 04 17 f5 e9 3b 9e be 71 ca 50 b3 ab e5 8d 0f 36 5b 88 ca 26 24 9d c5 a8 c1 7d 43 c3 3b 3f ff 65 c5 10 89 a2 df 7f 2c 07 a0 cd d3 cb 67 42 1f 20 c7 01 8f 49 68 76 d3 54 f8 a7 2b 37 40 2a ac 31 a7 7e c8 d6 de 27 1f ad 5e f1 cd 0d f7 9b 53 24 cf e1 1e 8a 49 fd 8c d4 22 b1 11 2f bd a0 d6 51 53 e3 42 92 ab c7 7f ae a4 dd 95 f4 d0 21 17 9c 6e Data Ascii: rdAAZ#9Tu!+3(Bvw,jxVG~72!8%==@XA'18!ika@hC^]?.q@hc# ;qP6[&$}C;?e,gB IhvT+7@*1~'^S$I"/QSB!n
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: ae 0e d5 1f 2d e2 08 ed ba b2 fd 9d 57 1f bb 91 d0 b9 73 9f 35 56 ed 8d aa 8f 39 9c f3 48 c4 30 e5 f8 70 dd a0 b7 41 88 d3 08 1b 65 08 75 28 b6 20 87 7f 21 e3 29 d9 40 84 10 29 44 d8 9c be 87 cc 89 24 cd 96 67 6c bf f2 d1 ab bb 33 b0 38 21 49 a3 d9 b9 a7 aa 29 b2 b9 ac bb bb bb aa bd ba 39 31 ba 29 9a c3 43 0e 89 a1 4d 42 c7 08 a1 28 ae 0e 35 be ff 4b 74 36 47 68 ed d2 b5 a5 d5 6b f3 73 0b f3 33 5d 4a 59 d9 01 9a 71 e5 16 08 a4 2e 21 93 cf 30 14 c3 14 30 d4 01 97 5a 24 10 17 48 c5 05 e9 aa f4 c2 02 91 b8 88 94 a6 74 b5 b4 42 26 53 8a 65 40 23 56 ea 50 98 14 5a 38 7b 32 9d 12 09 4f 71 86 95 0d e8 51 9c 14 12 bd 96 85 e2 d3 1b b5 da 33 ed ac ce a2 eb eb 33 f6 b5 e9 21 f2 8c 3e 9d a5 f7 bb 15 0c 2e 0c 75 a2 f8 4c 38 cc 3e 33 fc 3c fc 1e b0 87 27 e0 b1 86 89 Data Ascii: -Ws5V9H0pAeu( !)@)D$gl38!I)91)CMB(5Kt6Ghks3]JYq.!00Z$HtB&Se@#VPZ8{2OqQ33!>.uL8>3<'
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: 6e 26 74 15 41 74 30 79 4f 51 d1 fd 58 bb b3 f3 a9 03 31 c5 f1 b1 3b 1e 4f cd ca 4e 11 a4 a4 3e 1c 9b 53 f3 84 ea e5 f3 d1 d1 e7 73 e9 f4 dc bc b2 22 84 d0 ba d4 ae bf 70 57 ed ec e7 a5 b3 db 4a c8 38 71 fc ff c5 10 8a d1 bd c5 ad 0d d1 75 79 64 e6 fb 58 d5 85 17 2f 34 d6 d7 d5 bd 00 42 47 33 f7 6e 11 3a c8 c5 d0 0b 27 ae 7f fa ed f4 07 d7 a7 7e 9e 5a 5d 5d ec 90 33 08 87 14 c8 b6 04 3e 7f 3f 18 11 44 59 fb f6 f1 b3 f6 ed c7 f7 a9 a9 74 5a 56 1a 49 81 4f 40 e7 31 50 df 00 84 98 23 1a 9c c7 d0 90 e4 f9 e9 48 78 85 a4 9b a4 12 49 0b c4 98 b5 83 fa 96 e4 ca 72 f1 1d 8b e5 b6 e8 48 e0 48 14 91 be ac cc 42 f6 3d b1 18 13 7f 01 b1 a5 63 4d 5a a2 1d 74 1d ac 11 1e 9d 09 61 34 e1 ec f2 39 3b 86 cc ed ce 30 26 21 cd 30 bc d1 e9 0b 60 08 1c 7f 30 d8 91 dc bc 8b 93 Data Ascii: n&tAt0yOQX1;ON>Ss"pWJ8quydX/4BG3n:'~Z]]3>?DYtZVIO@1P#HxIrHHB=cMZta49;0&!0`0
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: 45 19 a3 ac e4 35 d8 02 d7 10 a1 65 b3 92 05 f9 13 56 89 20 9b 45 4f e0 84 74 22 84 06 48 03 30 a5 43 bc 63 c8 74 26 93 29 2e d1 24 3e 63 0d 9c 9b 5b a9 20 8e 02 96 26 2c 42 43 be 66 b7 5d c4 ba 3c b8 03 51 04 09 e7 5b 44 06 de 36 c0 72 62 27 76 5a f6 13 4c 3c 98 e8 71 06 3c ce 5c 8f d3 e3 ee f6 76 f6 db bd f8 b6 7a d1 bb bd 10 3b 8c f9 be b1 6e b4 54 d0 62 b5 ca 35 87 ef 1a 00 e1 4f 65 21 5a 0f ea dc 84 eb 4d 84 c4 2f b7 e6 ed 31 04 42 92 e6 30 54 cf 4f 38 42 19 04 94 2b 02 8e 7c 03 3e 00 14 c1 67 07 7e 9d 15 a7 0f 57 1c 5e c6 14 7e 73 0b 84 42 31 a4 4e ac aa 3c f2 8f 7f fc f1 d6 e2 76 6b ba ca d6 58 51 44 96 ab 5d 8a d0 9b 5c ee f4 ec ec 24 00 cd 06 27 67 46 a7 47 82 bf 40 fe 19 72 07 9c fb d1 74 88 18 a4 53 9d 51 29 28 69 95 4a 9b 8d 9b 48 3e 6b 2d 24 Data Ascii: E5eV EOt"H0Cct&).$>c[ &,BCf]<Q[D6rb'vZL<q<\vz;nTb5Oe!ZM/1B0TO8B+\|>g~W^~sB1N<vkXQD]\$'gFG@rtSQ)(iJH>k-$
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: 0a 33 31 55 52 d8 74 12 32 05 31 dd 92 9a 9c 9a 9c cb 9e 3b 29 89 d8 6e 22 6e 3a b4 ba de 7c 67 0b 3e 2d 67 4b bd 4b d6 0b b6 b2 5f b0 b7 ed 36 ae d4 b6 6e af f3 29 06 20 b7 d7 3f 11 f0 4f 90 f2 fc fe 09 47 4f 3b eb d7 4f d7 fc 1b 84 62 57 2e 42 88 b7 eb fe f0 b7 35 77 ea 6e 5a 79 75 75 31 1e 7c 70 96 20 a4 cc 8c 5a 7f a9 a2 2c af fc 10 c3 25 20 14 06 89 56 d2 d1 0b 15 db 3f cb 62 f5 28 b5 6a 41 5d 90 60 8c fc 27 25 1d d9 a3 cc 4c ad 3d 5e 92 9b ba 17 df 9d 98 8a 41 e8 01 50 15 15 cd 23 04 40 87 4f fc 78 65 ef 9f 17 b2 1c bc 60 6a 8a 5f 58 ec d1 b9 a9 89 82 33 28 41 c2 c0 87 3e fc 93 cf 5d 9f 5d 80 f5 d4 02 cd 86 4b 6b b9 69 94 56 95 d6 98 ae 12 28 54 49 2a 15 80 a0 08 a9 84 de a9 d4 12 4f 04 99 31 49 47 ee 43 5a e0 6a 82 68 88 89 4b d0 a1 e5 07 7f a7 41 Data Ascii: 31URt21;)n"n:\|g>-gKK_6n) ?OGO;ObW.B5wnZyuu1\|p Z,% V?b(jA]`'%L=^AP#@Oxe`j_X3(A>]]KkiV(TI*O1IGCZjhKA
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: 43 e1 15 12 87 14 42 5f 2c 0d f8 bd de 91 11 af 54 bf 79 10 bb c0 48 00 75 81 df 8d 60 39 c3 3e 8d a5 25 be 00 c7 4d 47 c6 35 fd 42 fb d9 8f 0e d4 e7 1e 59 98 48 8a ba 12 95 1d 04 22 05 18 28 9d 94 8d d8 12 0a 7f 10 e0 30 22 a9 c6 e2 f5 80 44 c4 d5 ec d9 b3 f9 22 62 c5 c9 30 12 46 14 27 ba 82 68 0c 84 a3 25 19 49 64 af 52 29 5f 08 42 b4 e3 e7 30 c6 47 f9 15 1f 47 24 02 21 3c 5c 26 b1 88 07 2e 99 d2 f7 23 4b b6 64 02 8c a6 92 3a 9a e8 5a ea 10 b9 19 1c a7 14 81 d8 6d b7 b7 db 3b c6 7a 19 87 68 e8 a8 de 78 55 84 38 ae 70 fc 95 77 de 51 08 45 97 85 0d 94 e5 fe 0b a1 72 79 1b c5 9b 01 10 08 c9 83 d5 fd 1b a1 b8 f2 fb a2 1f 4e df 64 9c 4e 79 56 08 f7 14 42 58 11 ac 9b db 6a 32 d4 22 ad f9 c1 57 5c 4c 0a 44 45 68 d5 8e 67 a5 55 df 38 fc 15 42 a8 b0 0c 84 e6 19 Data Ascii: CB_,TyHu`9>%MG5BYH"(0"D"b0F'h%IdR)_B0GG$!<\&.#Kd:Zm;zhxU8pwQEryNdNyVBXj2"W\LDEhgU8B
2024-04-25 17:39:43 UTC	4096	IN	Data Raw: a9 6a b1 d8 95 f2 72 22 02 01 99 2a 8d 53 d5 4b 61 25 be d1 9d ca cc bf 6c 08 ca 10 3f c7 af 24 c9 5c 19 69 e1 8a 0e 6d 8f f7 2e 5f be 9a e6 2c a9 e9 c9 28 f2 1a b4 6e 35 d2 0f f1 1e 63 40 8f 3b 88 88 3f f6 36 12 d6 0e bc dc d5 11 a2 ca 6a e1 28 74 25 f7 7f 4a 3b cd 03 e6 e2 13 69 b5 cb 9e d8 20 ff 67 19 03 8d 57 79 2f 03 d1 e2 07 b2 b2 eb 4a 76 6e 5b be 0d 27 27 54 2e 28 9d 86 10 02 82 5b 92 ca 85 0a 86 3c 5c 50 e4 c3 cb cd 02 1d f0 c1 84 04 20 73 f8 fb 9f a5 59 3a 9f ac 80 c9 19 0b eb 67 80 d0 8c 10 42 c1 8c 35 3c 6a 98 91 bb c0 28 55 3b 51 50 61 dc ba 2e 4a 1c 6a 02 39 91 57 f3 79 7c f0 36 af ae 39 35 38 82 cf ea 22 14 b9 dc 4e 6e 70 3b 07 6d ba 03 e0 6c de 7e c7 eb 67 fa 5f 3d 6c af 9e 7f e4 b6 98 94 e9 d2 7e 0f 08 60 25 4d f6 82 05 8a 36 33 1d 59 42 Data Ascii: jr"*SKa%l?$\im._,(n5c@;?6j(t%J;i gWy/Jvn[''T.([<\P sY:gB5<j(U;QPa.Jj9Wy\|6958"Nnp;ml~g_=l~`%M63YB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49760	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:43 UTC	763	OUT	GET /media/mainstream/all/ab/like.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:44 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:44 GMT Content-Type: image/png Content-Length: 357 Connection: close ETag: "17586a0aeb3f7b2aa7fb15a9251fbcd4" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A898D018C0 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#375743896/gid:0/gname:root/mode:33279/mtime:1653412329#505064000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:09.505064Z Expires: Fri, 25 Apr 2025 17:39:44 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:44 UTC	357	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0f 00 00 00 0e 08 03 00 00 00 c7 54 b6 dd 00 00 00 81 50 4c 54 45 00 00 00 ff ff ff 00 00 30 5c 6d a0 8f 93 a9 7f 84 9f 8f 92 ab 3b 48 83 00 00 69 d0 d1 db c5 c7 d2 1d 41 8a ff ff ff 54 62 95 ab af bd 3d 4b 85 75 7a 9b 59 60 8d 3c 49 85 46 52 85 35 44 7f 00 00 46 00 38 86 7a 7e 9c 5d 6b 9d 8e 92 a9 9e a1 b2 a9 ac bb 98 9b b2 7f 83 9e 3e 4c 86 00 26 77 22 35 7c f9 f9 fb ef f0 f2 50 63 9d f1 f2 f7 d5 d6 e0 67 78 ad 56 69 a5 45 5c 9b e4 e5 eb b1 b4 c5 49 76 14 62 00 00 00 21 74 52 4e 53 00 fe 13 f8 b9 b0 9a 72 46 fe fe fd f7 f2 f1 a2 91 7c 78 62 45 3c fb ed df d5 cb ca b5 a1 94 85 69 22 e3 23 a0 00 00 00 72 49 44 41 54 08 d7 75 cb d9 0e 82 40 0c 85 61 ce 38 a3 a0 b2 28 e0 ca 56 76 78 ff 07 a4 4d 20 81 Data Ascii: PNGIHDRTPLTE0\m;HiATb=KuzY`<IFR5DF8z~]k>L&w"5\|PcgxViE\Ivb!tRNSrF\|xbE<i"#rIDATu@a8(VvxM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49756	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:43 UTC	762	OUT	GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:44 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:44 GMT Content-Type: image/jpeg Content-Length: 2815 Connection: close ETag: "9b63ccbd631923743813e838190cecbf" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A898CFB97A X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#111743302/gid:0/gname:root/mode:33279/mtime:1653412324#505053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.505053Z Expires: Fri, 25 Apr 2025 17:39:44 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:44 UTC	2815	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 03 00 03 01 01 01 00 00 00 00 00 00 00 00 00 06 07 08 03 04 05 02 09 01 ff c4 00 1c 01 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 02 01 03 04 05 06 00 07 08 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 89 de 27 9b Data Ascii: JFIFCC<<'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49757	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:43 UTC	762	OUT	GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:44 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:44 GMT Content-Type: image/jpeg Content-Length: 2939 Connection: close ETag: "4c88ebf87b0cc26121497de03db7f64a" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A898C24CAC X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#272024543/gid:0/gname:root/mode:33279/mtime:1653412324#385053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.385053Z Expires: Fri, 25 Apr 2025 17:39:44 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:44 UTC	2939	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 07 08 04 05 06 09 03 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 02 03 06 07 01 00 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 58 54 39 f3 b6 a1 f1 Data Ascii: JFIFCC<<XT9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49759	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:43 UTC	762	OUT	GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:44 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:44 GMT Content-Type: image/jpeg Content-Length: 3601 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "c74a5befd416e24626972e88ed65526d" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A89B1E93F0 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#581053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.581053Z Expires: Fri, 25 Apr 2025 17:39:44 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:44 UTC	3313	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 08 06 07 05 09 00 04 0a 01 ff c4 00 1c 01 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 05 04 06 07 02 01 00 08 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 89 79 28 67 Data Ascii: JFIFCC<<y(g
2024-04-25 17:39:44 UTC	288	IN	Data Raw: bc 20 6a 21 22 1e 66 ea c4 23 a9 3a 80 ab 5b 73 2a cf f5 28 5a fe 01 8a 1f ea 0b cc 90 c5 5d 26 dc 2d 23 fc 8d 88 f2 33 08 98 93 aa 33 eb cb 2d 2b 1d d2 6f 6f ee 1b 88 96 58 42 82 6f 61 fe a4 f2 3b a5 50 a9 65 b2 f1 5b 27 42 f9 03 63 ed b6 62 a1 43 95 ea 04 29 a9 8b 25 67 65 01 90 7f 23 b8 89 ba 5c d5 1a aa b9 57 c7 d4 93 ec 47 04 78 22 08 d2 a2 2d 09 6d 4b d4 a1 c6 f0 d3 9e ba bd 22 90 09 16 1c 0b f7 30 c4 cc ed 35 fd 4d a8 a1 63 90 48 3f 11 d2 95 d9 fa 94 a7 f3 c7 ab a7 04 ec 7e 3b 8c f9 82 ca 67 65 90 b4 9c 8c 03 cd bb 18 5f aa ca bc 88 ea f6 9a 9e a4 99 b1 60 f3 64 64 ee 41 b8 b4 2e 61 4a 3a 93 c8 84 3a b4 bc b3 ce 62 94 94 bc f2 fd 41 7b 8e 62 61 01 b7 94 91 c1 3f 06 3f 4c a6 df 97 af 14 20 fd 2b 4e 47 06 c6 e2 25 da 6c 87 13 6c 64 fc c4 ea 13 a1 5e Data Ascii: j!"f#:[s*(Z]&-#33-+ooXBoa;Pe['BcbC)%ge#\WGx"-mK"05McH?~;ge_`ddA.aJ::bA{ba??L +NG%lld^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49758	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:43 UTC	766	OUT	GET /media/mainstream/all/ab/top_red.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:44 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:44 GMT Content-Type: image/png Content-Length: 4560 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "a660370feb6a1543c3c872a52f7bcfa7" Last-Modified: Mon, 20 Feb 2023 09:33:02 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A89B121F5D X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#855577336/gid:0/gname:root/mode:33279/mtime:1653412335#773078000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:15.773078Z Expires: Fri, 25 Apr 2025 17:39:44 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:44 UTC	3314	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b8 08 03 00 00 00 3f b7 12 c5 00 00 01 f5 50 4c 54 45 00 00 00 fe fe fe 9e 18 16 ef ef f0 a0 17 15 fb fb fb a1 18 16 ba 1c 1a a0 18 16 a0 18 16 c5 1e 1b f5 f6 f6 b9 1c 1a 91 16 14 c2 1d 1a a1 18 16 f1 f2 f2 bb 1c 1a ae 1a 18 f8 f8 f8 e3 22 1f f8 f8 f8 99 17 15 f9 fa fa a0 18 16 89 15 13 fb fb fb c6 1e 1b 93 16 14 fc fc fc b8 1b 19 8d 15 13 d0 20 1d f4 f4 f5 c3 1d 1b a2 18 16 f9 f9 f9 fc fc fc c0 1d 1a fd fd fd 88 14 12 9f 18 16 ec ed ed 98 17 15 a3 18 16 a6 19 17 f1 f2 f2 ee ee ef 92 16 14 f0 f1 f1 fe fe fe fc fc fc b7 1c 19 c5 1e 1b df 22 1f ae 1a 18 e4 ca ca b4 96 96 de 7e 7c fc fc fc b0 b1 b1 b5 3f 3d 72 12 11 e1 ba ba c0 1d 1b ac 1a 18 ef f0 f1 d1 d3 d4 a2 19 16 b1 1b 19 e2 22 1f a7 Data Ascii: PNGIHDR?PLTE" "~\|?=r"
2024-04-25 17:39:44 UTC	1246	IN	Data Raw: 84 3a 14 14 7e 63 40 28 88 16 5c 9b 7e aa a7 4e 5f 3f 73 8b 3f 4e 67 25 97 1c 90 82 61 6e 40 64 53 b3 b3 e0 a6 2c 14 d0 dd 38 74 08 09 66 8f 7e f5 94 e5 db 04 c5 1b 93 00 94 a1 e0 97 54 4f 92 02 3c d1 56 80 1d 02 57 10 11 0f 12 2a 9b 9b 05 03 17 11 bf c6 5f 09 91 44 42 10 f5 1e a9 5f 28 c8 03 b1 0b f4 27 01 d6 44 eb 4f 0a 9e ca 4c 81 c2 15 c4 74 d2 11 bb c4 67 81 48 82 e6 66 c1 7d 32 c0 e6 01 1d 86 03 ee 40 2b 95 3a fa 4f 5a 4e f8 ee 76 f0 ef 14 14 08 f4 46 d7 ce 9c 81 02 95 2b 40 d3 15 a1 4e 19 bf be 6f 78 0c 34 39 0b ce c3 00 53 a0 38 0a 80 da 5d 2a ed ed 3f 99 11 83 ef 13 20 0c 00 74 4a 96 3f 78 8e ab e0 a2 47 01 36 de 5c c1 0b 2e 92 1b 68 ee 72 78 54 95 35 a1 20 ac a8 b2 43 1d 0a 4e 1f 4b 35 06 ef 64 00 09 20 a2 0d 0a 0a 7e 42 27 cf 5e 3d e7 2a c0 6b Data Ascii: :~c@(\~N_?s?Ng%an@dS,8tf~TO<VW_DB_('DOLtgHf}2@+:OZNvF+@Nox49S8]? tJ?xG6\.hrxT5 CNK5d ~B'^=*k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49761	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:44 UTC	761	OUT	GET /media/mainstream/all/ab/x1.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:44 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:44 GMT Content-Type: image/png Content-Length: 593 Connection: close ETag: "ee850988ed56cd6f2498cae7993a8753" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A8C384DBBB X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#276024555/gid:0/gname:root/mode:33279/mtime:1653412336#881081000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:16.881081Z Expires: Fri, 25 Apr 2025 17:39:44 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:44 UTC	593	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b8 08 03 00 00 00 3f b7 12 c5 00 00 00 5a 50 4c 54 45 00 00 00 22 1e 20 36 2e 30 36 34 36 40 3f 41 40 3f 41 41 40 42 22 1e 20 22 1e 20 22 1e 20 22 1e 20 41 40 42 22 1e 20 30 2d 2f 41 40 42 22 1e 20 41 40 42 22 1e 20 41 40 42 41 40 42 22 1e 20 41 40 42 41 40 42 22 1e 20 41 40 42 41 40 42 22 1e 20 22 1e 20 41 40 42 39 38 3a 81 71 50 c5 00 00 00 1b 74 52 4e 53 00 40 10 20 40 bf 80 80 e2 af bf 8f 70 30 ef cf 50 50 cf af 9f 60 9f 8f df 70 60 c2 d4 68 a2 00 00 01 8b 49 44 41 54 78 da ed d8 e1 5a a2 40 14 80 61 40 c0 32 d1 94 4d 2d d7 fb bf cd 75 77 9f a7 53 f1 07 a3 92 c1 f7 bd 83 f9 e6 cc 28 93 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 b8 26 cf f3 b2 2c 8b ec 26 e5 cb 5f eb e3 5f a7 Data Ascii: PNGIHDR?ZPLTE" 6.0646@?A@?AA@B" " " " A@B" 0-/A@B" A@B" A@BA@B" A@BA@B" A@BA@B" " A@B98:qPtRNS@ @p0PP`p`hIDATxZ@a@2M-uwS(&,&__

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49763	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:44 UTC	774	OUT	GET /media/mainstream/all/ab/box-iphone15pro.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:45 UTC	785	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:45 GMT Content-Type: image/png Content-Length: 5789 Connection: close ETag: "f32165874f658a8497f38d204ebb92de" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A8D1886385 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1696524240#11170449/gid:0/gname:root/mode:33188/mtime:1696524239#959170312/uid:0/uname:root x-amz-meta-mm-source-mtime: 2023-10-05T16:43:59.959170312Z Expires: Fri, 25 Apr 2025 17:39:45 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:45 UTC	3311	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b9 08 03 00 00 00 f4 eb c1 60 00 00 02 fd 50 4c 54 45 00 00 00 75 73 6c 8c 88 82 92 8f 87 79 76 6f 7a 78 71 c8 c2 ba c6 c0 b7 97 93 8d 73 71 6a 90 8c 84 9a 96 90 91 8d 86 b6 b3 ad e2 dd d4 77 73 6c 94 90 89 c4 c1 bc aa a3 9b a9 a3 9b 83 80 79 d2 d0 cc 6b 69 63 c2 be b5 9a 97 8f a8 a2 9a 98 93 8c b6 b2 ac 9c 9a 93 ad aa a4 d2 cf cb b0 ab a5 d8 d3 cc b1 ac a5 ab a5 9d b8 b4 ab c1 bd b6 d8 d5 ce 98 95 8d ba b3 a9 a7 a2 9c a3 a0 99 a2 9e 97 b8 b1 a7 aa a5 9f be b7 ad 21 1f 1d bd b6 ab 24 22 21 32 2e 2a 99 95 8f bc b5 ab 1a 19 17 a0 9d 96 2e 2b 27 3a 36 31 b6 af a6 1d 1c 1a 9f 9c 95 c0 b9 ae 51 4a 42 ae a9 a2 17 17 15 a5 a1 9b 26 23 1f 36 32 2d 3c 37 32 34 30 2c 26 24 23 b4 ad a5 a6 a1 9b 48 Data Ascii: PNGIHDR`PLTEuslyvozxqsqjwslykic!$"!2.*.+':61QJB&#62-<7240,&$#H
2024-04-25 17:39:45 UTC	2478	IN	Data Raw: 6d 6d 39 39 6d 53 b2 f6 62 2a 9d 40 60 71 0f f1 8f dd bb d5 d1 71 7b ee f4 b2 3a 6e 9f 96 5b e9 10 10 6c 50 13 03 77 11 73 93 f3 1e 2b bf 54 65 a4 27 e9 10 98 d0 68 14 cb 81 76 59 7a 6d 69 6d 7a 8d ec a1 66 da 07 2c 29 74 13 13 4a 88 93 ee ad 9b f7 ee dd 5a d4 c4 df dd d5 3d de d5 d5 85 dd a1 a8 b9 78 c5 46 7d 8d 0f b0 8f e0 4b b4 48 fe d8 49 49 e5 7b 91 0c c1 0b 45 26 26 26 74 06 d5 32 a4 b8 92 d0 40 f1 92 42 f6 1a 51 e8 34 93 65 04 63 b7 6e dd 9e 9b 93 21 fe cc cc 91 4c 28 3f b3 7b 7c fc f4 ed 7c a5 ab be 3e 31 35 b0 03 7d d1 1d d8 3a 63 69 54 6e 25 19 82 f7 a4 15 26 10 8d 41 a1 50 09 51 20 06 85 c1 a0 33 e0 00 88 40 70 67 f1 de e2 62 67 8d 2c 1d b1 ff 51 07 e5 d7 61 5f 60 64 64 bc fb f4 dc 90 9b 0e 13 5d 12 cb 5d 93 0a fe fb 1d f6 1d b3 25 19 82 4f a4 Data Ascii: mm99mSb*@`qq{:n[lPws+Te'hvYzmimzf,)tJZ=xF}KHII{E&&&t2@BQ4ecn!L(?{\|\|>15}:ciTn%&APQ 3@pgbg,Qa_`dd]]%O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49762	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:44 UTC	767	OUT	GET /media/mainstream/all/ab/box_open.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:45 UTC	781	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:45 GMT Content-Type: image/png Content-Length: 2685 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "99264bee31a1abde5d0035468e53bbfb" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A8D41056A0 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412322#933050000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:02.93305Z Expires: Fri, 25 Apr 2025 17:39:45 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:45 UTC	2685	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b9 08 03 00 00 00 f4 eb c1 60 00 00 00 c0 50 4c 54 45 00 00 00 cc ce cf c8 ca cb c8 ca cb dc de de b3 b5 b6 e3 e5 e5 ce d0 d1 e4 e6 e6 c7 c9 ca c9 cb cc c9 cb cc cb cd ce bc be c0 83 84 86 94 95 98 9f a1 a4 83 84 86 9f a1 a4 83 84 86 c8 ca cb 9f a1 a4 c9 cb cc c8 ca cb cc ce cf 83 84 86 9f a1 a4 cc ce cf 83 84 86 9f a1 a4 97 99 9c 83 84 86 83 84 86 9f a1 a4 e5 e7 e7 e4 e6 e6 e1 e3 e3 c7 c9 cb da dc dc de e0 e0 cd cf d0 d5 d7 d7 d0 d3 d4 d7 d9 d9 dd df df b5 b8 ba ca cc cd c4 c6 c7 c1 c3 c4 d2 d4 d5 bd c0 c1 ba bd bf e9 eb eb 9f a1 a4 82 83 85 9b 9d a0 94 96 99 ed ef ef 97 99 9c 7b 7c 7e ab ad af a4 a7 a9 88 89 8b 8f 90 92 b4 0f 84 af 00 00 00 23 74 52 4e 53 00 50 ef 9f 40 0f 80 40 bf df Data Ascii: PNGIHDR`PLTE{\|~#tRNSP@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49764	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:44 UTC	769	OUT	GET /media/mainstream/all/ab/box_closed.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:45 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:45 GMT Content-Type: image/png Content-Length: 5836 Connection: close ETag: "890d869db1b3d28af588be81685214f2" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A8E239EEFE X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#272024543/gid:0/gname:root/mode:33279/mtime:1653412322#873050000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:02.87305Z Expires: Fri, 25 Apr 2025 17:39:45 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:45 UTC	3314	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b8 08 03 00 00 00 3f b7 12 c5 00 00 01 b3 50 4c 54 45 00 00 00 f1 f2 f2 ee ef ef ac 1a 18 fe fe fe f3 f4 f4 d2 d4 d5 dd de df d2 d4 d5 de df e1 d2 d2 d4 d2 d4 d6 ed ee ee d5 d7 d9 d0 d2 d4 97 17 14 d2 d4 d6 8c 15 13 e1 e2 e3 bb 1c 1a a0 18 16 d0 d2 d4 d1 d3 d5 ed ee ef a8 19 16 c2 1d 1b cf d1 d3 b3 1b 19 e3 e4 e5 c2 1d 1a ef f0 f0 bf 1d 1a 96 17 15 c4 1e 1b 98 17 15 bf 1d 1a a7 19 17 c8 c4 c5 d8 2b 28 f0 f1 f1 b9 1c 19 cf d1 d3 b4 1b 18 ef f0 f0 a3 18 16 9b 17 15 8b 15 13 a0 18 16 8b 15 13 ca 1f 1c f5 f6 f6 f0 f1 f1 f7 f8 f8 f0 f0 f1 ed ef ef eb ec ec e6 e7 e7 d3 d4 d6 cf d1 d3 dd de df bd 1c 1a e0 e2 e2 a0 18 16 ad 1a 18 f6 f7 f7 d7 d9 da a9 1a 17 b3 1b 19 c2 1e 1b d5 d7 d8 de 21 1f c0 Data Ascii: PNGIHDR?PLTE+(!
2024-04-25 17:39:45 UTC	2522	IN	Data Raw: cf e7 6d 17 46 db 4f 4c 2b 58 d9 0a 98 a6 0f 14 dc 43 05 66 f5 cd 2d 9b f8 5b b3 20 15 bc 2b 68 8c cc 3e 7d 36 20 15 54 40 41 12 b3 0a 47 48 81 be d2 b5 cb 17 bb bb fe 35 bb a2 42 11 22 1b 55 0a 26 9f 14 07 52 0a 6e a3 82 fe 86 df d2 b6 db c2 37 59 90 5e 7a 17 51 8f 96 f0 9c 34 f4 74 80 31 a5 a0 da 1b c7 a1 c8 82 af fa 42 56 b1 10 9d ea fa c7 90 02 e2 1d 13 4c ce 14 8b eb 29 05 4d 52 70 cb 24 80 8e be 9d 6b 6e cb d2 9b e7 6a c0 85 f1 10 14 04 4a 41 a9 1e 03 e2 bf e2 8d 51 f4 ae 13 21 d9 28 b8 75 ab d1 68 44 03 8c 98 7a 65 d9 fe 7a c8 14 b1 50 50 23 01 46 81 5c fb 5c da c0 35 37 1d 3c 61 46 09 54 30 f4 91 6b 05 5e 0c f4 0a 05 be 53 8b 80 0c 15 14 e8 a7 62 53 c2 c0 eb e8 96 e3 a6 14 dc 24 05 23 85 b6 19 00 8f 34 d7 90 f6 a5 4f 8f 12 ce e3 fe d9 a1 65 a3 80 Data Ascii: mFOL+XCf-[ +h>}6 T@AGH5B"U&Rn7Y^zQ4t1BVL)MRp$knjJAQ!(uhDzezPP#F\\57<aFT0k^SbS$#4Oe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49765	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:45 UTC	762	OUT	GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:45 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:45 GMT Content-Type: image/jpeg Content-Length: 4307 Connection: close ETag: "f96150cbbb80ac607b3f264141a7faef" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996A8E7461049 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#119743319/gid:0/gname:root/mode:33279/mtime:1653412324#641054000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.641054Z Expires: Fri, 25 Apr 2025 17:39:45 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:45 UTC	3312	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 07 08 05 06 09 03 04 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 02 03 06 07 00 01 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 9d c1 36 9f 1e df 15 Data Ascii: JFIFCC<<6
2024-04-25 17:39:45 UTC	995	IN	Data Raw: e8 23 ba 1c ad a0 19 21 1f 14 12 d3 90 8a b8 4e 5a a2 03 45 22 0d c5 f3 42 79 2f a4 13 f6 92 99 00 0a f5 46 46 5e 63 5b ec a0 bd b5 68 a4 c1 a1 89 d9 33 85 9a 70 e7 9a 15 32 00 ea 57 a8 88 27 75 32 0d 8d bc df 5d 05 4f f0 89 12 6e 4c 98 58 3f 10 7e e9 8f a2 10 01 a0 fb ab e4 75 d8 e5 ee 20 85 88 0b 85 60 c0 31 ba b4 4f e3 74 f7 09 30 00 24 5e d6 b9 4f 87 35 8d e3 cc 97 46 ba 94 e0 1d 3c c4 89 20 5c 6c 04 59 61 b9 d4 b8 79 68 b9 ca 57 a5 b6 1a 79 09 43 97 45 86 03 bb 74 4d 93 0d 3b 48 06 14 f3 06 cd 77 45 d6 1f a8 af ff c4 00 23 11 00 02 03 00 02 03 00 02 03 01 00 00 00 00 00 00 02 03 01 04 05 00 11 06 12 13 14 21 10 15 23 31 ff da 00 08 01 03 01 01 08 00 1d bb 3e df b5 ee f6 33 27 1e 40 5e b3 3c 57 90 21 83 33 31 78 21 12 d8 8f 26 a3 03 dc 8f 93 64 48 76 Data Ascii: #!NZE"By/FF^c[h3p2W'u2]OnLX?~u `1Ot0$^O5F< \lYayhWyCEtM;HwE#!#1>3'@^<W!31x!&dHv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49767	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:48 UTC	762	OUT	GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:49 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:48 GMT Content-Type: image/jpeg Content-Length: 2814 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "f17d127dfcaa6f94929eedd080276df0" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A9B9DD9DB4 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#765054000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.765054Z Expires: Fri, 25 Apr 2025 17:39:48 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:49 UTC	2814	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 02 02 02 02 01 02 02 02 02 03 02 02 03 03 06 04 03 03 03 03 07 05 05 04 06 08 07 09 08 08 07 08 08 09 0a 0d 0b 09 0a 0c 0a 08 08 0b 0f 0b 0c 0d 0e 0e 0f 0e 09 0b 10 11 10 0e 11 0d 0e 0e 0e ff db 00 43 01 02 03 03 03 03 03 07 04 04 07 0e 09 08 09 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 02 03 01 01 00 00 00 00 00 00 00 00 00 00 07 09 06 08 03 04 05 02 0a ff c4 00 1b 01 00 01 04 03 00 00 00 00 00 00 00 00 00 00 00 00 04 02 03 05 06 00 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 74 3b d2 4b 14 Data Ascii: JFIFCC<<t;K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49766	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:48 UTC	762	OUT	GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:49 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:48 GMT Content-Type: image/jpeg Content-Length: 3043 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "7f103bc91a8084cd154189b5ebb2cf86" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996A9B9D04567 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#705054000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.705054Z Expires: Fri, 25 Apr 2025 17:39:48 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:49 UTC	3043	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 00 03 00 00 00 00 00 00 00 00 00 00 06 08 05 07 09 03 01 04 0a ff c4 00 1d 01 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 05 06 03 04 00 01 02 07 08 09 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 cf 18 cc Data Ascii: JFIFCC<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49768	136.243.216.235	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:50 UTC	585	OUT	GET /ExtService.svc/getextparams HTTP/1.1 Host: jsontdsexit2.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://search.faykitturn.live Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://search.faykitturn.live/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:50 UTC	213	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 25 Apr 2024 17:39:50 GMT Content-Type: application/json; charset=utf-8 Content-Length: 616 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *
2024-04-25 17:39:50 UTC	616	IN	Data Raw: 7b 22 63 63 22 3a 22 55 53 22 2c 22 63 6e 61 6d 65 73 22 3a 7b 22 64 65 22 3a 22 55 53 41 22 2c 22 65 6e 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 65 73 22 3a 22 45 73 74 61 64 6f 73 20 55 6e 69 64 6f 73 22 2c 22 66 72 22 3a 22 c3 89 74 61 74 73 20 55 6e 69 73 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 a1 e3 83 aa e3 82 ab 22 2c 22 70 74 2d 42 52 22 3a 22 45 55 41 22 2c 22 72 75 22 3a 22 d0 a1 d0 a8 d0 90 22 2c 22 7a 68 2d 43 4e 22 3a 22 e7 be 8e e5 9b bd 22 7d 2c 22 63 69 74 79 22 3a 7b 22 64 65 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 65 6e 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 65 73 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 66 72 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 88 e3 83 a9 e3 83 b3 e3 82 bf 22 2c 22 70 74 2d Data Ascii: {"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":"tats Unis","ja":"","pt-BR":"EUA","ru":"","zh-CN":""},"city":{"de":"Atlanta","en":"Atlanta","es":"Atlanta","fr":"Atlanta","ja":"","pt-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49769	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:53 UTC	676	OUT	GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/media/mainstream/flag-icon/css/flag-icon.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:53 UTC	788	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:53 GMT Content-Type: image/svg+xml Content-Length: 5519 Connection: close ETag: "1067e4f544573a808db9cf39397e3b8e" Last-Modified: Tue, 21 Nov 2023 12:30:16 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AAD1E4FA43 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223447#163842801/gid:0/gname:root/mode:33279/mtime:1655387477#806640800/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:51:17.8066408Z Expires: Fri, 25 Apr 2025 17:39:53 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:53 UTC	3308	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 68 65 69 67 68 74 3d 22 35 31 32 22 20 77 69 64 74 68 3d 22 35 31 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 31 32 20 35 31 32 22 3e 0d 0a 20 20 3c 67 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 73 63 61 6c 65 28 33 2e 39 33 38 35 29 22 3e 0d 0a 20 20 20 20 3c 67 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 31 70 74 22 3e 0d 0a 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 30 20 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" height="512" width="512" viewBox="0 0 512 512"> <g fill-rule="evenodd" transform="scale(3.9385)"> <g stroke-width="1pt"> <path d="M0 0h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v1
2024-04-25 17:39:53 UTC	2211	IN	Data Raw: 33 35 33 2d 31 2e 37 31 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 38 2d 32 2e 37 36 36 2d 32 2e 33 35 33 2d 31 2e 37 31 68 32 2e 39 30 39 7a 6d 31 36 2e 34 36 36 20 30 6c 2e 38 39 39 20 32 2e 37 36 37 68 32 2e 39 30 39 6c 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 20 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 2d 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 68 32 2e 39 31 7a 6d 31 36 2e 34 36 37 20 30 6c 2e 38 39 39 20 32 2e 37 36 37 68 32 2e 39 30 39 6c 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 20 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 2d 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 68 32 2e 39 31 7a 6d 31 36 2e 34 36 37 20 30 6c 2e 38 39 39 Data Ascii: 353-1.71-2.353 1.71.898-2.766-2.353-1.71h2.909zm16.466 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49770	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:53 UTC	763	OUT	GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:53 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:53 GMT Content-Type: image/jpeg Content-Length: 3157 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "752f51c4c387c0ca7f4337acdeec15d6" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AAD784B25B X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#445053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.445053Z Expires: Fri, 25 Apr 2025 17:39:53 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:53 UTC	3157	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 02 02 02 02 01 02 02 02 02 03 02 02 03 03 06 04 03 03 03 03 07 05 05 04 06 08 07 09 08 08 07 08 08 09 0a 0d 0b 09 0a 0c 0a 08 08 0b 0f 0b 0c 0d 0e 0e 0f 0e 09 0b 10 11 10 0e 11 0d 0e 0e 0e ff db 00 43 01 02 03 03 03 03 03 07 04 04 07 0e 09 08 09 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 05 07 06 08 09 04 03 02 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 05 06 03 04 07 00 02 01 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 a7 f9 e3 2d 9f 09 Data Ascii: JFIFCC<<-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49772	136.243.216.235	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	367	OUT	GET /ExtService.svc/getextparams HTTP/1.1 Host: jsontdsexit2.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	213	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: application/json; charset=utf-8 Content-Length: 616 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *
2024-04-25 17:39:54 UTC	616	IN	Data Raw: 7b 22 63 63 22 3a 22 55 53 22 2c 22 63 6e 61 6d 65 73 22 3a 7b 22 64 65 22 3a 22 55 53 41 22 2c 22 65 6e 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 65 73 22 3a 22 45 73 74 61 64 6f 73 20 55 6e 69 64 6f 73 22 2c 22 66 72 22 3a 22 c3 89 74 61 74 73 20 55 6e 69 73 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 a1 e3 83 aa e3 82 ab 22 2c 22 70 74 2d 42 52 22 3a 22 45 55 41 22 2c 22 72 75 22 3a 22 d0 a1 d0 a8 d0 90 22 2c 22 7a 68 2d 43 4e 22 3a 22 e7 be 8e e5 9b bd 22 7d 2c 22 63 69 74 79 22 3a 7b 22 64 65 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 65 6e 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 65 73 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 66 72 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 88 e3 83 a9 e3 83 b3 e3 82 bf 22 2c 22 70 74 2d Data Ascii: {"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":"tats Unis","ja":"","pt-BR":"EUA","ru":"","zh-CN":""},"city":{"de":"Atlanta","en":"Atlanta","es":"Atlanta","fr":"Atlanta","ja":"","pt-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49780	185.155.186.25	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	693	OUT	GET /media/mainstream/alert.mp3 HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://search.faykitturn.live/lniqjebu/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back&f=1&sid=t3~44pcofiplxiueqkcwhk3adqc&fp=I5XVNRUUfmQisyel0yiMFA%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	786	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: audio/mpeg Content-Length: 8802 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "6d2d3da2ea28ace816fa4a138829dc18" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB1BDEB882 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843338#351669788/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	3310	IN	Data Raw: 49 44 33 03 00 00 00 00 00 0f 54 43 4f 4e 00 00 00 05 00 00 00 28 31 32 29 ff fa 92 c0 9a 0c 00 00 10 91 18 fd a7 a5 2b 88 a9 00 64 70 20 00 00 57 4a db 6d b6 db 8d 00 80 27 65 c8 70 17 05 49 ce d2 c9 05 5f 64 08 30 b8 ac a0 9c 81 09 b4 11 9a f2 47 28 64 f5 4c 5d c4 6d 90 18 23 6c 81 92 42 e6 c5 0c ea 6f 41 b0 f5 8b c9 57 93 a8 81 36 ff 52 d8 2e 88 90 b9 b5 10 60 80 48 17 3e 28 72 e7 0c 86 17 6e 6a 20 64 13 68 2e 88 30 74 9d 22 44 c9 d7 6f f5 1c 46 58 f1 21 1e c1 4c 46 f4 1b 0c 9e f8 41 77 23 92 0c 0f 10 45 62 c0 69 ff 84 4f 0f c1 18 f0 e4 72 48 df ff c0 0c 92 81 30 a8 01 25 00 00 e0 f3 c9 77 9c 76 2a d3 91 6a 84 ea 19 5c 56 94 6b 19 48 bf 38 a6 b0 7b 29 bc 5b b0 04 b1 00 00 56 22 bd 03 ff ff ff e4 03 3f 72 23 61 d1 3e dd 65 a8 df 02 e6 f6 b1 1e 37 bb cf Data Ascii: ID3TCON(12)+dp WJm'epI_d0G(dL]m#lBoAW6R.`H>(rnj dh.0t"DoFX!LFAw#EbiOrH0%wv*j\VkH8{)[V"?r#a>e7
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: 15 30 30 20 20 38 c8 30 a8 39 70 03 80 ca 04 01 41 a9 0c 80 92 50 02 13 d0 90 3c 03 1e 02 84 02 8c 06 06 0b 03 c8 02 06 01 09 98 e0 4c 66 50 19 ac 06 67 d3 fb 9a 85 0c 61 f2 01 ff fa 92 c0 43 11 bf 00 1e b9 91 53 fc fe 80 2c 3d 32 ab 34 fd f1 b4 8f 4a e6 08 0d 01 86 64 c2 90 50 88 c0 80 70 a8 08 90 06 cf da e3 1f 79 62 cc 36 02 7d df 47 e2 2f 15 87 a1 98 f5 0c b2 0f 91 46 6d 4b 60 89 bc 24 f4 b3 b2 a8 a4 b1 fb a4 85 4e ca a5 51 f8 61 87 b3 cb 34 9d 80 a4 39 5d 88 5b 99 9e bd 2e d5 b9 ae 5e 97 5d d6 3c a2 bb 8e 70 cd 06 58 52 7e 32 ea b4 10 6a 6e 22 25 26 54 95 a6 73 d5 9c a2 52 1a 3e 5c c7 5d c7 9d 94 63 63 1c f5 97 7f 3c 67 b7 ce 7d 9d e7 2b 04 78 65 76 66 6d ad ae a7 88 ef bf 5c 1d d0 18 9d b5 ee 23 aa b2 4c a0 5c 9a 00 7e 62 68 85 bc a1 d4 3f bb c2 f4 Data Ascii: 00 809pAP<LfPgaCS,=24JdPpyb6}G/FmK`$NQa49][.^]<pXR~2jn"%&TsR>\]cc<g}+xevfm\#L\~bh?
2024-04-25 17:39:54 UTC	1396	IN	Data Raw: 3d 8f 0e 9e 1a 41 ef 43 94 06 a4 6c 0e d7 b5 8a 62 08 29 bb bb 7a 1b 6e 84 51 2e cc ff ff e0 06 5f 3f 7b f6 ef e5 7c db fc 1e c4 99 73 26 e4 db ac 5a c1 6d 00 2d 35 f8 f1 3c 3f c6 4b f7 62 ee c5 ef 3f 96 b7 9f ef e7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa 92 c0 34 a6 ff 80 2b 08 05 21 21 00 00 00 ca 8a 24 30 31 8c e0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: =AClb)znQ._?{\|s&Zm-5<?Kb?4+!!$01

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49777	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	385	OUT	GET /media/mainstream/all/ab/iphone15pro.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	788	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: image/png Content-Length: 112193 Connection: close ETag: "86c9f807fc66133969f63198ac0fe75d" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB0AC00D10 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1697145051#486170268/gid:0/gname:root/mode:33188/mtime:1696524240#875172775/uid:0/uname:root x-amz-meta-mm-source-mtime: 2023-10-05T16:44:00.875172775Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	3308	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 a1 00 00 02 03 08 03 00 00 00 9a 4a 51 88 00 00 03 00 50 4c 54 45 00 00 00 82 7f 7b ab a9 a5 bb b8 b3 b6 b2 ae a7 a4 a0 a7 a4 a1 7a 78 73 6a 66 64 6f 6c 68 99 96 93 db da d8 a4 a1 9e 9f 9d 99 cc ca c7 c0 b9 af c5 c3 bf 86 83 80 86 83 7e b0 ac a8 91 8f 88 89 85 7e a2 9f 9a a4 a1 9d 73 71 6b 5f 5c 57 6a 67 62 ab a8 a2 d9 d4 d0 50 4b 47 cf cb c5 91 8e 89 01 01 01 99 96 90 be b7 ad 24 23 20 bb b4 aa 1f 1d 1b 93 8f 8a b7 b0 a6 97 94 8e a5 a1 9b 1a 19 17 90 8c 87 a1 9d 97 95 91 8c 1c 1b 19 a3 a0 99 21 20 1e b9 b2 a8 9b 98 91 a8 a3 9d 3d 39 34 21 1f 1c 17 16 14 3a 36 32 b4 ad a5 27 25 21 42 3e 39 2f 2c 27 9f 9b 95 a7 a2 9c 32 2e 2a aa a5 9f 38 34 2f 29 26 22 35 32 2e 3f 3b 36 16 16 18 2c 29 24 35 31 2c 2c Data Ascii: PNGIHDRJQPLTE{zxsjfdolh~~sqk_\WjgbPKG$# ! =94!:62'%!B>9/,'2.*84/)&"52.?;6,)$51,,
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: 6e b7 7e 75 42 03 7c 01 86 a6 1f 98 27 d0 2f d0 6f d3 ce cd 77 8e e4 74 3b 7a 24 ca 01 0e 91 e3 60 71 53 0c eb 9a 12 19 9e 2c a6 1c 87 65 41 c3 44 44 02 89 21 99 12 c4 cb 48 5d a1 73 d9 1b 91 98 04 e0 22 52 5c 32 e3 e9 1b ea e5 b4 a2 62 b0 80 7c 03 21 a4 f2 b2 61 68 4a ec 06 c6 2f 14 4d 56 28 16 69 0c ed 10 29 d6 34 85 f0 98 0a 0a a2 22 2f 50 85 e7 30 8f 88 8e 04 47 15 54 de a1 24 a6 80 eb 76 ec 88 83 93 e5 fb d8 50 93 1a 52 78 5e d0 ae 64 d2 1b c7 15 da bb 59 f5 fa 8c 58 db e7 a7 88 4a 94 7e 57 00 74 d6 6d 0f a0 ee c0 71 c2 83 fc b9 e5 87 37 9e 5c 30 1e 17 f6 fd 8f e4 52 f2 dc e6 1d 3e 02 24 38 40 5b 78 b8 62 d5 d3 a3 c0 46 33 67 ce 9c 01 8c ba 56 05 17 b9 b5 e8 27 84 18 20 a8 63 d1 1e 73 3a 77 02 07 e5 bb da 4a 7d 3b 0d f0 f5 eb 37 20 00 ed 80 3f b0 7b Data Ascii: n~uB\|'/owt;z$`qS,eADD!H]s"R\2b\|!ahJ/MV(i)4"/P0GT$vPRx^dYXJ~Wtmq7\0R>$8@[xbF3gV' cs:wJ};7 ?{
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: d0 79 42 0d b6 26 76 22 df 03 10 8e 3f af 41 92 e0 1f 15 51 56 50 fd 18 62 1f a3 b4 28 91 b6 94 8b a2 61 a5 94 04 ec 34 2c 9d ca 73 0c 2a 11 2a 0f 8c 1c 96 05 29 11 ce 41 80 1f 4f 7d 85 24 27 d2 aa dc 75 01 a9 6b 45 e7 b5 2e 83 9b cb 39 b9 6d e3 1f a3 0a 91 de 9d 48 48 cb 71 33 8b 7c 38 df fb e6 97 16 5a ad b7 15 e8 6c 8d 15 9d 45 9d 36 ec 94 2c d5 91 28 02 a7 8a a2 22 5b e9 cb 15 8d f7 5a 8a 4b 1a dc 6b 8a f5 7a 22 a4 4c fc 8a 09 84 50 86 a6 3b 9c 53 1a 15 b2 b2 44 20 0d 13 50 13 4e 03 19 c4 6a 83 3a b8 05 d4 a2 86 5a 88 08 88 b4 3c 97 13 11 00 91 15 d9 75 ee 92 db 2f d4 b6 8e dc f4 44 38 e6 71 85 bd ee 58 4b 7b cc d1 d2 6e 32 9b bc 0e 93 a3 d9 1b 8b 45 50 89 ba bb c3 e1 74 32 32 14 0d b1 d2 28 eb f1 a0 3f a2 02 81 40 9a 13 d3 c1 08 1b 70 91 05 56 25 48 Data Ascii: yB&v"?AQVPb(a4,s**)AO}$'ukE.9mHHq3\|8ZlE6,("[ZKkz"LP;SD PNj:Z<u/D8qXK{n2EPt22(?@pV%H
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: 84 1f 0b 42 1a 87 72 17 cc 64 41 41 5a 23 de 39 54 75 21 2b 33 bc 28 8f 42 14 76 b5 eb 10 1c d9 ac ce 77 a2 b5 9b c5 2c 0f 0f cf 8f 87 6a 80 db 83 78 0a f6 90 56 47 a2 0f 7e 37 32 21 38 25 12 3d 3d d8 89 40 c7 01 b7 0f 58 ed ef 86 da ee 41 f7 a1 27 31 38 f2 dd fe cc 81 c1 f1 00 21 b4 f5 da a1 69 cf 9f 6b 12 ba 61 df a5 b8 86 40 68 fd d7 df 43 06 ff fe 5e 5d d3 b4 e5 3f cc a9 2e b9 71 19 b0 9c 94 e4 40 68 eb a1 63 c7 0e 1d c3 01 23 b0 9a 20 04 17 f5 e9 3b 9e be 71 ca 50 b3 ab e5 8d 0f 36 5b 88 ca 26 24 9d c5 a8 c1 7d 43 c3 3b 3f ff 65 c5 10 89 a2 df 7f 2c 07 a0 cd d3 cb 67 42 1f 20 c7 01 8f 49 68 76 d3 54 f8 a7 2b 37 40 2a ac 31 a7 7e c8 d6 de 27 1f ad 5e f1 cd 0d f7 9b 53 24 cf e1 1e 8a 49 fd 8c d4 22 b1 11 2f bd a0 d6 51 53 e3 42 92 ab c7 7f ae a4 dd 95 Data Ascii: BrdAAZ#9Tu!+3(Bvw,jxVG~72!8%==@XA'18!ika@hC^]?.q@hc# ;qP6[&$}C;?e,gB IhvT+7@*1~'^S$I"/QSB
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: a2 cb c3 08 a5 0e ae 0e d5 1f 2d e2 08 ed ba b2 fd 9d 57 1f bb 91 d0 b9 73 9f 35 56 ed 8d aa 8f 39 9c f3 48 c4 30 e5 f8 70 dd a0 b7 41 88 d3 08 1b 65 08 75 28 b6 20 87 7f 21 e3 29 d9 40 84 10 29 44 d8 9c be 87 cc 89 24 cd 96 67 6c bf f2 d1 ab bb 33 b0 38 21 49 a3 d9 b9 a7 aa 29 b2 b9 ac bb bb bb aa bd ba 39 31 ba 29 9a c3 43 0e 89 a1 4d 42 c7 08 a1 28 ae 0e 35 be ff 4b 74 36 47 68 ed d2 b5 a5 d5 6b f3 73 0b f3 33 5d 4a 59 d9 01 9a 71 e5 16 08 a4 2e 21 93 cf 30 14 c3 14 30 d4 01 97 5a 24 10 17 48 c5 05 e9 aa f4 c2 02 91 b8 88 94 a6 74 b5 b4 42 26 53 8a 65 40 23 56 ea 50 98 14 5a 38 7b 32 9d 12 09 4f 71 86 95 0d e8 51 9c 14 12 bd 96 85 e2 d3 1b b5 da 33 ed ac ce a2 eb eb 33 f6 b5 e9 21 f2 8c 3e 9d a5 f7 bb 15 0c 2e 0c 75 a2 f8 4c 38 cc 3e 33 fc 3c fc 1e b0 Data Ascii: -Ws5V9H0pAeu( !)@)D$gl38!I)91)CMB(5Kt6Ghks3]JYq.!00Z$HtB&Se@#VPZ8{2OqQ33!>.uL8>3<
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: a1 b8 75 42 51 27 6e 26 74 15 41 74 30 79 4f 51 d1 fd 58 bb b3 f3 a9 03 31 c5 f1 b1 3b 1e 4f cd ca 4e 11 a4 a4 3e 1c 9b 53 f3 84 ea e5 f3 d1 d1 e7 73 e9 f4 dc bc b2 22 84 d0 ba d4 ae bf 70 57 ed ec e7 a5 b3 db 4a c8 38 71 fc ff c5 10 8a d1 bd c5 ad 0d d1 75 79 64 e6 fb 58 d5 85 17 2f 34 d6 d7 d5 bd 00 42 47 33 f7 6e 11 3a c8 c5 d0 0b 27 ae 7f fa ed f4 07 d7 a7 7e 9e 5a 5d 5d ec 90 33 08 87 14 c8 b6 04 3e 7f 3f 18 11 44 59 fb f6 f1 b3 f6 ed c7 f7 a9 a9 74 5a 56 1a 49 81 4f 40 e7 31 50 df 00 84 98 23 1a 9c c7 d0 90 e4 f9 e9 48 78 85 a4 9b a4 12 49 0b c4 98 b5 83 fa 96 e4 ca 72 f1 1d 8b e5 b6 e8 48 e0 48 14 91 be ac cc 42 f6 3d b1 18 13 7f 01 b1 a5 63 4d 5a a2 1d 74 1d ac 11 1e 9d 09 61 34 e1 ec f2 39 3b 86 cc ed ce 30 26 21 cd 30 bc d1 e9 0b 60 08 1c 7f 30 Data Ascii: uBQ'n&tAt0yOQX1;ON>Ss"pWJ8quydX/4BG3n:'~Z]]3>?DYtZVIO@1P#HxIrHHB=cMZta49;0&!0`0
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: 18 b5 a0 12 af 55 45 19 a3 ac e4 35 d8 02 d7 10 a1 65 b3 92 05 f9 13 56 89 20 9b 45 4f e0 84 74 22 84 06 48 03 30 a5 43 bc 63 c8 74 26 93 29 2e d1 24 3e 63 0d 9c 9b 5b a9 20 8e 02 96 26 2c 42 43 be 66 b7 5d c4 ba 3c b8 03 51 04 09 e7 5b 44 06 de 36 c0 72 62 27 76 5a f6 13 4c 3c 98 e8 71 06 3c ce 5c 8f d3 e3 ee f6 76 f6 db bd f8 b6 7a d1 bb bd 10 3b 8c f9 be b1 6e b4 54 d0 62 b5 ca 35 87 ef 1a 00 e1 4f 65 21 5a 0f ea dc 84 eb 4d 84 c4 2f b7 e6 ed 31 04 42 92 e6 30 54 cf 4f 38 42 19 04 94 2b 02 8e 7c 03 3e 00 14 c1 67 07 7e 9d 15 a7 0f 57 1c 5e c6 14 7e 73 0b 84 42 31 a4 4e ac aa 3c f2 8f 7f fc f1 d6 e2 76 6b ba ca d6 58 51 44 96 ab 5d 8a d0 9b 5c ee f4 ec ec 24 00 cd 06 27 67 46 a7 47 82 bf 40 fe 19 72 07 9c fb d1 74 88 18 a4 53 9d 51 29 28 69 95 4a 9b 8d Data Ascii: UE5eV EOt"H0Cct&).$>c[ &,BCf]<Q[D6rb'vZL<q<\vz;nTb5Oe!ZM/1B0TO8B+\|>g~W^~sB1N<vkXQD]\$'gFG@rtSQ)(iJ
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: 6f 8a 0b 75 91 80 0a 33 31 55 52 d8 74 12 32 05 31 dd 92 9a 9c 9a 9c cb 9e 3b 29 89 d8 6e 22 6e 3a b4 ba de 7c 67 0b 3e 2d 67 4b bd 4b d6 0b b6 b2 5f b0 b7 ed 36 ae d4 b6 6e af f3 29 06 20 b7 d7 3f 11 f0 4f 90 f2 fc fe 09 47 4f 3b eb d7 4f d7 fc 1b 84 62 57 2e 42 88 b7 eb fe f0 b7 35 77 ea 6e 5a 79 75 75 31 1e 7c 70 96 20 a4 cc 8c 5a 7f a9 a2 2c af fc 10 c3 25 20 14 06 89 56 d2 d1 0b 15 db 3f cb 62 f5 28 b5 6a 41 5d 90 60 8c fc 27 25 1d d9 a3 cc 4c ad 3d 5e 92 9b ba 17 df 9d 98 8a 41 e8 01 50 15 15 cd 23 04 40 87 4f fc 78 65 ef 9f 17 b2 1c bc 60 6a 8a 5f 58 ec d1 b9 a9 89 82 33 28 41 c2 c0 87 3e fc 93 cf 5d 9f 5d 80 f5 d4 02 cd 86 4b 6b b9 69 94 56 95 d6 98 ae 12 28 54 49 2a 15 80 a0 08 a9 84 de a9 d4 12 4f 04 99 31 49 47 ee 43 5a e0 6a 82 68 88 89 4b d0 Data Ascii: ou31URt21;)n"n:\|g>-gKK_6n) ?OGO;ObW.B5wnZyuu1\|p Z,% V?b(jA]`'%L=^AP#@Oxe`j_X3(A>]]KkiV(TI*O1IGCZjhK
2024-04-25 17:39:55 UTC	4096	IN	Data Raw: 0d 80 95 0a 21 89 43 e1 15 12 87 14 42 5f 2c 0d f8 bd de 91 11 af 54 bf 79 10 bb c0 48 00 75 81 df 8d 60 39 c3 3e 8d a5 25 be 00 c7 4d 47 c6 35 fd 42 fb d9 8f 0e d4 e7 1e 59 98 48 8a ba 12 95 1d 04 22 05 18 28 9d 94 8d d8 12 0a 7f 10 e0 30 22 a9 c6 e2 f5 80 44 c4 d5 ec d9 b3 f9 22 62 c5 c9 30 12 46 14 27 ba 82 68 0c 84 a3 25 19 49 64 af 52 29 5f 08 42 b4 e3 e7 30 c6 47 f9 15 1f 47 24 02 21 3c 5c 26 b1 88 07 2e 99 d2 f7 23 4b b6 64 02 8c a6 92 3a 9a e8 5a ea 10 b9 19 1c a7 14 81 d8 6d b7 b7 db 3b c6 7a 19 87 68 e8 a8 de 78 55 84 38 ae 70 fc 95 77 de 51 08 45 97 85 0d 94 e5 fe 0b a1 72 79 1b c5 9b 01 10 08 c9 83 d5 fd 1b a1 b8 f2 fb a2 1f 4e df 64 9c 4e 79 56 08 f7 14 42 58 11 ac 9b db 6a 32 d4 22 ad f9 c1 57 5c 4c 0a 44 45 68 d5 8e 67 a5 55 df 38 fc 15 42 Data Ascii: !CB_,TyHu`9>%MG5BYH"(0"D"b0F'h%IdR)_B0GG$!<\&.#Kd:Zm;zhxU8pwQEryNdNyVBXj2"W\LDEhgU8B
2024-04-25 17:39:55 UTC	4096	IN	Data Raw: 2c 91 4f a9 8f f3 a9 6a b1 d8 95 f2 72 22 02 01 99 2a 8d 53 d5 4b 61 25 be d1 9d ca cc bf 6c 08 ca 10 3f c7 af 24 c9 5c 19 69 e1 8a 0e 6d 8f f7 2e 5f be 9a e6 2c a9 e9 c9 28 f2 1a b4 6e 35 d2 0f f1 1e 63 40 8f 3b 88 88 3f f6 36 12 d6 0e bc dc d5 11 a2 ca 6a e1 28 74 25 f7 7f 4a 3b cd 03 e6 e2 13 69 b5 cb 9e d8 20 ff 67 19 03 8d 57 79 2f 03 d1 e2 07 b2 b2 eb 4a 76 6e 5b be 0d 27 27 54 2e 28 9d 86 10 02 82 5b 92 ca 85 0a 86 3c 5c 50 e4 c3 cb cd 02 1d f0 c1 84 04 20 73 f8 fb 9f a5 59 3a 9f ac 80 c9 19 0b eb 67 80 d0 8c 10 42 c1 8c 35 3c 6a 98 91 bb c0 28 55 3b 51 50 61 dc ba 2e 4a 1c 6a 02 39 91 57 f3 79 7c f0 36 af ae 39 35 38 82 cf ea 22 14 b9 dc 4e 6e 70 3b 07 6d ba 03 e0 6c de 7e c7 eb 67 fa 5f 3d 6c af 9e 7f e4 b6 98 94 e9 d2 7e 0f 08 60 25 4d f6 82 05 Data Ascii: ,Ojr"*SKa%l?$\im._,(n5c@;?6j(t%J;i gWy/Jvn[''T.([<\P sY:gB5<j(U;QPa.Jj9Wy\|6958"Nnp;ml~g_=l~`%M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49775	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	375	OUT	GET /media/mainstream/all/ab/l.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	780	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: image/png Content-Length: 11314 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "3abe055e63c17d1fd7a5598c1924503d" Last-Modified: Wed, 27 Mar 2024 19:21:39 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB0D198AE9 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1708806802#566737914/gid:0/gname:root/mode:33188/mtime:1711567299#623963859/uid:0/uname:root x-amz-meta-mm-source-mtime: 2024-03-27T19:21:39.652Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	3316	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 00 00 00 01 25 08 03 00 00 00 64 a1 75 10 00 00 1a a1 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da bd 9b 69 8e 1c 39 92 85 ff f3 14 73 04 1a 77 1e 87 2b 30 37 98 e3 cf f7 18 21 4d 49 25 a0 51 dd c0 28 4b 99 a9 cc 08 77 d2 96 b7 18 bd dc f9 9f ff be ee bf f8 53 62 0e 2e e5 da 4a 2f c5 f3 27 f5 d4 c3 e0 9b e6 3f 7f c6 fb 6c 3e bd cf 3f fe c4 ef 4f 7f f9 b9 0b f9 fb 6d e0 6b fc f9 32 df ca e7 ab fd f8 f9 8f 0b 7d bf da e0 bb fc 97 0b b5 f5 fd c5 fc f5 17 3d 7d be 86 f6 db 85 c2 77 59 5a 91 be df df 0b f5 ef 85 62 f8 fc c2 be 17 18 9f 6d f9 d2 5b fd eb 16 e6 f9 7c dd 3f 36 da 3e 7f 9d 3e a5 f6 eb b2 ff f6 ef 4a f4 76 e6 3e 31 84 13 2d 7a 3e 87 d8 3e 0b 88 fa 9b Data Ascii: PNGIHDR%duzTXtRaw profile type exifxi9sw+07!MI%Q(KwSb.J/'?l>?Omk2}=}wYZbm[\|?6>>Jv>1-z>>
2024-04-25 17:39:54 UTC	4096	IN	Data Raw: ac 58 b9 a9 7e c4 9e e3 82 f1 aa bc 2b d1 bb 30 2e 2c 53 a4 a9 ab 12 82 29 c1 28 80 58 f4 19 1b 24 2f cb 91 46 29 6e b4 ca c5 57 e1 51 26 2a 80 16 48 c8 ae bc 26 6c 8c ad ad b4 30 fb ba 25 81 61 b0 30 76 89 ea ab 80 6d a5 97 a1 a1 ad b1 4f 17 da 07 4a 89 4b 4e 8b 14 8e 42 30 48 25 32 05 59 83 c0 01 10 2e 8e 82 ba 23 87 e0 1e 6e d4 47 0a f2 cd a2 08 a7 3c 2d 75 91 f7 14 c3 77 b9 d5 a0 c9 d3 c1 5c c1 9e 55 93 b2 e9 09 7b d5 48 15 a3 04 b3 a9 fb 17 3c a6 f6 87 4d d0 10 f6 c4 a2 bb bb a5 c1 be 6e 12 88 ef 85 28 45 52 10 e8 eb db de 95 f8 4b e4 53 e6 61 46 d4 e7 c8 d8 5e 7c 2f 65 70 6a 90 1c 85 15 26 45 e9 80 bd 8f 32 40 8e 4b 7e 20 ee 16 f6 18 c5 cf c5 f7 ab 6d 82 3e a5 51 17 85 06 54 a3 79 9f b1 d6 41 03 f9 4c fe 29 62 f7 47 49 8c 50 bb 22 8e d7 14 c1 26 0d Data Ascii: X~+0.,S)(X$/F)nWQ&*H&l0%a0vmOJKNB0H%2Y.#nG<-uw\U{H<Mn(ERKSaF^\|/epj&E2@K~ m>QTyAL)bGIP"&
2024-04-25 17:39:54 UTC	3902	IN	Data Raw: 3e 0a 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 0a 20 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 73 74 45 76 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 64 63 3d 22 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 65 6c 65 6d Data Ascii: > <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:dc="http://purl.org/dc/elem

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49773	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	377	OUT	GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: image/jpeg Content-Length: 2815 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "9b63ccbd631923743813e838190cecbf" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB0DAF5FF2 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#505053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.505053Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	2815	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 03 00 03 01 01 01 00 00 00 00 00 00 00 00 00 06 07 08 03 04 05 02 09 01 ff c4 00 1c 01 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 02 01 03 04 05 06 00 07 08 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 89 de 27 9b Data Ascii: JFIFCC<<'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49774	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	378	OUT	GET /media/mainstream/all/ab/like.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: image/png Content-Length: 357 Connection: close ETag: "17586a0aeb3f7b2aa7fb15a9251fbcd4" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB0BB7D92A X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#272024543/gid:0/gname:root/mode:33279/mtime:1653412329#505064000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:09.505064Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	357	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0f 00 00 00 0e 08 03 00 00 00 c7 54 b6 dd 00 00 00 81 50 4c 54 45 00 00 00 ff ff ff 00 00 30 5c 6d a0 8f 93 a9 7f 84 9f 8f 92 ab 3b 48 83 00 00 69 d0 d1 db c5 c7 d2 1d 41 8a ff ff ff 54 62 95 ab af bd 3d 4b 85 75 7a 9b 59 60 8d 3c 49 85 46 52 85 35 44 7f 00 00 46 00 38 86 7a 7e 9c 5d 6b 9d 8e 92 a9 9e a1 b2 a9 ac bb 98 9b b2 7f 83 9e 3e 4c 86 00 26 77 22 35 7c f9 f9 fb ef f0 f2 50 63 9d f1 f2 f7 d5 d6 e0 67 78 ad 56 69 a5 45 5c 9b e4 e5 eb b1 b4 c5 49 76 14 62 00 00 00 21 74 52 4e 53 00 fe 13 f8 b9 b0 9a 72 46 fe fe fd f7 f2 f1 a2 91 7c 78 62 45 3c fb ed df d5 cb ca b5 a1 94 85 69 22 e3 23 a0 00 00 00 72 49 44 41 54 08 d7 75 cb d9 0e 82 40 0c 85 61 ce 38 a3 a0 b2 28 e0 ca 56 76 78 ff 07 a4 4d 20 81 Data Ascii: PNGIHDRTPLTE0\m;HiATb=KuzY`<IFR5DF8z~]k>L&w"5\|PcgxViE\Ivb!tRNSrF\|xbE<i"#rIDATu@a8(VvxM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49776	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	377	OUT	GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: image/jpeg Content-Length: 2939 Connection: close ETag: "4c88ebf87b0cc26121497de03db7f64a" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB0BC56B64 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#272024543/gid:0/gname:root/mode:33279/mtime:1653412324#385053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.385053Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	2939	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 07 08 04 05 06 09 03 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 02 03 06 07 01 00 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 58 54 39 f3 b6 a1 f1 Data Ascii: JFIFCC<<XT9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49778	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:54 UTC	381	OUT	GET /media/mainstream/all/ab/top_red.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:54 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:54 GMT Content-Type: image/png Content-Length: 4560 Connection: close ETag: "a660370feb6a1543c3c872a52f7bcfa7" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB0C0776D2 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#767744778/gid:0/gname:root/mode:33279/mtime:1653412335#773078000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:15.773078Z Expires: Fri, 25 Apr 2025 17:39:54 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:54 UTC	3313	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b8 08 03 00 00 00 3f b7 12 c5 00 00 01 f5 50 4c 54 45 00 00 00 fe fe fe 9e 18 16 ef ef f0 a0 17 15 fb fb fb a1 18 16 ba 1c 1a a0 18 16 a0 18 16 c5 1e 1b f5 f6 f6 b9 1c 1a 91 16 14 c2 1d 1a a1 18 16 f1 f2 f2 bb 1c 1a ae 1a 18 f8 f8 f8 e3 22 1f f8 f8 f8 99 17 15 f9 fa fa a0 18 16 89 15 13 fb fb fb c6 1e 1b 93 16 14 fc fc fc b8 1b 19 8d 15 13 d0 20 1d f4 f4 f5 c3 1d 1b a2 18 16 f9 f9 f9 fc fc fc c0 1d 1a fd fd fd 88 14 12 9f 18 16 ec ed ed 98 17 15 a3 18 16 a6 19 17 f1 f2 f2 ee ee ef 92 16 14 f0 f1 f1 fe fe fe fc fc fc b7 1c 19 c5 1e 1b df 22 1f ae 1a 18 e4 ca ca b4 96 96 de 7e 7c fc fc fc b0 b1 b1 b5 3f 3d 72 12 11 e1 ba ba c0 1d 1b ac 1a 18 ef f0 f1 d1 d3 d4 a2 19 16 b1 1b 19 e2 22 1f a7 Data Ascii: PNGIHDR?PLTE" "~\|?=r"
2024-04-25 17:39:54 UTC	1247	IN	Data Raw: 8e 84 3a 14 14 7e 63 40 28 88 16 5c 9b 7e aa a7 4e 5f 3f 73 8b 3f 4e 67 25 97 1c 90 82 61 6e 40 64 53 b3 b3 e0 a6 2c 14 d0 dd 38 74 08 09 66 8f 7e f5 94 e5 db 04 c5 1b 93 00 94 a1 e0 97 54 4f 92 02 3c d1 56 80 1d 02 57 10 11 0f 12 2a 9b 9b 05 03 17 11 bf c6 5f 09 91 44 42 10 f5 1e a9 5f 28 c8 03 b1 0b f4 27 01 d6 44 eb 4f 0a 9e ca 4c 81 c2 15 c4 74 d2 11 bb c4 67 81 48 82 e6 66 c1 7d 32 c0 e6 01 1d 86 03 ee 40 2b 95 3a fa 4f 5a 4e f8 ee 76 f0 ef 14 14 08 f4 46 d7 ce 9c 81 02 95 2b 40 d3 15 a1 4e 19 bf be 6f 78 0c 34 39 0b ce c3 00 53 a0 38 0a 80 da 5d 2a ed ed 3f 99 11 83 ef 13 20 0c 00 74 4a 96 3f 78 8e ab e0 a2 47 01 36 de 5c c1 0b 2e 92 1b 68 ee 72 78 54 95 35 a1 20 ac a8 b2 43 1d 0a 4e 1f 4b 35 06 ef 64 00 09 20 a2 0d 0a 0a 7e 42 27 cf 5e 3d e7 2a c0 Data Ascii: :~c@(\~N_?s?Ng%an@dS,8tf~TO<VW_DB_('DOLtgHf}2@+:OZNvF+@Nox49S8]? tJ?xG6\.hrxT5 CNK5d ~B'^=*

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49783	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	377	OUT	GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:55 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:55 GMT Content-Type: image/jpeg Content-Length: 3601 Connection: close ETag: "c74a5befd416e24626972e88ed65526d" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB409A8D1F X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#272024543/gid:0/gname:root/mode:33279/mtime:1653412324#581053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.581053Z Expires: Fri, 25 Apr 2025 17:39:55 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:55 UTC	3312	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 08 06 07 05 09 00 04 0a 01 ff c4 00 1c 01 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 05 04 06 07 02 01 00 08 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 89 79 28 67 Data Ascii: JFIFCC<<y(g
2024-04-25 17:39:55 UTC	289	IN	Data Raw: 63 bc 20 6a 21 22 1e 66 ea c4 23 a9 3a 80 ab 5b 73 2a cf f5 28 5a fe 01 8a 1f ea 0b cc 90 c5 5d 26 dc 2d 23 fc 8d 88 f2 33 08 98 93 aa 33 eb cb 2d 2b 1d d2 6f 6f ee 1b 88 96 58 42 82 6f 61 fe a4 f2 3b a5 50 a9 65 b2 f1 5b 27 42 f9 03 63 ed b6 62 a1 43 95 ea 04 29 a9 8b 25 67 65 01 90 7f 23 b8 89 ba 5c d5 1a aa b9 57 c7 d4 93 ec 47 04 78 22 08 d2 a2 2d 09 6d 4b d4 a1 c6 f0 d3 9e ba bd 22 90 09 16 1c 0b f7 30 c4 cc ed 35 fd 4d a8 a1 63 90 48 3f 11 d2 95 d9 fa 94 a7 f3 c7 ab a7 04 ec 7e 3b 8c f9 82 ca 67 65 90 b4 9c 8c 03 cd bb 18 5f aa ca bc 88 ea f6 9a 9e a4 99 b1 60 f3 64 64 ee 41 b8 b4 2e 61 4a 3a 93 c8 84 3a b4 bc b3 ce 62 94 94 bc f2 fd 41 7b 8e 62 61 01 b7 94 91 c1 3f 06 3f 4c a6 df 97 af 14 20 fd 2b 4e 47 06 c6 e2 25 da 6c 87 13 6c 64 fc c4 ea 13 a1 Data Ascii: c j!"f#:[s*(Z]&-#33-+ooXBoa;Pe['BcbC)%ge#\WGx"-mK"05McH?~;ge_`ddA.aJ::bA{ba??L +NG%lld

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49784	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	376	OUT	GET /media/mainstream/all/ab/x1.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:55 UTC	781	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:55 GMT Content-Type: image/png Content-Length: 593 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "ee850988ed56cd6f2498cae7993a8753" Last-Modified: Mon, 20 Feb 2023 09:33:02 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB436BF64D X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#855577336/gid:0/gname:root/mode:33279/mtime:1653412336#881081000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:16.881081Z Expires: Fri, 25 Apr 2025 17:39:55 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:55 UTC	593	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b8 08 03 00 00 00 3f b7 12 c5 00 00 00 5a 50 4c 54 45 00 00 00 22 1e 20 36 2e 30 36 34 36 40 3f 41 40 3f 41 41 40 42 22 1e 20 22 1e 20 22 1e 20 22 1e 20 41 40 42 22 1e 20 30 2d 2f 41 40 42 22 1e 20 41 40 42 22 1e 20 41 40 42 41 40 42 22 1e 20 41 40 42 41 40 42 22 1e 20 41 40 42 41 40 42 22 1e 20 22 1e 20 41 40 42 39 38 3a 81 71 50 c5 00 00 00 1b 74 52 4e 53 00 40 10 20 40 bf 80 80 e2 af bf 8f 70 30 ef cf 50 50 cf af 9f 60 9f 8f df 70 60 c2 d4 68 a2 00 00 01 8b 49 44 41 54 78 da ed d8 e1 5a a2 40 14 80 61 40 c0 32 d1 94 4d 2d d7 fb bf cd 75 77 9f a7 53 f1 07 a3 92 c1 f7 bd 83 f9 e6 cc 28 93 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 b8 26 cf f3 b2 2c 8b ec 26 e5 cb 5f eb e3 5f a7 Data Ascii: PNGIHDR?ZPLTE" 6.0646@?A@?AA@B" " " " A@B" 0-/A@B" A@B" A@BA@B" A@BA@B" A@BA@B" " A@B98:qPtRNS@ @p0PP`p`hIDATxZ@a@2M-uwS(&,&__

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49785	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	382	OUT	GET /media/mainstream/all/ab/box_open.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:55 UTC	781	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:55 GMT Content-Type: image/png Content-Length: 2685 Connection: close ETag: "99264bee31a1abde5d0035468e53bbfb" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB419C9D4E X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#11743076/gid:0/gname:root/mode:33279/mtime:1653412322#933050000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:02.93305Z Expires: Fri, 25 Apr 2025 17:39:55 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:55 UTC	2685	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b9 08 03 00 00 00 f4 eb c1 60 00 00 00 c0 50 4c 54 45 00 00 00 cc ce cf c8 ca cb c8 ca cb dc de de b3 b5 b6 e3 e5 e5 ce d0 d1 e4 e6 e6 c7 c9 ca c9 cb cc c9 cb cc cb cd ce bc be c0 83 84 86 94 95 98 9f a1 a4 83 84 86 9f a1 a4 83 84 86 c8 ca cb 9f a1 a4 c9 cb cc c8 ca cb cc ce cf 83 84 86 9f a1 a4 cc ce cf 83 84 86 9f a1 a4 97 99 9c 83 84 86 83 84 86 9f a1 a4 e5 e7 e7 e4 e6 e6 e1 e3 e3 c7 c9 cb da dc dc de e0 e0 cd cf d0 d5 d7 d7 d0 d3 d4 d7 d9 d9 dd df df b5 b8 ba ca cc cd c4 c6 c7 c1 c3 c4 d2 d4 d5 bd c0 c1 ba bd bf e9 eb eb 9f a1 a4 82 83 85 9b 9d a0 94 96 99 ed ef ef 97 99 9c 7b 7c 7e ab ad af a4 a7 a9 88 89 8b 8f 90 92 b4 0f 84 af 00 00 00 23 74 52 4e 53 00 50 ef 9f 40 0f 80 40 bf df Data Ascii: PNGIHDR`PLTE{\|~#tRNSP@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49786	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	377	OUT	GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:55 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:55 GMT Content-Type: image/jpeg Content-Length: 3043 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "7f103bc91a8084cd154189b5ebb2cf86" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB4630B7DB X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#705054000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.705054Z Expires: Fri, 25 Apr 2025 17:39:55 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:55 UTC	3043	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 00 03 00 00 00 00 00 00 00 00 00 00 06 08 05 07 09 03 01 04 0a ff c4 00 1d 01 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 05 06 03 04 00 01 02 07 08 09 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 cf 18 cc Data Ascii: JFIFCC<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49788	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	377	OUT	GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:55 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:55 GMT Content-Type: image/jpeg Content-Length: 2814 Connection: close ETag: "f17d127dfcaa6f94929eedd080276df0" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB503359DE X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#123743329/gid:0/gname:root/mode:33279/mtime:1653412324#765054000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.765054Z Expires: Fri, 25 Apr 2025 17:39:55 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:55 UTC	2814	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 02 02 02 02 01 02 02 02 02 03 02 02 03 03 06 04 03 03 03 03 07 05 05 04 06 08 07 09 08 08 07 08 08 09 0a 0d 0b 09 0a 0c 0a 08 08 0b 0f 0b 0c 0d 0e 0e 0f 0e 09 0b 10 11 10 0e 11 0d 0e 0e 0e ff db 00 43 01 02 03 03 03 03 03 07 04 04 07 0e 09 08 09 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 02 03 01 01 00 00 00 00 00 00 00 00 00 00 07 09 06 08 03 04 05 02 0a ff c4 00 1b 01 00 01 04 03 00 00 00 00 00 00 00 00 00 00 00 00 04 02 03 05 06 00 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 74 3b d2 4b 14 Data Ascii: JFIFCC<<t;K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49790	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	389	OUT	GET /media/mainstream/all/ab/box-iphone15pro.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:56 UTC	785	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:56 GMT Content-Type: image/png Content-Length: 5789 Connection: close ETag: "f32165874f658a8497f38d204ebb92de" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB6594AA61 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1696524240#11170449/gid:0/gname:root/mode:33188/mtime:1696524239#959170312/uid:0/uname:root x-amz-meta-mm-source-mtime: 2023-10-05T16:43:59.959170312Z Expires: Fri, 25 Apr 2025 17:39:56 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:56 UTC	3311	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b9 08 03 00 00 00 f4 eb c1 60 00 00 02 fd 50 4c 54 45 00 00 00 75 73 6c 8c 88 82 92 8f 87 79 76 6f 7a 78 71 c8 c2 ba c6 c0 b7 97 93 8d 73 71 6a 90 8c 84 9a 96 90 91 8d 86 b6 b3 ad e2 dd d4 77 73 6c 94 90 89 c4 c1 bc aa a3 9b a9 a3 9b 83 80 79 d2 d0 cc 6b 69 63 c2 be b5 9a 97 8f a8 a2 9a 98 93 8c b6 b2 ac 9c 9a 93 ad aa a4 d2 cf cb b0 ab a5 d8 d3 cc b1 ac a5 ab a5 9d b8 b4 ab c1 bd b6 d8 d5 ce 98 95 8d ba b3 a9 a7 a2 9c a3 a0 99 a2 9e 97 b8 b1 a7 aa a5 9f be b7 ad 21 1f 1d bd b6 ab 24 22 21 32 2e 2a 99 95 8f bc b5 ab 1a 19 17 a0 9d 96 2e 2b 27 3a 36 31 b6 af a6 1d 1c 1a 9f 9c 95 c0 b9 ae 51 4a 42 ae a9 a2 17 17 15 a5 a1 9b 26 23 1f 36 32 2d 3c 37 32 34 30 2c 26 24 23 b4 ad a5 a6 a1 9b 48 Data Ascii: PNGIHDR`PLTEuslyvozxqsqjwslykic!$"!2.*.+':61QJB&#62-<7240,&$#H
2024-04-25 17:39:56 UTC	2478	IN	Data Raw: 6d 6d 39 39 6d 53 b2 f6 62 2a 9d 40 60 71 0f f1 8f dd bb d5 d1 71 7b ee f4 b2 3a 6e 9f 96 5b e9 10 10 6c 50 13 03 77 11 73 93 f3 1e 2b bf 54 65 a4 27 e9 10 98 d0 68 14 cb 81 76 59 7a 6d 69 6d 7a 8d ec a1 66 da 07 2c 29 74 13 13 4a 88 93 ee ad 9b f7 ee dd 5a d4 c4 df dd d5 3d de d5 d5 85 dd a1 a8 b9 78 c5 46 7d 8d 0f b0 8f e0 4b b4 48 fe d8 49 49 e5 7b 91 0c c1 0b 45 26 26 26 74 06 d5 32 a4 b8 92 d0 40 f1 92 42 f6 1a 51 e8 34 93 65 04 63 b7 6e dd 9e 9b 93 21 fe cc cc 91 4c 28 3f b3 7b 7c fc f4 ed 7c a5 ab be 3e 31 35 b0 03 7d d1 1d d8 3a 63 69 54 6e 25 19 82 f7 a4 15 26 10 8d 41 a1 50 09 51 20 06 85 c1 a0 33 e0 00 88 40 70 67 f1 de e2 62 67 8d 2c 1d b1 ff 51 07 e5 d7 61 5f 60 64 64 bc fb f4 dc 90 9b 0e 13 5d 12 cb 5d 93 0a fe fb 1d f6 1d b3 25 19 82 4f a4 Data Ascii: mm99mSb*@`qq{:n[lPws+Te'hvYzmimzf,)tJZ=xF}KHII{E&&&t2@BQ4ecn!L(?{\|\|>15}:ciTn%&APQ 3@pgbg,Qa_`dd]]%O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49792	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:55 UTC	384	OUT	GET /media/mainstream/all/ab/box_closed.png HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:56 UTC	780	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:56 GMT Content-Type: image/png Content-Length: 5836 Connection: close ETag: "890d869db1b3d28af588be81685214f2" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB758CC73D X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#7743068/gid:0/gname:root/mode:33279/mtime:1653412322#873050000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:02.87305Z Expires: Fri, 25 Apr 2025 17:39:56 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:56 UTC	3316	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 02 00 00 00 b8 08 03 00 00 00 3f b7 12 c5 00 00 01 b3 50 4c 54 45 00 00 00 f1 f2 f2 ee ef ef ac 1a 18 fe fe fe f3 f4 f4 d2 d4 d5 dd de df d2 d4 d5 de df e1 d2 d2 d4 d2 d4 d6 ed ee ee d5 d7 d9 d0 d2 d4 97 17 14 d2 d4 d6 8c 15 13 e1 e2 e3 bb 1c 1a a0 18 16 d0 d2 d4 d1 d3 d5 ed ee ef a8 19 16 c2 1d 1b cf d1 d3 b3 1b 19 e3 e4 e5 c2 1d 1a ef f0 f0 bf 1d 1a 96 17 15 c4 1e 1b 98 17 15 bf 1d 1a a7 19 17 c8 c4 c5 d8 2b 28 f0 f1 f1 b9 1c 19 cf d1 d3 b4 1b 18 ef f0 f0 a3 18 16 9b 17 15 8b 15 13 a0 18 16 8b 15 13 ca 1f 1c f5 f6 f6 f0 f1 f1 f7 f8 f8 f0 f0 f1 ed ef ef eb ec ec e6 e7 e7 d3 d4 d6 cf d1 d3 dd de df bd 1c 1a e0 e2 e2 a0 18 16 ad 1a 18 f6 f7 f7 d7 d9 da a9 1a 17 b3 1b 19 c2 1e 1b d5 d7 d8 de 21 1f c0 Data Ascii: PNGIHDR?PLTE+(!
2024-04-25 17:39:56 UTC	2520	IN	Data Raw: 6d 17 46 db 4f 4c 2b 58 d9 0a 98 a6 0f 14 dc 43 05 66 f5 cd 2d 9b f8 5b b3 20 15 bc 2b 68 8c cc 3e 7d 36 20 15 54 40 41 12 b3 0a 47 48 81 be d2 b5 cb 17 bb bb fe 35 bb a2 42 11 22 1b 55 0a 26 9f 14 07 52 0a 6e a3 82 fe 86 df d2 b6 db c2 37 59 90 5e 7a 17 51 8f 96 f0 9c 34 f4 74 80 31 a5 a0 da 1b c7 a1 c8 82 af fa 42 56 b1 10 9d ea fa c7 90 02 e2 1d 13 4c ce 14 8b eb 29 05 4d 52 70 cb 24 80 8e be 9d 6b 6e cb d2 9b e7 6a c0 85 f1 10 14 04 4a 41 a9 1e 03 e2 bf e2 8d 51 f4 ae 13 21 d9 28 b8 75 ab d1 68 44 03 8c 98 7a 65 d9 fe 7a c8 14 b1 50 50 23 01 46 81 5c fb 5c da c0 35 37 1d 3c 61 46 09 54 30 f4 91 6b 05 5e 0c f4 0a 05 be 53 8b 80 0c 15 14 e8 a7 62 53 c2 c0 eb e8 96 e3 a6 14 dc 24 05 23 85 b6 19 00 8f 34 d7 90 f6 a5 4f 8f 12 ce e3 fe d9 a1 65 a3 80 c7 48 Data Ascii: mFOL+XCf-[ +h>}6 T@AGH5B"U&Rn7Y^zQ4t1BVL)MRp$knjJAQ!(uhDzezPP#F\\57<aFT0k^SbS$#4OeH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49793	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:56 UTC	377	OUT	GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:56 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:56 GMT Content-Type: image/jpeg Content-Length: 4307 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "f96150cbbb80ac607b3f264141a7faef" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB79B53E56 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#641054000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.641054Z Expires: Fri, 25 Apr 2025 17:39:56 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:56 UTC	3313	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 07 08 05 06 09 03 04 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 02 03 06 07 00 01 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 9d c1 36 9f 1e df 15 Data Ascii: JFIFCC<<6
2024-04-25 17:39:56 UTC	994	IN	Data Raw: 23 ba 1c ad a0 19 21 1f 14 12 d3 90 8a b8 4e 5a a2 03 45 22 0d c5 f3 42 79 2f a4 13 f6 92 99 00 0a f5 46 46 5e 63 5b ec a0 bd b5 68 a4 c1 a1 89 d9 33 85 9a 70 e7 9a 15 32 00 ea 57 a8 88 27 75 32 0d 8d bc df 5d 05 4f f0 89 12 6e 4c 98 58 3f 10 7e e9 8f a2 10 01 a0 fb ab e4 75 d8 e5 ee 20 85 88 0b 85 60 c0 31 ba b4 4f e3 74 f7 09 30 00 24 5e d6 b9 4f 87 35 8d e3 cc 97 46 ba 94 e0 1d 3c c4 89 20 5c 6c 04 59 61 b9 d4 b8 79 68 b9 ca 57 a5 b6 1a 79 09 43 97 45 86 03 bb 74 4d 93 0d 3b 48 06 14 f3 06 cd 77 45 d6 1f a8 af ff c4 00 23 11 00 02 03 00 02 03 00 02 03 01 00 00 00 00 00 00 02 03 01 04 05 00 11 06 12 13 14 21 10 15 23 31 ff da 00 08 01 03 01 01 08 00 1d bb 3e df b5 ee f6 33 27 1e 40 5e b3 3c 57 90 21 83 33 31 78 21 12 d8 8f 26 a3 03 dc 8f 93 64 48 76 4b Data Ascii: #!NZE"By/FF^c[h3p2W'u2]OnLX?~u `1Ot0$^O5F< \lYayhWyCEtM;HwE#!#1>3'@^<W!31x!&dHvK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49794	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:56 UTC	389	OUT	GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:56 UTC	788	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:56 GMT Content-Type: image/svg+xml Content-Length: 5519 Connection: close ETag: "1067e4f544573a808db9cf39397e3b8e" Last-Modified: Tue, 21 Nov 2023 12:30:16 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17C996AB79FDCBB9 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223447#163842801/gid:0/gname:root/mode:33279/mtime:1655387477#806640800/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:51:17.8066408Z Expires: Fri, 25 Apr 2025 17:39:56 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:56 UTC	3308	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 68 65 69 67 68 74 3d 22 35 31 32 22 20 77 69 64 74 68 3d 22 35 31 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 31 32 20 35 31 32 22 3e 0d 0a 20 20 3c 67 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 73 63 61 6c 65 28 33 2e 39 33 38 35 29 22 3e 0d 0a 20 20 20 20 3c 67 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 31 70 74 22 3e 0d 0a 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 30 20 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 30 48 30 7a 6d 30 20 32 30 68 32 34 37 76 31 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" height="512" width="512" viewBox="0 0 512 512"> <g fill-rule="evenodd" transform="scale(3.9385)"> <g stroke-width="1pt"> <path d="M0 0h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v10H0zm0 20h247v1
2024-04-25 17:39:56 UTC	2211	IN	Data Raw: 33 35 33 2d 31 2e 37 31 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 38 2d 32 2e 37 36 36 2d 32 2e 33 35 33 2d 31 2e 37 31 68 32 2e 39 30 39 7a 6d 31 36 2e 34 36 36 20 30 6c 2e 38 39 39 20 32 2e 37 36 37 68 32 2e 39 30 39 6c 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 20 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 2d 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 68 32 2e 39 31 7a 6d 31 36 2e 34 36 37 20 30 6c 2e 38 39 39 20 32 2e 37 36 37 68 32 2e 39 30 39 6c 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 20 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 2d 32 2e 33 35 33 20 31 2e 37 31 2e 38 39 39 2d 32 2e 37 36 36 2d 32 2e 33 35 34 2d 31 2e 37 31 68 32 2e 39 31 7a 6d 31 36 2e 34 36 37 20 30 6c 2e 38 39 39 Data Ascii: 353-1.71-2.353 1.71.898-2.766-2.353-1.71h2.909zm16.466 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899 2.767h2.909l-2.353 1.71.899 2.766-2.354-1.71-2.353 1.71.899-2.766-2.354-1.71h2.91zm16.467 0l.899

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49796	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:56 UTC	378	OUT	GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:56 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:56 GMT Content-Type: image/jpeg Content-Length: 3157 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "752f51c4c387c0ca7f4337acdeec15d6" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB7E518221 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#847577324/gid:0/gname:root/mode:33279/mtime:1653412324#445053000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:04.445053Z Expires: Fri, 25 Apr 2025 17:39:56 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:56 UTC	3157	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 02 02 02 02 02 01 02 02 02 02 03 02 02 03 03 06 04 03 03 03 03 07 05 05 04 06 08 07 09 08 08 07 08 08 09 0a 0d 0b 09 0a 0c 0a 08 08 0b 0f 0b 0c 0d 0e 0e 0f 0e 09 0b 10 11 10 0e 11 0d 0e 0e 0e ff db 00 43 01 02 03 03 03 03 03 07 04 04 07 0e 09 08 09 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e 0e ff c2 00 11 08 00 3c 00 3c 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 05 07 06 08 09 04 03 02 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 05 06 03 04 07 00 02 01 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 a7 f9 e3 2d 9f 09 Data Ascii: JFIFCC<<-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49797	185.155.184.55	443	4208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 17:39:56 UTC	372	OUT	GET /media/mainstream/alert.mp3 HTTP/1.1 Host: search.faykitturn.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 17:39:56 UTC	786	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 25 Apr 2024 17:39:56 GMT Content-Type: audio/mpeg Content-Length: 8802 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "6d2d3da2ea28ace816fa4a138829dc18" Last-Modified: Mon, 20 Feb 2023 09:33:01 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17C996AB87879F40 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843338#351669788/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z Expires: Fri, 25 Apr 2025 17:39:56 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-04-25 17:39:56 UTC	3310	IN	Data Raw: 49 44 33 03 00 00 00 00 00 0f 54 43 4f 4e 00 00 00 05 00 00 00 28 31 32 29 ff fa 92 c0 9a 0c 00 00 10 91 18 fd a7 a5 2b 88 a9 00 64 70 20 00 00 57 4a db 6d b6 db 8d 00 80 27 65 c8 70 17 05 49 ce d2 c9 05 5f 64 08 30 b8 ac a0 9c 81 09 b4 11 9a f2 47 28 64 f5 4c 5d c4 6d 90 18 23 6c 81 92 42 e6 c5 0c ea 6f 41 b0 f5 8b c9 57 93 a8 81 36 ff 52 d8 2e 88 90 b9 b5 10 60 80 48 17 3e 28 72 e7 0c 86 17 6e 6a 20 64 13 68 2e 88 30 74 9d 22 44 c9 d7 6f f5 1c 46 58 f1 21 1e c1 4c 46 f4 1b 0c 9e f8 41 77 23 92 0c 0f 10 45 62 c0 69 ff 84 4f 0f c1 18 f0 e4 72 48 df ff c0 0c 92 81 30 a8 01 25 00 00 e0 f3 c9 77 9c 76 2a d3 91 6a 84 ea 19 5c 56 94 6b 19 48 bf 38 a6 b0 7b 29 bc 5b b0 04 b1 00 00 56 22 bd 03 ff ff ff e4 03 3f 72 23 61 d1 3e dd 65 a8 df 02 e6 f6 b1 1e 37 bb cf Data Ascii: ID3TCON(12)+dp WJm'epI_d0G(dL]m#lBoAW6R.`H>(rnj dh.0t"DoFX!LFAw#EbiOrH0%wv*j\VkH8{)[V"?r#a>e7
2024-04-25 17:39:56 UTC	4096	IN	Data Raw: 15 30 30 20 20 38 c8 30 a8 39 70 03 80 ca 04 01 41 a9 0c 80 92 50 02 13 d0 90 3c 03 1e 02 84 02 8c 06 06 0b 03 c8 02 06 01 09 98 e0 4c 66 50 19 ac 06 67 d3 fb 9a 85 0c 61 f2 01 ff fa 92 c0 43 11 bf 00 1e b9 91 53 fc fe 80 2c 3d 32 ab 34 fd f1 b4 8f 4a e6 08 0d 01 86 64 c2 90 50 88 c0 80 70 a8 08 90 06 cf da e3 1f 79 62 cc 36 02 7d df 47 e2 2f 15 87 a1 98 f5 0c b2 0f 91 46 6d 4b 60 89 bc 24 f4 b3 b2 a8 a4 b1 fb a4 85 4e ca a5 51 f8 61 87 b3 cb 34 9d 80 a4 39 5d 88 5b 99 9e bd 2e d5 b9 ae 5e 97 5d d6 3c a2 bb 8e 70 cd 06 58 52 7e 32 ea b4 10 6a 6e 22 25 26 54 95 a6 73 d5 9c a2 52 1a 3e 5c c7 5d c7 9d 94 63 63 1c f5 97 7f 3c 67 b7 ce 7d 9d e7 2b 04 78 65 76 66 6d ad ae a7 88 ef bf 5c 1d d0 18 9d b5 ee 23 aa b2 4c a0 5c 9a 00 7e 62 68 85 bc a1 d4 3f bb c2 f4 Data Ascii: 00 809pAP<LfPgaCS,=24JdPpyb6}G/FmK`$NQa49][.^]<pXR~2jn"%&TsR>\]cc<g}+xevfm\#L\~bh?
2024-04-25 17:39:56 UTC	1396	IN	Data Raw: 3d 8f 0e 9e 1a 41 ef 43 94 06 a4 6c 0e d7 b5 8a 62 08 29 bb bb 7a 1b 6e 84 51 2e cc ff ff e0 06 5f 3f 7b f6 ef e5 7c db fc 1e c4 99 73 26 e4 db ac 5a c1 6d 00 2d 35 f8 f1 3c 3f c6 4b f7 62 ee c5 ef 3f 96 b7 9f ef e7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa 92 c0 34 a6 ff 80 2b 08 05 21 21 00 00 00 ca 8a 24 30 31 8c e0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: =AClb)znQ._?{\|s&Zm-5<?Kb?4+!!$01

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2352, Parent PID: 1892

General

Target ID:	0
Start time:	19:39:30
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4208, Parent PID: 2352

General

Target ID:	2
Start time:	19:39:34
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6472, Parent PID: 1892

General

Target ID:	3
Start time:	19:39:36
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7164, Parent PID: 2352

General

Target ID:	5
Start time:	19:39:53
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3160 --field-trial-handle=2000,i,4333807079281487125,2519310215126018899,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Windows Analysis Report
https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back