Edit tour

Windows Analysis Report
https://started-ledgger.webflow.io

Overview

General Information

Sample URL:	https://started-ledgger.webflow.io
Analysis ID:	1637109
Tags:	tweetfeed
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish64

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2436,i,2546769467226362878,4728244360888877078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2448 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://started-ledgger.webflow.io" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_64	Yara detected HtmlPhish_64	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://started-ledgger.webflow.io

Avira URL Cloud: detection malicious, Label: phishing

Phishing

Yara detected HtmlPhish64

Source: Yara match

File source: 0.0.pages.csv, type: HTML

AI detected suspicious URL

Source: https://started-ledgger.webflow.io

Joe Sandbox AI: The URL 'https://started-ledgger.webflow.io' appears to be a typosquatting attempt targeting the brand 'Ledger', a known company in the cryptocurrency hardware wallet industry. The domain uses a visual character substitution by adding an extra 'g' in 'ledgger', which closely resembles the legitimate brand name 'Ledger'. The use of 'webflow.io' as a domain extension is not inherently suspicious, as Webflow is a legitimate platform for hosting websites. However, the combination of the misspelled brand name and the use of a subdomain ('started-ledgger') suggests an attempt to mimic the legitimate brand's URL structure. The similarity score is high due to the visual resemblance and potential for user confusion. The likelihood of this being a typosquatting attempt is also high, given the structural similarity and the context of the brand being in a high-risk industry for phishing attempts.

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.73.143
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.73.143
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiJo8sBCIWgzQEI/qXOAQiB1s4BCKXgzgEIruTOAQjf5M4BCIzlzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6517aab6d6409bc0545865df/css/started-ledgger.webflow.eac4e227f.css HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://started-ledgger.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6517aab6d6409bc0545865df/js/webflow.24a563ff7.js HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://started-ledgger.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6517aab6d6409bc0545865df HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-aliveOrigin: https://started-ledgger.webflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://started-ledgger.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6517aab6d6409bc0545865df/6517ab22b4022cb457327678_ledger%20favcoin.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://started-ledgger.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6517aab6d6409bc0545865df/6517aad2cde9c5589d17f88c_ledger%20webflow-p-1600.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://started-ledgger.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6517aab6d6409bc0545865df/6517ab22b4022cb457327678_ledger%20favcoin.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6517aab6d6409bc0545865df/6517aad2cde9c5589d17f88c_ledger%20webflow-p-1600.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /QfI0oeMfX HTTP/1.1Host: gtly.toConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://started-ledgger.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gtly.toConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gtly.to/QfI0oeMfXAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: started-ledgger.webflow.io
Source: global traffic	DNS traffic detected: DNS query: cdn.prod.website-files.com
Source: global traffic	DNS traffic detected: DNS query: d3e54v103j8qbb.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: gtly.to
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-powered-by: Expresscache-control: private, no-cache, no-store, must-revalidatereferer: https://started-ledgger.webflow.io/content-type: text/html; charset=utf-8etag: W/"188-ze4DTuXMy5nJCVqsdQu1C2/PUow"X-Cloud-Trace-Context: 005e5c79727f6529432413c72e5526f6Date: Thu, 13 Mar 2025 10:06:56 GMTServer: Google FrontendContent-Length: 392Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-powered-by: Expresscache-control: private, no-cache, no-store, must-revalidatecontent-type: text/html; charset=utf-8etag: W/"188-ze4DTuXMy5nJCVqsdQu1C2/PUow"X-Cloud-Trace-Context: 244466964c2bb8354129b194ca9d5c1eDate: Thu, 13 Mar 2025 10:06:57 GMTServer: Google FrontendContent-Length: 392Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: chromecache_54.1.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_54.1.dr	String found in binary or memory: https://github.com/bkwld/tram

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6000_1589538067

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6000_1589538067

Jump to behavior

Source: classification engine

Classification label: mal60.phis.win@22/16@21/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2436,i,2546769467226362878,4728244360888877078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2448 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://started-ledgger.webflow.io"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2436,i,2546769467226362878,4728244360888877078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2448 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://started-ledgger.webflow.io	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6517aab6d6409bc0545865df	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d3e54v103j8qbb.cloudfront.net	52.222.232.47	true	false	high
gtly.to	34.107.207.124	true	false	high
started-ledgger.webflow.io	172.64.151.8	true	true	unknown
beacons-handoff.gcp.gvt2.com	142.251.143.67	true	false	high
cdn.prod.website-files.com	104.18.161.117	true	false	high
www.google.com	172.217.18.4	true	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://gtly.to/QfI0oeMfX	false		high
https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/js/webflow.24a563ff7.js	false		high
https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/css/started-ledgger.webflow.eac4e227f.css	false		high
https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/6517aad2cde9c5589d17f88c_ledger%20webflow-p-1600.png	false		high
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6517aab6d6409bc0545865df	false	Avira URL Cloud: safe	unknown
https://started-ledgger.webflow.io/	true		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://gtly.to/favicon.ico	false		high
https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/6517ab22b4022cb457327678_ledger%20favcoin.png	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/bkwld/tram	chromecache_54.1.dr	false		high
http://underscorejs.org	chromecache_54.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
104.18.161.117	cdn.prod.website-files.com	United States	13335	CLOUDFLARENETUS	false
34.107.207.124	gtly.to	United States	15169	GOOGLEUS	false
172.64.151.8	started-ledgger.webflow.io	United States	13335	CLOUDFLARENETUS	true
52.222.232.47	d3e54v103j8qbb.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.9
192.168.2.5
192.168.2.11
192.168.2.10

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637109
Start date and time:	2025-03-13 11:05:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://started-ledgger.webflow.io
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@22/16@21/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.186.174, 142.250.185.142, 108.177.15.84, 142.250.185.78, 142.250.185.110, 172.217.23.110, 199.232.214.172, 172.217.18.14, 142.250.184.206, 142.250.186.78, 172.217.16.206, 142.250.74.206, 172.217.16.195, 142.250.184.238, 142.250.181.227, 172.202.163.200, 23.60.203.209
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://started-ledgger.webflow.io

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2587)
Category:	downloaded
Size (bytes):	37222
Entropy (8bit):	5.233351760563068
Encrypted:	false
SSDEEP:	768:oSh7f7A1ReqMrFyF54mkxWaIi1aUuF9ZlNF+FJFGFI9fmV/3P0mq1izJVmn:oSe1Req44UYcDoT/fC1J
MD5:	EAC4E227F97E9BF676946184E60589E5
SHA1:	6AA0826AC10C51C61A4AFF0E63130026BD36CAA5
SHA-256:	49845C30541A4549C136F97E41A90B1DEB1A2E7F078D473DBA6F6B50AF8FBA51
SHA-512:	72B478054B13CB4C4BD8288607EAC623FCE2B2D513EBE34968CDBF2DD2920D8EDA68CCEF531F643B121F4A02ED17C30C51D003DDA368B60BDDF1D916D2316765
Malicious:	false
Reputation:	low
URL:	https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/css/started-ledgger.webflow.eac4e227f.css
Preview:	html {. -ms-text-size-adjust: 100%;. -webkit-text-size-adjust: 100%;. font-family: sans-serif;.}..body {. margin: 0;.}..article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary {. display: block;.}..audio, canvas, progress, video {. vertical-align: baseline;. display: inline-block;.}..audio:not([controls]) {. height: 0;. display: none;.}..[hidden], template {. display: none;.}..a {. background-color: rgba(0, 0, 0, 0);.}..a:active, a:hover {. outline: 0;.}..abbr[title] {. border-bottom: 1px dotted;.}..b, strong {. font-weight: bold;.}..dfn {. font-style: italic;.}..h1 {. margin: .67em 0;. font-size: 2em;.}..mark {. color: #000;. background: #ff0;.}..small {. font-size: 80%;.}..sub, sup {. vertical-align: baseline;. font-size: 75%;. line-height: 0;. position: relative;.}..sup {. top: -.5em;.}..sub {. bottom: -.25em;.}..img {. border: 0;.}..svg:not(:root) {. overflow: hidden;.}..figure {. margin: 1em 40px;.}..hr {.

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 7486
Category:	downloaded
Size (bytes):	3038
Entropy (8bit):	7.939650226115795
Encrypted:	false
SSDEEP:	48:X0RzaU5dAO89t7DHYXpcWq6Wy2I0Jnj5ll1m9s6QyrkT+phUvtuBmvxq1NI5AD00:W7259lz0pRgI0puC6Tr/HEvxeCADik
MD5:	7A1EBD8C97FD98E0A919143CAB895307
SHA1:	62B3005FBA49979CFA383D455F02AB0BD6F380EF
SHA-256:	12AE8BE4E9FD6A3A70C0B52A93849103A8E1F346C323C00B467EB627EBDC2A5C
SHA-512:	D4F7EC96C2C0AE9A1F2D16319D4B4410C25C9C2D05344F6C875025F5F7DBD78E9BBDCF433ADB9951616EDBA71786A7D44B957D8A41DCFEBD8FE344B89E48D936
Malicious:	false
Reputation:	low
URL:	https://started-ledgger.webflow.io/
Preview:	...........Y.n.F.....kH..... ...X..+...I6.-.l..9.d...c...\|..dOU.....e7...........N.\|..............G.....N{%..Dl......(.M3.Z_.G.I.>.M!F....t^...\.L%......U....O..bz.h...l)....x..b........ke.....>.%.D"..5.(1.....yi.a..d.Rv..._[.:..-f.RFG....a.O.....B.....K..4P29;)..".u..j.......>Wg...87....&~..q..`U.6y].D]....H.Z..d....M.U..O..A...N~...\|..Fm...0V...:.8d......e"..........e...X1..o."+c.@....f@D\|x..@......b.+.MIF....;.3..5..~s:0.Gl.....lu.>.m..F{.....K.e.....@.]...(.o....B....+.....]Lwg..&.76:..iH.....%.G.\,su:....jc.m!-.v.W.TVzcie..+.Y...:..r.[&.wt.Q.s..H...0.....}h.d\|....t.U.aUN...L)?..F<.x...Rd..K.......c.=3.....V...81q].Z.....p...&..>).q..{......<.t....n3u.... ...g3~...W...07...2...n.....rY.`..{.....;..?9....c.gWD.yt8....pq\|0?>:^.H.J...\.F..z...k/4B.3<G........Jt..j. YU...5z..P.".l.N.[.\|3.f.U.lj..{d.y.t@.:.r.o.._U.............<N..x.X>Lf..r.o..}6dn$x....6.p.....M....l.u.....gT...)Y].o3.)..I..r.=....Sg.e.,}.3.=j.;.?.\.......J.

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21487)
Category:	downloaded
Size (bytes):	37393
Entropy (8bit):	5.445369188716833
Encrypted:	false
SSDEEP:	768:55p9L796k8g5gTT3dflN5GJrU8Nkl5RpN5wEWZpuOusJHA:55p9L796lg5s5cCl5R5
MD5:	24A563FF7F33A526F1C5D98A4724B161
SHA1:	0A17FF5052DB690E6B85B142CAF2A2B8A1209BE3
SHA-256:	42EBE676344CE06CD4DF40F82E6CE5D899BDE9A89691EF37E8F732CABB70E1DA
SHA-512:	32484047F3A150B4FB6681B9C41569207783713C1D0791D2F68BC975B01AE70F06E276F3AC194CE16A44C21E339F38DF500E9677A087C7FDB64F0B1AC0F63DD7
Malicious:	false
Reputation:	low
URL:	https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/js/webflow.24a563ff7.js
Preview:	./!. Webflow: Front-end site library. * @license MIT. * Inline scripts may access the api using an async handler:. * var Webflow = Webflow \|\| [];. * Webflow.push(readyFunction);. /..(()=>{var lt=(e,y)=>()=>(y\|\|e((y={exports:{}}).exports,y),y.exports);var Pt=lt(()=>{window.tram=function(e){function y(t,n){var i=new J.Bare;return i.init(t,n)}function l(t){return t.replace(/[A-Z]/g,function(n){return"-"+n.toLowerCase()})}function A(t){var n=parseInt(t.slice(1),16),i=n>>16&255,r=n>>8&255,s=255&n;return[i,r,s]}function C(t,n,i){return"#"+(1<<24\|t<<16\|n<<8\|i).toString(16).slice(1)}function g(){}function L(t,n){B("Type warning: Expected: ["+t+"] Got: ["+typeof n+"] "+n)}function _(t,n,i){B("Units do not match ["+t+"]: "+n+", "+i)}function R(t,n,i){if(n!==void 0&&(i=n),t===void 0)return i;var r=i;return we.test(t)\|\|!Xt.test(t)?r=parseInt(t,10):Xt.test(t)&&(r=1e3parseFloat(t)),0>r&&(r=0),r===r?r:i}function B(t){et.debug&&window&&window.console.warn(t)}function U(t){for(var n=-1,i=t?t.l

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1600 x 801, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	94569
Entropy (8bit):	7.970384829601366
Encrypted:	false
SSDEEP:	1536:hqq6/C1c5LJXYghjx1tM2r1KuYUndrczG++pMBUvCRb8el+jU7R6EzZEUYN:hvK2ghFjr0mrcZNDgdj/E+U6
MD5:	3F519A1FD6816421B809E704FC8E9225
SHA1:	274D2AFEB028267A74E2C90FC3685FCD704563C0
SHA-256:	5568285C7C8E52BEA202683F72032E623187129E38BDDE6ED2F4EC24378E6D28
SHA-512:	2CE30373D89C34EC00981370DAD2C3454C22C86E091D0770349B4D5D9E6B88CB73D0A95696FAFF222D4DB64AEC5CA6285465658E9E99E57F9699A94CFDDE3938
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...!......B......PLTE......(((................S.......$$$d..&&&......!!!.......................................666..................///......**.........333kkk......---......999......................V................,,,....C.........................eee......VVV.........@@@GGH.........i..OON.M....qqq....................~~............xxx.............^^^.....g............................!....\........W........................................-........1..........B...................5..F...l.6x........\|..z4.Dy..............$Y.k@....M..;b...j.b4....K'.o..].....Z...3....P......a..^....m.O.....pfF(..aGYx.}HJ...o$.O.3Kf.Q.g.~X3.j.,C ...8..Z(h...(}fT.....p.~c.v..9%...i........w..Zm..c@..y;d.?...d.rI+9KQ=.z.....\....K1P.....8.....t..Y .......HDvTy........pHYs............... .IDATx..{P.g......l.....F.N..... #.E."$....})X...}.....U.....f.]..M.n8.l.-{.H"..V].^7.J-o..ILI.IyR...}...h..(..Ov.LO_.~f.\|..\... .. .. .. .. .. .. .. .. ..

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
URL:	https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6517aab6d6409bc0545865df
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	529
Entropy (8bit):	7.380211687423399
Encrypted:	false
SSDEEP:	12:6v/7iQ/FASODt70zjodCpm3g3Xoo8xpAMAWhNGjN:HM3XoRzAX5
MD5:	39B84B74A9F50D238E22DF983977EE5C
SHA1:	9CC2C31459C58C11DCDC1DBD24B02BBF6D1B9428
SHA-256:	3E1F55FB4074D836F896F1A382B2ECECF6E48D1F989CB767CDF62A2FDB92755F
SHA-512:	E1DDACAD3817EF664E6DF79D2EFCE3CD67CE88D7D0D522B13632C4BF6B3289C4A76BBDEAE405C0E9F1CD59952F8AAC0FD414AF70BA121DE144C368F39E05FCFE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........+......IDATXG...0.........L.....W..\|.;...>..2.6vWv.&........\....k..%_._.......@Q.eh..2......E!.v..#k............ ..4.K.u..(.8..C.m......w...<..j.........&.C..8./+......../WA..1..pH.....K}......>dYF.5..3.N'..:5R[.d2..T.$.Q.Y.m:....x..u..Ft.^.r...R.`E..RG.>y....n..m.!.....h......%..k..f..;Li...jo/.....{..6ImD...,..:...v.4M.vW..\.-..)...caL^_).D...e...^_."../D.....L_.bu..a.k.&..a.... }%.Q^@.9..<.%U.}.gA.....>....-.......IEND.B`.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1600 x 801, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	94569
Entropy (8bit):	7.970384829601366
Encrypted:	false
SSDEEP:	1536:hqq6/C1c5LJXYghjx1tM2r1KuYUndrczG++pMBUvCRb8el+jU7R6EzZEUYN:hvK2ghFjr0mrcZNDgdj/E+U6
MD5:	3F519A1FD6816421B809E704FC8E9225
SHA1:	274D2AFEB028267A74E2C90FC3685FCD704563C0
SHA-256:	5568285C7C8E52BEA202683F72032E623187129E38BDDE6ED2F4EC24378E6D28
SHA-512:	2CE30373D89C34EC00981370DAD2C3454C22C86E091D0770349B4D5D9E6B88CB73D0A95696FAFF222D4DB64AEC5CA6285465658E9E99E57F9699A94CFDDE3938
Malicious:	false
Reputation:	low
URL:	https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/6517aad2cde9c5589d17f88c_ledger%20webflow-p-1600.png
Preview:	.PNG........IHDR...@...!......B......PLTE......(((................S.......$$$d..&&&......!!!.......................................666..................///......**.........333kkk......---......999......................V................,,,....C.........................eee......VVV.........@@@GGH.........i..OON.M....qqq....................~~............xxx.............^^^.....g............................!....\........W........................................-........1..........B...................5..F...l.6x........\|..z4.Dy..............$Y.k@....M..;b...j.b4....K'.o..].....Z...3....P......a..^....m.O.....pfF(..aGYx.}HJ...o$.O.3Kf.Q.g.~X3.j.,C ...8..Z(h...(}fT.....p.~c.v..9%...i........w..Zm..c@..y;d.?...d.rI+9KQ=.z.....\....K1P.....8.....t..Y .......HDvTy........pHYs............... .IDATx..{P.g......l.....F.N..... #.E."$....})X...}.....U.....f.]..M.n8.l.-{.H"..V].^7.J-o..ILI.IyR...}...h..(..Ov.LO_.~f.\|..\... .. .. .. .. .. .. .. .. ..

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (906)
Category:	downloaded
Size (bytes):	911
Entropy (8bit):	5.1802498737343
Encrypted:	false
SSDEEP:	24:OHNMo6DOhhULJBHslgT1d1uawBATAuoBN2t2t2t2t2t2t2tomffffffo:HghU1KlgJXwBAEuSNYYYYYYYomfffffA
MD5:	B92320E66BC85DDB2B7CC430760F1BB8
SHA1:	685EF22303DA64D5D0C8EEA089A1EB34883B22AB
SHA-256:	825F49413E7E9FA3BC72D3A762BB7BDC1E1E4C0DAE04F09F7FBA3DF63ADCD846
SHA-512:	63063856B39BB53B1A4841C6412231BFC14C6D519C71B49DE11E3CE2EE17A6E56D7D8DE679E52215A955362CF9D23EBF19493D802A3F0122BF5C2FC5D4B2397B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["lubbock texas tech explosion","tokyo ghoul ken kaneki dbd","southwest airlines checked baggage fees","boston celtics oklahoma city thunder","nintendo switch console","pittsburgh steelers mason rudolph","weather storms and tornadoes","allegiant flight bird strike"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"6580473810690465871","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	529
Entropy (8bit):	7.380211687423399
Encrypted:	false
SSDEEP:	12:6v/7iQ/FASODt70zjodCpm3g3Xoo8xpAMAWhNGjN:HM3XoRzAX5
MD5:	39B84B74A9F50D238E22DF983977EE5C
SHA1:	9CC2C31459C58C11DCDC1DBD24B02BBF6D1B9428
SHA-256:	3E1F55FB4074D836F896F1A382B2ECECF6E48D1F989CB767CDF62A2FDB92755F
SHA-512:	E1DDACAD3817EF664E6DF79D2EFCE3CD67CE88D7D0D522B13632C4BF6B3289C4A76BBDEAE405C0E9F1CD59952F8AAC0FD414AF70BA121DE144C368F39E05FCFE
Malicious:	false
Reputation:	low
URL:	https://cdn.prod.website-files.com/6517aab6d6409bc0545865df/6517ab22b4022cb457327678_ledger%20favcoin.png
Preview:	.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........+......IDATXG...0.........L.....W..\|.;...>..2.6vWv.&........\....k..%_._.......@Q.eh..2......E!.v..#k............ ..4.K.u..(.8..C.m......w...<..j.........&.C..8./+......../WA..1..pH.....K}......>dYF.5..3.N'..:5R[.d2..T.$.Q.Y.m:....x..u..Ft.^.r...R.`E..RG.>y....n..m.!.....h......%..k..f..;Li...jo/.....{..6ImD...,..:...v.4M.vW..\.-..)...caL^_).D...e...^_."../D.....L_.bu..a.k.&..a.... }%.Q^@.9..<.%U.}.gA.....>....-.......IEND.B`.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 11:06:19.857124090 CET	49676	80	192.168.2.9	2.23.73.143
Mar 13, 2025 11:06:19.857142925 CET	49677	443	192.168.2.9	2.19.104.63
Mar 13, 2025 11:06:22.357127905 CET	49675	443	192.168.2.9	2.23.227.208
Mar 13, 2025 11:06:22.357131958 CET	49674	443	192.168.2.9	2.23.227.208
Mar 13, 2025 11:06:22.357203960 CET	49673	443	192.168.2.9	2.23.227.215
Mar 13, 2025 11:06:29.466453075 CET	49676	80	192.168.2.9	2.23.73.143
Mar 13, 2025 11:06:29.466469049 CET	49677	443	192.168.2.9	2.19.104.63
Mar 13, 2025 11:06:31.961258888 CET	49674	443	192.168.2.9	2.23.227.208
Mar 13, 2025 11:06:31.961258888 CET	49675	443	192.168.2.9	2.23.227.208
Mar 13, 2025 11:06:31.962825060 CET	49673	443	192.168.2.9	2.23.227.215
Mar 13, 2025 11:06:34.517021894 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:34.517071009 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:34.517165899 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:34.517467022 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:34.517482996 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:36.047285080 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:36.047334909 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:36.047411919 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:36.047715902 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:36.047730923 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:36.047785997 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:36.048302889 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:36.048331022 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:36.048553944 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:36.048569918 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:36.673628092 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:36.674074888 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:36.674098969 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:36.675132036 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:36.675194025 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:36.676218987 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:36.676280022 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:36.722628117 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:36.722655058 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:36.773430109 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:39.112260103 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:39.156341076 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:39.636378050 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.636475086 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:39.647495985 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:39.650296926 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:39.650382996 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:39.653105021 CET	49694	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:06:39.653121948 CET	443	49694	172.217.18.4	192.168.2.9
Mar 13, 2025 11:06:39.727107048 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.727741003 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.734358072 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:39.734386921 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.734674931 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:39.734679937 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.734988928 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:39.734993935 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.742312908 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.742405891 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:39.742413998 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:39.744932890 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:39.744941950 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.097486019 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.097781897 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:40.097817898 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.147677898 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.195758104 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.196995974 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:40.244879007 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.244966030 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:40.279829979 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:40.279872894 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:40.279928923 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:40.280363083 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:40.280373096 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:40.326076031 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:06:40.331686974 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:40.331737995 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:40.331799030 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:40.332223892 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:40.332240105 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:40.339806080 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:40.339880943 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:40.340018034 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:40.340461016 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:40.340498924 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:40.368999958 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:06:42.121330023 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.121623039 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.121655941 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.122714996 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.122770071 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.123879910 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.123945951 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.124177933 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.124190092 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.168148994 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.224136114 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.224466085 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.224478006 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.225518942 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.225579977 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.225946903 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.226010084 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.226130962 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.226146936 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.277431965 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.384875059 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:42.385180950 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:42.385209084 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:42.386214018 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:42.386364937 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:42.387248039 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:42.387310028 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:42.387422085 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:42.428333998 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:42.431442976 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:42.431451082 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:42.477490902 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:42.610500097 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.610546112 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.610579014 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.610614061 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.610626936 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.610656023 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.610681057 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.617382050 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.617446899 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.617454052 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.623872995 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.623950005 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.623955965 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.630625963 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.630651951 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.630680084 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.630686045 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.630722046 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.699003935 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.699089050 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.699119091 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.699165106 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.699179888 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.699222088 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.720443010 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.720499992 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.720526934 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.720565081 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.720581055 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.720590115 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.720626116 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.724328995 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.724361897 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.724381924 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.724385977 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.724462986 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.730860949 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.737921953 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.737984896 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.737992048 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.738406897 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.738452911 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.738457918 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.738485098 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.738528013 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.738734961 CET	49699	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.738748074 CET	443	49699	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.751045942 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.751097918 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.751132011 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.751193047 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.751207113 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.751223087 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.751280069 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.755328894 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.757344007 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.757354021 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.761996984 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.762717009 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.762728930 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.768690109 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.770682096 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.770693064 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.775223970 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.778847933 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.778857946 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.780163050 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.780215979 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.782691002 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.783051968 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.783070087 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.822911978 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.835712910 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.835760117 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.835863113 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.835877895 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.845765114 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.846673012 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.846688032 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.848984957 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.849033117 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.849044085 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.855833054 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.858741045 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.858752966 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.862844944 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.866799116 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.866811991 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.869353056 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.869431019 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.869441986 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.875545025 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.875585079 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.875653028 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.875663996 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.875694990 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:42.875754118 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.876259089 CET	49697	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:42.876275063 CET	443	49697	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:43.041220903 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041244984 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041254044 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041295052 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041306973 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041316986 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041359901 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.041388988 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.041409016 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.041434050 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.118985891 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.118995905 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.119033098 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.119095087 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.119118929 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.119132042 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.119158983 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.152889013 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.152916908 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.152978897 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.152996063 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.153039932 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.196106911 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.196126938 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.196201086 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.196222067 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.196276903 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.222004890 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.222023010 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.222114086 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.222124100 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.222343922 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.229670048 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.229742050 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.229758024 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.229782104 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.234375954 CET	49700	443	192.168.2.9	52.222.232.47
Mar 13, 2025 11:06:43.234395027 CET	443	49700	52.222.232.47	192.168.2.9
Mar 13, 2025 11:06:43.300920963 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:43.300975084 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:43.301146984 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:43.301400900 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:43.301419020 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:44.756541967 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:44.756788969 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:44.756822109 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:44.757154942 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:44.757678986 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:44.757741928 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:44.757797003 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:44.800333977 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.223992109 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.224327087 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.224344015 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.224661112 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.225187063 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.225244045 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.225343943 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.241272926 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.241350889 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.241543055 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.242273092 CET	49702	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.242294073 CET	443	49702	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.257026911 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.257050037 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.257128954 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.257452965 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.257466078 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.268326998 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.723815918 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.723875046 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.723906994 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.723921061 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.723937035 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.723946095 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.723982096 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.729437113 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.729477882 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.729491949 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.736227036 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.736255884 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.736268044 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.736273050 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.736325026 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.755259991 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.758578062 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.758620024 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.758625984 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.805366039 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.810506105 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.810580015 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.810623884 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.810630083 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.819339037 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.819396973 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.819401979 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.822905064 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.822952986 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.822957993 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.829591990 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.829629898 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.829636097 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.836293936 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.836329937 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.836370945 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.836376905 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.836409092 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.843003035 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.849766016 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.849796057 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.849805117 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.849808931 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.849841118 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.856482983 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.863254070 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.863286972 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.863293886 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.863298893 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.863334894 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.870026112 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.870084047 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.871110916 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.871118069 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.885988951 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.886027098 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.886033058 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.897228003 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.897269011 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.897300959 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.897315979 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.897321939 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.897357941 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.906080008 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.906145096 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.916003942 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.916078091 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.918291092 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.918672085 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.923239946 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.923285961 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.932889938 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.932948112 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.937645912 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.937697887 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.942362070 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.942445993 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.950834036 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.950886965 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.955219030 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.955276966 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.963361025 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.963413954 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.963419914 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.963455915 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.963471889 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.963702917 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.963973999 CET	49703	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.963984966 CET	443	49703	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.989197016 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.989238977 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:45.989300013 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.989830017 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:45.989845991 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.249833107 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.252633095 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.252676010 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.253737926 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.253799915 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.254476070 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.254543066 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.254976988 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.254987001 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.301412106 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.746849060 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.746939898 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.749156952 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.749156952 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.896361113 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.896763086 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.896792889 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.897948027 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.898049116 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.898544073 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.898544073 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.898612976 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.946700096 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:47.946717024 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:47.994705915 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.055279970 CET	49709	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.055320978 CET	443	49709	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.419740915 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.419845104 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.419876099 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.419910908 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.419934988 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.419958115 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.420021057 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.426409960 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.426639080 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.426646948 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.433144093 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.433186054 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.433334112 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.433343887 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.433442116 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.439908028 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.492789030 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.492809057 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.502276897 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.502506971 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.502516031 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.506438017 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.506716013 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.506724119 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.517113924 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.517507076 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.517528057 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.520493031 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.520853043 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.520862103 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.527235031 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.531321049 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.531332970 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.534225941 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.534379959 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.534388065 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.540968895 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.541313887 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.541326046 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.547837973 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.547882080 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.547904968 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.547914982 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.548069954 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.554624081 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.561465979 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.561516047 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.561657906 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.561674118 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.561881065 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.568295956 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.588969946 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.589024067 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.589057922 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.589092970 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.589093924 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.589109898 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.589126110 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.591226101 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.593094110 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.595572948 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.595880032 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.595890999 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.603765965 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.603893042 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.603909016 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.604167938 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.616915941 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.617100954 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.617110014 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.617347002 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.622021914 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.622550964 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.631563902 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.631794930 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.636653900 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.636734962 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.646258116 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.646310091 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.651125908 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.651407003 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.660859108 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.660913944 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.665712118 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.665786982 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.665822029 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.665971994 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:48.666013002 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.666040897 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.718380928 CET	49711	443	192.168.2.9	104.18.161.117
Mar 13, 2025 11:06:48.718413115 CET	443	49711	104.18.161.117	192.168.2.9
Mar 13, 2025 11:06:54.463422060 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:54.463474989 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:54.463556051 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:54.463805914 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:54.463850975 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:54.463896036 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:54.464138031 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:54.464150906 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:54.464508057 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:54.464526892 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.327781916 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:06:56.369491100 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.369718075 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.369731903 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.370795012 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.370856047 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.375637054 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.375729084 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.375852108 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.375859022 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.393270016 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.393471956 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.393488884 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.394539118 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.394640923 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.395061970 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.395124912 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.416389942 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.446907043 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.446924925 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.495089054 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.633337021 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:06:56.867446899 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.867563009 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:56.867635012 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.868680954 CET	49713	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:56.868694067 CET	443	49713	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:57.060180902 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:57.104326963 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:57.243231058 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:06:57.523947001 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:57.543993950 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:57.544132948 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:57.544699907 CET	49712	443	192.168.2.9	34.107.207.124
Mar 13, 2025 11:06:57.544719934 CET	443	49712	34.107.207.124	192.168.2.9
Mar 13, 2025 11:06:58.445564985 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:00.852648020 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:04.884594917 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:05.195022106 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:05.573139906 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:05.655126095 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:05.804987907 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:05.884989023 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:06.494807959 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:07.008208990 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:07.695471048 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:09.180269957 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:09.414524078 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:09.492660046 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:10.102041006 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:10.102041006 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:11.305391073 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:13.711546898 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:14.227108002 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:14.915391922 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:15.259068012 CET	49671	443	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:18.524524927 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:23.836914062 CET	49678	443	192.168.2.9	52.182.141.63
Mar 13, 2025 11:07:24.524153948 CET	49679	80	192.168.2.9	2.17.190.73
Mar 13, 2025 11:07:25.149189949 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:07:25.149210930 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:07:25.336661100 CET	49695	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:07:25.336673021 CET	443	49695	172.64.151.8	192.168.2.9
Mar 13, 2025 11:07:28.133131027 CET	49681	80	192.168.2.9	204.79.197.203
Mar 13, 2025 11:07:34.572791100 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:34.572840929 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:34.572907925 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:34.573453903 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:34.573472023 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:36.581650972 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:36.582186937 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:36.582221031 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:36.582596064 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:36.582988024 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:36.583055973 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:36.634136915 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:40.355194092 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:07:40.355355024 CET	443	49696	172.64.151.8	192.168.2.9
Mar 13, 2025 11:07:40.355433941 CET	49696	443	192.168.2.9	172.64.151.8
Mar 13, 2025 11:07:46.253510952 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:46.253590107 CET	443	49722	172.217.18.4	192.168.2.9
Mar 13, 2025 11:07:46.253645897 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:46.354437113 CET	49722	443	192.168.2.9	172.217.18.4
Mar 13, 2025 11:07:46.354486942 CET	443	49722	172.217.18.4	192.168.2.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 11:06:30.321572065 CET	53	57494	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:30.328627110 CET	53	52571	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:33.695130110 CET	53	57358	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:33.956866980 CET	53	56271	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:34.508938074 CET	61994	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:34.509063959 CET	63706	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:34.515831947 CET	53	61994	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:34.515877962 CET	53	63706	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:36.026243925 CET	53042	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:36.026947021 CET	65313	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:36.037237883 CET	53	53042	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:36.037533998 CET	53	65313	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:40.271164894 CET	61550	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:40.271805048 CET	58754	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:40.277942896 CET	53	61550	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:40.279246092 CET	53	58754	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:40.331057072 CET	63124	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:40.331232071 CET	65529	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:40.339167118 CET	53	65529	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:40.339221001 CET	53	63124	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:45.247976065 CET	49954	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:45.248265982 CET	60064	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:45.254569054 CET	53	49954	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:45.256603003 CET	53	60064	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:50.908487082 CET	53	49878	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:54.438235998 CET	58373	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:54.438388109 CET	56280	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:06:54.447369099 CET	53	56280	1.1.1.1	192.168.2.9
Mar 13, 2025 11:06:54.449702024 CET	53	58373	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:09.705274105 CET	53	49607	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:29.800513983 CET	53	65021	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:32.111346006 CET	53	61367	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:34.704782009 CET	53	64759	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:40.358721972 CET	57806	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:40.358964920 CET	49275	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:40.369174004 CET	53	57806	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:40.369187117 CET	53	49275	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:41.384311914 CET	58339	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:41.384726048 CET	62526	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:41.391206980 CET	53	58339	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:41.391606092 CET	53	62526	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:43.416265965 CET	62117	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:43.424936056 CET	53	62117	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:44.430874109 CET	62117	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:44.437556028 CET	53	62117	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:45.430742979 CET	62117	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:45.437390089 CET	53	62117	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:47.431243896 CET	62117	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:47.437982082 CET	53	62117	1.1.1.1	192.168.2.9
Mar 13, 2025 11:07:51.446518898 CET	62117	53	192.168.2.9	1.1.1.1
Mar 13, 2025 11:07:51.454406977 CET	53	62117	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 11:06:34.508938074 CET	192.168.2.9	1.1.1.1	0x97ab	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:34.509063959 CET	192.168.2.9	1.1.1.1	0xb9c1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 13, 2025 11:06:36.026243925 CET	192.168.2.9	1.1.1.1	0xb414	Standard query (0)	started-ledgger.webflow.io	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:36.026947021 CET	192.168.2.9	1.1.1.1	0xd9	Standard query (0)	started-ledgger.webflow.io	65	IN (0x0001)	false
Mar 13, 2025 11:06:40.271164894 CET	192.168.2.9	1.1.1.1	0x2220	Standard query (0)	cdn.prod.website-files.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.271805048 CET	192.168.2.9	1.1.1.1	0x9ce0	Standard query (0)	cdn.prod.website-files.com	65	IN (0x0001)	false
Mar 13, 2025 11:06:40.331057072 CET	192.168.2.9	1.1.1.1	0x4ce3	Standard query (0)	d3e54v103j8qbb.cloudfront.net	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.331232071 CET	192.168.2.9	1.1.1.1	0x817b	Standard query (0)	d3e54v103j8qbb.cloudfront.net	65	IN (0x0001)	false
Mar 13, 2025 11:06:45.247976065 CET	192.168.2.9	1.1.1.1	0xf0e3	Standard query (0)	cdn.prod.website-files.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:45.248265982 CET	192.168.2.9	1.1.1.1	0x2698	Standard query (0)	cdn.prod.website-files.com	65	IN (0x0001)	false
Mar 13, 2025 11:06:54.438235998 CET	192.168.2.9	1.1.1.1	0x68b3	Standard query (0)	gtly.to	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:54.438388109 CET	192.168.2.9	1.1.1.1	0xe5c3	Standard query (0)	gtly.to	65	IN (0x0001)	false
Mar 13, 2025 11:07:40.358721972 CET	192.168.2.9	1.1.1.1	0x5f2d	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:40.358964920 CET	192.168.2.9	1.1.1.1	0x47cc	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 13, 2025 11:07:41.384311914 CET	192.168.2.9	1.1.1.1	0xb6c7	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:41.384726048 CET	192.168.2.9	1.1.1.1	0x3b48	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 13, 2025 11:07:43.416265965 CET	192.168.2.9	1.1.1.1	0x4548	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:44.430874109 CET	192.168.2.9	1.1.1.1	0x4548	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:45.430742979 CET	192.168.2.9	1.1.1.1	0x4548	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:47.431243896 CET	192.168.2.9	1.1.1.1	0x4548	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:51.446518898 CET	192.168.2.9	1.1.1.1	0x4548	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 11:06:34.515831947 CET	1.1.1.1	192.168.2.9	0x97ab	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:34.515877962 CET	1.1.1.1	192.168.2.9	0xb9c1	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 13, 2025 11:06:36.037237883 CET	1.1.1.1	192.168.2.9	0xb414	No error (0)	started-ledgger.webflow.io		172.64.151.8	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:36.037237883 CET	1.1.1.1	192.168.2.9	0xb414	No error (0)	started-ledgger.webflow.io		104.18.36.248	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:36.037533998 CET	1.1.1.1	192.168.2.9	0xd9	No error (0)	started-ledgger.webflow.io			65	IN (0x0001)	false
Mar 13, 2025 11:06:40.277942896 CET	1.1.1.1	192.168.2.9	0x2220	No error (0)	cdn.prod.website-files.com		104.18.161.117	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.277942896 CET	1.1.1.1	192.168.2.9	0x2220	No error (0)	cdn.prod.website-files.com		104.18.160.117	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.279246092 CET	1.1.1.1	192.168.2.9	0x9ce0	No error (0)	cdn.prod.website-files.com			65	IN (0x0001)	false
Mar 13, 2025 11:06:40.339221001 CET	1.1.1.1	192.168.2.9	0x4ce3	No error (0)	d3e54v103j8qbb.cloudfront.net		52.222.232.47	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.339221001 CET	1.1.1.1	192.168.2.9	0x4ce3	No error (0)	d3e54v103j8qbb.cloudfront.net		52.222.232.99	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.339221001 CET	1.1.1.1	192.168.2.9	0x4ce3	No error (0)	d3e54v103j8qbb.cloudfront.net		52.222.232.39	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:40.339221001 CET	1.1.1.1	192.168.2.9	0x4ce3	No error (0)	d3e54v103j8qbb.cloudfront.net		52.222.232.144	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:45.254569054 CET	1.1.1.1	192.168.2.9	0xf0e3	No error (0)	cdn.prod.website-files.com		104.18.161.117	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:45.254569054 CET	1.1.1.1	192.168.2.9	0xf0e3	No error (0)	cdn.prod.website-files.com		104.18.160.117	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:06:45.256603003 CET	1.1.1.1	192.168.2.9	0x2698	No error (0)	cdn.prod.website-files.com			65	IN (0x0001)	false
Mar 13, 2025 11:06:54.449702024 CET	1.1.1.1	192.168.2.9	0x68b3	No error (0)	gtly.to		34.107.207.124	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:40.369174004 CET	1.1.1.1	192.168.2.9	0x5f2d	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:40.369174004 CET	1.1.1.1	192.168.2.9	0x5f2d	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.67	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:40.369187117 CET	1.1.1.1	192.168.2.9	0x47cc	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:41.391206980 CET	1.1.1.1	192.168.2.9	0xb6c7	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:41.391206980 CET	1.1.1.1	192.168.2.9	0xb6c7	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.67	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:41.391606092 CET	1.1.1.1	192.168.2.9	0x3b48	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:43.424936056 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:43.424936056 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:44.437556028 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:44.437556028 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:45.437390089 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:45.437390089 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:47.437982082 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:47.437982082 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:07:51.454406977 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:07:51.454406977 CET	1.1.1.1	192.168.2.9	0x4548	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

started-ledgger.webflow.io

cdn.prod.website-files.com

d3e54v103j8qbb.cloudfront.net

gtly.to

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49694	172.217.18.4	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:39 UTC	567	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiJo8sBCIWgzQEI/qXOAQiB1s4BCKXgzgEIruTOAQjf5M4BCIzlzgE= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:39 UTC	1303	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:39 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-6lorymlcZ7OQDGhaRRgQ2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-13 10:06:39 UTC	75	IN	Data Raw: 33 38 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6c 75 62 62 6f 63 6b 20 74 65 78 61 73 20 74 65 63 68 20 65 78 70 6c 6f 73 69 6f 6e 22 2c 22 74 6f 6b 79 6f 20 67 68 6f 75 6c 20 6b 65 6e 20 6b 61 6e 65 6b 69 20 64 62 64 22 2c Data Ascii: 38f)]}'["",["lubbock texas tech explosion","tokyo ghoul ken kaneki dbd",
2025-03-13 10:06:39 UTC	843	IN	Data Raw: 22 73 6f 75 74 68 77 65 73 74 20 61 69 72 6c 69 6e 65 73 20 63 68 65 63 6b 65 64 20 62 61 67 67 61 67 65 20 66 65 65 73 22 2c 22 62 6f 73 74 6f 6e 20 63 65 6c 74 69 63 73 20 6f 6b 6c 61 68 6f 6d 61 20 63 69 74 79 20 74 68 75 6e 64 65 72 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 63 6f 6e 73 6f 6c 65 22 2c 22 70 69 74 74 73 62 75 72 67 68 20 73 74 65 65 6c 65 72 73 20 6d 61 73 6f 6e 20 72 75 64 6f 6c 70 68 22 2c 22 77 65 61 74 68 65 72 20 73 74 6f 72 6d 73 20 61 6e 64 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 61 6c 6c 65 67 69 61 6e 74 20 66 6c 69 67 68 74 20 62 69 72 64 20 73 74 72 69 6b 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 Data Ascii: "southwest airlines checked baggage fees","boston celtics oklahoma city thunder","nintendo switch console","pittsburgh steelers mason rudolph","weather storms and tornadoes","allegiant flight bird strike"],["","","","","","","",""],[],{"google:clientdata"
2025-03-13 10:06:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49699	104.18.161.117	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:42 UTC	657	OUT	GET /6517aab6d6409bc0545865df/css/started-ledgger.webflow.eac4e227f.css HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://started-ledgger.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:42 UTC	626	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:42 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close x-amz-id-2: 4WwD2HnX0gdLmt9oJGsw3KGLQmtLLZMQqrxzdo0RsHHE4XjpGz8ijyXZQFzbOWyIkcKvUUPD/OM= x-amz-request-id: 0PC7DSW74C4SKDQB Last-Modified: Sat, 30 Sep 2023 04:59:19 GMT ETag: W/"a886bf9b29735a2e1ab45952406d8363" x-amz-server-side-encryption: AES256 Cache-Control: max-age=84600, must-revalidate x-amz-version-id: K7gQ7UaHEy_mn1ABiVLYfRieDHdIgBlD CF-Cache-Status: HIT Age: 56966 Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 91fab85af81bf05c-DFW alt-svc: h3=":443"; ma=86400
2025-03-13 10:06:42 UTC	743	IN	Data Raw: 37 64 33 66 0d 0a 68 74 6d 6c 20 7b 0a 20 20 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 0a 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 64 65 74 61 69 6c 73 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 69 67 75 72 65 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 61 69 6e 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61 72 79 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a Data Ascii: 7d3fhtml { -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; font-family: sans-serif;}body { margin: 0;}article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { display: block;}
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 73 69 7a 65 3a 20 38 30 25 3b 0a 7d 0a 0a 73 75 62 2c 20 73 75 70 20 7b 0a 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 3b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 0a 73 75 70 20 7b 0a 20 20 74 6f 70 3a 20 2d 2e 35 65 6d 3b 0a 7d 0a 0a 73 75 62 20 7b 0a 20 20 62 6f 74 74 6f 6d 3a 20 2d 2e 32 35 65 6d 3b 0a 7d 0a 0a 69 6d 67 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 0a 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 20 7b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 66 69 67 75 72 65 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 34 30 70 78 3b 0a Data Ascii: size: 80%;}sub, sup { vertical-align: baseline; font-size: 75%; line-height: 0; position: relative;}sup { top: -.5em;}sub { bottom: -.25em;}img { border: 0;}svg:not(:root) { overflow: hidden;}figure { margin: 1em 40px;
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 74 65 78 74 61 72 65 61 20 7b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 61 75 74 6f 3b 0a 7d 0a 0a 6f 70 74 67 72 6f 75 70 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 74 61 62 6c 65 20 7b 0a 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 20 63 6f 6c 6c 61 70 73 65 3b 0a 20 20 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 74 64 2c 20 74 68 20 7b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 77 65 62 66 6c 6f 77 2d 69 63 6f 6e 73 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 22 64 61 74 61 3a 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 66 6f 6e 74 2d 74 74 66 3b 63 Data Ascii: padding: 0;}textarea { overflow: auto;}optgroup { font-weight: bold;}table { border-collapse: collapse; border-spacing: 0;}td, th { padding: 0;}@font-face { font-family: webflow-icons; src: url("data:application/x-font-ttf;c
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 34 42 4a 79 59 6a 4d 53 49 48 44 67 45 48 42 68 55 55 46 78 34 42 46 78 59 7a 41 67 42 71 58 56 36 4c 4b 43 67 6f 4b 49 74 65 58 57 70 71 58 56 36 4c 4b 43 67 6f 4b 49 74 65 58 57 70 56 53 6b 74 76 49 43 45 68 49 47 39 4c 53 6c 56 56 53 6b 74 76 49 43 45 68 49 47 39 4c 53 6c 56 41 4b 43 69 4c 58 6c 31 71 61 6c 31 65 69 79 67 6f 4b 43 69 4c 58 6c 31 71 61 6c 31 65 69 79 67 6f 5a 69 45 67 62 30 74 4b 56 56 56 4b 53 32 38 67 49 53 45 67 62 30 74 4b 56 56 56 4b 53 32 38 67 49 51 41 42 41 41 41 42 77 41 49 41 41 38 41 41 45 67 41 41 45 7a 51 33 50 67 45 33 4e 6a 4d 78 46 53 49 48 44 67 45 48 42 68 55 78 49 77 41 6f 4b 49 74 65 58 57 70 56 53 6b 74 76 49 43 46 6d 41 63 42 71 58 56 36 4c 4b 43 68 6d 49 53 42 76 53 30 70 56 41 41 41 41 41 67 41 41 2f 38 41 46 74 Data Ascii: 4BJyYjMSIHDgEHBhUUFx4BFxYzAgBqXV6LKCgoKIteXWpqXV6LKCgoKIteXWpVSktvICEhIG9LSlVVSktvICEhIG9LSlVAKCiLXl1qal1eiygoKCiLXl1qal1eiygoZiEgb0tKVVVKS28gISEgb0tKVVVKS28gIQABAAABwAIAA8AAEgAAEzQ3PgE3NjMxFSIHDgEHBhUxIwAoKIteXWpVSktvICFmAcBqXV6LKChmISBvS0pVAAAAAgAA/8AFt
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 3d 3d 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 5b 63 6c 61 73 73 5e 3d 22 77 2d 69 63 6f 6e 2d 22 5d 2c 20 5b 63 6c 61 73 73 2a 3d 22 20 77 2d 69 63 6f 6e 2d 22 5d 20 7b 0a 20 20 73 70 65 61 6b 3a 20 6e 6f 6e 65 3b 0a 20 20 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==") format("truetype"); font-weight: normal; font-style: normal;}[class^="w-icon-"], [class*=" w-icon-"] { speak: none; font-variant: normal; text-transform: none; -webkit-font-smoothing: antialiased;
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 6e 6f 6e 65 3b 0a 7d 0a 0a 2e 77 2d 62 75 74 74 6f 6e 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 38 39 38 65 63 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 39 70 78 20 31 35 70 78 3b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 7d 0a 0a 69 6e 70 75 74 2e 77 2d 62 75 74 74 6f 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 62 Data Ascii: none;}.w-button { color: #fff; line-height: inherit; cursor: pointer; background-color: #3898ec; border: 0; border-radius: 0; padding: 9px 15px; text-decoration: none; display: inline-block;}input.w-button { -webkit-appearance: b
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 75 74 6f 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 76 69 73 69 62 6c 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 2e 77 2d 77 65 62 66 6c 6f 77 2d 62 61 64 67 65 20 7b 0a 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 31 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 31 29 2c 20 30 20 31 70 78 20 33 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 31 29 3b 0a 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 76 69 73 69 62 6c 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 7a 2d 69 6e 64 65 78 3a 20 32 31 34 37 34 38 33 36 34 37 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 63 6f 6c 6f Data Ascii: uto; overflow: visible; transform: none;}.w-webflow-badge { white-space: nowrap; cursor: pointer; box-shadow: 0 0 0 1px rgba(0, 0, 0, .1), 0 1px 3px rgba(0, 0, 0, .1); visibility: visible !important; z-index: 2147483647 !important; colo
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 30 70 78 3b 0a 7d 0a 0a 68 36 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 7d 0a 0a 70 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 7d 0a 0a 62 6c 6f 63 6b 71 75 6f 74 65 20 7b 0a 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 35 70 78 20 73 6f 6c 69 64 20 23 65 32 65 32 65 32 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 30 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 32 30 70 78 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 Data Ascii: line-height: 20px;}h6 { margin-top: 10px; font-size: 12px; line-height: 18px;}p { margin-top: 0; margin-bottom: 10px;}blockquote { border-left: 5px solid #e2e2e2; margin: 0 0 10px; padding: 10px 20px; font-size: 18px; line-he
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 33 3b 0a 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 38 70 78 20 31 32 70 78 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 2e 77 2d 69 6e 70 75 74 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 20 2e 77 2d 73 65 6c 65 63 74 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 Data Ascii: 3; vertical-align: middle; background-color: #fff; border: 1px solid #ccc; margin-bottom: 10px; padding: 8px 12px; font-size: 14px; line-height: 1.42857; display: block;}.w-input:-moz-placeholder, .w-select:-moz-placeholder { color: #
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 62 6c 65 3b 0a 7d 0a 0a 2e 77 2d 72 61 64 69 6f 3a 61 66 74 65 72 20 7b 0a 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 7d 0a 0a 2e 77 2d 72 61 64 69 6f 2d 69 6e 70 75 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 33 70 78 20 30 20 30 20 2d 32 30 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 2e 77 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 2e 77 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 2d 69 6e 70 75 74 20 7b 0a 20 20 77 69 64 74 68 3a 20 2e 31 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 2e 31 70 78 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 0a Data Ascii: ble;}.w-radio:after { clear: both;}.w-radio-input { float: left; margin: 3px 0 0 -20px; line-height: normal;}.w-file-upload { margin-bottom: 10px; display: block;}.w-file-upload-input { width: .1px; height: .1px; opacity: 0;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49697	104.18.161.117	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:42 UTC	625	OUT	GET /6517aab6d6409bc0545865df/js/webflow.24a563ff7.js HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://started-ledgger.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:42 UTC	633	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:42 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close x-amz-id-2: sm7hyhFEdqGPJJtsijyfDjuJLBVw1wr4m1oj5uzXl+ZyijmPdf+/jt8PM69yQjmRI9Ll1HojfC4= x-amz-request-id: 0PC3GJ6AKR038VV8 Last-Modified: Sat, 30 Sep 2023 04:59:19 GMT ETag: W/"a505becc886cdcc871c41d1db25b1402" x-amz-server-side-encryption: AES256 Cache-Control: max-age=84600, must-revalidate x-amz-version-id: cQMxwp5sm7zrsqT4s3OrLrC3yXWUvhSi CF-Cache-Status: HIT Age: 56969 Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 91fab85b9ff96c04-DFW alt-svc: h3=":443"; ma=86400
2025-03-13 10:06:42 UTC	736	IN	Data Raw: 37 64 33 38 0d 0a 0a 2f 2a 21 0a 20 2a 20 57 65 62 66 6c 6f 77 3a 20 46 72 6f 6e 74 2d 65 6e 64 20 73 69 74 65 20 6c 69 62 72 61 72 79 0a 20 2a 20 40 6c 69 63 65 6e 73 65 20 4d 49 54 0a 20 2a 20 49 6e 6c 69 6e 65 20 73 63 72 69 70 74 73 20 6d 61 79 20 61 63 63 65 73 73 20 74 68 65 20 61 70 69 20 75 73 69 6e 67 20 61 6e 20 61 73 79 6e 63 20 68 61 6e 64 6c 65 72 3a 0a 20 2a 20 20 20 76 61 72 20 57 65 62 66 6c 6f 77 20 3d 20 57 65 62 66 6c 6f 77 20 7c 7c 20 5b 5d 3b 0a 20 2a 20 20 20 57 65 62 66 6c 6f 77 2e 70 75 73 68 28 72 65 61 64 79 46 75 6e 63 74 69 6f 6e 29 3b 0a 20 2a 2f 0a 0a 28 28 29 3d 3e 7b 76 61 72 20 6c 74 3d 28 65 2c 79 29 3d 3e 28 29 3d 3e 28 79 7c 7c 65 28 28 79 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 29 2e 65 78 70 6f 72 74 73 2c 79 29 2c 79 Data Ascii: 7d38/! Webflow: Front-end site library * @license MIT * Inline scripts may access the api using an async handler: * var Webflow = Webflow \|\| []; * Webflow.push(readyFunction); */(()=>{var lt=(e,y)=>()=>(y\|\|e((y={exports:{}}).exports,y),y
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 2b 6e 2b 22 2c 20 22 2b 69 29 7d 66 75 6e 63 74 69 6f 6e 20 52 28 74 2c 6e 2c 69 29 7b 69 66 28 6e 21 3d 3d 76 6f 69 64 20 30 26 26 28 69 3d 6e 29 2c 74 3d 3d 3d 76 6f 69 64 20 30 29 72 65 74 75 72 6e 20 69 3b 76 61 72 20 72 3d 69 3b 72 65 74 75 72 6e 20 77 65 2e 74 65 73 74 28 74 29 7c 7c 21 58 74 2e 74 65 73 74 28 74 29 3f 72 3d 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 58 74 2e 74 65 73 74 28 74 29 26 26 28 72 3d 31 65 33 2a 70 61 72 73 65 46 6c 6f 61 74 28 74 29 29 2c 30 3e 72 26 26 28 72 3d 30 29 2c 72 3d 3d 3d 72 3f 72 3a 69 7d 66 75 6e 63 74 69 6f 6e 20 42 28 74 29 7b 65 74 2e 64 65 62 75 67 26 26 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 55 28 74 29 7b 66 6f 72 28 76 Data Ascii: +n+", "+i)}function R(t,n,i){if(n!==void 0&&(i=n),t===void 0)return i;var r=i;return we.test(t)\|\|!Xt.test(t)?r=parseInt(t,10):Xt.test(t)&&(r=1e3*parseFloat(t)),0>r&&(r=0),r===r?r:i}function B(t){et.debug&&window&&window.console.warn(t)}function U(t){for(v
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 35 35 30 2c 20 30 2e 30 38 35 2c 20 30 2e 36 38 30 2c 20 30 2e 35 33 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 20 69 2a 28 74 2f 3d 72 29 2a 74 2b 6e 7d 5d 2c 22 65 61 73 65 2d 6f 75 74 2d 71 75 61 64 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 32 35 30 2c 20 30 2e 34 36 30 2c 20 30 2e 34 35 30 2c 20 30 2e 39 34 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 2d 69 2a 28 74 2f 3d 72 29 2a 28 74 2d 32 29 2b 6e 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 71 75 61 64 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 35 35 2c 20 30 2e 30 33 30 2c 20 30 2e 35 31 35 2c 20 30 2e 39 35 35 29 22 2c 66 75 6e Data Ascii: :["cubic-bezier(0.550, 0.085, 0.680, 0.530)",function(t,n,i,r){return i(t/=r)t+n}],"ease-out-quad":["cubic-bezier(0.250, 0.460, 0.450, 0.940)",function(t,n,i,r){return-i(t/=r)(t-2)+n}],"ease-in-out-quad":["cubic-bezier(0.455, 0.030, 0.515, 0.955)",fun
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 2d 62 65 7a 69 65 72 28 30 2e 34 37 30 2c 20 30 2c 20 30 2e 37 34 35 2c 20 30 2e 37 31 35 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 2d 69 2a 4d 61 74 68 2e 63 6f 73 28 74 2f 72 2a 28 4d 61 74 68 2e 50 49 2f 32 29 29 2b 69 2b 6e 7d 5d 2c 22 65 61 73 65 2d 6f 75 74 2d 73 69 6e 65 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 33 39 30 2c 20 30 2e 35 37 35 2c 20 30 2e 35 36 35 2c 20 31 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 20 69 2a 4d 61 74 68 2e 73 69 6e 28 74 2f 72 2a 28 4d 61 74 68 2e 50 49 2f 32 29 29 2b 6e 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 73 69 6e 65 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 34 35 2c 20 30 2e 30 35 30 2c 20 30 2e Data Ascii: -bezier(0.470, 0, 0.745, 0.715)",function(t,n,i,r){return-iMath.cos(t/r(Math.PI/2))+i+n}],"ease-out-sine":["cubic-bezier(0.390, 0.575, 0.565, 1)",function(t,n,i,r){return iMath.sin(t/r(Math.PI/2))+n}],"ease-in-out-sine":["cubic-bezier(0.445, 0.050, 0.
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 3d 74 2f 72 2d 31 29 2a 74 2a 28 28 73 2b 31 29 2a 74 2b 73 29 2b 31 29 2b 6e 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 62 61 63 6b 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 36 38 30 2c 20 2d 30 2e 35 35 30 2c 20 30 2e 32 36 35 2c 20 31 2e 35 35 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 2c 73 29 7b 72 65 74 75 72 6e 20 73 3d 3d 3d 76 6f 69 64 20 30 26 26 28 73 3d 31 2e 37 30 31 35 38 29 2c 28 74 2f 3d 72 2f 32 29 3c 31 3f 69 2f 32 2a 74 2a 74 2a 28 28 28 73 2a 3d 31 2e 35 32 35 29 2b 31 29 2a 74 2d 73 29 2b 6e 3a 69 2f 32 2a 28 28 74 2d 3d 32 29 2a 74 2a 28 28 28 73 2a 3d 31 2e 35 32 35 29 2b 31 29 2a 74 2b 73 29 2b 32 29 2b 6e 7d 5d 7d 2c 57 3d 7b 22 65 61 73 65 2d 69 6e 2d 62 61 63 6b 22 3a 22 63 75 62 69 63 2d 62 Data Ascii: =t/r-1)t((s+1)t+s)+1)+n}],"ease-in-out-back":["cubic-bezier(0.680, -0.550, 0.265, 1.550)",function(t,n,i,r,s){return s===void 0&&(s=1.70158),(t/=r/2)<1?i/2tt(((s=1.525)+1)t-s)+n:i/2((t-=2)t(((s=1.525)+1)*t+s)+2)+n}]},W={"ease-in-back":"cubic-b
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 69 6d 61 74 69 6f 6e 46 72 61 6d 65 3b 72 65 74 75 72 6e 20 74 26 26 68 2e 62 69 6e 64 3f 74 2e 62 69 6e 64 28 58 29 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 58 2e 73 65 74 54 69 6d 65 6f 75 74 28 6e 2c 31 36 29 7d 7d 28 29 2c 63 74 3d 79 2e 6e 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 58 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2c 6e 3d 74 26 26 28 74 2e 6e 6f 77 7c 7c 74 2e 77 65 62 6b 69 74 4e 6f 77 7c 7c 74 2e 6d 73 4e 6f 77 7c 7c 74 2e 6d 6f 7a 4e 6f 77 29 3b 72 65 74 75 72 6e 20 6e 26 26 68 2e 62 69 6e 64 3f 6e 2e 62 69 6e 64 28 74 29 3a 44 61 74 65 2e 6e 6f 77 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 2b 6e 65 77 20 44 61 74 65 7d 7d 28 29 2c 70 74 3d 50 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e Data Ascii: imationFrame;return t&&h.bind?t.bind(X):function(n){X.setTimeout(n,16)}}(),ct=y.now=function(){var t=X.performance,n=t&&(t.now\|\|t.webkitNow\|\|t.msNow\|\|t.mozNow);return n&&h.bind?n.bind(t):Date.now\|\|function(){return+new Date}}(),pt=P(function(t){function n
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 6d 65 72 3d 6e 65 77 20 71 74 28 7b 64 75 72 61 74 69 6f 6e 3a 77 2c 63 6f 6e 74 65 78 74 3a 74 68 69 73 2c 63 6f 6d 70 6c 65 74 65 3a 6f 7d 29 2c 74 68 69 73 2e 61 63 74 69 76 65 3d 21 30 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 77 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 61 63 74 69 76 65 3f 28 74 68 69 73 2e 71 75 65 75 65 2e 70 75 73 68 28 7b 6f 70 74 69 6f 6e 73 3a 77 2c 61 72 67 73 3a 61 72 67 75 6d 65 6e 74 73 7d 29 2c 76 6f 69 64 28 74 68 69 73 2e 74 69 6d 65 72 2e 63 6f 6d 70 6c 65 74 65 3d 6f 29 29 3a 42 28 22 4e 6f 20 61 63 74 69 76 65 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 69 6d 65 72 2e 20 55 73 65 20 73 74 61 72 74 28 29 20 6f 72 20 77 61 69 74 28 29 20 62 65 66 6f 72 65 20 74 68 65 6e 28 29 2e 22 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 29 7b Data Ascii: mer=new qt({duration:w,context:this,complete:o}),this.active=!0)}function s(w){return this.active?(this.queue.push({options:w,args:arguments}),void(this.timer.complete=o)):B("No active transition timer. Use start() or wait() before then().")}function o(){
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 20 6a 28 77 29 7b 77 2e 73 74 6f 70 28 29 7d 66 75 6e 63 74 69 6f 6e 20 54 74 28 77 2c 4f 29 7b 77 2e 73 65 74 28 4f 29 7d 66 75 6e 63 74 69 6f 6e 20 67 65 28 77 29 7b 74 68 69 73 2e 24 65 6c 2e 63 73 73 28 77 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 74 28 77 2c 4f 29 7b 74 5b 77 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 63 68 69 6c 64 72 65 6e 3f 79 65 2e 63 61 6c 6c 28 74 68 69 73 2c 4f 2c 61 72 67 75 6d 65 6e 74 73 29 3a 28 74 68 69 73 2e 65 6c 26 26 4f 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 74 68 69 73 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 77 2c 4f 29 7b 76 61 72 20 59 2c 4e 3d 74 68 69 73 2e 63 68 69 6c 64 72 65 6e 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 59 3d 30 3b 4e 3e Data Ascii: nction j(w){w.stop()}function Tt(w,O){w.set(O)}function ge(w){this.$el.css(w)}function ot(w,O){t[w]=function(){return this.children?ye.call(this,O,arguments):(this.el&&O.apply(this,arguments),this)}}function ye(w,O){var Y,N=this.children.length;for(Y=0;N>
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 7b 74 68 69 73 2e 24 65 6c 3d 6f 2c 74 68 69 73 2e 65 6c 3d 6f 5b 30 5d 3b 76 61 72 20 63 3d 6d 5b 30 5d 3b 78 5b 32 5d 26 26 28 63 3d 78 5b 32 5d 29 2c 48 74 5b 63 5d 26 26 28 63 3d 48 74 5b 63 5d 29 2c 74 68 69 73 2e 6e 61 6d 65 3d 63 2c 74 68 69 73 2e 74 79 70 65 3d 78 5b 31 5d 2c 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 3d 52 28 6d 5b 31 5d 2c 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 2c 73 2e 64 75 72 61 74 69 6f 6e 29 2c 74 68 69 73 2e 65 61 73 65 3d 69 28 6d 5b 32 5d 2c 74 68 69 73 2e 65 61 73 65 2c 73 2e 65 61 73 65 29 2c 74 68 69 73 2e 64 65 6c 61 79 3d 52 28 6d 5b 33 5d 2c 74 68 69 73 2e 64 65 6c 61 79 2c 73 2e 64 65 6c 61 79 29 2c 74 68 69 73 2e 73 70 61 6e 3d 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 2b 74 68 69 73 2e 64 65 6c 61 79 2c 74 68 69 73 2e Data Ascii: {this.$el=o,this.el=o[0];var c=m[0];x[2]&&(c=x[2]),Ht[c]&&(c=Ht[c]),this.name=c,this.type=x[1],this.duration=R(m[1],this.duration,s.duration),this.ease=i(m[2],this.ease,s.ease),this.delay=R(m[3],this.delay,s.delay),this.span=this.duration+this.delay,this.
2025-03-13 10:06:42 UTC	1369	IN	Data Raw: 76 65 3d 21 31 2c 74 68 69 73 2e 6e 65 78 74 53 74 79 6c 65 3d 6e 75 6c 6c 2c 62 74 28 74 68 69 73 2e 65 6c 2c 74 68 69 73 2e 6e 61 6d 65 2c 74 68 69 73 2e 67 65 74 28 29 29 29 3b 76 61 72 20 6f 3d 74 68 69 73 2e 74 77 65 65 6e 3b 6f 26 26 6f 2e 63 6f 6e 74 65 78 74 26 26 6f 2e 64 65 73 74 72 6f 79 28 29 7d 2c 74 2e 63 6f 6e 76 65 72 74 3d 66 75 6e 63 74 69 6f 6e 28 6f 2c 6d 29 7b 69 66 28 6f 3d 3d 22 61 75 74 6f 22 26 26 74 68 69 73 2e 61 75 74 6f 29 72 65 74 75 72 6e 20 6f 3b 76 61 72 20 78 2c 4b 3d 74 79 70 65 6f 66 20 6f 3d 3d 22 6e 75 6d 62 65 72 22 2c 63 3d 74 79 70 65 6f 66 20 6f 3d 3d 22 73 74 72 69 6e 67 22 3b 73 77 69 74 63 68 28 6d 29 7b 63 61 73 65 20 66 3a 69 66 28 4b 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 63 26 26 6f 2e 72 65 70 6c 61 63 65 Data Ascii: ve=!1,this.nextStyle=null,bt(this.el,this.name,this.get()));var o=this.tween;o&&o.context&&o.destroy()},t.convert=function(o,m){if(o=="auto"&&this.auto)return o;var x,K=typeof o=="number",c=typeof o=="string";switch(m){case f:if(K)return o;if(c&&o.replace

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49700	52.222.232.47	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:42 UTC	650	OUT	GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6517aab6d6409bc0545865df HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive Origin: https://started-ledgger.webflow.io sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://started-ledgger.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:43 UTC	551	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 89476 Connection: close Last-Modified: Mon, 20 Jul 2020 17:53:02 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 13 Mar 2025 01:24:43 GMT Cache-Control: max-age=84600, must-revalidate Etag: "dc5e7f18c8d36ac1d3d4753a87c98d0a" Via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront) Age: 31321 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P4 X-Amz-Cf-Id: Plz7grmRejOZqwWhi1QNUziScdtv8v64bLWb5hP5vmEj8e0qS0Gq_Q==
2025-03-13 10:06:43 UTC	15833	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 Data Ascii: /! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
2025-03-13 10:06:43 UTC	16384	IN	Data Raw: 6e 74 4e 6f 64 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 3d 79 21 3d 3d 6d 3f 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 3a 22 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 22 2c 63 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 78 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 70 3d 21 6e 26 26 21 78 2c 64 3d 21 31 3b 69 66 28 63 29 7b 69 66 28 79 29 7b 77 68 69 6c 65 28 6c 29 7b 61 3d 65 3b 77 68 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 Data Ascii: ntNode}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&
2025-03-13 10:06:43 UTC	16384	IN	Data Raw: 6c 3f 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 53 2e 72 65 61 64 79 29 3a 28 45 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 42 29 2c 43 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 42 29 29 3b 76 61 72 20 24 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 29 7b 76 61 72 20 73 3d 30 2c 75 3d 65 2e 6c 65 6e 67 74 68 2c 6c 3d 6e 75 6c 6c 3d 3d 6e 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 28 6e 29 29 66 6f 72 28 73 20 69 6e 20 69 3d 21 30 2c 6e 29 24 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 Data Ascii: l?C.setTimeout(S.ready):(E.addEventListener("DOMContentLoaded",B),C.addEventListener("load",B));var $=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)\|\|(a=!0),l&&(a
2025-03-13 10:06:43 UTC	16384	IN	Data Raw: 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 7d 2c 6c 29 3a 62 28 75 2e 74 65 78 74 43 6f 6e 74 65 6e 74 2e 72 65 70 6c 61 63 65 28 6a 65 2c 22 22 29 2c 75 2c 6c 29 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 74 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 2c 69 3d 74 3f 53 2e 66 69 6c 74 65 72 28 74 2c 65 29 3a 65 2c 6f 3d 30 3b 6e 75 6c 6c 21 3d 28 72 3d 69 5b 6f 5d 29 3b 6f 2b 2b 29 6e 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 63 6c 65 61 6e 44 61 74 61 28 76 65 28 72 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 6e 26 26 69 65 28 72 29 26 26 79 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 72 29 29 3b 72 65 74 75 72 6e 20 Data Ascii: ibute("nonce")},l):b(u.textContent.replace(je,""),u,l))}return n}function Re(e,t,n){for(var r,i=t?S.filter(t,e):e,o=0;null!=(r=i[o]);o++)n\|\|1!==r.nodeType\|\|S.cleanData(ve(r)),r.parentNode&&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return
2025-03-13 10:06:43 UTC	16384	IN	Data Raw: 70 65 65 64 73 5b 72 5d 7c 7c 72 2c 65 3d 65 7c 7c 22 66 78 22 2c 74 68 69 73 2e 71 75 65 75 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 72 29 3b 74 2e 73 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 43 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6e 29 7d 7d 29 7d 2c 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 69 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 79 2e 6f Data Ascii: peeds[r]\|\|r,e=e\|\|"fx",this.queue(e,function(e,t){var n=C.setTimeout(e,r);t.stop=function(){C.clearTimeout(n)}})},rt=E.createElement("input"),it=E.createElement("select").appendChild(E.createElement("option")),rt.type="checkbox",y.checkOn=""!==rt.value,y.o
2025-03-13 10:06:43 UTC	8107	IN	Data Raw: 69 73 2e 63 68 69 6c 64 4e 6f 64 65 73 29 7d 29 2c 74 68 69 73 7d 7d 29 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 Data Ascii: is.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth\|\|e.offsetHeight\|\|e.getClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpReque

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49702	104.18.161.117	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:44 UTC	707	OUT	GET /6517aab6d6409bc0545865df/6517ab22b4022cb457327678_ledger%20favcoin.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://started-ledgger.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:45 UTC	643	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:45 GMT Content-Type: image/png Content-Length: 529 Connection: close x-amz-id-2: KVNhWXBziG72Ef+D7Yq/C7SeRuvFq5hVyRH0A4N8adkWWm3OlcpIgqvgehe+yV86tZGVAqkDslI= x-amz-request-id: 8SZKJNTB793KKQYM Last-Modified: Sat, 30 Sep 2023 04:59:17 GMT ETag: "39b84b74a9f50d238e22df983977ee5c" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: qZ1uzrsKHKi5Q28ysCWQVuqf_82J6dp6 CF-Cache-Status: HIT Age: 31798 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 91fab86b7f3e6ba3-DFW alt-svc: h3=":443"; ma=86400
2025-03-13 10:06:45 UTC	529	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 01 a6 49 44 41 54 58 47 ed 96 bf ae 82 30 14 c6 8f 80 09 13 83 93 89 bb 4c fa 02 2e 0e c6 57 e0 05 7c 90 3b 90 f8 12 3e 80 8c 32 13 36 76 57 76 12 26 16 a3 09 89 7f b8 1c da 5c ee b5 a5 84 96 c4 6b ee fd 25 5f a0 5f db c3 d1 f4 b4 1d 00 40 51 ea 65 68 f4 f9 32 fe 13 f8 9d 09 14 45 21 d4 76 bb a5 23 6b d0 e3 8d fd 2e 1e dc 2a c0 c1 bb dd 0e 82 20 00 d3 34 a9 4b d0 75 1d a2 28 82 38 8e a9 43 b0 6d 1b 16 8b 05 dc ef 77 ea 10 f2 3c 87 d5 6a 05 9b cd 06 06 03 fc 1c 0b 26 f0 43 88 e3 38 8c 2f 2b 8c 85 f0 fa 1a Data Ascii: PNGIHDR szzsRGBgAMAapHYs+IDATXG0L.W\|;>26vWv&\k%__@Qeh2E!v#k.* 4Ku(8Cmw<j&C8/+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49703	104.18.161.117	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:45 UTC	714	OUT	GET /6517aab6d6409bc0545865df/6517aad2cde9c5589d17f88c_ledger%20webflow-p-1600.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://started-ledgger.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:45 UTC	678	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:45 GMT Content-Type: image/png Content-Length: 94569 Connection: close x-amz-id-2: hIjCDL7YxeUHwUjXCEEcUO18FE5H11n0gfZqlXm9BVV4lD4PtHvgkNL2heU2kP8qwWxg2GwT+KcYbpzSb6abps6VAcJCg6/ctH8oeuKxpho= x-amz-request-id: S0R7ZDNKEC0GKY43 Last-Modified: Sat, 30 Sep 2023 04:58:00 GMT ETag: "3f519a1fd6816421b809e704fc8e9225" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: HcJJr0nSuKXCr0wsDtQTB8We3ehVRtqm CF-Cache-Status: HIT Age: 133806 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 91fab86e6d6c8d26-DFW alt-svc: h3=":443"; ma=86400
2025-03-13 10:06:45 UTC	691	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 40 00 00 03 21 08 03 00 00 00 87 42 8d cd 00 00 03 00 50 4c 54 45 ff ff ff fe fd fe 28 28 28 fe ff ff 0e 0e 0e 00 00 00 da da da fe fe fe ff 53 00 db db db fd fc fd 24 24 24 64 90 f0 26 26 26 ff ff fe e4 e4 e4 21 21 21 f9 f9 f9 dd dd dd ff fe fe e0 e0 e0 e8 e8 e8 d9 d9 d9 df df df fc fb fc ff fe ff e6 e6 e6 1f 1f 1f 1d 1d 1d fa fa fa 36 36 36 fd fe ff e1 e1 e1 ff fe fc 04 04 04 e7 e7 e7 e2 e2 e2 2f 2f 2f eb eb eb 1b 1b 1b 2a 2a 2a 0a 0a 0a e9 e9 e9 f7 f7 f8 33 33 33 6b 6b 6b ff fb f9 96 96 96 2d 2d 2d f0 f0 f0 12 12 12 39 39 39 fc ff ff f3 f3 f3 ed ed ed f6 f6 f6 fa fc ff d5 d5 d5 c8 c8 c8 ff 56 05 a3 a3 a3 f5 ff ff ff ff f7 16 16 16 b9 ba ba 2c 2c 2c f8 ff ff ff 43 00 99 99 99 9d 9d 9d c2 c2 c2 ff Data Ascii: PNGIHDR@!BPLTE(((S$$$d&&&!!!666///***333kkk---999V,,,C
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: 43 20 88 c6 c7 88 38 01 08 5a 28 68 9d f4 9a 28 7d 66 54 0b 16 8b ff 9d 70 9a 7e 63 b7 76 16 a8 39 25 e7 dd d2 69 81 9c 86 13 07 ff a7 8c 77 8e ad 5a 6d 8c ba 63 40 a3 8c 79 3b 64 98 3f 9f da d5 8c 64 ff 72 49 2b 39 4b 51 3d 2e 7a 9c c2 fb 8e 17 5c 89 b7 f4 ba 4b 31 50 b0 fc be d5 18 38 94 ff e9 fe ff 74 81 ff 59 20 ff d0 f2 ff 9f b4 ff 48 44 76 54 79 f0 8a 11 c0 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ec bd 7b 50 14 67 be f8 fd 1d 9a de a7 6c 8a 8e e3 e4 d2 46 db 4e b7 17 c4 91 89 c0 20 23 c5 45 a7 22 24 08 08 ac 1e 7d 29 58 8e eb e1 7d f9 11 dc 1f f9 55 d6 c5 ec 11 f2 66 eb 5d d1 da 85 4d 0e 6e 38 e1 6c fc 2d 2a 7b 82 48 22 ba de 56 5d 0d 5e 37 de 4a 2d 6f c9 8f 14 49 4c 49 d4 94 49 79 52 f9 ef bc f5 Data Ascii: C 8Z(h(}fTp~cv9%iwZmc@y;d?drI+9KQ=.z\K1P8tY HDvTypHYs IDATx{PglFN #E"$})X}Uf]Mn8l-*{H"V]^7J-oILIIyR
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: b2 ab 76 55 93 87 53 69 e0 d0 3d ab b6 88 7b 32 64 4d 96 54 c5 6e 57 25 d0 55 45 b5 db 55 c1 a1 39 34 d0 ed aa dd 6e 6e 53 ed 8a 00 0e d5 f9 ab 9c 4f db 9b b0 e6 db 4c 0b 98 7f 25 60 b8 0f d3 55 09 64 45 85 13 71 6d b2 14 bc 83 07 40 b7 9b 3b 86 5f be bb e0 78 f5 59 b7 ae 39 98 ac d8 31 91 9a ac e0 b9 31 73 54 bb 07 93 60 b7 2b c3 79 de d6 3d b9 db 79 4d c1 1e c0 0b a8 1a 38 14 45 51 6d e0 60 98 7e f7 91 fa 5b e0 31 af 2d 2b f8 85 28 8a 79 7f 8a 47 bf da 7a 18 54 55 b5 db 3d 20 2b 0a e6 a6 26 0b 56 0e 3a 30 77 34 9e 03 9e e1 38 54 96 60 c3 5e 23 be fc e6 6a 59 51 25 70 28 2a 93 55 f3 5a 60 7e 4b 1e d0 1c 3c 41 80 1b ec 8a fb a5 ff f9 8a 07 cb fd 70 af b8 44 ff 02 7f 9d 62 7b ad cb 6e e6 af a6 e3 1f d5 ee ed aa 3f 0b 57 0f 1d c6 b7 aa 7d 09 9c 68 dc 2f 3b Data Ascii: vUSi={2dMTnW%UEU94nnSOL%`UdEqm@;_xY911sT`+y=yM8EQm`~[1-+(yGzTU= +&V:0w48T`^#jYQ%p(*UZ`~K<ApDb{n?W}h/;
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: be fe 0d be c4 ac ce 3d d8 7a 98 5f 6b 6f e3 d7 ee e3 e2 ed b2 de fa 9e f5 70 a2 be e7 c6 be 0f d6 c2 66 f1 76 e1 8b 9f 6d af be 7c 67 58 02 91 2f b4 62 64 e1 f2 76 6d 6c 2d eb ad de d5 a0 6f 6e d9 55 75 b1 ba bd 16 05 72 b5 bc 6d d5 ce cb d7 fb ea cf c2 e6 96 f3 55 17 8d 6f 8a 6d 14 81 0c c1 5d 7a 61 cd fb 49 40 20 f1 d1 53 d4 1a 31 c1 6e 4f 48 48 48 28 2c 02 36 cb da c9 6c 44 9f b9 68 d1 a2 b1 71 cf 51 ab 07 31 58 20 9d 73 e6 9c 31 ee 78 ff 4f f5 51 af 7e a1 79 3f e4 ee ec 6e ea da 77 ae 18 36 57 5f 81 23 1b cf 7a f5 ab cd 6d 5d fb 3e 2a 86 1d fd 6b 01 ff 93 3e d2 72 05 f4 f7 7f e3 0e bf 40 96 65 05 4b 64 b8 da 7c 58 92 2f d4 1f 75 e7 7e d2 7c b8 6e 5f fb 7a 38 d2 f2 8d db c5 20 f7 fd df 41 ce ce f6 a6 ba 4d e7 8a f5 33 ad 6d b9 07 5b b7 41 d7 be 9e d5 Data Ascii: =z_kopfvm\|gX/bdvml-onUurmUom]zaI@ S1nOHHH(,6lDhqQ1X s1xOQ~y?nw6W_#zm]>*k>r@eKd\|X/u~\|n_z8 AM3m[A
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: f6 a6 cc 2f cb 3b e1 c8 a6 8f 56 bf bc f3 50 5b dd be 73 b5 fa 85 cb 6d 18 0d c0 4b ff b1 16 2a f7 9e ab 0d 5f 20 0e 05 76 b4 74 3e 35 e7 c9 2f 1a db f4 0b d5 67 f3 72 0e b6 6e ab db d7 bd 16 76 d4 9f c5 96 ba dd e5 fb b1 72 84 0b 04 a3 1e fd 93 e6 36 d8 b0 ef dc 6a 90 b4 cc 7f 7d 31 0f 4e 88 fb bb 8e 7d 93 07 bf ff a7 62 7c e4 cd 94 60 c5 ce cb b3 ce 02 9c 88 c6 47 f7 06 d8 1c db b6 62 4b 4f 2d bc fc 7f af ce f9 d9 2f 40 c7 3a b0 e1 f5 c2 3a 9b 61 4f 4d c5 fa 34 c8 f9 d9 da 9c 9d ed 79 70 22 28 02 b9 2f 02 39 0c 92 04 9b eb 0f 40 ce ce 0f 1b 56 ec 44 81 c8 0a 7e 09 c5 39 67 1a 6f a1 49 21 f7 67 af e8 ee 23 f3 16 b7 1e c6 be 0f 78 7f eb 33 2f b4 b6 ad 3a d6 5e 0c 9b a3 ff af dc 4f 1b 3b 84 ba bd 3d b5 75 9b f6 78 e1 f7 ff be 7c d5 de 73 79 66 96 5d 2d df Data Ascii: /;VP[smK*_ vt>5/grnvr6j}1N}b\|`GbKO-/@::aOM4yp"(/9@VD~9goI!g#x3/:^O;=ux\|syf]-
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: 86 f7 fc 7d 0b 7c 24 22 b6 b0 fa fb 6a f2 96 52 6c b5 63 0e df 08 42 d9 0d e0 e0 d3 a7 48 fe 09 f6 ac 81 84 ba c7 1c b6 a6 4b 78 2a c1 9c 38 49 17 f8 0f db 97 58 73 5c 9b 64 76 ee 74 0d ab 13 a2 ee fb 6b 65 91 af a8 c2 8c b2 31 df bf 86 33 36 9f 67 ad 2d f0 25 e0 58 3d dc c6 cc 61 9d bc ef b3 f5 f5 98 d3 88 09 be fb e3 07 9a 99 b1 24 e7 d3 0f 9a 30 13 fd 1f e2 ac 51 be 2c 1b ce 5c 2b cc f7 a3 90 7c e9 b1 e5 7c fa 41 2d 1f 7d 7a 3c fa 80 39 68 d1 ba 26 6a 8a e1 9c 37 df 63 f2 b2 ef 35 17 96 db 1a cf 9a 79 a9 bf 09 ba 36 7d 94 87 c3 28 cd ac c0 04 f0 5f 08 43 cb 0d e3 62 11 85 04 8f cd 9d 12 14 81 3c 3f 75 51 32 32 b3 f0 09 78 ce f7 3a 61 1a 3c 87 2f 16 97 15 e0 37 a7 c0 53 65 13 a2 a7 66 cf cd 2a 00 a9 86 ef 92 9c bc 28 1b 9c 15 d8 7a ce 60 41 dc 02 df 38 Data Ascii: }\|$"jRlcBHKx8IXs\dvtke136g-%X=a$0Q,\+\|\|A-}z<9h&j7c5y6}(_Cb<?uQ22x:a</7Sef(z`A8
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 Data Ascii: A$ ",H ADX@ AaA! BA A$ ",H ADX@ AaA! BA A$ ",H ADX@ AaA! BA A$ ",H ADX@ AaA! BA A$ ",H ADX
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: 7b 29 7f e8 ed 10 ba 16 7f 3d 23 28 02 d1 61 c7 59 e1 8d 84 6d 90 d3 bb 15 76 f4 ff 2e 65 73 ff 7a 6c 60 27 08 22 1c 22 58 20 4c 85 7c ee 8f 40 23 88 39 82 3b 32 23 90 e8 a4 f8 d2 d1 d2 0c 62 09 44 77 d7 fd f7 5f 13 7f b5 a1 6c db f1 ce 3c 80 1d fd 0d b8 1d 32 4f 5d 2b 3e de f9 97 44 f5 d2 b5 da ae fe 26 de d4 1e 24 10 ef aa 1b 1d 70 a4 bf 29 67 7b c7 2f ff b2 aa f7 e7 02 35 82 10 44 fb 12 47 17 00 00 20 00 49 44 41 54 98 44 b0 40 14 28 98 88 35 58 66 31 1b 64 8e f8 f8 e8 48 f9 07 ef cb 6f 92 f8 49 4f 01 4e f0 3e 5a 04 c2 74 77 57 61 4d 7e 7e cd e9 75 9b bf ce d0 61 43 55 43 e6 99 ad 82 02 97 ae 15 9f 28 ac a9 c9 2f bc b6 ba ab 73 39 ef aa 85 02 91 19 43 81 78 e0 cd 6b c5 5f 7e 9d b1 62 7b 4d 7e 4d 7e c9 56 37 0d 2c 24 88 30 89 58 81 f0 00 c4 df 82 9e 84 Data Ascii: {)=#(aYmv.eszl`'""X L\|@#9;2#bDw_l<2O]+>D&$p)g{/5DG IDATD@(5Xf1dHoION>ZtwWaM~~uaCUC(/s9Cxk_~b{M~M~V7,$0X
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: 25 71 61 d1 83 14 08 d6 40 cd 9e bc a6 aa ea d9 d4 c9 7c 1d 13 78 fc b9 17 b2 17 ce 98 5d 51 81 7d c5 9e 5e 58 9a 32 79 41 fa e3 73 0a 66 a7 80 22 39 d3 0a 9e 7a 3a 6d 4d d9 1c ff cc 57 58 e5 a5 c2 32 31 29 9e 22 10 82 20 1e 18 11 2d 90 a4 89 33 06 74 d4 65 90 b2 c8 3f ef 07 d6 62 8d f1 f5 70 9a 93 9e 0e 30 b7 70 ca 98 a7 e6 ce 99 ff 78 e9 c2 d9 0f 32 5b 18 03 75 e1 c2 8a 9a 9a aa ec b9 a0 c0 e3 f3 53 9f 79 ee d9 b4 d2 a2 65 85 d8 09 19 4a d3 16 16 15 cd 9f 96 b2 70 ee 4f d2 c6 3b e1 f9 2a 9c 97 25 75 cd 0b aa bf 6f 00 9f 3b b2 34 2b 9a 04 42 10 c4 83 23 a2 05 12 5d 82 6d 1c a1 c7 4c 8b 0d 5e 4b c3 e0 93 47 31 b0 29 4a d1 7c c8 9e 5b 31 66 46 62 4a 7a 7a e2 0b 15 f3 53 1f a8 40 24 a5 74 e1 b2 fc fc 65 73 17 82 0a d9 e9 d9 4a ca 8c 94 67 96 d5 d4 70 81 a4 Data Ascii: %qa@\|x]Q}^X2yAsf"9z:mMWX21)" -3te?bp0px2[uSyeJpO;*%uo;4+B#]mL^KG1)J\|[1fFbJzzS@$tesJgp
2025-03-13 10:06:45 UTC	1369	IN	Data Raw: 4e 7d 03 37 f4 bf 02 12 37 0a 5b 92 89 67 48 b8 b6 16 3c dc 08 ba 7b c5 32 7e ad d5 ba 47 16 40 5e a2 bf d9 5b 96 d0 e1 b6 e1 a7 0e a6 e5 fe 2c bf ac 2c a1 6c 9d cc c6 fb b2 47 d0 55 80 a5 ff 79 a3 2a 21 61 cd bf ff 9d 67 98 06 2f f7 05 f2 27 ff d7 5e 32 08 31 7c 48 20 91 2c 10 b3 c1 87 f7 07 0e 1b 85 0f 6d 1c 59 12 61 c0 dc f0 da c9 09 86 28 8a c6 a1 db fd af 78 2a 3f 17 43 f9 b6 18 8b 51 0d de 3c 39 3d 1e df 1b 71 b7 ef 14 cb 0a 38 98 bc 04 2e 54 5b 7b 19 59 93 4e af 03 1b 30 41 cb 3d 18 74 74 f7 36 dd 13 b8 9c 2c 28 b0 b9 1e b7 b7 1e e6 65 38 80 cb bd 9b 6f 68 ee 00 45 60 82 ee c9 c1 c3 af 80 24 2f c9 f9 d4 77 16 23 ee f6 e9 b5 f8 a8 1f f8 4e 64 15 4e f0 03 1b 0f 80 47 10 40 16 5c 70 9c 6f 28 bf 05 2a 9e 99 e9 9e ca bd fc e8 4e b7 8b db 4a f7 d6 99 7b Data Ascii: N}77[gH<{2~G@^[,,lGUy!ag/'^21\|H ,mYa(x?CQ<9=q8.T[{YN0A=tt6,(e8ohE`$/w#NdNG@\po(*NJ{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49709	104.18.161.117	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:47 UTC	460	OUT	GET /6517aab6d6409bc0545865df/6517ab22b4022cb457327678_ledger%20favcoin.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:47 UTC	643	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:47 GMT Content-Type: image/png Content-Length: 529 Connection: close x-amz-id-2: KVNhWXBziG72Ef+D7Yq/C7SeRuvFq5hVyRH0A4N8adkWWm3OlcpIgqvgehe+yV86tZGVAqkDslI= x-amz-request-id: 8SZKJNTB793KKQYM Last-Modified: Sat, 30 Sep 2023 04:59:17 GMT ETag: "39b84b74a9f50d238e22df983977ee5c" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: qZ1uzrsKHKi5Q28ysCWQVuqf_82J6dp6 CF-Cache-Status: HIT Age: 31800 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 91fab87b1859e993-DFW alt-svc: h3=":443"; ma=86400
2025-03-13 10:06:47 UTC	529	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 01 a6 49 44 41 54 58 47 ed 96 bf ae 82 30 14 c6 8f 80 09 13 83 93 89 bb 4c fa 02 2e 0e c6 57 e0 05 7c 90 3b 90 f8 12 3e 80 8c 32 13 36 76 57 76 12 26 16 a3 09 89 7f b8 1c da 5c ee b5 a5 84 96 c4 6b ee fd 25 5f a0 5f db c3 d1 f4 b4 1d 00 40 51 ea 65 68 f4 f9 32 fe 13 f8 9d 09 14 45 21 d4 76 bb a5 23 6b d0 e3 8d fd 2e 1e dc 2a c0 c1 bb dd 0e 82 20 00 d3 34 a9 4b d0 75 1d a2 28 82 38 8e a9 43 b0 6d 1b 16 8b 05 dc ef 77 ea 10 f2 3c 87 d5 6a 05 9b cd 06 06 03 fc 1c 0b 26 f0 43 88 e3 38 8c 2f 2b 8c 85 f0 fa 1a Data Ascii: PNGIHDR szzsRGBgAMAapHYs+IDATXG0L.W\|;>26vWv&\k%__@Qeh2E!v#k.* 4Ku(8Cmw<j&C8/+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49711	104.18.161.117	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:47 UTC	467	OUT	GET /6517aab6d6409bc0545865df/6517aad2cde9c5589d17f88c_ledger%20webflow-p-1600.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:48 UTC	678	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 10:06:48 GMT Content-Type: image/png Content-Length: 94569 Connection: close x-amz-id-2: hIjCDL7YxeUHwUjXCEEcUO18FE5H11n0gfZqlXm9BVV4lD4PtHvgkNL2heU2kP8qwWxg2GwT+KcYbpzSb6abps6VAcJCg6/ctH8oeuKxpho= x-amz-request-id: S0R7ZDNKEC0GKY43 Last-Modified: Sat, 30 Sep 2023 04:58:00 GMT ETag: "3f519a1fd6816421b809e704fc8e9225" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: HcJJr0nSuKXCr0wsDtQTB8We3ehVRtqm CF-Cache-Status: HIT Age: 133809 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 91fab87f1d11e7db-DFW alt-svc: h3=":443"; ma=86400
2025-03-13 10:06:48 UTC	691	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 40 00 00 03 21 08 03 00 00 00 87 42 8d cd 00 00 03 00 50 4c 54 45 ff ff ff fe fd fe 28 28 28 fe ff ff 0e 0e 0e 00 00 00 da da da fe fe fe ff 53 00 db db db fd fc fd 24 24 24 64 90 f0 26 26 26 ff ff fe e4 e4 e4 21 21 21 f9 f9 f9 dd dd dd ff fe fe e0 e0 e0 e8 e8 e8 d9 d9 d9 df df df fc fb fc ff fe ff e6 e6 e6 1f 1f 1f 1d 1d 1d fa fa fa 36 36 36 fd fe ff e1 e1 e1 ff fe fc 04 04 04 e7 e7 e7 e2 e2 e2 2f 2f 2f eb eb eb 1b 1b 1b 2a 2a 2a 0a 0a 0a e9 e9 e9 f7 f7 f8 33 33 33 6b 6b 6b ff fb f9 96 96 96 2d 2d 2d f0 f0 f0 12 12 12 39 39 39 fc ff ff f3 f3 f3 ed ed ed f6 f6 f6 fa fc ff d5 d5 d5 c8 c8 c8 ff 56 05 a3 a3 a3 f5 ff ff ff ff f7 16 16 16 b9 ba ba 2c 2c 2c f8 ff ff ff 43 00 99 99 99 9d 9d 9d c2 c2 c2 ff Data Ascii: PNGIHDR@!BPLTE(((S$$$d&&&!!!666///***333kkk---999V,,,C
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: 43 20 88 c6 c7 88 38 01 08 5a 28 68 9d f4 9a 28 7d 66 54 0b 16 8b ff 9d 70 9a 7e 63 b7 76 16 a8 39 25 e7 dd d2 69 81 9c 86 13 07 ff a7 8c 77 8e ad 5a 6d 8c ba 63 40 a3 8c 79 3b 64 98 3f 9f da d5 8c 64 ff 72 49 2b 39 4b 51 3d 2e 7a 9c c2 fb 8e 17 5c 89 b7 f4 ba 4b 31 50 b0 fc be d5 18 38 94 ff e9 fe ff 74 81 ff 59 20 ff d0 f2 ff 9f b4 ff 48 44 76 54 79 f0 8a 11 c0 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ec bd 7b 50 14 67 be f8 fd 1d 9a de a7 6c 8a 8e e3 e4 d2 46 db 4e b7 17 c4 91 89 c0 20 23 c5 45 a7 22 24 08 08 ac 1e 7d 29 58 8e eb e1 7d f9 11 dc 1f f9 55 d6 c5 ec 11 f2 66 eb 5d d1 da 85 4d 0e 6e 38 e1 6c fc 2d 2a 7b 82 48 22 ba de 56 5d 0d 5e 37 de 4a 2d 6f c9 8f 14 49 4c 49 d4 94 49 79 52 f9 ef bc f5 Data Ascii: C 8Z(h(}fTp~cv9%iwZmc@y;d?drI+9KQ=.z\K1P8tY HDvTypHYs IDATx{PglFN #E"$})X}Uf]Mn8l-*{H"V]^7J-oILIIyR
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: b2 ab 76 55 93 87 53 69 e0 d0 3d ab b6 88 7b 32 64 4d 96 54 c5 6e 57 25 d0 55 45 b5 db 55 c1 a1 39 34 d0 ed aa dd 6e 6e 53 ed 8a 00 0e d5 f9 ab 9c 4f db 9b b0 e6 db 4c 0b 98 7f 25 60 b8 0f d3 55 09 64 45 85 13 71 6d b2 14 bc 83 07 40 b7 9b 3b 86 5f be bb e0 78 f5 59 b7 ae 39 98 ac d8 31 91 9a ac e0 b9 31 73 54 bb 07 93 60 b7 2b c3 79 de d6 3d b9 db 79 4d c1 1e c0 0b a8 1a 38 14 45 51 6d e0 60 98 7e f7 91 fa 5b e0 31 af 2d 2b f8 85 28 8a 79 7f 8a 47 bf da 7a 18 54 55 b5 db 3d 20 2b 0a e6 a6 26 0b 56 0e 3a 30 77 34 9e 03 9e e1 38 54 96 60 c3 5e 23 be fc e6 6a 59 51 25 70 28 2a 93 55 f3 5a 60 7e 4b 1e d0 1c 3c 41 80 1b ec 8a fb a5 ff f9 8a 07 cb fd 70 af b8 44 ff 02 7f 9d 62 7b ad cb 6e e6 af a6 e3 1f d5 ee ed aa 3f 0b 57 0f 1d c6 b7 aa 7d 09 9c 68 dc 2f 3b Data Ascii: vUSi={2dMTnW%UEU94nnSOL%`UdEqm@;_xY911sT`+y=yM8EQm`~[1-+(yGzTU= +&V:0w48T`^#jYQ%p(*UZ`~K<ApDb{n?W}h/;
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: be fe 0d be c4 ac ce 3d d8 7a 98 5f 6b 6f e3 d7 ee e3 e2 ed b2 de fa 9e f5 70 a2 be e7 c6 be 0f d6 c2 66 f1 76 e1 8b 9f 6d af be 7c 67 58 02 91 2f b4 62 64 e1 f2 76 6d 6c 2d eb ad de d5 a0 6f 6e d9 55 75 b1 ba bd 16 05 72 b5 bc 6d d5 ce cb d7 fb ea cf c2 e6 96 f3 55 17 8d 6f 8a 6d 14 81 0c c1 5d 7a 61 cd fb 49 40 20 f1 d1 53 d4 1a 31 c1 6e 4f 48 48 48 28 2c 02 36 cb da c9 6c 44 9f b9 68 d1 a2 b1 71 cf 51 ab 07 31 58 20 9d 73 e6 9c 31 ee 78 ff 4f f5 51 af 7e a1 79 3f e4 ee ec 6e ea da 77 ae 18 36 57 5f 81 23 1b cf 7a f5 ab cd 6d 5d fb 3e 2a 86 1d fd 6b 01 ff 93 3e d2 72 05 f4 f7 7f e3 0e bf 40 96 65 05 4b 64 b8 da 7c 58 92 2f d4 1f 75 e7 7e d2 7c b8 6e 5f fb 7a 38 d2 f2 8d db c5 20 f7 fd df 41 ce ce f6 a6 ba 4d e7 8a f5 33 ad 6d b9 07 5b b7 41 d7 be 9e d5 Data Ascii: =z_kopfvm\|gX/bdvml-onUurmUom]zaI@ S1nOHHH(,6lDhqQ1X s1xOQ~y?nw6W_#zm]>*k>r@eKd\|X/u~\|n_z8 AM3m[A
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: f6 a6 cc 2f cb 3b e1 c8 a6 8f 56 bf bc f3 50 5b dd be 73 b5 fa 85 cb 6d 18 0d c0 4b ff b1 16 2a f7 9e ab 0d 5f 20 0e 05 76 b4 74 3e 35 e7 c9 2f 1a db f4 0b d5 67 f3 72 0e b6 6e ab db d7 bd 16 76 d4 9f c5 96 ba dd e5 fb b1 72 84 0b 04 a3 1e fd 93 e6 36 d8 b0 ef dc 6a 90 b4 cc 7f 7d 31 0f 4e 88 fb bb 8e 7d 93 07 bf ff a7 62 7c e4 cd 94 60 c5 ce cb b3 ce 02 9c 88 c6 47 f7 06 d8 1c db b6 62 4b 4f 2d bc fc 7f af ce f9 d9 2f 40 c7 3a b0 e1 f5 c2 3a 9b 61 4f 4d c5 fa 34 c8 f9 d9 da 9c 9d ed 79 70 22 28 02 b9 2f 02 39 0c 92 04 9b eb 0f 40 ce ce 0f 1b 56 ec 44 81 c8 0a 7e 09 c5 39 67 1a 6f a1 49 21 f7 67 af e8 ee 23 f3 16 b7 1e c6 be 0f 78 7f eb 33 2f b4 b6 ad 3a d6 5e 0c 9b a3 ff af dc 4f 1b 3b 84 ba bd 3d b5 75 9b f6 78 e1 f7 ff be 7c d5 de 73 79 66 96 5d 2d df Data Ascii: /;VP[smK*_ vt>5/grnvr6j}1N}b\|`GbKO-/@::aOM4yp"(/9@VD~9goI!g#x3/:^O;=ux\|syf]-
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: 86 f7 fc 7d 0b 7c 24 22 b6 b0 fa fb 6a f2 96 52 6c b5 63 0e df 08 42 d9 0d e0 e0 d3 a7 48 fe 09 f6 ac 81 84 ba c7 1c b6 a6 4b 78 2a c1 9c 38 49 17 f8 0f db 97 58 73 5c 9b 64 76 ee 74 0d ab 13 a2 ee fb 6b 65 91 af a8 c2 8c b2 31 df bf 86 33 36 9f 67 ad 2d f0 25 e0 58 3d dc c6 cc 61 9d bc ef b3 f5 f5 98 d3 88 09 be fb e3 07 9a 99 b1 24 e7 d3 0f 9a 30 13 fd 1f e2 ac 51 be 2c 1b ce 5c 2b cc f7 a3 90 7c e9 b1 e5 7c fa 41 2d 1f 7d 7a 3c fa 80 39 68 d1 ba 26 6a 8a e1 9c 37 df 63 f2 b2 ef 35 17 96 db 1a cf 9a 79 a9 bf 09 ba 36 7d 94 87 c3 28 cd ac c0 04 f0 5f 08 43 cb 0d e3 62 11 85 04 8f cd 9d 12 14 81 3c 3f 75 51 32 32 b3 f0 09 78 ce f7 3a 61 1a 3c 87 2f 16 97 15 e0 37 a7 c0 53 65 13 a2 a7 66 cf cd 2a 00 a9 86 ef 92 9c bc 28 1b 9c 15 d8 7a ce 60 41 dc 02 df 38 Data Ascii: }\|$"jRlcBHKx8IXs\dvtke136g-%X=a$0Q,\+\|\|A-}z<9h&j7c5y6}(_Cb<?uQ22x:a</7Sef(z`A8
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 90 40 08 82 20 88 b0 20 81 10 04 41 10 61 41 02 21 08 82 20 c2 82 04 42 10 04 41 84 05 09 84 20 08 82 08 0b 12 08 41 10 04 11 16 24 10 82 20 08 22 2c 48 20 04 41 10 44 58 Data Ascii: A$ ",H ADX@ AaA! BA A$ ",H ADX@ AaA! BA A$ ",H ADX@ AaA! BA A$ ",H ADX@ AaA! BA A$ ",H ADX
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: 7b 29 7f e8 ed 10 ba 16 7f 3d 23 28 02 d1 61 c7 59 e1 8d 84 6d 90 d3 bb 15 76 f4 ff 2e 65 73 ff 7a 6c 60 27 08 22 1c 22 58 20 4c 85 7c ee 8f 40 23 88 39 82 3b 32 23 90 e8 a4 f8 d2 d1 d2 0c 62 09 44 77 d7 fd f7 5f 13 7f b5 a1 6c db f1 ce 3c 80 1d fd 0d b8 1d 32 4f 5d 2b 3e de f9 97 44 f5 d2 b5 da ae fe 26 de d4 1e 24 10 ef aa 1b 1d 70 a4 bf 29 67 7b c7 2f ff b2 aa f7 e7 02 35 82 10 44 fb 12 47 17 00 00 20 00 49 44 41 54 98 44 b0 40 14 28 98 88 35 58 66 31 1b 64 8e f8 f8 e8 48 f9 07 ef cb 6f 92 f8 49 4f 01 4e f0 3e 5a 04 c2 74 77 57 61 4d 7e 7e cd e9 75 9b bf ce d0 61 43 55 43 e6 99 ad 82 02 97 ae 15 9f 28 ac a9 c9 2f bc b6 ba ab 73 39 ef aa 85 02 91 19 43 81 78 e0 cd 6b c5 5f 7e 9d b1 62 7b 4d 7e 4d 7e c9 56 37 0d 2c 24 88 30 89 58 81 f0 00 c4 df 82 9e 84 Data Ascii: {)=#(aYmv.eszl`'""X L\|@#9;2#bDw_l<2O]+>D&$p)g{/5DG IDATD@(5Xf1dHoION>ZtwWaM~~uaCUC(/s9Cxk_~b{M~M~V7,$0X
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: 25 71 61 d1 83 14 08 d6 40 cd 9e bc a6 aa ea d9 d4 c9 7c 1d 13 78 fc b9 17 b2 17 ce 98 5d 51 81 7d c5 9e 5e 58 9a 32 79 41 fa e3 73 0a 66 a7 80 22 39 d3 0a 9e 7a 3a 6d 4d d9 1c ff cc 57 58 e5 a5 c2 32 31 29 9e 22 10 82 20 1e 18 11 2d 90 a4 89 33 06 74 d4 65 90 b2 c8 3f ef 07 d6 62 8d f1 f5 70 9a 93 9e 0e 30 b7 70 ca 98 a7 e6 ce 99 ff 78 e9 c2 d9 0f 32 5b 18 03 75 e1 c2 8a 9a 9a aa ec b9 a0 c0 e3 f3 53 9f 79 ee d9 b4 d2 a2 65 85 d8 09 19 4a d3 16 16 15 cd 9f 96 b2 70 ee 4f d2 c6 3b e1 f9 2a 9c 97 25 75 cd 0b aa bf 6f 00 9f 3b b2 34 2b 9a 04 42 10 c4 83 23 a2 05 12 5d 82 6d 1c a1 c7 4c 8b 0d 5e 4b c3 e0 93 47 31 b0 29 4a d1 7c c8 9e 5b 31 66 46 62 4a 7a 7a e2 0b 15 f3 53 1f a8 40 24 a5 74 e1 b2 fc fc 65 73 17 82 0a d9 e9 d9 4a ca 8c 94 67 96 d5 d4 70 81 a4 Data Ascii: %qa@\|x]Q}^X2yAsf"9z:mMWX21)" -3te?bp0px2[uSyeJpO;*%uo;4+B#]mL^KG1)J\|[1fFbJzzS@$tesJgp
2025-03-13 10:06:48 UTC	1369	IN	Data Raw: 4e 7d 03 37 f4 bf 02 12 37 0a 5b 92 89 67 48 b8 b6 16 3c dc 08 ba 7b c5 32 7e ad d5 ba 47 16 40 5e a2 bf d9 5b 96 d0 e1 b6 e1 a7 0e a6 e5 fe 2c bf ac 2c a1 6c 9d cc c6 fb b2 47 d0 55 80 a5 ff 79 a3 2a 21 61 cd bf ff 9d 67 98 06 2f f7 05 f2 27 ff d7 5e 32 08 31 7c 48 20 91 2c 10 b3 c1 87 f7 07 0e 1b 85 0f 6d 1c 59 12 61 c0 dc f0 da c9 09 86 28 8a c6 a1 db fd af 78 2a 3f 17 43 f9 b6 18 8b 51 0d de 3c 39 3d 1e df 1b 71 b7 ef 14 cb 0a 38 98 bc 04 2e 54 5b 7b 19 59 93 4e af 03 1b 30 41 cb 3d 18 74 74 f7 36 dd 13 b8 9c 2c 28 b0 b9 1e b7 b7 1e e6 65 38 80 cb bd 9b 6f 68 ee 00 45 60 82 ee c9 c1 c3 af 80 24 2f c9 f9 d4 77 16 23 ee f6 e9 b5 f8 a8 1f f8 4e 64 15 4e f0 03 1b 0f 80 47 10 40 16 5c 70 9c 6f 28 bf 05 2a 9e 99 e9 9e ca bd fc e8 4e b7 8b db 4a f7 d6 99 7b Data Ascii: N}77[gH<{2~G@^[,,lGUy!ag/'^21\|H ,mYa(x?CQ<9=q8.T[{YN0A=tt6,(e8ohE`$/w#NdNG@\po(*NJ{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49713	34.107.207.124	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:56 UTC	718	OUT	GET /QfI0oeMfX HTTP/1.1 Host: gtly.to Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://started-ledgger.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:56 UTC	472	IN	HTTP/1.1 404 Not Found x-powered-by: Express cache-control: private, no-cache, no-store, must-revalidate referer: https://started-ledgger.webflow.io/ content-type: text/html; charset=utf-8 etag: W/"188-ze4DTuXMy5nJCVqsdQu1C2/PUow" X-Cloud-Trace-Context: 005e5c79727f6529432413c72e5526f6 Date: Thu, 13 Mar 2025 10:06:56 GMT Server: Google Frontend Content-Length: 392 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-03-13 10:06:56 UTC	392	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 73 77 2d 77 73 30 74 36 75 68 36 67 64 79 6e 35 31 76 6e 36 6d 71 77 6c 65 36 32 33 76 36 78 6e 6e 6c 6e 78 79 6a 34 69 62 78 6e 39 6e 65 35 76 6b 36 74 6e 38 61 72 71 6a 76 35 75 61 38 77 37 2d 6f 33 71 30 66 6e 77 71 6c 65 39 64 67 37 73 6f 30 79 6d 39 33 6f 6e 34 30 74 6e 61 66 35 35 74 37 67 78 6d 77 65 6a 39 7a 64 30 39 72 68 70 73 76 34 72 70 73 33 6d 31 31 33 70 79 62 67 35 69 68 62 2c 20 6e 73 77 2d 65 38 71 69 68 6f 72 30 6b 62 70 6d 36 65 32 38 33 61 67 75 6d 77 79 36 38 32 67 64 77 7a 68 6a 70 66 73 61 61 71 38 37 66 6a 6e 6a 6a 6b 6a 6c 73 35 31 32 34 74 34 79 71 31 61 34 38 2d 34 39 36 2d 75 34 6d 77 39 75 38 2d Data Ascii: <html><head><meta name="keywords" content="nsw-ws0t6uh6gdyn51vn6mqwle623v6xnnlnxyj4ibxn9ne5vk6tn8arqjv5ua8w7-o3q0fnwqle9dg7so0ym93on40tnaf55t7gxmwej9zd09rhpsv4rps3m113pybg5ihb, nsw-e8qihor0kbpm6e283agumwy682gdwzhjpfsaaq87fjnjjkjls5124t4yq1a48-496-u4mw9u8-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49712	34.107.207.124	443	3744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:06:57 UTC	586	OUT	GET /favicon.ico HTTP/1.1 Host: gtly.to Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gtly.to/QfI0oeMfX Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:06:57 UTC	426	IN	HTTP/1.1 404 Not Found x-powered-by: Express cache-control: private, no-cache, no-store, must-revalidate content-type: text/html; charset=utf-8 etag: W/"188-ze4DTuXMy5nJCVqsdQu1C2/PUow" X-Cloud-Trace-Context: 244466964c2bb8354129b194ca9d5c1e Date: Thu, 13 Mar 2025 10:06:57 GMT Server: Google Frontend Content-Length: 392 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-03-13 10:06:57 UTC	125	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 73 77 2d 77 73 30 74 36 75 68 36 67 64 79 6e 35 31 76 6e 36 6d 71 77 6c 65 36 32 33 76 36 78 6e 6e 6c 6e 78 79 6a 34 69 62 78 6e 39 6e 65 35 76 6b 36 74 6e 38 61 72 71 6a 76 35 75 61 38 77 37 2d 6f 33 71 30 66 6e 77 71 6c 65 39 64 67 37 73 6f Data Ascii: <html><head><meta name="keywords" content="nsw-ws0t6uh6gdyn51vn6mqwle623v6xnnlnxyj4ibxn9ne5vk6tn8arqjv5ua8w7-o3q0fnwqle9dg7so
2025-03-13 10:06:57 UTC	267	IN	Data Raw: 30 79 6d 39 33 6f 6e 34 30 74 6e 61 66 35 35 74 37 67 78 6d 77 65 6a 39 7a 64 30 39 72 68 70 73 76 34 72 70 73 33 6d 31 31 33 70 79 62 67 35 69 68 62 2c 20 6e 73 77 2d 65 38 71 69 68 6f 72 30 6b 62 70 6d 36 65 32 38 33 61 67 75 6d 77 79 36 38 32 67 64 77 7a 68 6a 70 66 73 61 61 71 38 37 66 6a 6e 6a 6a 6b 6a 6c 73 35 31 32 34 74 34 79 71 31 61 34 38 2d 34 39 36 2d 75 34 6d 77 39 75 38 2d 6e 32 74 68 2d 35 2d 76 73 74 65 39 6f 74 33 31 61 67 2d 6c 39 38 6f 6b 6e 37 73 64 33 61 35 7a 74 36 33 6d 6b 64 7a 68 33 62 63 64 31 68 2d 7a 38 6f 63 35 68 70 22 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 4c 69 6e 6b 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 47 65 6f 20 4c 69 6e 6b 73 20 70 6f 77 65 72 65 64 20 62 79 20 67 65 6f 74 61 72 67 65 74 6c 79 2e 63 6f 6d 3c 2f Data Ascii: 0ym93on40tnaf55t7gxmwej9zd09rhpsv4rps3m113pybg5ihb, nsw-e8qihor0kbpm6e283agumwy682gdwzhjpfsaaq87fjnjjkjls5124t4yq1a48-496-u4mw9u8-n2th-5-vste9ot31ag-l98okn7sd3a5zt63mkdzh3bcd1h-z8oc5hp"/></head><body>Link not found - Geo Links powered by geotargetly.com</

Target ID:	0
Start time:	06:06:26
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7783b0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	06:06:29
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2436,i,2546769467226362878,4728244360888877078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2448 /prefetch:3
Imagebase:	0x7ff7783b0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	06:06:35
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://started-ledgger.webflow.io"
Imagebase:	0x7ff7783b0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://started-ledgger.webflow.io

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6000, Parent PID: 5588

General

Chronological Activities

Analysis Process: chrome.exePID: 3744, Parent PID: 6000

General

Windows Analysis Report
https://started-ledgger.webflow.io