Edit tour

Windows Analysis Report
https://attsecure05.weebly.com/

Overview

General Information

Sample URL:	https://attsecure05.weebly.com/
Analysis ID:	1446167
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2020,i,16353255322260272096,8846895740344259769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://attsecure05.weebly.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://attsecure05.weebly.com/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://attsecure05.weebly.com/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Antivirus detection for URL or domain

Source: https://attsecure05.weebly.com/gdpr/gdprscript.js?buildTime=1716399845

Avira URL Cloud: Label: phishing

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: attsecure05.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gdpr/gdprscript.js?buildTime=1716399845 HTTP/1.1Host: attsecure05.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://attsecure05.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=3dKCVH_Ge1DADtuT_P_j2KFFozABWdskNVln2iw740M-1716416408-1.0.1.1-hDW20w0mAXzAu3tbuHrgjFbZIK_5E46icBbhd26JQjz_sO1o8UX01Y8ZKETyseg5YZ.ULqktpgeixIUSbGmtjQ
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://attsecure05.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://attsecure05.weebly.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://attsecure05.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://attsecure05.weebly.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://attsecure05.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://attsecure05.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: attsecure05.weebly.com
Source: global traffic	DNS traffic detected: DNS query: cdn1.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: cdn2.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 22:20:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 888031190a7f423e-EWRCF-Cache-Status: DYNAMICCache-Control: privateSet-Cookie: is_mobile=0; path=/; domain=attsecure05.weebly.comVary: X-W-SSL,User-AgentX-Host: blu73.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Set-Cookie: language=en; expires=Wed, 05-Jun-2024 22:20:08 GMT; Max-Age=1209600; path=/Set-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Sat, 20-May-2034 22:20:08 GMT; Max-Age=315360000; path=/Set-Cookie: __cf_bm=3dKCVH_Ge1DADtuT_P_j2KFFozABWdskNVln2iw740M-1716416408-1.0.1.1-hDW20w0mAXzAu3tbuHrgjFbZIK_5E46icBbhd26JQjz_sO1o8UX01Y8ZKETyseg5YZ.ULqktpgeixIUSbGmtjQ; path=/; expires=Wed, 22-May-24 22:50:08 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 22:20:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8880311acf02432c-EWRCF-Cache-Status: DYNAMICCache-Control: privateSet-Cookie: language=en; expires=Wed, 05-Jun-2024 22:20:08 GMT; Max-Age=1209600; path=/Vary: X-W-SSL,User-AgentX-Host: grn28.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Server: cloudflare

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/12@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2020,i,16353255322260272096,8846895740344259769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://attsecure05.weebly.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2020,i,16353255322260272096,8846895740344259769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://attsecure05.weebly.com/	100%	Avira URL Cloud	phishing
https://attsecure05.weebly.com/	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff	0%	Avira URL Cloud	safe
https://cdn1.editmysite.com/images/weebly-logo-blue.png	0%	Avira URL Cloud	safe
https://attsecure05.weebly.com/gdpr/gdprscript.js?buildTime=1716399845	100%	Avira URL Cloud	phishing
https://cdn1.editmysite.com/developer/none.ico	0%	Avira URL Cloud	safe
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
weebly.map.fastly.net	151.101.1.46	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
attsecure05.weebly.com	74.115.51.9	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.205.0	true	false	unknown
cdn2.editmysite.com	unknown	unknown	false	unknown
cdn1.editmysite.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://attsecure05.weebly.com/	true		unknown
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff	false	Avira URL Cloud: safe	unknown
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff	false	Avira URL Cloud: safe	unknown
https://cdn1.editmysite.com/developer/none.ico	false	Avira URL Cloud: safe	unknown
https://cdn1.editmysite.com/images/weebly-logo-blue.png	false	Avira URL Cloud: safe	unknown
https://attsecure05.weebly.com/gdpr/gdprscript.js?buildTime=1716399845	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.193.46	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.115.51.9	attsecure05.weebly.com	United States	27647	WEEBLYUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446167
Start date and time:	2024-05-23 00:19:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://attsecure05.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/12@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.184.238, 74.125.133.84, 34.104.35.123, 20.12.23.50, 192.229.221.95, 13.85.23.206, 199.232.210.172, 20.166.126.56, 216.58.212.163, 93.184.221.240
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://attsecure05.weebly.com/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://attsecure05.weebly.com/ Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "No input fields for username or password are present in the text.", "No submit button for login is present in the text.", "The text indicates a 404 error, which is a page not found error, not a login form." ] }
weebly 404 Error - Page Not Found Please check the URL. Otherwise, click here to be redirected to the homepage.

Input

Output

URL: https://attsecure05.weebly.com/ Model: Perplexity: mixtral-8x7b-instruct

{
"loginform": false,
"reasons": [
"No input fields for username or password are present in the text.",
"No submit button for login is present in the text.",
"The text indicates a 404 error, which is a page not found error, not a login form."
]
}

weebly 404 Error - Page Not Found Please check the URL. Otherwise, click here to be redirected to the homepage.

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (368)
Category:	downloaded
Size (bytes):	3909
Entropy (8bit):	5.4027865919578
Encrypted:	false
SSDEEP:	48:lmIbcBsty547kz0NqSaNRiQKaNr6BwdtniB0FvC5b1SXSDqqJfCFu:1wBs7e0NqSaNRiuNaqvS1SXS5
MD5:	3C3A35981AEA291CF76C9AD4B904F038
SHA1:	BB5F64AAF7614530ECE0E1385B377D8171000B20
SHA-256:	C9C8D52B92615953B22F6F4347C111E98E1EF1BF5FE699D0D7B61675B5E7EA6B
SHA-512:	207BDAD7E8EA3768082022E26CF41301B319CBF43B600964468B1CADC4E07265B8A7AD2FB06109FB42B4ABAEE77DC2DE9242904237F8BA465DB53437102959C7
Malicious:	false
Reputation:	low
URL:	https://attsecure05.weebly.com/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">.<head><script src="/gdpr/gdprscript.js?buildTime=1716399845"></script>..<title>404 - Page Not Found</title>..<meta http-equiv="content-type" content="text/html; charset=UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="robots" content="noarchive" />..<link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" />...<style type="text/css">...@font-face {....font-family: 'Proxima Nova';....font-weight: 300;....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot");....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmy

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 46052, version 0.0
Category:	downloaded
Size (bytes):	46052
Entropy (8bit):	7.9887889934165575
Encrypted:	false
SSDEEP:	768:7JzF4duQslnWgRpPD+dfFhPaHQBFmMvhEhc28OeNHxa++JdI4qUEkXqfjkHT:7dF4diWIJSpTawBFt+wOoRa3r0UEk6b6
MD5:	61F3BC4FC6146CC65961A8C8E917855A
SHA1:	02E25E22CF1C0A26D838A477B1F21BF33B71CA38
SHA-256:	AABC1A485E0941F1E2927B6A4BEED2B368431466977483068BBE367DE253A05C
SHA-512:	77CDA181F023FF6597D3B7A0FD269CEE76306EA650E2CC6FDDCBEF675C245B3D9F95178FE8A9D5EF65A5D8CA3DC0D3F675DBFB49DB05DAFC1FE822D79506C7B4
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff
Preview:	wOFF..............W........x...l............OS/2.......X...`.>..cmap................cvt ...$...(...(....fpgm...L........C>..gasp...............#glyf..,...........<head...d...6...6....hhea.......!...$.d.rhmtx.......\...@...loca..$<...W......d.maxp...D... ... ....name........... ..l.post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........AB..t_.<..................\|..E...p..............x.c`f.c..................D......X.A....S;P....rs......~.0.....<.....\|...c..@J.......)x..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	downloaded
Size (bytes):	1406
Entropy (8bit):	0.26311615565583923
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l//555555555555555n:G70X555555555555555n
MD5:	199783F9459A960310D18EE4DD251027
SHA1:	67C08624719A35553C34083112804CAFD8CE6EE6
SHA-256:	29BD61683747E9288F62407525D5ED4DCCF3FEAAD2684BBB2C2DF41F6027E4DB
SHA-512:	2C673FBA041762E1894C2E8C1414D97448FB18ED550EA2BEC004E302887CC14CED7F4772D3DD184AABD08FDF14793D109E665B8AC149A8FE8DEAEEE4CD0E8DBD
Malicious:	false
Reputation:	low
URL:	https://cdn1.editmysite.com/developer/none.ico
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 45516, version 0.0
Category:	downloaded
Size (bytes):	45516
Entropy (8bit):	7.988068052263367
Encrypted:	false
SSDEEP:	768:lJ7LJDvQuQslnT3dv/fVA+J/8fIAhZtG1JvBqqKhlXheg7wvtrM19EmMhVyK7d:lTvQizdn6+JUxtGD4jfogwtrM8mMDd
MD5:	861DFBEE66A135B4421BA3F0F3BC297F
SHA1:	1B379173B64E92893538FF39DA0B16410DD5F653
SHA-256:	ABBC659E9C167B41E012D7B7D7F8CF22D4EDD74A7FFB85704E213B1418C8B177
SHA-512:	3397ABA8B2BE2B5269899ACCEA9106F6895CDA10A17D8E9D92F86F914386F1903087CF87878504DB9BC8BFE1FD461B165197966AA7186FD1BA5570FB2C31D84B
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff
Preview:	wOFF..............V........`...l............OS/2.......X...`.u..cmap................cvt .......(...(....fpgm...4........C>..gasp...............#glyf..,....\........head...d...6...6....hhea.......!...$....hmtx.......[...@I.Eloca..$H...W.......Bmaxp...D... ... ....name...........A .&2post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........A...._.<..................\|..<..................x.c`f.d..................D......X.A....S;P....rs......~.0....P.<.....\|...c..@J.......Lx..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
URL:	https://cdn1.editmysite.com/images/weebly-logo-blue.png
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	0.26311615565583923
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l//555555555555555n:G70X555555555555555n
MD5:	199783F9459A960310D18EE4DD251027
SHA1:	67C08624719A35553C34083112804CAFD8CE6EE6
SHA-256:	29BD61683747E9288F62407525D5ED4DCCF3FEAAD2684BBB2C2DF41F6027E4DB
SHA-512:	2C673FBA041762E1894C2E8C1414D97448FB18ED550EA2BEC004E302887CC14CED7F4772D3DD184AABD08FDF14793D109E665B8AC149A8FE8DEAEEE4CD0E8DBD
Malicious:	false
Reputation:	low
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 23, 2024 00:20:01.261022091 CEST	49674	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:01.261022091 CEST	49673	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:01.589158058 CEST	49672	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:07.923515081 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:07.923546076 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:07.923557043 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:07.923564911 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:07.923640013 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:07.923640013 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:07.923865080 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:07.923870087 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:07.923984051 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:07.923998117 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.397039890 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.397458076 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.397478104 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.398356915 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.398439884 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.399348021 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.399408102 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.399612904 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.399620056 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.449948072 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.467422962 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.467838049 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.467847109 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.470108032 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.470287085 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.470542908 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.470740080 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.511116028 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.511126995 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.558777094 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.680778027 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.681473970 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.681489944 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.681617975 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.681647062 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.681777000 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.682029009 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.682101011 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.682143927 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.688373089 CEST	49713	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.688388109 CEST	443	49713	74.115.51.9	192.168.2.6
May 23, 2024 00:20:08.716614008 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:08.734913111 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:08.734967947 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:08.735065937 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:08.735399961 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:08.735423088 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:08.758506060 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.005378008 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.008594036 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.008641958 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:09.008660078 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.008732080 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.008804083 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:09.008811951 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.008954048 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.009006023 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:09.043287992 CEST	49714	443	192.168.2.6	74.115.51.9
May 23, 2024 00:20:09.043309927 CEST	443	49714	74.115.51.9	192.168.2.6
May 23, 2024 00:20:09.143313885 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.143346071 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.143397093 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.143652916 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.143665075 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.143712997 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.144635916 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.144651890 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.145155907 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.145172119 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.346669912 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.357640982 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.357685089 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.358705044 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.358783007 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.360198975 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.360254049 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.362507105 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.362519026 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.416418076 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.498706102 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.499109030 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.499182940 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.499226093 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.501754999 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.501815081 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.511423111 CEST	49717	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.511445999 CEST	443	49717	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.533833027 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.533859968 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.533937931 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.534626961 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:09.534641981 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:09.613612890 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.614255905 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.614283085 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.618012905 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.618117094 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.622347116 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.622443914 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.622994900 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.623008966 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.629985094 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.630275011 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.630286932 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.633898973 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.633984089 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.634468079 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.634681940 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.634826899 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.634836912 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.666079044 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.681480885 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.742685080 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.746234894 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.746294975 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.746833086 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.746859074 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.746927023 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.749443054 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.751574039 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.754137039 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.754154921 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.755593061 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.755635977 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.755664110 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.755675077 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.756697893 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.758055925 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.760936022 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.763211012 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.763310909 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.763320923 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.765847921 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.765901089 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.765912056 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.768507957 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.768665075 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.768675089 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.770754099 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.770914078 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.770925045 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.773089886 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.773169041 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.773180008 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.775197983 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.775300026 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.775309086 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.775981903 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.776034117 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.776052952 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.827580929 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.827749968 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.829648972 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.831170082 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.831887960 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.831902027 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.833595991 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.833641052 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.833661079 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.835957050 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.835997105 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.836021900 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.836031914 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.838521004 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.838531017 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.840553045 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.840595007 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.840615034 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.842354059 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.842444897 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.842456102 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.844266891 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.844305992 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.846081972 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.846082926 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.846093893 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.846517086 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.847908020 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.847975016 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.847985983 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.849771976 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.850661993 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.850671053 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.851636887 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.851656914 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.851685047 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.851700068 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.854501963 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.854512930 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.855140924 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.855890989 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.855900049 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.856806993 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.856848001 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.856868982 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.858439922 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.860122919 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.860158920 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.861664057 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.861725092 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.861725092 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.861737967 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.861771107 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.862103939 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.862103939 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.863173008 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.863197088 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.863219023 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.863235950 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.863801956 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.864658117 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.866102934 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.866123915 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.866180897 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.866192102 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.866504908 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.868057013 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.873050928 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:09.873164892 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.873282909 CEST	49718	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:09.873300076 CEST	443	49718	151.101.193.46	192.168.2.6
May 23, 2024 00:20:10.051378965 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.051645994 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.051666975 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.052527905 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.052613974 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.053122997 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.053174019 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.053431988 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.053438902 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.095998049 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.167172909 CEST	49719	443	192.168.2.6	151.101.193.46
May 23, 2024 00:20:10.167196989 CEST	443	49719	151.101.193.46	192.168.2.6
May 23, 2024 00:20:10.167707920 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.168509007 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.172034979 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.172044039 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.175873041 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.180126905 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.246417046 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.246449947 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.246514082 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.247396946 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.247412920 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.248686075 CEST	49720	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.248696089 CEST	443	49720	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.403132915 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:10.403158903 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:10.403301954 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:10.404473066 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:10.404484034 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:10.733793974 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.762610912 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.762626886 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.763099909 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.763767004 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.763822079 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.764055014 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.810492039 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.862271070 CEST	49674	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:10.868227959 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.869451046 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.869499922 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.869512081 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.869591951 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.869635105 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.870316029 CEST	49673	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:10.871067047 CEST	49721	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.871083975 CEST	443	49721	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.955863953 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.955908060 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.955961943 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.956563950 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:10.956578016 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:10.966499090 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:10.966521978 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:10.966571093 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:11.018379927 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:11.018416882 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:11.141949892 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:11.176995993 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:11.177025080 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:11.180834055 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:11.180937052 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:11.183188915 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:11.183367968 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:11.195975065 CEST	49672	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:11.228324890 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:11.228358030 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:11.275104046 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:11.450048923 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.450376034 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.450393915 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.451545000 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.452028990 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.452193022 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.452408075 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.498497963 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.514815092 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:11.514863014 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:11.515022993 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:11.515563011 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:11.515583038 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:11.593724966 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.598210096 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.598263979 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.598277092 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.598366022 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.598417044 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.598565102 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.598577976 CEST	443	49723	151.101.1.46	192.168.2.6
May 23, 2024 00:20:11.598586082 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.598726034 CEST	49723	443	192.168.2.6	151.101.1.46
May 23, 2024 00:20:11.756537914 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:11.756714106 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:11.843696117 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:11.843724966 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:11.844197989 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:11.884463072 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:11.925645113 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:11.970503092 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.149172068 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.149235010 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.149296999 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.149449110 CEST	49724	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.149471045 CEST	443	49724	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.187694073 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.187737942 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.187844038 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.188282967 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.188301086 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.379765034 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.379909992 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.456053972 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.456084013 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.456918955 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.482737064 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.482800007 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.482810974 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.483026981 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.526498079 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.673300028 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.673995018 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.674046040 CEST	443	49725	40.113.110.67	192.168.2.6
May 23, 2024 00:20:12.674073935 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.674103022 CEST	49725	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:12.860059023 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.860152006 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.861746073 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.861754894 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.861962080 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:12.863296032 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:12.910491943 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:13.194072008 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:13.194148064 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:13.194235086 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:13.196402073 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:13.196432114 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:13.196444035 CEST	49726	443	192.168.2.6	184.28.90.27
May 23, 2024 00:20:13.196450949 CEST	443	49726	184.28.90.27	192.168.2.6
May 23, 2024 00:20:19.707308054 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:19.707349062 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:19.707421064 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:19.708849907 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:19.708858967 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.574347973 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.574446917 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:20.576297998 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:20.576308966 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.576548100 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.578546047 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:20.578653097 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:20.578656912 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.578907013 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:20.626496077 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.811889887 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.812799931 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:20.812818050 CEST	443	49727	40.113.110.67	192.168.2.6
May 23, 2024 00:20:20.812956095 CEST	49727	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:21.027853966 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:21.027918100 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:21.027981997 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:21.911319017 CEST	49703	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:22.000951052 CEST	443	49703	173.222.162.64	192.168.2.6
May 23, 2024 00:20:22.131143093 CEST	443	49703	173.222.162.64	192.168.2.6
May 23, 2024 00:20:22.131253958 CEST	49703	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:22.132307053 CEST	443	49703	173.222.162.64	192.168.2.6
May 23, 2024 00:20:22.132374048 CEST	49703	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:22.137568951 CEST	443	49703	173.222.162.64	192.168.2.6
May 23, 2024 00:20:22.137590885 CEST	443	49703	173.222.162.64	192.168.2.6
May 23, 2024 00:20:22.137664080 CEST	49703	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:22.535944939 CEST	49722	443	192.168.2.6	142.250.186.100
May 23, 2024 00:20:22.535973072 CEST	443	49722	142.250.186.100	192.168.2.6
May 23, 2024 00:20:27.244317055 CEST	443	49703	173.222.162.64	192.168.2.6
May 23, 2024 00:20:27.244429111 CEST	49703	443	192.168.2.6	173.222.162.64
May 23, 2024 00:20:32.457086086 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:32.457114935 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:32.457349062 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:32.457925081 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:32.457937956 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.319715977 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.319793940 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:33.327016115 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:33.327032089 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.327811956 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.329683065 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:33.329746962 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:33.329752922 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.329860926 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:33.374492884 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.569717884 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.570183992 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:33.570199966 CEST	443	49732	40.113.110.67	192.168.2.6
May 23, 2024 00:20:33.570305109 CEST	49732	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:52.598795891 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:52.598841906 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:52.598990917 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:52.599862099 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:52.599885941 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.600733042 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.600817919 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.604392052 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.604406118 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.604614973 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.606080055 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.606682062 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.606688976 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.607111931 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.650509119 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.799395084 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.800570011 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.800587893 CEST	443	49733	40.113.110.67	192.168.2.6
May 23, 2024 00:20:53.800657034 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:20:53.800657034 CEST	49733	443	192.168.2.6	40.113.110.67
May 23, 2024 00:21:10.550122976 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:10.550165892 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:10.550707102 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:10.552020073 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:10.552033901 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:11.215626001 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:11.216238976 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:11.216255903 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:11.217310905 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:11.217823982 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:11.217997074 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:11.260413885 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:20.486219883 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:20.486270905 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:20.486500025 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:20.490505934 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:20.490514994 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.107317924 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:21.107470036 CEST	443	49736	142.250.186.100	192.168.2.6
May 23, 2024 00:21:21.107649088 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:21.421787024 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.421984911 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.423681021 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.423690081 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.424029112 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.425980091 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.425980091 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.426000118 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.426238060 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.470498085 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.665307045 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.665416956 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:21.665488005 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.665656090 CEST	49737	443	192.168.2.6	40.115.3.253
May 23, 2024 00:21:21.665673971 CEST	443	49737	40.115.3.253	192.168.2.6
May 23, 2024 00:21:22.448928118 CEST	49736	443	192.168.2.6	142.250.186.100
May 23, 2024 00:21:22.448954105 CEST	443	49736	142.250.186.100	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 23, 2024 00:20:06.246572018 CEST	53	59027	1.1.1.1	192.168.2.6
May 23, 2024 00:20:06.273685932 CEST	53	60163	1.1.1.1	192.168.2.6
May 23, 2024 00:20:07.325305939 CEST	53	59394	1.1.1.1	192.168.2.6
May 23, 2024 00:20:07.873986006 CEST	49882	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:07.873986006 CEST	59611	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:07.892291069 CEST	53	49882	1.1.1.1	192.168.2.6
May 23, 2024 00:20:07.909699917 CEST	53	59611	1.1.1.1	192.168.2.6
May 23, 2024 00:20:08.716062069 CEST	54606	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:08.716475010 CEST	61416	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:08.726208925 CEST	53	54606	1.1.1.1	192.168.2.6
May 23, 2024 00:20:08.740590096 CEST	53	61416	1.1.1.1	192.168.2.6
May 23, 2024 00:20:09.126888990 CEST	60284	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:09.127171993 CEST	60374	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:09.133791924 CEST	53	60284	1.1.1.1	192.168.2.6
May 23, 2024 00:20:09.142400980 CEST	53	60374	1.1.1.1	192.168.2.6
May 23, 2024 00:20:09.520426989 CEST	54229	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:09.520714045 CEST	51300	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:09.533047915 CEST	53	51300	1.1.1.1	192.168.2.6
May 23, 2024 00:20:09.533063889 CEST	53	54229	1.1.1.1	192.168.2.6
May 23, 2024 00:20:10.384299040 CEST	51026	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:10.384520054 CEST	51305	53	192.168.2.6	1.1.1.1
May 23, 2024 00:20:10.399491072 CEST	53	51305	1.1.1.1	192.168.2.6
May 23, 2024 00:20:10.399502039 CEST	53	51026	1.1.1.1	192.168.2.6
May 23, 2024 00:20:24.472731113 CEST	53	61758	1.1.1.1	192.168.2.6
May 23, 2024 00:20:43.443296909 CEST	53	55404	1.1.1.1	192.168.2.6
May 23, 2024 00:21:05.884881973 CEST	53	57522	1.1.1.1	192.168.2.6
May 23, 2024 00:21:06.100873947 CEST	53	61319	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 23, 2024 00:20:06.280194998 CEST	192.168.2.6	1.1.1.1	c235	(Port unreachable)	Destination Unreachable
May 23, 2024 00:20:08.740657091 CEST	192.168.2.6	1.1.1.1	c248	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 23, 2024 00:20:07.873986006 CEST	192.168.2.6	1.1.1.1	0x6559	Standard query (0)	attsecure05.weebly.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:07.873986006 CEST	192.168.2.6	1.1.1.1	0xaef2	Standard query (0)	attsecure05.weebly.com	65	IN (0x0001)	false
May 23, 2024 00:20:08.716062069 CEST	192.168.2.6	1.1.1.1	0x2fc6	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:08.716475010 CEST	192.168.2.6	1.1.1.1	0xebfb	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
May 23, 2024 00:20:09.126888990 CEST	192.168.2.6	1.1.1.1	0x4915	Standard query (0)	cdn2.editmysite.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.127171993 CEST	192.168.2.6	1.1.1.1	0x4ad2	Standard query (0)	cdn2.editmysite.com	65	IN (0x0001)	false
May 23, 2024 00:20:09.520426989 CEST	192.168.2.6	1.1.1.1	0x57d3	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.520714045 CEST	192.168.2.6	1.1.1.1	0xf7f1	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
May 23, 2024 00:20:10.384299040 CEST	192.168.2.6	1.1.1.1	0xe794	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:10.384520054 CEST	192.168.2.6	1.1.1.1	0x3706	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 23, 2024 00:20:07.892291069 CEST	1.1.1.1	192.168.2.6	0x6559	No error (0)	attsecure05.weebly.com		74.115.51.9	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:07.892291069 CEST	1.1.1.1	192.168.2.6	0x6559	No error (0)	attsecure05.weebly.com		74.115.51.8	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:08.726208925 CEST	1.1.1.1	192.168.2.6	0x2fc6	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:08.726208925 CEST	1.1.1.1	192.168.2.6	0x2fc6	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:08.726208925 CEST	1.1.1.1	192.168.2.6	0x2fc6	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:08.726208925 CEST	1.1.1.1	192.168.2.6	0x2fc6	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:08.726208925 CEST	1.1.1.1	192.168.2.6	0x2fc6	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:08.740590096 CEST	1.1.1.1	192.168.2.6	0xebfb	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:09.133791924 CEST	1.1.1.1	192.168.2.6	0x4915	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:09.133791924 CEST	1.1.1.1	192.168.2.6	0x4915	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.133791924 CEST	1.1.1.1	192.168.2.6	0x4915	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.133791924 CEST	1.1.1.1	192.168.2.6	0x4915	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.133791924 CEST	1.1.1.1	192.168.2.6	0x4915	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.142400980 CEST	1.1.1.1	192.168.2.6	0x4ad2	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:09.533047915 CEST	1.1.1.1	192.168.2.6	0xf7f1	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:09.533063889 CEST	1.1.1.1	192.168.2.6	0x57d3	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:09.533063889 CEST	1.1.1.1	192.168.2.6	0x57d3	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.533063889 CEST	1.1.1.1	192.168.2.6	0x57d3	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.533063889 CEST	1.1.1.1	192.168.2.6	0x57d3	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:09.533063889 CEST	1.1.1.1	192.168.2.6	0x57d3	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:10.399491072 CEST	1.1.1.1	192.168.2.6	0x3706	No error (0)	www.google.com			65	IN (0x0001)	false
May 23, 2024 00:20:10.399502039 CEST	1.1.1.1	192.168.2.6	0xe794	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:22.200920105 CEST	1.1.1.1	192.168.2.6	0x1b5a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 23, 2024 00:20:22.200920105 CEST	1.1.1.1	192.168.2.6	0x1b5a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:23.835411072 CEST	1.1.1.1	192.168.2.6	0xe01f	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:23.835411072 CEST	1.1.1.1	192.168.2.6	0xe01f	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:39.599273920 CEST	1.1.1.1	192.168.2.6	0xe178	No error (0)	windowsupdatebg.s.llnwi.net		87.248.205.0	A (IP address)	IN (0x0001)	false
May 23, 2024 00:20:58.570245981 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	windowsupdatebg.s.llnwi.net		87.248.204.0	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

attsecure05.weebly.com

https:

cdn1.editmysite.com

cdn2.editmysite.com

fs.microsoft.com

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 23, 2024 00:20:22.137568951 CEST	173.222.162.64	443	192.168.2.6	49703	CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
May 23, 2024 00:20:22.137568951 CEST	173.222.162.64	443	192.168.2.6	49703	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		28a2c9bd18a11de089ef85a160da29e4

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49713	74.115.51.9	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:08 UTC	665	OUT	GET / HTTP/1.1 Host: attsecure05.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:08 UTC	1078	IN	HTTP/1.1 404 Not Found Date: Wed, 22 May 2024 22:20:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 888031190a7f423e-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Set-Cookie: is_mobile=0; path=/; domain=attsecure05.weebly.com Vary: X-W-SSL,User-Agent X-Host: blu73.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Set-Cookie: language=en; expires=Wed, 05-Jun-2024 22:20:08 GMT; Max-Age=1209600; path=/ Set-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Sat, 20-May-2034 22:20:08 GMT; Max-Age=315360000; path=/ Set-Cookie: __cf_bm=3dKCVH_Ge1DADtuT_P_j2KFFozABWdskNVln2iw740M-1716416408-1.0.1.1-hDW20w0mAXzAu3tbuHrgjFbZIK_5E46icBbhd26JQjz_sO1o8UX01Y8ZKETyseg5YZ.ULqktpgeixIUSbGmtjQ; path=/; expires=Wed, 22-May-24 22:50:08 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=None Server: cloudflare
2024-05-22 22:20:08 UTC	291	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 31 36 33 39 39 38 34 35 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1716399845"></script><title>404
2024-05-22 22:20:08 UTC	1369	IN	Data Raw: 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 63 64 6e 31 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 64 65 76 65 6c 6f 70 65 72 2f 6e 6f 6e 65 2e 69 63 6f 22 20 2f 3e 0a 0a 09 Data Ascii: p-equiv="content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noarchive" /><link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" />
2024-05-22 22:20:08 UTC	1369	IN	Data Raw: 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 73 65 6d 69 62 6f 6c 64 2f 33 31 41 43 39 36 5f 32 5f 30 2e 65 6f 74 22 29 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 73 65 6d 69 62 6f 6c 64 2f 33 31 41 43 39 36 5f 32 5f 30 2e 65 6f 74 3f 23 69 65 66 69 78 22 29 20 66 6f 72 6d 61 Data Ascii: oxima Nova';font-weight: 500;src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.eot");src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.eot?#iefix") forma
2024-05-22 22:20:08 UTC	887	IN	Data Raw: 09 2e 6f 74 68 65 72 77 69 73 65 20 7b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 6c 6f 67 6f 20 7b 0a 09 09 09 77 69 64 74 68 3a 20 38 32 70 78 3b 0a 09 09 7d 0a 0a 09 09 2e 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 20 7b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 0a 09 09 7d 0a 0a 09 09 2e 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 20 3e 20 73 70 61 6e 20 7b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a Data Ascii: .otherwise {margin-top: 0;}.logo {width: 82px;}.bottom-content {display: inline-block;height: 120px;line-height: 120px;}.bottom-content > span {display: inline-block;vertical-align: middle;line-height:
2024-05-22 22:20:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49714	74.115.51.9	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:08 UTC	990	OUT	GET /gdpr/gdprscript.js?buildTime=1716399845 HTTP/1.1 Host: attsecure05.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://attsecure05.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=3dKCVH_Ge1DADtuT_P_j2KFFozABWdskNVln2iw740M-1716416408-1.0.1.1-hDW20w0mAXzAu3tbuHrgjFbZIK_5E46icBbhd26JQjz_sO1o8UX01Y8ZKETyseg5YZ.ULqktpgeixIUSbGmtjQ
2024-05-22 22:20:08 UTC	438	IN	HTTP/1.1 404 Not Found Date: Wed, 22 May 2024 22:20:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 8880311acf02432c-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Set-Cookie: language=en; expires=Wed, 05-Jun-2024 22:20:08 GMT; Max-Age=1209600; path=/ Vary: X-W-SSL,User-Agent X-Host: grn28.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Server: cloudflare
2024-05-22 22:20:08 UTC	931	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 31 36 33 39 39 38 34 35 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1716399845"></script><title>404
2024-05-22 22:20:09 UTC	1369	IN	Data Raw: 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d Data Ascii: ts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';src: url("//cdn2.editmysite.com
2024-05-22 22:20:09 UTC	1369	IN	Data Raw: 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 77 61 72 6e 69 6e 67 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 32 39 70 78 20 34 30 70 78 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 34 44 34 44 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 Data Ascii: 0;}.warning-container {padding: 29px 40px;padding-bottom: 0;box-sizing: border-box;text-align: center;background-color: white;border: 1px solid #D4D4D4;height: 335px;width: 484px;margin: 0 auto;margin-top: 1
2024-05-22 22:20:09 UTC	247	IN	Data Raw: 3e 0a 09 09 3c 68 72 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 73 70 61 6e 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 63 68 65 63 6b 2d 75 72 6c 22 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 2e 3c 2f 70 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 6f 74 68 65 72 77 69 73 65 22 3e 4f 74 68 65 72 77 69 73 65 2c 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 20 74 6f 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 2e 3c 2f 70 3e 0a 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ><hr><div class="bottom-content"><span><p class="check-url">Please check the URL.</p><p class="otherwise">Otherwise, <a href="/">click here</a> to be redirected to the homepage.</p></span></div></div></body></html>
2024-05-22 22:20:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	151.101.1.46	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:09 UTC	612	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://attsecure05.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:09 UTC	622	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Fri, 10 May 2024 17:45:45 GMT ETag: "663e5d49-e9c" Expires: Mon, 13 May 2024 15:42:54 GMT Cache-Control: max-age=300 X-Host: grn106.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 22 May 2024 22:20:09 GMT Age: 801734 X-Served-By: cache-sjc10042-SJC, cache-nyc-kteb1890076-NYC X-Cache: HIT, HIT X-Cache-Hits: 968, 11 X-Timer: S1716416409.442960,VS0,VE0 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+*
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 6f 8a bb 55 71 87 ba bb 2b ee ee ee ee 33 e7 3d bb 67 64 97 cf e1 ff 29 3a bf 67 ce 39 ef 3b ef ce e5 03 48 0e 1c 74 09 c4 e0 21 dd 69 1b 7a 45 2b 88 ff 0f cb 27 99 5b 56 08 a5 fc ca e6 ed e9 18 3e 62 e4 28 f8 f5 1d 3d a6 28 46 d2 2a 1a 3b ae 6d ca b8 62 7c bb 09 51 00 13 fd 71 27 4d 9e 32 75 5a 01 92 3a 77 9b 5e 7f d2 e5 33 66 42 cc aa 49 2d 34 5b 7e 3f 99 5a ad 39 b0 45 5b 84 a8 fd 6b b0 9d 7d ee 40 ba 0c 3d 36 0a 97 79 75 2c 1a d9 83 e6 07 e3 1a 43 17 44 02 71 45 c5 02 88 73 17 52 14 5d 25 69 73 a8 e9 fe 57 18 62 52 e8 6a 00 d7 d0 a8 d3 aa 61 03 fa 8c b8 d6 3c bf ae a3 4f ec e2 f2 60 5c e3 fa 0b 02 87 41 3b 0e 8e 1b 6e 64 52 0b d8 6e a2 db b1 28 ce a4 4b e3 62 dc 4c b7 5b 18 64 dd 1a 85 d2 34 c4 a0 9c 05 c1 b8 c6 80 dc 34 71 79 1b 80 db 3d 6b 73 07 70 Data Ascii: oUq+3=gd):g9;Ht!izE+'[V>b(=(F*;mb\|Qq'M2uZ:w^3fBI-4[~?Z9E[k}@=6yu,CDqEsR]%isWbRja<O`\A;ndRn(KbL[d44qy=ksp
2024-05-22 22:20:09 UTC	984	IN	Data Raw: 51 95 b6 35 30 a6 d0 d6 1a 46 a1 ff 45 e1 7e 2a cf b9 af 2b b6 df 57 17 6f aa 2d 3e 31 aa 4f 43 11 93 8e b9 32 1e dd 98 29 71 c5 65 7a f1 87 9e 01 f1 49 30 ae 94 b7 56 d2 c3 75 d2 cc 73 bc 1d 8c 25 f2 59 c9 68 47 65 0a 44 74 4d 86 0e 5b 76 bb aa d0 cf 69 7b 1a a2 d7 50 8a 8a 77 0a f4 01 30 71 51 43 2d f7 98 2c 88 47 ac 14 71 7b c2 f8 9a 66 10 70 1d b7 1e 66 f3 a3 8b 68 9b 1c 85 66 a6 e5 79 d0 2e 6a 51 b3 4f 45 9d aa 55 20 5e a5 ad 1a b4 e8 ba a9 0b 2b 9e bc eb ac 38 c4 22 89 ab ed 7c 79 fd 6e b3 7c 8b 19 8c 2b c5 a6 7d 68 86 42 cf 8f ea 21 e1 1b 2a d7 22 a1 1e b5 d7 3b 22 a5 17 f5 5b 8a d4 ea 9b b8 7e df 66 fb e2 fa 8b ad 8a 45 72 78 18 6e df d1 36 0c 09 b7 9a 6a 16 c3 98 f0 36 52 89 d4 91 45 39 17 a9 74 66 da b8 f1 73 98 32 ae 29 b6 c3 64 e0 e9 bf b6 0d Data Ascii: Q50FE~+Wo->1OC2)qezI0Vus%YhGeDtM[vi{Pw0qQC-,Gq{fpfhfy.jQOEU ^+8"\|yn\|+}hB!";"[~fErxn6j6RE9tfs2)d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49719	151.101.193.46	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:09 UTC	627	OUT	GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://attsecure05.weebly.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://attsecure05.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:09 UTC	622	IN	HTTP/1.1 200 OK Connection: close Content-Length: 45516 Server: nginx Content-Type: font/woff Last-Modified: Fri, 10 May 2024 17:47:12 GMT ETag: "663e5da0-b1cc" Expires: Tue, 28 May 2024 15:55:49 GMT Cache-Control: max-age=1209600 X-Host: blu24.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 22 May 2024 22:20:09 GMT Age: 714261 X-Served-By: cache-sjc1000141-SJC, cache-ewr18161-EWR X-Cache: HIT, HIT X-Cache-Hits: 29, 650 X-Timer: S1716416410.693916,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b1 cc 00 0e 00 00 00 01 56 88 00 00 00 00 00 00 b0 60 00 00 01 6c 00 00 02 d8 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8e 75 b9 9a 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b c2 c8 63 76 74 20 00 00 af 0c 00 00 00 28 00 00 00 28 08 e6 08 b2 66 70 67 6d 00 00 af 34 00 00 00 b2 00 00 01 09 43 3e f0 88 67 61 73 70 00 00 ae fc 00 00 00 10 00 00 00 10 00 1a 00 23 67 6c 79 66 00 00 2c a0 00 00 82 5c 00 00 fa 88 8b a2 ff 97 68 65 61 64 00 00 01 64 00 00 00 36 00 00 00 36 08 9e a2 8d 68 68 65 61 00 00 08 94 00 00 00 21 00 00 00 24 07 7f 07 8b 68 6d 74 78 00 00 08 b8 00 00 06 5b 00 00 11 40 49 d4 97 45 6c 6f 63 61 00 00 24 48 00 00 08 57 00 00 08 a2 19 b2 db 42 6d 61 78 70 00 00 01 44 00 00 00 Data Ascii: wOFFV`lOS/2X`ucmapcvt ((fpgm4C>gasp#glyf,\headd66hhea!$hmtx[@IEloca$HWBmaxpD
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 0c c3 08 19 29 47 e5 0d 39 02 2d e3 24 5d d6 cb 26 73 8e f2 64 b4 9a 2b d9 72 c9 9c 2c b7 2c 92 3d 6a a1 5c 14 97 f8 34 d4 1c 95 2b 7f 97 15 6a a9 54 c8 2d 99 6d 4e 59 1b dd 4e 3e c0 54 7c 84 c9 98 8e 29 48 c2 02 a4 21 1d ab b0 06 6b b1 0f bb b0 07 d9 7c 10 27 70 06 a7 e0 42 31 4e cb 31 78 19 40 cd 9a ac c5 c6 8c e6 6e fe 86 31 fc 15 5b f0 d7 fc 1d 1f 61 2f 0e e4 2b ec cf 38 7e c4 7f f2 43 4e e4 75 a3 82 ab b8 8c 2b 98 ce 95 52 c8 b5 3c c4 83 cc 61 2e 3d bc c1 b3 98 c6 87 30 89 cd 91 c8 df 62 31 7b 62 09 7b 63 29 fb 60 19 fb 62 39 5f c2 0a be 8c 4f f9 2a 56 33 16 9f 70 00 d6 71 10 d6 73 30 b6 f0 5d 6c e5 7b f8 92 e3 90 c5 78 ec 30 3b 71 3b c7 e3 20 a7 60 3f 27 61 37 27 e0 00 27 63 2f 3f 40 2e 93 70 88 c9 38 cc 19 9c 89 23 4c 41 1e 53 71 94 b3 90 cf d9 28 Data Ascii: )G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@n1[a/+8~CNu+R<a.=0b1{b{c)`b9_O*V3pqs0]l{x0;q; `?'a7''c/?@.p8#LASq(
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: f7 f6 f9 89 e4 71 db 83 75 67 2d 7d cc 72 8c 74 56 52 4e f0 70 ea 6d 79 1e cb 8b 02 6c 0c f8 a4 20 d5 b4 35 7d 94 f5 53 16 f7 2b 72 9e 1c 25 ad a4 83 5c 22 c7 d9 3f d2 f3 67 a8 52 67 3c bf e6 fb 36 df bf 91 3a d5 48 1b 2c 25 77 21 55 fc 9d c1 6f 9b ea f9 37 52 6e 65 1f e2 0f 93 c6 fd 62 28 7a ce 4e cf d7 1a 3f bb 18 e5 71 7f 7b 1d f4 2a f6 89 1f a7 2f e6 9a 53 8d b4 5c b3 e6 ff 0a 7d 7b 10 f1 f1 03 21 be 7f 20 24 26 f8 c4 e3 89 c4 88 a4 e1 fd 1e a4 df 99 e9 ba 42 3c f6 24 22 b1 68 0d c2 7e 4c 4a 1e 77 57 b0 6e 62 da ef 8c 95 fb 6c 6c 0b b2 2e 81 16 9e 0b e3 9e 1f fb 70 c5 fd 9a ec 24 17 c9 71 b6 cd a0 fc 9e 74 93 1f 58 bf 59 da 18 8f fa c5 c9 38 bf 12 f1 43 1b 6c dc 0c 22 b1 33 69 dc 0b 43 d1 73 3e b4 f1 b9 b4 0f 13 a3 af 83 5e 46 db f4 7a f1 3b 11 13 cf Data Ascii: qug-}rtVRNpmyl 5}S+r%\"?gRg<6:H,%w!Uo7Rneb(zN?q{*/S\}{! $&B<$"h~LJwWnbll.p$qtXY8Cl"3iCs>^Fz;
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: af bb 67 b5 06 4e f2 e8 ae 49 ba 33 f9 00 19 e6 22 ea 05 dc d1 da 35 e6 2f 99 a9 6a 7d 74 a8 79 c3 4c 4c 77 1e 7d ec e3 00 11 4f 2d f4 69 08 1c 5b 0d fd 66 fd 1a 25 e3 57 bb d0 a7 0b ac 53 47 bf e7 2a b6 fe c3 fb 80 f3 9e ef cc 0f df bf bf a1 32 77 a1 29 66 4d c0 5a f9 e5 58 b0 aa 32 f4 a6 bd 21 7b 3a 13 e3 96 8a ba 5b 02 87 8c fc 90 7a fd 5d c4 ec c9 26 b2 8c 8e 89 61 dd eb f6 fb 6f ff d5 7f 73 dd da 2c 3b a5 d8 95 0e 3b a9 98 93 46 4d 62 c7 ac 43 6c f3 f6 73 fc 12 fc 4f 36 60 b6 28 00 00 00 78 da 6d 59 05 58 5c 57 16 3e 72 19 02 43 02 91 ba bb a7 a3 48 7d e4 41 48 08 a4 10 4a 92 4a 3a c0 00 93 0c 33 74 24 09 a9 bb bb 6c 7d eb ba 75 77 77 df ba bb eb ee b6 dd b6 bb 6d f7 bd 77 0f cc 65 b2 7c 1f fc f7 dc 77 ee f9 8f dc 77 de 7d 3c 20 70 7f fe 3c 12 66 c0 Data Ascii: gNI3"5/j}tyLLw}O-i[f%WSG*2w)fMZX2!{:[z]&aos,;;FMbClsO6`(xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<f
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: e1 03 f8 90 27 71 15 57 b3 97 6b 78 32 4f e1 5a ae e3 a9 3c 8d a7 f3 0c 5e 8d 57 e7 35 78 4d 5e 8b d7 e6 75 78 5d 5e 8f d7 e7 0d 78 43 de 88 37 e6 4d 78 53 de 8c 37 e7 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 8b 78 4f de 8b f7 e6 7d 78 31 ef cb 09 ee e5 3e ee e7 24 0f f0 20 0f 71 8a 97 f0 52 4e f3 30 67 38 cb 23 bc 1f e7 38 cf 05 2e f2 32 5e ce 2b 78 94 57 f2 fe 7c 00 1f c8 07 f1 c1 7c 08 1f ca 87 f1 e1 7c 04 1f c9 47 f1 d1 7c 0c 1f cb c7 f1 f1 7c 02 9f c8 27 f1 c9 7c 0a 9f ca a7 f1 e9 7c 06 9f c9 67 f1 5f f8 6c 3e 87 cf e5 f3 f8 7c be 80 2f e4 bf f2 45 Data Ascii: 'qWkx2OZ<^W5xM^ux]^xC7MxS7-xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 19 cc 25 96 25 bd 0b 4b 17 3d 0b dd 29 59 2e 19 6e 16 ba e6 46 cf 22 d7 5c f5 a2 d2 cd 94 d0 db 29 21 21 24 26 dc ea 7e c1 a0 60 58 30 2e d8 20 d8 24 d8 2c 18 95 9b 49 d6 47 65 7d 54 d6 47 1b 2a 13 49 1d 58 c2 05 77 cb 7b 13 a5 3b a6 2e 51 76 7f 4c 49 8c 45 2d ba 6e 9c ee b8 46 7c 17 41 07 e0 0a d5 09 a7 10 b2 c0 ad 86 d6 91 e0 4c 21 68 0a 61 53 88 9b 42 83 29 34 99 42 b3 29 44 0d 21 6a f2 44 4d 9e a8 c9 13 d5 a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc e2 94 fb 77 89 fb 37 5d ed fe 35 e2 f1 37 7b 07 8d 78 06 cb 5b 68 50 0d 39 3d 70 68 95 1e 18 f4 a4 f4 a6 Data Ascii: %%K=)Y.nF"\)!!$&~`X0. $,IGe}TG*IXw{;.QvLIE-nF\|AL!haSB)4B)D!jDMHRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=ph
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: c3 31 a5 e7 1d f5 b1 6d 51 2b 4a 63 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 b0 51 b0 49 30 22 18 15 8c 09 c6 05 2d 41 fd 1a 13 0a 88 1f 01 b1 1f 10 3f 02 e2 47 40 fc 08 88 1f 01 e1 0f 08 7f 40 f8 03 c2 1f 10 fe 80 f0 07 84 3f 20 fc 01 e1 0f 08 bf 4f f8 7c c2 e7 13 3e 9f d8 f3 89 3d 9f d8 f1 89 5d 9f d8 f1 89 9d 26 89 c3 27 fe f9 c4 3f 9f f8 e7 13 ff 9b 84 af 49 ec 46 45 d6 ff bb f2 f9 1b c5 5e d0 57 23 38 fe 8a 6f 0b 63 28 8b 82 e2 74 50 9c 0e 0a 49 78 4c 4f 9c 09 8a 33 41 71 26 28 c1 05 c5 89 a0 04 15 94 20 83 92 ac a0 04 19 14 a7 42 12 64 48 ec 87 c4 8f 90 f8 11 12 3f 42 e2 47 48 f8 43 c2 1f 12 fe Data Ascii: 1mQ+JcruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH?BGHC
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: a1 e6 6f e2 6e a2 37 07 6f 6e 55 f1 aa c2 55 5f 6f 89 6f e9 6f f5 de ca dc 1a bb 35 05 e0 80 52 00 00 b8 40 2d 80 02 66 c0 01 78 81 10 10 07 fa 80 21 60 1c d8 05 0e 81 33 a0 70 9b 78 5b 73 3b 72 7b 85 56 46 63 d2 20 9a 92 66 a2 35 d3 5a 69 1d b4 18 ad 97 96 a1 6d d2 76 69 87 b4 33 5a 81 4e a4 57 d0 99 74 88 ae a4 b7 d3 23 f4 24 7d 90 3e 4a 9f a4 cf d2 97 e9 eb f4 6d fa 0f 7a 81 41 64 54 30 98 0c 88 d1 ca e8 60 c4 18 bd 8c 0c 63 8c 31 c5 98 bf 53 74 c7 7b 27 74 27 7e a7 ef ce 16 13 60 26 98 c7 cc 3f d5 d6 6a 57 b5 bf 3a 5c 9d a8 1e a8 de ad 3e ac 3e ab 2e b0 88 ac 0a 16 93 05 b1 b2 ac 1c 6b 89 55 60 33 d9 10 5b c9 36 b1 9b d9 ad ec 0e 76 8c dd cb ce b0 c7 d8 53 ec 23 76 9e 7d 09 92 40 0b e8 04 7d 60 27 88 81 fd e0 30 38 01 ce 80 8b e0 67 70 13 dc 05 0f c1 Data Ascii: on7onUU_ooo5R@-fx!`3px[s;r{VFc f5Zimvi3ZNWt#$}>JmzAdT0`c1St{'t'~`&?jW:\>>.kU`3[6vS#v}@}`'08gp
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: fc 88 df e3 ef f5 6f bc a0 be 60 be 08 bd 58 7c 71 de 8e b4 eb db d3 ed 9f da 4f 5e 12 5e 9a 5f 0e bc cc bd dc 7a 99 0f 50 03 8e 40 2c 90 09 4c 07 e6 02 4b 81 2f 81 ef 81 fd c0 51 e0 3c 48 08 96 06 99 41 5e 50 1c 34 06 ad 41 7f 30 14 8c 06 07 83 c3 c1 b3 8e e6 8e d1 8e 89 8e a3 57 f6 57 8b af 4e 42 cc 10 16 da 0a 15 fe e1 fd 13 fe 67 b3 13 ea b4 74 ae bc 26 bf d6 be b6 be 76 bd 5e 7d 7d 1e 56 86 d3 e1 f9 70 fe df e6 7f 97 23 94 88 3e 32 1a d9 89 ec 77 41 5d 68 97 a5 cb db 15 e9 9a ea 5a e8 5a ef fa d9 95 8f 92 a3 fa a8 25 da 1a 8d 44 df 47 97 a2 fb d1 c2 1b e0 0d fc 66 f0 cd c2 9b ad 18 3f 16 88 0d c6 72 b1 8d d8 e5 5b c6 5b d7 db 89 b7 53 6f 77 e3 a5 71 7b 3c 1e 4f c7 b3 f1 d9 f8 61 37 a1 1b ed 36 76 7b bb b3 dd 1b dd df ba f7 bb 8f bb f3 dd 05 8c 80 95 Data Ascii: o`X\|qO^^_zP@,LK/Q<HA^P4A0WWNBgt&v^}}Vp#>2wA]hZZ%DGf?r[[Sowq{<Oa76v{
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 70 d2 dc 86 6e ba 8d 36 9b 3d 82 97 26 7a f6 dc 6a ef ac 86 b5 95 de b5 8d ad de ea b9 f5 43 f5 0d 43 f5 e4 86 46 4f 71 63 47 5e 5e 7b 98 a3 2a 2e be ca d1 56 56 d2 fe c1 82 98 e8 d6 f2 d2 36 9b ad ad b4 bc 35 3a 66 41 45 c9 9c e9 d9 73 4a 49 9f c3 91 95 95 1b 1c 9c 9b 25 fe 2b 37 4e a3 89 cb 4d cd 2e 2c cc 46 7e b2 4d 7c c1 e7 f3 47 60 dc b3 11 6b 0d 1b 79 bb 11 98 67 3c d5 18 a5 a1 23 cf 68 ec 96 30 2d f4 1b 79 4e 1a 1e 2c e3 d9 9a 58 95 5b da 66 8f ef f3 54 ac ac 60 f4 87 81 19 9a 49 56 cd 68 cc aa 48 69 2d 9d de 1a 77 6f 52 92 77 79 49 74 46 89 93 51 7f ff d2 be fd 0b 66 92 43 8b ac ee c4 d2 8a ec 74 20 e7 c4 04 67 07 7a 56 00 3d 79 4e 27 22 7d e5 ef ff 2d f9 15 ff 5f 92 5f 57 00 af ec 9e 2c bf 08 93 5f 24 c1 4f 80 51 de 6a 01 a2 27 d1 f9 1b cd 81 f0 Data Ascii: pn6=&zjCCFOqcG^^{*.VV65:fAEsJI%+7NM.,F~M\|G`kyg<#h0-yN,X[fT`IVhHi-woRwyItFQfCt gzV=yN'"}-__W,_$OQj'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49718	151.101.193.46	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:09 UTC	626	OUT	GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://attsecure05.weebly.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://attsecure05.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:09 UTC	621	IN	HTTP/1.1 200 OK Connection: close Content-Length: 46052 Server: nginx Content-Type: font/woff Last-Modified: Sat, 18 May 2024 12:28:07 GMT ETag: "66489ed7-b3e4" Expires: Tue, 04 Jun 2024 10:09:24 GMT Cache-Control: max-age=1209600 X-Host: grn57.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 22 May 2024 22:20:09 GMT Age: 130245 X-Served-By: cache-sjc1000121-SJC, cache-ewr18151-EWR X-Cache: HIT, HIT X-Cache-Hits: 37, 56 X-Timer: S1716416410.699765,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b3 e4 00 0e 00 00 00 01 57 a4 00 00 00 00 00 00 b2 78 00 00 01 6c 00 00 02 d7 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8d 3e b9 af 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b c2 c8 63 76 74 20 00 00 b1 24 00 00 00 28 00 00 00 28 08 b6 08 99 66 70 67 6d 00 00 b1 4c 00 00 00 b2 00 00 01 09 43 3e f0 88 67 61 73 70 00 00 b1 14 00 00 00 10 00 00 00 10 00 1a 00 23 67 6c 79 66 00 00 2c 94 00 00 84 7f 00 00 fb c8 be a3 8f 3c 68 65 61 64 00 00 01 64 00 00 00 36 00 00 00 36 08 84 a2 8a 68 68 65 61 00 00 08 94 00 00 00 21 00 00 00 24 07 64 07 72 68 6d 74 78 00 00 08 b8 00 00 06 5c 00 00 11 40 1b e8 b2 08 6c 6f 63 61 00 00 24 3c 00 00 08 57 00 00 08 a2 a3 9d 64 f8 6d 61 78 70 00 00 01 44 00 00 00 Data Ascii: wOFFWxlOS/2X`>cmapcvt $((fpgmLC>gasp#glyf,<headd66hhea!$drhmtx\@loca$<WdmaxpD
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 0c c3 08 19 29 47 e5 0d 39 02 2d e3 24 5d d6 cb 26 73 8e f2 64 b4 9a 2b d9 72 c9 9c 2c b7 2c 92 3d 6a a1 5c 14 97 f8 34 d4 1c 95 2b 7f 97 15 6a a9 54 c8 2d 99 6d 4e 59 1b dd 4e 3e c0 54 7c 84 c9 98 8e 29 48 c2 02 a4 21 1d ab b0 06 6b b1 0f bb b0 07 d9 7c 10 27 70 06 a7 e0 42 31 4e cb 31 78 19 40 cd 9a ac c5 c6 8c e6 6e fe 86 31 fc 15 5b f0 d7 fc 1d 1f 61 2f 0e e4 2b ec cf 38 7e c4 7f f2 43 4e e4 75 a3 82 ab b8 8c 2b 98 ce 95 52 c8 b5 3c c4 83 cc 61 2e 3d bc c1 b3 98 c6 87 30 89 cd 91 c8 df 62 31 7b 62 09 7b 63 29 fb 60 19 fb 62 39 5f c2 0a be 8c 4f f9 2a 56 33 16 9f 70 00 d6 71 10 d6 73 30 b6 f0 5d 6c e5 7b f8 92 e3 90 c5 78 ec 30 3b 71 3b c7 e3 20 a7 60 3f 27 61 37 27 e0 00 27 63 2f 3f 40 2e 93 70 88 c9 38 cc 19 9c 89 23 4c 41 1e 53 71 94 b3 90 cf d9 28 Data Ascii: )G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@n1[a/+8~CNu+R<a.=0b1{b{c)`b9_O*V3pqs0]l{x0;q; `?'a7''c/?@.p8#LASq(
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 26 fd 44 fa 38 9d c1 ba b9 9b 3e a6 0e 63 cc 7c fa 9b 3e 17 53 e4 4a fa 8a 31 66 7c 80 f9 01 9f 14 a4 82 7b 2f be c8 f5 53 1e ce e7 e4 77 12 27 3b c9 8f a4 97 1c a1 7d 94 eb cf d0 a0 f6 ba 7e cd f7 6d be 7f b3 b6 52 ee 41 0d 29 46 58 fc 9d e5 06 4f 37 cd f5 6f e4 66 4f 26 11 7f 98 36 ce f1 ab 69 67 f6 b8 be d6 fa d9 66 d4 93 46 eb 6f 07 40 df c5 36 e2 c7 e9 8b 55 3d 89 24 f9 c7 9c ff 2d f4 ed 41 c4 c7 0f 86 f8 fe c1 90 98 e0 93 88 27 e2 cb d3 c6 ee e3 a0 76 53 8b e1 42 22 f6 a4 b2 ce c6 a0 bc 44 4c 1a 98 c5 83 db 9c 83 fd ea 12 d3 be 61 ac fc c8 8b 6d 41 36 a5 f0 02 cf 85 71 cf 8f 7d e8 72 f6 92 f7 48 2f f9 89 ba 05 94 c7 c8 79 72 94 f5 4c d1 e9 cd fd e3 64 82 4e 72 8a 7d 6e f0 e2 66 10 89 9d e9 93 71 35 ed cc 27 5e 7c 9e 94 c4 c6 e8 01 90 3b 6a 7a dd f8 Data Ascii: &D8>c\|>SJ1f\|{/Sw';}~mRA)FXO7ofO&6igfFo@6U=$-A'vSB"DLamA6q}rH/yrLdNr}nfq5'^\|;jz
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 43 a2 a9 8a bb 28 31 16 92 cf e5 89 e4 ef e0 91 9d 65 ad 8d 09 19 bb cc 8b a8 cd a6 8a 33 9c 23 64 cf c6 12 83 85 ba 66 68 29 6d b2 a3 ec 64 61 9f 55 f2 4e 15 1c fd bf ce 15 95 0b 8d 25 5c 2f 55 ff 76 17 8b 11 39 73 89 22 e6 b8 9c b7 f8 56 6b 31 cb 5f fb a2 f6 9a 33 19 89 a8 c0 53 93 b2 70 41 ab ad c9 97 ef 1f 71 1e 87 28 d3 26 ca d6 4d 6e 3e eb bf ad 5a 7e b5 79 6e 99 93 0a 38 95 09 67 19 30 26 14 9b c0 89 f2 3d 1c f3 e5 ab fc 17 38 5f d7 76 ae 20 00 00 00 78 da 6d 59 05 58 5c 57 16 3e 72 19 02 43 02 91 ba bb a7 a3 48 7d e4 41 48 08 a4 10 4a 92 4a 3a c0 00 93 0c 33 74 24 09 a9 bb bb 6c 7d eb ba 75 77 77 df ba bb eb ee b6 dd b6 bb 6d f7 bd 77 0f cc 65 b2 7c 1f fc f7 dc 77 ee f9 8f dc 77 de 7d 3c 20 70 7f fe 3c 12 66 c0 ff f9 51 f3 00 90 80 80 91 51 c1 74 Data Ascii: C(1e3#dfh)mdaUN%\/Uv9s"Vk1_3SpAq(&Mn>Z~yn8g0&=8_v xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<fQQt
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 32 4f e1 5a ae e3 a9 3c 8d a7 f3 0c 5e 8d 57 e7 35 78 4d 5e 8b d7 e6 75 78 5d 5e 8f d7 e7 0d 78 43 de 88 37 e6 4d 78 53 de 8c 37 e7 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 8b 78 4f de 8b f7 e6 7d 78 31 ef cb 09 ee e5 3e ee e7 24 0f f0 20 0f 71 8a 97 f0 52 4e f3 30 67 38 cb 23 bc 1f e7 38 cf 05 2e f2 32 5e ce 2b 78 94 57 f2 fe 7c 00 1f c8 07 f1 c1 7c 08 1f ca 87 f1 e1 7c 04 1f c9 47 f1 d1 7c 0c 1f cb c7 f1 f1 7c 02 9f c8 27 f1 c9 7c 0a 9f ca a7 f1 e9 7c 06 9f c9 67 f1 5f f8 6c 3e 87 cf e5 f3 f8 7c be 80 2f e4 bf f2 45 7c 31 5f c2 97 f2 65 7c 39 5f c1 57 Data Ascii: 2OZ<^W5xM^ux]^xC7MxS7-xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E\|1_e\|9_W
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 29 59 2e 19 6e 16 ba e6 46 cf 22 d7 5c f5 a2 d2 cd 94 d0 db 29 21 21 24 26 dc ea 7e c1 a0 60 58 30 2e d8 20 d8 24 d8 2c 18 95 9b 49 d6 47 65 7d 54 d6 47 1b 2a 13 49 1d 58 c2 05 77 cb 7b 13 a5 3b a6 2e 51 76 7f 4c 49 8c 45 2d ba 6e 9c ee b8 46 7c 17 41 07 e0 0a d5 09 a7 10 b2 c0 ad 86 d6 91 e0 4c 21 68 0a 61 53 88 9b 42 83 29 34 99 42 b3 29 44 0d 21 6a f2 44 4d 9e a8 c9 13 d5 a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc e2 94 fb 77 89 fb 37 5d ed fe 35 e2 f1 37 7b 07 8d 78 06 cb 5b 68 50 0d 39 3d 70 68 95 1e 18 f4 a4 f4 a6 4d 49 58 29 09 2b 65 f6 40 09 2b 16 Data Ascii: )Y.nF"\)!!$&~`X0. $,IGe}TG*IXw{;.QvLIE-nF\|AL!haSB)4B)D!jDMHRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=phMIX)+e@+
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 b0 51 b0 49 30 22 18 15 8c 09 c6 05 2d 41 fd 1a 13 0a 88 1f 01 b1 1f 10 3f 02 e2 47 40 fc 08 88 1f 01 e1 0f 08 7f 40 f8 03 c2 1f 10 fe 80 f0 07 84 3f 20 fc 01 e1 0f 08 bf 4f f8 7c c2 e7 13 3e 9f d8 f3 89 3d 9f d8 f1 89 5d 9f d8 f1 89 9d 26 89 c3 27 fe f9 c4 3f 9f f8 e7 13 ff 9b 84 af 49 ec 46 45 d6 ff bb f2 f9 1b c5 5e d0 57 23 38 fe 8a 6f 0b 63 28 8b 82 e2 74 50 9c 0e 0a 49 78 4c 4f 9c 09 8a 33 41 71 26 28 c1 05 c5 89 a0 04 15 94 20 83 92 ac a0 04 19 14 a7 42 12 64 48 ec 87 c4 8f 90 f8 11 12 3f 42 e2 47 48 f8 43 c2 1f 12 fe 90 f0 87 84 3f 24 fc 21 e1 0f 09 7f Data Ascii: ruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH?BGHC?$!
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 04 29 69 2d 99 2d 59 2a 59 2b d9 02 a8 00 17 50 00 26 c0 0a 38 00 2f 10 04 e2 c0 28 30 0d 24 81 15 e0 2b 70 5d 8a 2e c5 97 92 4a 99 a5 ad a5 93 a5 07 a4 6a 92 81 84 90 1c 24 2f 29 48 8a 93 46 49 d3 a4 24 69 85 74 4e ba 21 63 c9 04 32 85 cc 22 4b c8 06 32 42 76 90 13 e4 29 f2 1c 79 99 bc 4e 4e 91 b7 c9 07 e4 0c f9 92 7c 47 a1 52 b8 14 05 c5 44 b1 52 86 28 e3 94 8f 94 05 ca 67 ca 26 e5 07 e5 77 19 ab 6c a4 6c b2 6c b6 6c a9 ec aa dc 50 9e ac c0 57 94 57 04 2b e2 15 a3 15 d3 15 c9 8a 95 8a 3b 6a 3e b5 98 0a 52 f9 54 15 b5 8e 6a a3 fe a4 ee 51 8f 69 4c 1a 4c 6b a1 79 68 9d b4 18 2d 41 9b a2 cd d1 96 69 eb b4 14 6d 1b 24 80 14 90 05 4a c0 10 f8 01 1c 03 67 c0 79 70 15 dc 00 d3 e0 2e 78 04 9e 81 d7 74 34 1d 4f 27 d1 99 74 11 5d 47 87 e9 2d 74 0f 7d 8e be 43 3f Data Ascii: )i--Y*Y+P&8/(0$+p].Jj$/)HFI$itN!c2"K2Bv)yNN\|GRDR(g&wllllPWW+;j>RTjQiLLkyh-Aim$Jgyp.xt4O't]G-t}C?
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: e5 e9 f0 2c 7b d6 3c 57 af 25 af 3d af 3f bc de 7c 7d eb 2d f7 1a bd 7e ef 98 37 ed 3d f5 a1 7c 24 1f e8 83 7c 2a 1f ec b3 f9 9c be 0e 5f cc 37 ec 9b f6 cd fa 16 7c eb be 6f be 3d df 91 2f e3 bb f5 63 fd 7e 7f fa 0d ee 0d f1 8d fb cd af 76 51 7b 7b fb 5c fb f5 5b e4 6d fc ed d2 db eb 0e 47 c7 66 c7 fe 3b cb bb e4 bb dd 77 47 ef ce 02 f6 c0 78 60 fb 7d f1 7b f3 fb b1 f7 a7 9d 96 ce a5 ce bd 2e a8 ab bd ab b7 2b d5 b5 d3 75 d4 75 15 cc 0e 6a 82 70 b0 35 18 0d 8e 05 17 82 fb c1 3f c1 ab ee dc 6e b0 db d2 1d ee 9e ee fe d2 9d 0e 51 43 70 c8 1f da ea c1 f6 30 7b cc 3d ed 3d 33 3d eb 3d 7f 7b 25 bd 9a de 50 ef 52 ef 69 1f be af b8 4f d6 67 ea 8b f7 25 fb 7e f7 1d f6 dd 84 15 61 6f b8 33 1c 0d 0f 87 c7 c3 33 e1 64 78 39 bc 16 fe 16 fe 11 de 0d 1f 86 33 e1 8b f0 Data Ascii: ,{<W%=?\|}-~7=\|$\|*_7\|o=/c~vQ{{\[mGf;wGx`}{.+uujp5?nQCp0{==3=={%PRiOg%~ao33dx93
2024-05-22 22:20:09 UTC	1378	IN	Data Raw: 4d fa f2 85 2d 0d 03 8d 6b ab aa d6 36 0d 34 b6 2c 6c d8 d0 d4 bc a1 9e 5c 12 ac ab ef 1f 72 bb 87 62 2a 3a 52 53 3b 2b 16 36 36 2c 7c 6f 51 82 d0 57 5b d9 6d b7 77 57 d6 f6 09 09 8b ea 7d fd 45 45 fd 3e b2 b5 a6 c6 e5 f1 44 47 7b 3c e2 3f 2b 32 34 9a 8c 8a bc f2 86 06 3a 06 65 93 5f f0 69 fc 9d f2 18 68 d8 c8 3b 84 38 18 83 2c 21 41 43 47 9e 11 b8 dc 21 a1 5a 2e 33 38 0a 0d 4e 1a 1a 2c e3 db 95 d6 ec 6c 98 e3 20 c9 6b aa 6b 57 00 f5 db ae d8 45 47 85 ac eb ef 71 b6 d9 60 1c 16 a6 5c 6e b5 05 2e 6c 16 18 f1 ab 56 d4 3c be 77 e8 d0 50 2f b9 6b 53 61 a3 b5 cd ef 2d 06 72 4e 4e 72 45 40 cf 02 a0 27 cf 69 bf 46 fa ca df ff b7 64 59 94 5a 96 c1 5f 35 53 65 59 41 a3 22 cb e6 3a 2f 6b 01 59 e6 2d 9a 2b 1e 9b 49 96 9d 0f 3f 76 4f 95 65 84 c9 32 52 74 b5 eb 14 0a Data Ascii: M-k64,l\rb*:RS;+66,\|oQW[mwW}EE>DG{<?+24:e_ih;8,!ACG!Z.38N,l kkWEGq`\n.lV<wP/kSa-rNNrE@'iFdYZ_5SeYA":/kY-+I?vOe2Rt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49720	151.101.1.46	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:10 UTC	370	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:10 UTC	621	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Fri, 10 May 2024 17:45:45 GMT ETag: "663e5d49-e9c" Expires: Mon, 13 May 2024 15:42:54 GMT Cache-Control: max-age=300 X-Host: grn106.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 801735 Date: Wed, 22 May 2024 22:20:10 GMT X-Served-By: cache-sjc10042-SJC, cache-nyc-kteb1890086-NYC X-Cache: HIT, HIT X-Cache-Hits: 968, 0 X-Timer: S1716416410.117588,VS0,VE1 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-22 22:20:10 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+*
2024-05-22 22:20:10 UTC	1378	IN	Data Raw: 6f 8a bb 55 71 87 ba bb 2b ee ee ee ee 33 e7 3d bb 67 64 97 cf e1 ff 29 3a bf 67 ce 39 ef 3b ef ce e5 03 48 0e 1c 74 09 c4 e0 21 dd 69 1b 7a 45 2b 88 ff 0f cb 27 99 5b 56 08 a5 fc ca e6 ed e9 18 3e 62 e4 28 f8 f5 1d 3d a6 28 46 d2 2a 1a 3b ae 6d ca b8 62 7c bb 09 51 00 13 fd 71 27 4d 9e 32 75 5a 01 92 3a 77 9b 5e 7f d2 e5 33 66 42 cc aa 49 2d 34 5b 7e 3f 99 5a ad 39 b0 45 5b 84 a8 fd 6b b0 9d 7d ee 40 ba 0c 3d 36 0a 97 79 75 2c 1a d9 83 e6 07 e3 1a 43 17 44 02 71 45 c5 02 88 73 17 52 14 5d 25 69 73 a8 e9 fe 57 18 62 52 e8 6a 00 d7 d0 a8 d3 aa 61 03 fa 8c b8 d6 3c bf ae a3 4f ec e2 f2 60 5c e3 fa 0b 02 87 41 3b 0e 8e 1b 6e 64 52 0b d8 6e a2 db b1 28 ce a4 4b e3 62 dc 4c b7 5b 18 64 dd 1a 85 d2 34 c4 a0 9c 05 c1 b8 c6 80 dc 34 71 79 1b 80 db 3d 6b 73 07 70 Data Ascii: oUq+3=gd):g9;Ht!izE+'[V>b(=(F*;mb\|Qq'M2uZ:w^3fBI-4[~?Z9E[k}@=6yu,CDqEsR]%isWbRja<O`\A;ndRn(KbL[d44qy=ksp
2024-05-22 22:20:10 UTC	984	IN	Data Raw: 51 95 b6 35 30 a6 d0 d6 1a 46 a1 ff 45 e1 7e 2a cf b9 af 2b b6 df 57 17 6f aa 2d 3e 31 aa 4f 43 11 93 8e b9 32 1e dd 98 29 71 c5 65 7a f1 87 9e 01 f1 49 30 ae 94 b7 56 d2 c3 75 d2 cc 73 bc 1d 8c 25 f2 59 c9 68 47 65 0a 44 74 4d 86 0e 5b 76 bb aa d0 cf 69 7b 1a a2 d7 50 8a 8a 77 0a f4 01 30 71 51 43 2d f7 98 2c 88 47 ac 14 71 7b c2 f8 9a 66 10 70 1d b7 1e 66 f3 a3 8b 68 9b 1c 85 66 a6 e5 79 d0 2e 6a 51 b3 4f 45 9d aa 55 20 5e a5 ad 1a b4 e8 ba a9 0b 2b 9e bc eb ac 38 c4 22 89 ab ed 7c 79 fd 6e b3 7c 8b 19 8c 2b c5 a6 7d 68 86 42 cf 8f ea 21 e1 1b 2a d7 22 a1 1e b5 d7 3b 22 a5 17 f5 5b 8a d4 ea 9b b8 7e df 66 fb e2 fa 8b ad 8a 45 72 78 18 6e df d1 36 0c 09 b7 9a 6a 16 c3 98 f0 36 52 89 d4 91 45 39 17 a9 74 66 da b8 f1 73 98 32 ae 29 b6 c3 64 e0 e9 bf b6 0d Data Ascii: Q50FE~+Wo->1OC2)qezI0Vus%YhGeDtM[vi{Pw0qQC-,Gq{fpfhfy.jQOEU ^+8"\|yn\|+}hB!";"[~fErxn6j6RE9tfs2)d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49721	151.101.1.46	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:10 UTC	603	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://attsecure05.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:10 UTC	645	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1406 Server: nginx Content-Type: image/x-icon Last-Modified: Tue, 21 May 2024 19:12:29 GMT ETag: "664cf21d-57e" Expires: Tue, 21 May 2024 20:03:33 GMT Cache-Control: max-age=300 X-Host: blu140.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 94897 Date: Wed, 22 May 2024 22:20:10 GMT X-Served-By: cache-sjc10061-SJC, cache-nyc-kteb1890020-NYC X-Cache: HIT, HIT X-Cache-Hits: 28, 0 X-Timer: S1716416411.814559,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-22 22:20:10 UTC	1378	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(
2024-05-22 22:20:10 UTC	28	IN	Data Raw: ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49723	151.101.1.46	443	4568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:11 UTC	361	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 22:20:11 UTC	645	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1406 Server: nginx Content-Type: image/x-icon Last-Modified: Tue, 21 May 2024 19:12:29 GMT ETag: "664cf21d-57e" Expires: Tue, 21 May 2024 20:03:33 GMT Cache-Control: max-age=300 X-Host: blu140.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 22 May 2024 22:20:11 GMT Age: 94897 X-Served-By: cache-sjc10061-SJC, cache-nyc-kteb1890027-NYC X-Cache: HIT, HIT X-Cache-Hits: 28, 1 X-Timer: S1716416412.541744,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-22 22:20:11 UTC	1378	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(
2024-05-22 22:20:11 UTC	28	IN	Data Raw: ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 22:20:12 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=64156 Date: Wed, 22 May 2024 22:20:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49725	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:12 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 6c 2b 62 34 69 4c 74 33 55 4b 77 70 64 36 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 63 33 64 39 34 66 35 63 32 36 33 33 37 35 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ql+b4iLt3UKwpd6T.1Context: bc3d94f5c2633754
2024-05-22 22:20:12 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-05-22 22:20:12 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 71 6c 2b 62 34 69 4c 74 33 55 4b 77 70 64 36 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 63 33 64 39 34 66 35 63 32 36 33 33 37 35 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 35 6e 6d 4b 70 74 79 41 33 4b 41 62 67 53 33 6d 36 64 2f 75 69 2f 4b 48 49 67 52 73 56 64 70 39 31 4e 49 67 6e 2b 6f 7a 32 44 39 32 56 62 6e 55 35 31 2f 2b 6f 41 4c 64 75 69 46 36 5a 44 43 74 39 36 4a 6a 61 6e 4b 4e 58 39 6f 54 79 48 57 4b 48 48 52 46 42 63 58 59 34 75 77 2f 64 33 4f 4f 49 44 47 32 66 33 45 53 4e 33 4c 4b Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: ql+b4iLt3UKwpd6T.2Context: bc3d94f5c2633754<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAS5nmKptyA3KAbgS3m6d/ui/KHIgRsVdp91NIgn+oz2D92VbnU51/+oALduiF6ZDCt96JjanKNX9oTyHWKHHRFBcXY4uw/d3OOIDG2f3ESN3LK
2024-05-22 22:20:12 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 6c 2b 62 34 69 4c 74 33 55 4b 77 70 64 36 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 63 33 64 39 34 66 35 63 32 36 33 33 37 35 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ql+b4iLt3UKwpd6T.3Context: bc3d94f5c2633754<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-05-22 22:20:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-05-22 22:20:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 34 50 75 69 4d 43 35 65 35 30 4b 72 76 48 75 35 50 52 63 6a 59 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 4PuiMC5e50KrvHu5PRcjYQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49726	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 22:20:13 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=64186 Date: Wed, 22 May 2024 22:20:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-22 22:20:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49727	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:20 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 70 6e 74 39 54 33 76 37 45 6d 2b 42 66 37 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 37 38 37 36 38 35 32 31 65 39 38 30 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 1pnt9T3v7Em+Bf7Y.1Context: 5c578768521e980c
2024-05-22 22:20:20 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-05-22 22:20:20 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 31 70 6e 74 39 54 33 76 37 45 6d 2b 42 66 37 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 37 38 37 36 38 35 32 31 65 39 38 30 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 35 6e 6d 4b 70 74 79 41 33 4b 41 62 67 53 33 6d 36 64 2f 75 69 2f 4b 48 49 67 52 73 56 64 70 39 31 4e 49 67 6e 2b 6f 7a 32 44 39 32 56 62 6e 55 35 31 2f 2b 6f 41 4c 64 75 69 46 36 5a 44 43 74 39 36 4a 6a 61 6e 4b 4e 58 39 6f 54 79 48 57 4b 48 48 52 46 42 63 58 59 34 75 77 2f 64 33 4f 4f 49 44 47 32 66 33 45 53 4e 33 4c 4b Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 1pnt9T3v7Em+Bf7Y.2Context: 5c578768521e980c<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAS5nmKptyA3KAbgS3m6d/ui/KHIgRsVdp91NIgn+oz2D92VbnU51/+oALduiF6ZDCt96JjanKNX9oTyHWKHHRFBcXY4uw/d3OOIDG2f3ESN3LK
2024-05-22 22:20:20 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 70 6e 74 39 54 33 76 37 45 6d 2b 42 66 37 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 37 38 37 36 38 35 32 31 65 39 38 30 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 1pnt9T3v7Em+Bf7Y.3Context: 5c578768521e980c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-05-22 22:20:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-05-22 22:20:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 53 41 75 6d 43 52 49 39 6b 71 6e 35 38 48 39 50 6b 52 43 59 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: lSAumCRI9kqn58H9PkRCYQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49732	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:33 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 31 31 78 6b 32 6f 2f 41 45 79 47 51 41 64 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 66 66 31 64 62 39 30 39 34 66 64 66 33 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: M11xk2o/AEyGQAd4.1Context: 59ff1db9094fdf3e
2024-05-22 22:20:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-05-22 22:20:33 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4d 31 31 78 6b 32 6f 2f 41 45 79 47 51 41 64 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 66 66 31 64 62 39 30 39 34 66 64 66 33 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 35 6e 6d 4b 70 74 79 41 33 4b 41 62 67 53 33 6d 36 64 2f 75 69 2f 4b 48 49 67 52 73 56 64 70 39 31 4e 49 67 6e 2b 6f 7a 32 44 39 32 56 62 6e 55 35 31 2f 2b 6f 41 4c 64 75 69 46 36 5a 44 43 74 39 36 4a 6a 61 6e 4b 4e 58 39 6f 54 79 48 57 4b 48 48 52 46 42 63 58 59 34 75 77 2f 64 33 4f 4f 49 44 47 32 66 33 45 53 4e 33 4c 4b Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: M11xk2o/AEyGQAd4.2Context: 59ff1db9094fdf3e<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAS5nmKptyA3KAbgS3m6d/ui/KHIgRsVdp91NIgn+oz2D92VbnU51/+oALduiF6ZDCt96JjanKNX9oTyHWKHHRFBcXY4uw/d3OOIDG2f3ESN3LK
2024-05-22 22:20:33 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 31 31 78 6b 32 6f 2f 41 45 79 47 51 41 64 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 66 66 31 64 62 39 30 39 34 66 64 66 33 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: M11xk2o/AEyGQAd4.3Context: 59ff1db9094fdf3e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-05-22 22:20:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-05-22 22:20:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 5a 51 61 35 34 77 51 49 45 6d 52 48 36 5a 7a 6c 67 72 42 34 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: TZQa54wQIEmRH6ZzlgrB4Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49733	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:20:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 34 67 46 4e 4d 62 67 34 6b 65 6b 73 54 79 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 65 34 34 65 34 31 62 36 30 34 37 66 39 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: L4gFNMbg4keksTya.1Context: d2e44e41b6047f9b
2024-05-22 22:20:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-05-22 22:20:53 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4c 34 67 46 4e 4d 62 67 34 6b 65 6b 73 54 79 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 65 34 34 65 34 31 62 36 30 34 37 66 39 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 35 6e 6d 4b 70 74 79 41 33 4b 41 62 67 53 33 6d 36 64 2f 75 69 2f 4b 48 49 67 52 73 56 64 70 39 31 4e 49 67 6e 2b 6f 7a 32 44 39 32 56 62 6e 55 35 31 2f 2b 6f 41 4c 64 75 69 46 36 5a 44 43 74 39 36 4a 6a 61 6e 4b 4e 58 39 6f 54 79 48 57 4b 48 48 52 46 42 63 58 59 34 75 77 2f 64 33 4f 4f 49 44 47 32 66 33 45 53 4e 33 4c 4b Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: L4gFNMbg4keksTya.2Context: d2e44e41b6047f9b<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAS5nmKptyA3KAbgS3m6d/ui/KHIgRsVdp91NIgn+oz2D92VbnU51/+oALduiF6ZDCt96JjanKNX9oTyHWKHHRFBcXY4uw/d3OOIDG2f3ESN3LK
2024-05-22 22:20:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4c 34 67 46 4e 4d 62 67 34 6b 65 6b 73 54 79 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 65 34 34 65 34 31 62 36 30 34 37 66 39 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: L4gFNMbg4keksTya.3Context: d2e44e41b6047f9b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-05-22 22:20:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-05-22 22:20:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 79 44 43 2f 4c 7a 6a 67 30 43 53 4c 6a 75 64 33 4e 5a 6e 70 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uyDC/Lzjg0CSLjud3NZnpA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49737	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:21:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 6f 70 35 74 6f 78 2f 51 30 36 76 30 6c 43 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 62 38 66 62 61 65 36 35 33 36 62 30 33 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Aop5tox/Q06v0lCc.1Context: c8b8fbae6536b037
2024-05-22 22:21:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-05-22 22:21:21 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 41 6f 70 35 74 6f 78 2f 51 30 36 76 30 6c 43 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 62 38 66 62 61 65 36 35 33 36 62 30 33 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 35 6e 6d 4b 70 74 79 41 33 4b 41 62 67 53 33 6d 36 64 2f 75 69 2f 4b 48 49 67 52 73 56 64 70 39 31 4e 49 67 6e 2b 6f 7a 32 44 39 32 56 62 6e 55 35 31 2f 2b 6f 41 4c 64 75 69 46 36 5a 44 43 74 39 36 4a 6a 61 6e 4b 4e 58 39 6f 54 79 48 57 4b 48 48 52 46 42 63 58 59 34 75 77 2f 64 33 4f 4f 49 44 47 32 66 33 45 53 4e 33 4c 4b Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Aop5tox/Q06v0lCc.2Context: c8b8fbae6536b037<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAS5nmKptyA3KAbgS3m6d/ui/KHIgRsVdp91NIgn+oz2D92VbnU51/+oALduiF6ZDCt96JjanKNX9oTyHWKHHRFBcXY4uw/d3OOIDG2f3ESN3LK
2024-05-22 22:21:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 6f 70 35 74 6f 78 2f 51 30 36 76 30 6c 43 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 62 38 66 62 61 65 36 35 33 36 62 30 33 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Aop5tox/Q06v0lCc.3Context: c8b8fbae6536b037<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-05-22 22:21:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-05-22 22:21:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 54 45 37 58 78 43 43 58 6b 43 66 32 2b 7a 44 7a 43 4f 79 53 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2TE7XxCCXkCf2+zDzCOySA.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1008, Parent PID: 6052

General

Target ID:	0
Start time:	18:20:01
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4568, Parent PID: 1008

General

Target ID:	2
Start time:	18:20:04
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2020,i,16353255322260272096,8846895740344259769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5016, Parent PID: 6052

General

Target ID:	3
Start time:	18:20:06
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://attsecure05.weebly.com/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://attsecure05.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1008, Parent PID: 6052

General

Chronological Activities

Analysis Process: chrome.exePID: 4568, Parent PID: 1008

General

Chronological Activities

Windows Analysis Report
https://attsecure05.weebly.com/