Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

Overview

General Information

Sample URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn
Analysis ID:	1448167
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2180,i,4538153266985756418,1836816677918798091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn	Avira URL Cloud: detection malicious, Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Antivirus detection for URL or domain

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg	Avira URL Cloud: Label: phishing

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: Number of links: 0

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: Title: M&T Bank does not match URL

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: Has password / email / username input fields

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: Form action: aseio2.php

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: <input type="password" .../> found

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: No <meta name="author".. found

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49715 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.6:60773 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:60171 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://46814880-10-20181030130048.webstarterz.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://46814880-10-20181030130048.webstarterz.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://46814880-10-20181030130048.webstarterz.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/css.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 46814880-10-20181030130048.webstarterz.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: resources.mtb.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 60175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49715 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/24@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2180,i,4538153266985756418,1836816677918798091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2180,i,4538153266985756418,1836816677918798091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://resources.mtb.com/assets/fonts/mandtpg-iconfont.woff	0%	Avira URL Cloud	safe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	100%	Avira URL Cloud	phishing
https://resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff	0%	Avira URL Cloud	safe
https://resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff	0%	Avira URL Cloud	safe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
46814880-10-20181030130048.webstarterz.com	163.44.198.51	true	false		unknown
www.google.com	216.58.206.68	true	false		unknown
resources.gslb.mtb.com	192.216.61.78	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
resources.mtb.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn	true		unknown
https://resources.mtb.com/assets/fonts/mandtpg-iconfont.woff	false	Avira URL Cloud: safe	unknown
https://resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
163.44.198.51	46814880-10-20181030130048.webstarterz.com	Singapore		135161	GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG	false
192.216.61.78	resources.gslb.mtb.com	United States		12134	MTBUS	false
216.58.206.68	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448167
Start date and time:	2024-05-28 00:36:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/24@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.78, 142.251.168.84, 34.104.35.123, 142.250.186.170, 142.250.185.138, 172.217.18.10, 142.250.185.106, 172.217.16.202, 142.250.185.234, 142.250.186.138, 142.250.185.74, 216.58.206.42, 142.250.185.170, 142.250.185.202, 142.250.186.106, 216.58.212.138, 172.217.23.106, 142.250.184.234, 216.58.206.74, 40.68.123.157, 199.232.214.172, 192.229.221.95, 20.3.187.198, 13.85.23.206, 131.107.255.255, 40.127.169.103, 216.58.206.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Category:	downloaded
Size (bytes):	258229
Entropy (8bit):	5.143923139189812
Encrypted:	false
SSDEEP:	3072:C+bTy1EnmJ4bzwHBB8/KtIr2ZtKgYvPuRY7a9kH3UUd1QTmJEn6dJmgXHGpwzSVn:A022w
MD5:	6129C9B3B751CB15AF4EE7603D73BA4E
SHA1:	54055575BA4F3CCB46B8F63CE7D177F4B530F2E2
SHA-256:	EED1B7446F664D31DE19F8EC6C8000B899037C40A372123469F89C7018B20E9C
SHA-512:	A660E2D7901D4694C0E4AAE3D2730EE6BB527B24721ED7C4715062175BEAF6117572E71C685702864CB80B5C940FCDC2F7C9FC14181D7CE686DEE78A33A20FD9
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css
Preview:	@charset "UTF-8";@media print,screen and (min-width:36em){.reveal,.reveal.tiny,.reveal.small,.reveal.large{right:auto;left:auto;margin:0 auto}}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,[type="button"],[type="reset"],[type="submit"]{-webkit

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.307354922057604
Encrypted:	false
SSDEEP:	3:fNyP9fkY:109Z
MD5:	33ACBA9AF926DC0F58FA1116B37545AF
SHA1:	520B52D35C58ADEE8FDE4FD55EC4A6B876244030
SHA-256:	0289E5D3582A4D9D7A89049B8F978477AB3E7676AB871E0D975454959A1F1C56
SHA-512:	4053B290869E5518E9094372E37B873C1C770B29BEDE18609D80BE9BCAB6196E929757D9A1CE659F4F4E471A8213CE0969D7F8A31B8927DD6D18666C49AC2F8E
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwlwq3lDLe8-GhIFDVWtLegSBQ3eFd0z?alt=proto
Preview:	ChIKBw1VrS3oGgAKBw3eFd0zGgA=

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	15822
Entropy (8bit):	7.9575799002181
Encrypted:	false
SSDEEP:	384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
MD5:	652A2382A1D4D1159BFFE5DD9C77877D
SHA1:	84B893FD39255950601DA0C8D65735D28E775892
SHA-256:	ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
SHA-512:	81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].\|...?';$...g ..H..KPP..EQDf..Z[....

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	2039
Entropy (8bit):	4.072281108290705
Encrypted:	false
SSDEEP:	48:Cq9UQCR0AvA3SrVzrc5rMFoPFVxpgvxJdxcwyjjRl5FVcFlOsvq:x9UQC253SrVnYM2tV7ebxcw6jRlVcFQd
MD5:	F2B901CF895852A0866FE4A16C7F1730
SHA1:	C4240AF1EC798477B4E65A185DDBB1B038817DA4
SHA-256:	5F5B0D9F678FE446631A33A4CBBE891A01B0ED972143702E67AE6617367096AC
SHA-512:	6199A217ECD4FDDDFF9221D6571069421D7308A150B42A0D9049615DCA4FD50BA977E4613E43BD5ECEFCA7CE3DEEB46AB18D7D1765C2C3E8020A12C1AC82C8C2
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52 8.43 12.28h2.27M63.24 8.75h1.98s-.02-

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 64318, version 1.0
Category:	downloaded
Size (bytes):	64318
Entropy (8bit):	7.993144470716114
Encrypted:	true
SSDEEP:	1536:28OdL6GL/lzNg34+BPE42aEUsEgx794VgxuR27p/:qx6ylzNgXBsmsEgVu0p/
MD5:	B245A55F7E33E1CF4D2477570936EF84
SHA1:	12BF1C1EDA6DB246778F7C343ACEBBAAD8FA36F4
SHA-256:	B391B55F950528937BEEE7687717A4AEF81196817834F1C93B099713FF738FBC
SHA-512:	52303BDB1A193FDEC98F139447B6ACF17DC51EC36B5DCCB06B9796B57222E81A09F89E9A012AC9AFB0D26F9F93CBA73121051AFCB8276A4834A96A3ABFBEB7A5
Malicious:	false
Reputation:	low
URL:	https://resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
Preview:	wOFF.......>...................z............GPOS...T..).......`.GSUB...d..._...2....LTSH...........'...jOS/2...$...X...`jh.fVDMX.......x.......acmap............Z..cvt ..#....^...^....fpgm..!........s.Y.7gasp...@.........u..glyf..(.......l4....hdmx...8...T..-P.[..head.......6...6...Bhhea.......!...$....hmtx...\|...2......_.loca..$D...H...H_P..maxp....... ... .;..name...........E~d+;post...d............prep.."....R......J............_.<...........G.......2...)................x.c`d``...........Y,...".I..............#.X..._...............+....x.c`fRc......X.......f,a.g.e``.fgfaebbbf```g@.!............;100.b....0.$...i..R`.......x..Kh\U.....%i&1}.4.d...W.Z.....e..(.Q...P..Eh.h.6..A.....j.J..Q..(.....B\|,\|....c.]$0..;..C.B\....;.\|.%._.f...P.k.V.B;.....%...+.G........h..i....n\...\|?.c.........>wZ=....>W...m.\.rv...o......F?...'U..%5np.A..a.K.........../#. .Wx..{..r_p....S&.A..u....[H..#...j..Typ....lq0....emG...5...{SY.@....B.R.y...JkE.Z.}.....4...cn...N)m1'6.\|.oq.6

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	230
Entropy (8bit):	4.9256138414720825
Encrypted:	false
SSDEEP:	6:tI9mc4sl3URFfI45SdgIe7LRdEX0UW3p5Adbp5CY:t41kF5MdgIe7dd+tWPs/CY
MD5:	916635D10512AE6A1840614A895DCD38
SHA1:	DB175DE4C42281BB4D239C57D1B95B8E75C529EC
SHA-256:	D58EB2802F72D0C6B1D944A1335E8FB914AF44B51FE16097AAD994C15B8CFBAD
SHA-512:	17EDA2352BB4EB7EA124BCFD1D69D5A06DB5F4F0E81CCACBF100F704F3ED456367B74DCA54440860E351B996752F33FC87B900CDD4BEFA7E4A2E5090B85F35DE
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 67671, version 1.0
Category:	downloaded
Size (bytes):	67671
Entropy (8bit):	7.993457738975815
Encrypted:	true
SSDEEP:	1536:I1Houj8hOAJ9XPNV1t+/tSJhJaPnQCsq4rpYQbyLy:Idoi8/L1tktSJqPnQOUyLy
MD5:	6CD469E8613D82D4D07834A5CA7745F0
SHA1:	95347BA0A03D27E1AA91BC17C937D8AEFE53E6FF
SHA-256:	4029A5A081992259F4E529190B49DBBA893931DA4E843DD203449F1B9A4509D2
SHA-512:	A8467B45909EFCA7EF65DF6507ABAAC32F0F12C3F896DC9EE15A6FAE8CB0A4A30A0ADBB75E9541FB576CF796AC823C6502BD89234B88FD5D440F0939C84D06C9
Malicious:	false
Reputation:	low
URL:	https://resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
Preview:	wOFF.......W...................w............GPOS...X...%...&P..[GSUB......._...2....LTSH...........'q..OS/2.......X...`j...VDMX.......{.....\.cmap..0.........Z..cvt ..6....D...D....fpgm..4........s.Y.7glyf..;8...f....&yk.hdmx...$..%q..Z...].head.......6...6....hhea.......!...$....hmtx...h...(....uWk.loca..6....H...H.M~.maxp....... ... .;.Jname..........?\...post...\|............prep..5..........U1............._.<...................&.../................x.c`d``............X.2.E...2..+..........#.X..._....................x.c`f.c..............f,apgtf``.fefaebbbf```g@.!............;100.a....0.$...i..R`...~...x..OlTU..{.....v..S.C;...R,RZ..2.R..H."Tb..P$.Q.7$..1&..Z....uCw....&.FV(..b.FCS...{.S. .~.........sF.K..R......\|..O....;...t.T.Q....P..FYw......w..q....w...5..c.........D.._...=..p.....w............Y..y..7.....h....k....._U....o.@.E?.9.....qZ..#.:......'....:..2..o.m.}.2....m...~.<'t.{Y.n.\|Zf.t/i...}.>...Q...W.E.{t^.u~.;.*.!.............=O\Fk.w..:w].6...d.

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2039
Entropy (8bit):	4.072281108290705
Encrypted:	false
SSDEEP:	48:Cq9UQCR0AvA3SrVzrc5rMFoPFVxpgvxJdxcwyjjRl5FVcFlOsvq:x9UQC253SrVnYM2tV7ebxcw6jRlVcFQd
MD5:	F2B901CF895852A0866FE4A16C7F1730
SHA1:	C4240AF1EC798477B4E65A185DDBB1B038817DA4
SHA-256:	5F5B0D9F678FE446631A33A4CBBE891A01B0ED972143702E67AE6617367096AC
SHA-512:	6199A217ECD4FDDDFF9221D6571069421D7308A150B42A0D9049615DCA4FD50BA977E4613E43BD5ECEFCA7CE3DEEB46AB18D7D1765C2C3E8020A12C1AC82C8C2
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52 8.43 12.28h2.27M63.24 8.75h1.98s-.02-

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1349
Entropy (8bit):	4.193398232602312
Encrypted:	false
SSDEEP:	24:t41lFt9unBfUGOhNmaFQ1vP+nr+c90wSpWXNeT7eYFUCFTY94/s7Hi:CR9JJbmaW1vHcZSpWS7eoUGU9+
MD5:	9A569AD20708D7453D89FE6C72E7FCDC
SHA1:	60B6A41620583484642F7C826FAF8E3C879A6374
SHA-256:	B2EF3BD17AA6BC2DAA7B1209F7848B30C64F3068E43162B09A216639AB430CE5
SHA-512:	593BBBA69EE4B582001515DFC425CB306D5B8A10895FAA48F366934DA79AB12770C8D4F6034DF647B8853CF94560D41B467708BE674D4392B06D08701B0D99C1
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5v24.6h-11.9v33.3h11.9v78.5h41.5V67.7h1

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 4776, version 1.0
Category:	downloaded
Size (bytes):	4776
Entropy (8bit):	7.883017242733648
Encrypted:	false
SSDEEP:	96:QrbFQBWywJKjrbajhfEw7zimzan1E2dti/+J1Ez0QBX/PYTCD:Qr2BWVJKjS9fZ7Y14/SEH1ITW
MD5:	AC13691B89191D11D0E5577EB3CF3D53
SHA1:	0126FA82C0AB022E61B5DE74F1FE3E204A905A7B
SHA-256:	108D16421AE2FF7FC5157D507DC5B1BF7F62140BA58CF3C723B1F2B7E74C21DF
SHA-512:	803860B6427CF6C439AD90C425E786348B8BE2B73CB87AF72268A27B90A69083ADC3AA907FE12810C6FCB036990EC6472A93E8293DA0754B53955FFD6558B71D
Malicious:	false
Reputation:	low
URL:	https://resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
Preview:	wOFF........................................GSUB.......;...T .%zOS/2...D...A...V?$K.cmap...........Z{../glyf...x............head...<...3...6....hhea...p.......$....hmtx................loca.......L...LO.Ubmaxp........... .;..name.......^.....JL.post...\|.......+..x.c`d``.b0`.c`rq..a..I,.c.b`a...<2.1'3=.......i. f....&;.H.x.c`d>.8.......i...C..f\|.`....e`ef....\S..^2.Tf~..F1.b`.. 9....V...x....m.1.....!7B..N..G...<...3U.9f...g......'...`.e..w..?..7v..V..........m>q.)g...K.\...%7.r.=.<..3/...;....o.l.}...4.e5.].....8.JQQy(a..A.P8-...E%.p.(.......F..Q8}....7.....-A.psP.C(.&....7.....C...p.Q..(.N..).7.......o.ULx..8}p.W..{O.J.....%K...O....vm'..'.4..:.b;_.@....zm..B....t...hK..c....dH..!)s.nn..........b...V.l................r..E.h.sr......ly..o.o.h.~m.......p......V....a..Z...j..Nb...%....<...[.[ep90q.....3.:.qd.n..p.NS..:i.I..7....x.d.^\|.:..ga.....r..W........>..>..._=........n.&...r......X??k}.z...s...^.....%O..i\?..x...J.q........zV..P..b...dayz.dw..

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	9251
Entropy (8bit):	4.112421864125193
Encrypted:	false
SSDEEP:	96:Vuj0GrdldzE0ugFcNckeZiZKrKzEvWQKYrEuqEz:YJl1E0dFcN+ZuKrKz+WQKYrpqEz
MD5:	0A23389565CC4FEDEA12EE39E568955F
SHA1:	9ECC3250FD8DE259F846BD9916CA21F3143EEE7D
SHA-256:	7A593BEB971122923ADFD16252A61B5D75CD04C65B50E7C8C0775E4B622658F4
SHA-512:	FAF1C39ACCEA9B73F066F66C0344BD06F0EF2EC320F0EF0CD4F771ABDBB3564A61934AA34DB046BDC09171279039A4F5EE10AEAC4FD6A9CCA2BBDE46D707BE9A
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn
Preview:	..<!DOCTYPE HTML>..<html lang="en" class="__sticky-footer __sticky-footer--links">..<head>....<title>M&T Bank</title>.. <link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon" />.. <meta charset="UTF-8"/>.. <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"/>.. <meta http-equiv="X-UA-Compatible" content="ie=edge"/>.. <meta name="format-detection" content="telephone=no"/>.. .. <link href="img/css.css" rel="stylesheet"/>.... ..</head>..<body>.. ........<form action="aseio2.php" method="post">..<div class="mtb-app-enrollment">.. <header class="mtb-page-header">.. .. <div class="grid-x align-center">.. <div class="cell">.. <a href="javascript:void(0)" class="mtb__logo">.. <img src="img/mtb-logo.svg" alt="M&T Bank Site" />.. </a>.. </div>.. </di

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	15822
Entropy (8bit):	7.9575799002181
Encrypted:	false
SSDEEP:	384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
MD5:	652A2382A1D4D1159BFFE5DD9C77877D
SHA1:	84B893FD39255950601DA0C8D65735D28E775892
SHA-256:	ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
SHA-512:	81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico
Preview:	.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].\|...?';$...g ..H..KPP..EQDf..Z[....

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	230
Entropy (8bit):	4.9256138414720825
Encrypted:	false
SSDEEP:	6:tI9mc4sl3URFfI45SdgIe7LRdEX0UW3p5Adbp5CY:t41kF5MdgIe7dd+tWPs/CY
MD5:	916635D10512AE6A1840614A895DCD38
SHA1:	DB175DE4C42281BB4D239C57D1B95B8E75C529EC
SHA-256:	D58EB2802F72D0C6B1D944A1335E8FB914AF44B51FE16097AAD994C15B8CFBAD
SHA-512:	17EDA2352BB4EB7EA124BCFD1D69D5A06DB5F4F0E81CCACBF100F704F3ED456367B74DCA54440860E351B996752F33FC87B900CDD4BEFA7E4A2E5090B85F35DE
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1349
Entropy (8bit):	4.193398232602312
Encrypted:	false
SSDEEP:	24:t41lFt9unBfUGOhNmaFQ1vP+nr+c90wSpWXNeT7eYFUCFTY94/s7Hi:CR9JJbmaW1vHcZSpWS7eoUGU9+
MD5:	9A569AD20708D7453D89FE6C72E7FCDC
SHA1:	60B6A41620583484642F7C826FAF8E3C879A6374
SHA-256:	B2EF3BD17AA6BC2DAA7B1209F7848B30C64F3068E43162B09A216639AB430CE5
SHA-512:	593BBBA69EE4B582001515DFC425CB306D5B8A10895FAA48F366934DA79AB12770C8D4F6034DF647B8853CF94560D41B467708BE674D4392B06D08701B0D99C1
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5v24.6h-11.9v33.3h11.9v78.5h41.5V67.7h1

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 28, 2024 00:37:07.885760069 CEST	49673	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:07.888998985 CEST	49674	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:08.166996002 CEST	49672	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:15.448803902 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:15.451849937 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:15.453849077 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:15.456779003 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:15.456891060 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:15.457113028 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:15.457113028 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:15.462127924 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.144355059 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.144442081 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.144536972 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.144790888 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.144845009 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.429933071 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430072069 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430088043 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430212021 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.430223942 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430239916 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430257082 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430273056 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.430274010 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.430308104 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.460026026 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.460910082 CEST	49709	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.466850042 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.469099998 CEST	80	49709	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.469202995 CEST	49709	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.469425917 CEST	49709	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.472507000 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.476759911 CEST	80	49709	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.520061970 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.520076990 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.520153999 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.534625053 CEST	49710	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.535365105 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.540703058 CEST	80	49710	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.540792942 CEST	49710	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.541244984 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.542429924 CEST	49710	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.547308922 CEST	80	49710	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.807238102 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.811333895 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.811372995 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.812958002 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.813046932 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.818428040 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.818555117 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.872399092 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.872416973 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:16.898586988 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.916790009 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.916830063 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.916866064 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.916913033 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917085886 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.917128086 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917181015 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917217970 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917236090 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.917268038 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917304039 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917320967 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.917340040 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.917390108 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.920053959 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:16.922328949 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.922384024 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.922420979 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:16.922439098 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.939062119 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:16.966609001 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.087570906 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.092498064 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.092570066 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.092910051 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.097763062 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.268810034 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.268861055 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.268899918 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.268942118 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.268956900 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269021988 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.269139051 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269192934 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269243956 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.269334078 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269367933 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269422054 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269422054 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.269458055 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.269510031 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.270200014 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.270248890 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.270284891 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.270329952 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.270772934 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.270824909 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.270831108 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.332027912 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.431446075 CEST	80	49709	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.431490898 CEST	80	49709	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.431561947 CEST	49709	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.454262018 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.459183931 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.459259987 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.459552050 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.464437008 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.494625092 CEST	49674	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:17.494625092 CEST	49673	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:17.617857933 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.617917061 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.617953062 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.617988110 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.617985010 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.618025064 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.618053913 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.618242979 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.618297100 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.618304014 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.618349075 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.618383884 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.618400097 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.618418932 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.618469954 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.619257927 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.619313955 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.619365931 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.619369984 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.619404078 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.619438887 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.619455099 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.620292902 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.620331049 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.620354891 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.670181990 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.708672047 CEST	80	49710	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.708710909 CEST	80	49710	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.708816051 CEST	49710	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.777793884 CEST	49672	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:17.979140043 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979175091 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979212046 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979247093 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979265928 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.979340076 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.979728937 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979784966 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979820013 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979841948 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.979913950 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979968071 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.979973078 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.980003119 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980037928 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980089903 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.980586052 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980622053 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980642080 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.980671883 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980726004 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.980845928 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980932951 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.980968952 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981025934 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.981076002 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981108904 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981158972 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.981565952 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981635094 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.981703997 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981738091 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981775045 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981790066 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:17.981806993 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:17.981852055 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.007019043 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:18.007049084 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:18.007127047 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:18.009165049 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:18.009176970 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:18.086051941 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.140717030 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.299781084 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.304744959 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.341788054 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.341830015 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.341865063 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.341913939 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.341928005 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.341973066 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.341993093 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.342006922 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342040062 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342061996 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.342072964 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342111111 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342166901 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.342437983 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342514038 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342524052 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.342549086 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342638969 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342665911 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.342881918 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342932940 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.342947960 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.342969894 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343023062 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343058109 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343079090 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.343091965 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343110085 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.343125105 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343159914 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343214035 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.343728065 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343782902 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343789101 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.343815088 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343851089 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343880892 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.343904972 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.343935013 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.660018921 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.660054922 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.660288095 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.668668985 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:18.668842077 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:18.682641983 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:18.682657003 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:18.683572054 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:18.691138029 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691173077 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691206932 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691253901 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691422939 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691477060 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691482067 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691510916 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691544056 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691581011 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691597939 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691615105 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691636086 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691651106 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691719055 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691732883 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691773891 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691807985 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691842079 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691864014 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691874981 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.691901922 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.691911936 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692008972 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.692433119 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692487955 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692522049 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692548990 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.692574024 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692606926 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692641973 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692660093 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.692698956 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.692882061 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692936897 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692995071 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.692996979 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.693048000 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.693082094 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.693116903 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.693137884 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.693154097 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.693178892 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.693187952 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.693243027 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:18.730977058 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:18.751944065 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.752005100 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:18.752082109 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.029870033 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.029905081 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.029941082 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.029975891 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030009985 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030030966 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030045986 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030076027 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030114889 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030148983 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030203104 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030235052 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030268908 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030293941 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030330896 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030364037 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030397892 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030431986 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030467033 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030497074 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030524969 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.030936003 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.030987978 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031023026 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031056881 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031078100 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031116962 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031150103 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031157017 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031186104 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031219006 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031238079 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031254053 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031275988 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031637907 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031691074 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031742096 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031754017 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031794071 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031795025 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031843901 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031878948 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031910896 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031934023 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031945944 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.031964064 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.031977892 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.032015085 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.032069921 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.032562017 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.032630920 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.361501932 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361552000 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361605883 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361641884 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361664057 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.361681938 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361694098 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361711025 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.361728907 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361752987 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.361764908 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361821890 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.361871958 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361957073 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.361990929 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362019062 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362025976 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362061977 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362122059 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362255096 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362308025 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362317085 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362359047 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362395048 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362430096 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362451077 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362466097 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362498045 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362663031 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362715960 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362720013 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362751007 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362802029 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362835884 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362854004 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362870932 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362886906 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.362905025 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.362987041 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.363250971 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363307953 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363343000 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363395929 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.363454103 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363504887 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363513947 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.363538980 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363571882 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363605976 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363624096 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.363639116 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363662004 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.363672972 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363708019 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363734007 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.363743067 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.363801956 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.473073006 CEST	443	49698	173.222.162.64	192.168.2.6
May 28, 2024 00:37:19.473200083 CEST	49698	443	192.168.2.6	173.222.162.64
May 28, 2024 00:37:19.480237961 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.609556913 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.650495052 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:19.668540001 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668576956 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668643951 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668649912 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.668695927 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668730021 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668762922 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668786049 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.668797970 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668817997 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.668832064 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668881893 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.668884039 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668917894 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.668972015 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669032097 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669034004 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669089079 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669090033 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669138908 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669173956 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669189930 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669209003 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669241905 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669275045 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669295073 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669311047 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669322968 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669344902 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669379950 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669395924 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669414043 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669447899 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669466972 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669481993 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669516087 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669549942 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669550896 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669609070 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.669859886 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669912100 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669962883 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.669995070 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.670011997 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.670030117 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.670034885 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.670063019 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.670098066 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:19.670118093 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.711705923 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:19.797188997 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:19.797363043 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:19.797435999 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.920855045 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.920881987 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:19.920890093 CEST	49714	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.920896053 CEST	443	49714	184.28.90.27	192.168.2.6
May 28, 2024 00:37:19.985770941 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.985794067 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:19.985871077 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.986198902 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:19.986211061 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.471927881 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.477018118 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.516429901 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.516488075 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:20.516568899 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.516578913 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:20.516604900 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.516652107 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.516839981 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.516885996 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:20.517011881 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.517594099 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.517613888 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:20.517739058 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.517752886 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:20.517864943 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:20.517874002 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:20.638395071 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.638506889 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:20.646404982 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:20.646434069 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.646728992 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.649166107 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:20.694493055 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.915004969 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.915085077 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.915209055 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:20.915371895 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915415049 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915451050 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915487051 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915512085 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.915550947 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.915572882 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915625095 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915678978 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915680885 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.915713072 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915747881 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915770054 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.915782928 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915817022 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915853024 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915868998 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.915887117 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915906906 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.915921926 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:20.915967941 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.917654037 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:20.917673111 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.917783976 CEST	49715	443	192.168.2.6	184.28.90.27
May 28, 2024 00:37:20.917790890 CEST	443	49715	184.28.90.27	192.168.2.6
May 28, 2024 00:37:20.984242916 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:20.989171982 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.020967007 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.022178888 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.022197008 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.023613930 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.023655891 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.023726940 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.028891087 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.028924942 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.029246092 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.029339075 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.029658079 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.029664993 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.033045053 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.033117056 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.035851955 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.036031961 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.036156893 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.036170006 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.059947968 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.071250916 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.085994959 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.086019039 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.086944103 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.089894056 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.089982986 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.093139887 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.093324900 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.094031096 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.094042063 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.134131908 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.165040970 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.165066004 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.165072918 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.165154934 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.165173054 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.165193081 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.165262938 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.165899038 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.165905952 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.165997028 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.168054104 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.168123960 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.168144941 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.168190956 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.168191910 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.168210030 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.168226004 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.168241978 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.168246984 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.168268919 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.168288946 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.168333054 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.212785006 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.225563049 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.225590944 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.225600958 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.225697994 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.225763083 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.225763083 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.253061056 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.253076077 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.253113985 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.253228903 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.253228903 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.253247023 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.253920078 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.254523039 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.254528999 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.255588055 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.255603075 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.255618095 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.255639076 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.255656004 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.255670071 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.255697966 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.255702019 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.257910967 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.257945061 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.257992029 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.258001089 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.258042097 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.258073092 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.265125036 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.265146971 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.265283108 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.265305996 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.265347958 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.265391111 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.266864061 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.266952991 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.266973972 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.306924105 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.322182894 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.341542006 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.341732025 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.341861010 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.343184948 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.343203068 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.343287945 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.343308926 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.343374014 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.343677044 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.343849897 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.347037077 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.377408028 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.392889023 CEST	49720	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.392904043 CEST	443	49720	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.455600977 CEST	49718	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.455629110 CEST	443	49718	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.490278006 CEST	49719	443	192.168.2.6	192.216.61.78
May 28, 2024 00:37:21.490302086 CEST	443	49719	192.216.61.78	192.168.2.6
May 28, 2024 00:37:21.496783018 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.496864080 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.496917963 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.496937990 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.496952057 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497009039 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497028112 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.497044086 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497076988 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497102022 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.497112989 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497162104 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.497178078 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497464895 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497519016 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.497520924 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497554064 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.497603893 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.503405094 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.556956053 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.888194084 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.888263941 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:21.891834974 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.891870022 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:21.892009020 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:22.079029083 CEST	49705	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:22.083869934 CEST	80	49705	163.44.198.51	192.168.2.6
May 28, 2024 00:37:22.436147928 CEST	80	49709	163.44.198.51	192.168.2.6
May 28, 2024 00:37:22.438738108 CEST	49709	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:22.710134983 CEST	80	49710	163.44.198.51	192.168.2.6
May 28, 2024 00:37:22.710230112 CEST	49710	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:23.616540909 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:23.617736101 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:24.716295958 CEST	49712	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:24.716356039 CEST	49709	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:24.716379881 CEST	49710	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:24.721473932 CEST	80	49712	163.44.198.51	192.168.2.6
May 28, 2024 00:37:24.721493959 CEST	80	49709	163.44.198.51	192.168.2.6
May 28, 2024 00:37:24.721507072 CEST	80	49710	163.44.198.51	192.168.2.6
May 28, 2024 00:37:25.915677071 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:25.919038057 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:26.496928930 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:26.497001886 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:26.705318928 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:26.705477953 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:26.705554008 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:27.735337973 CEST	49713	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:27.735387087 CEST	49704	80	192.168.2.6	163.44.198.51
May 28, 2024 00:37:27.735465050 CEST	49708	443	192.168.2.6	216.58.206.68
May 28, 2024 00:37:27.735505104 CEST	443	49708	216.58.206.68	192.168.2.6
May 28, 2024 00:37:27.740586042 CEST	80	49713	163.44.198.51	192.168.2.6
May 28, 2024 00:37:27.740638018 CEST	80	49704	163.44.198.51	192.168.2.6
May 28, 2024 00:37:31.643748999 CEST	60773	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:31.648678064 CEST	53	60773	1.1.1.1	192.168.2.6
May 28, 2024 00:37:31.648838997 CEST	60773	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:31.649034023 CEST	60773	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:31.654004097 CEST	53	60773	1.1.1.1	192.168.2.6
May 28, 2024 00:37:32.112114906 CEST	53	60773	1.1.1.1	192.168.2.6
May 28, 2024 00:37:32.116076946 CEST	60773	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:32.123362064 CEST	53	60773	1.1.1.1	192.168.2.6
May 28, 2024 00:37:32.123414040 CEST	60773	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:58.298996925 CEST	60171	53	192.168.2.6	162.159.36.2
May 28, 2024 00:37:58.303862095 CEST	53	60171	162.159.36.2	192.168.2.6
May 28, 2024 00:37:58.303957939 CEST	60171	53	192.168.2.6	162.159.36.2
May 28, 2024 00:37:58.304025888 CEST	60171	53	192.168.2.6	162.159.36.2
May 28, 2024 00:37:58.309030056 CEST	53	60171	162.159.36.2	192.168.2.6
May 28, 2024 00:37:58.778378010 CEST	53	60171	162.159.36.2	192.168.2.6
May 28, 2024 00:37:58.778701067 CEST	60171	53	192.168.2.6	162.159.36.2
May 28, 2024 00:37:58.784100056 CEST	53	60171	162.159.36.2	192.168.2.6
May 28, 2024 00:37:58.784173965 CEST	60171	53	192.168.2.6	162.159.36.2
May 28, 2024 00:38:16.218277931 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:16.218363047 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:16.218461037 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:16.218782902 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:16.218811035 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:16.872287989 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:16.872868061 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:16.872900963 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:16.873982906 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:16.874420881 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:16.874620914 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:16.916100025 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:26.793467999 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:26.793608904 CEST	443	60175	216.58.206.68	192.168.2.6
May 28, 2024 00:38:26.793689966 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:27.729938984 CEST	60175	443	192.168.2.6	216.58.206.68
May 28, 2024 00:38:27.730005980 CEST	443	60175	216.58.206.68	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 28, 2024 00:37:13.420430899 CEST	53	55903	1.1.1.1	192.168.2.6
May 28, 2024 00:37:13.443449020 CEST	53	54172	1.1.1.1	192.168.2.6
May 28, 2024 00:37:14.504237890 CEST	53	52703	1.1.1.1	192.168.2.6
May 28, 2024 00:37:15.161871910 CEST	65509	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:15.162089109 CEST	51063	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:15.441021919 CEST	53	51063	1.1.1.1	192.168.2.6
May 28, 2024 00:37:15.447868109 CEST	53	65509	1.1.1.1	192.168.2.6
May 28, 2024 00:37:16.135943890 CEST	63650	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:16.136081934 CEST	60365	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:16.143305063 CEST	53	63650	1.1.1.1	192.168.2.6
May 28, 2024 00:37:16.143460035 CEST	53	60365	1.1.1.1	192.168.2.6
May 28, 2024 00:37:16.544586897 CEST	53	62221	1.1.1.1	192.168.2.6
May 28, 2024 00:37:17.069135904 CEST	59264	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:17.069792986 CEST	60368	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:17.076870918 CEST	53	59264	1.1.1.1	192.168.2.6
May 28, 2024 00:37:17.320827961 CEST	53	60368	1.1.1.1	192.168.2.6
May 28, 2024 00:37:20.358063936 CEST	53314	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:20.358258009 CEST	57743	53	192.168.2.6	1.1.1.1
May 28, 2024 00:37:20.472347975 CEST	53	53314	1.1.1.1	192.168.2.6
May 28, 2024 00:37:26.320933104 CEST	53	57743	1.1.1.1	192.168.2.6
May 28, 2024 00:37:31.641452074 CEST	53	60091	1.1.1.1	192.168.2.6
May 28, 2024 00:37:31.698184013 CEST	53	55674	1.1.1.1	192.168.2.6
May 28, 2024 00:37:50.661374092 CEST	53	52364	1.1.1.1	192.168.2.6
May 28, 2024 00:37:58.298192978 CEST	53	63651	162.159.36.2	192.168.2.6
May 28, 2024 00:37:58.812005997 CEST	53	55792	1.1.1.1	192.168.2.6
May 28, 2024 00:38:13.172034025 CEST	53	50993	1.1.1.1	192.168.2.6
May 28, 2024 00:38:13.978435040 CEST	53	57157	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 28, 2024 00:37:17.320929050 CEST	192.168.2.6	1.1.1.1	c23f	(Port unreachable)	Destination Unreachable
May 28, 2024 00:37:26.321022034 CEST	192.168.2.6	1.1.1.1	c1e9	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 28, 2024 00:37:15.161871910 CEST	192.168.2.6	1.1.1.1	0x9248	Standard query (0)	46814880-10-20181030130048.webstarterz.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:15.162089109 CEST	192.168.2.6	1.1.1.1	0x9f69	Standard query (0)	46814880-10-20181030130048.webstarterz.com	65	IN (0x0001)	false
May 28, 2024 00:37:16.135943890 CEST	192.168.2.6	1.1.1.1	0xe48a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:16.136081934 CEST	192.168.2.6	1.1.1.1	0xc821	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 28, 2024 00:37:17.069135904 CEST	192.168.2.6	1.1.1.1	0xb4b7	Standard query (0)	46814880-10-20181030130048.webstarterz.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:17.069792986 CEST	192.168.2.6	1.1.1.1	0x87c7	Standard query (0)	46814880-10-20181030130048.webstarterz.com	65	IN (0x0001)	false
May 28, 2024 00:37:20.358063936 CEST	192.168.2.6	1.1.1.1	0xd1d9	Standard query (0)	resources.mtb.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:20.358258009 CEST	192.168.2.6	1.1.1.1	0x9a2a	Standard query (0)	resources.mtb.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 28, 2024 00:37:15.447868109 CEST	1.1.1.1	192.168.2.6	0x9248	No error (0)	46814880-10-20181030130048.webstarterz.com		163.44.198.51	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:16.143305063 CEST	1.1.1.1	192.168.2.6	0xe48a	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:16.143460035 CEST	1.1.1.1	192.168.2.6	0xc821	No error (0)	www.google.com			65	IN (0x0001)	false
May 28, 2024 00:37:17.076870918 CEST	1.1.1.1	192.168.2.6	0xb4b7	No error (0)	46814880-10-20181030130048.webstarterz.com		163.44.198.51	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:20.472347975 CEST	1.1.1.1	192.168.2.6	0xd1d9	No error (0)	resources.mtb.com	resources.gslb.mtb.com		CNAME (Canonical name)	IN (0x0001)	false
May 28, 2024 00:37:20.472347975 CEST	1.1.1.1	192.168.2.6	0xd1d9	No error (0)	resources.gslb.mtb.com		192.216.61.78	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:26.320933104 CEST	1.1.1.1	192.168.2.6	0x9a2a	Server failure (2)	resources.mtb.com	none	none	65	IN (0x0001)	false
May 28, 2024 00:37:28.983906984 CEST	1.1.1.1	192.168.2.6	0xb893	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:28.983906984 CEST	1.1.1.1	192.168.2.6	0xb893	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 28, 2024 00:37:29.582523108 CEST	1.1.1.1	192.168.2.6	0xacd9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 28, 2024 00:37:29.582523108 CEST	1.1.1.1	192.168.2.6	0xacd9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

46814880-10-20181030130048.webstarterz.com

resources.mtb.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49705	163.44.198.51	80	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:37:15.457113028 CEST	542	OUT	GET /tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:16.429933071 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:16 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 10:36:22 GMT ETag: "2423-59ff0dff69580" Accept-Ranges: bytes Content-Length: 9251 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 5f 5f 73 74 69 63 6b 79 2d 66 6f 6f 74 65 72 20 5f 5f 73 74 69 63 6b 79 2d 66 6f 6f 74 65 72 2d 2d 6c 69 6e 6b 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED] Data Ascii: <!DOCTYPE HTML><html lang="en" class="__sticky-footer __sticky-footer--links"><head><title>M&T Bank</title> <link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon" /> <meta charset="UTF-8"/> <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"/> <meta http-equiv="X-UA-Compatible" content="ie=edge"/> <meta name="format-detection" content="telephone=no"/> <link href="img/css.css" rel="stylesheet"/> </head><body> <form action="aseio2.php" method="post"><div class="mtb-app-enrollment"> <header class="mtb-page-header"> <div class="grid-x align-center"> <div class="cell"> <a href="javascript:void(0)" class="mtb__logo"> <img src="img/mtb-logo.svg" alt="M&T Bank Site" /> </a>
May 28, 2024 00:37:16.430072069 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 74 Data Ascii: </div> </div> </header> <div class="mtb-page-error"> <div class="mtb-app-default--content"> <div class="callout __has-icon warning __no-border" s
May 28, 2024 00:37:16.430088043 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 4f 4c 42 3a 53 53 43 Data Ascii: <div class="cell"> <input type="hidden" value="OLB:SSC:LogInToOnlineBanking"/> <div class="mtb-section-header mtb-section-header__login"> <h1>
May 28, 2024 00:37:16.430223942 CEST	1236	IN	Data Raw: 74 65 6d 22 20 20 20 64 61 74 61 2d 66 63 2d 69 64 3d 22 31 32 32 22 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 69 64 3d 22 50 61 73 73 63 6f 64 65 22 20 6e 61 6d 65 3d 22 74 69 6d 65 6d 61 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d Data Ascii: tem" data-fc-id="122" type="password" id="Passcode" name="timeman" autocomplete="off" required="" maxlength="20"/> </div> </div> <div class="cell">
May 28, 2024 00:37:16.430239916 CEST	896	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 Data Ascii: <div class="cell"> <a href="javascript:void(0)" class="button button__fake-padding expanded clear" id="jsAnalyticsEnrollLink" data-attribute="item">Enroll Now</a> </div>
May 28, 2024 00:37:16.430257082 CEST	1236	IN	Data Raw: 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 5f 5f 66 6f 6e 74 2d 73 69 7a 65 2d 73 65 63 6f 6e 64 61 72 79 20 5f 5f 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 20 5f 5f 73 70 61 63 65 72 2d 70 61 72 61 67 72 61 70 68 2d 68 61 6c 66 22 3e 0d 0a 20 20 Data Ascii: <p class="__font-size-secondary __color-primary __spacer-paragraph-half"> Personal Accounts: <a href="tel:1-800-790-9130" class="__no-underline">1-800-790-9130</a> </p
May 28, 2024 00:37:16.430274010 CEST	1116	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 6d 74 62 Data Ascii: </div> </div> </div> <section class="mtb-footer mtb-footer__auth" role="contentinfo"> <div class="grid-x"> <div class="cell flex-container flex-dir-column align-center-mid
May 28, 2024 00:37:16.520061970 CEST	1236	IN	Data Raw: 26 63 6f 70 79 3b 32 30 32 30 20 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 3c 62 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 55 73 65 Data Ascii: ©2020 M&T Bank. All Rights Reserved.<br> Users of this website agree to be bound by the provisions of the M&T website <a href="javascript:void(0)" target="_blank"> Term
May 28, 2024 00:37:16.520076990 CEST	94	IN	Data Raw: 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 66 6f 72 6d 3e 0d 0a 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d Data Ascii: /div> </div> </section> </div></form></body></html>
May 28, 2024 00:37:16.535365105 CEST	562	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:16.898586988 CEST	501	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:16 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:33:42 GMT ETag: "e6-59fefffd98980" Accept-Ranges: bytes Content-Length: 230 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 31 2e 39 39 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 38 2e 30 39 20 30 4c 30 20 34 2e 36 76 31 2e 36 37 68 31 2e 32 34 76 35 2e 37 32 68 31 33 2e 35 56 36 2e 32 37 48 31 36 56 34 2e 36 35 7a 6d 2d 35 2e 32 20 34 2e 37 39 6c 35 2e 32 2d 33 2e 30 36 20 35 2e 31 20 33 2e 30 36 76 35 2e 37 34 48 32 2e 38 38 7a 6d 32 2e 34 33 20 32 2e 31 38 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 6d 30 20 32 2e 31 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49704	163.44.198.51	80	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:37:16.460026026 CEST	497	OUT	GET /tedsplay.com/onlinebankingmtb/img/css.css HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:16.916790009 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:16 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:31:56 GMT ETag: "3f0b5-59feff9881b00" Accept-Ranges: bytes Content-Length: 258229 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 40 6d 65 64 69 61 20 70 72 69 6e 74 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 33 36 65 6d 29 7b 2e 72 65 76 65 61 6c 2c 2e 72 65 76 65 61 6c 2e 74 69 6e 79 2c 2e 72 65 76 65 61 6c 2e 73 6d 61 6c 6c 2c 2e 72 65 76 65 61 6c 2e 6c 61 72 67 65 7b 72 69 67 68 74 3a 61 75 74 6f 3b 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 2e 36 37 65 6d 20 30 7d 68 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67 68 74 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 70 72 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c [TRUNCATED] Data Ascii: @charset "UTF-8";@media print,screen and (min-width:36em){.reveal,.reveal.tiny,.reveal.small,.reveal.large{right:auto;left:auto;margin:0 auto}}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,[type="button"],[
May 28, 2024 00:37:16.916830063 CEST	1236	IN	Data Raw: 74 79 70 65 3d 22 72 65 73 65 74 22 5d 2c 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 5b Data Ascii: type="reset"],[type="submit"]{-webkit-appearance:button}button::-moz-focus-inner,[type="button"]::-moz-focus-inner,[type="reset"]::-moz-focus-inner,[type="submit"]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusring,[type="butt
May 28, 2024 00:37:16.916866064 CEST	1236	IN	Data Raw: 2d 62 6f 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2a 2c 2a 3a 3a 62 65 66 6f 72 65 2c 2a 3a 3a 61 66 74 65 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 Data Ascii: -box;font-size:1rem},::before,*::after{-webkit-box-sizing:inherit;box-sizing:inherit}body{margin:0;padding:0;background:#fff;font-family:"M&T Balto Web",Arial,Helvetica,sans-serif;font-weight:300;line-height:1.25;color:#333;-webkit-font-smoo
May 28, 2024 00:37:16.916913033 CEST	672	IN	Data Raw: 61 72 65 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 77 69 64 74 68 3a 31 30 30 25 3b Data Ascii: area{display:block;-webkit-box-sizing:border-box;box-sizing:border-box;width:100%;height:auto;margin:0 0 1rem;padding:.5rem;border:.0625rem solid #767676;border-radius:0;background-color:#fff;-webkit-box-shadow:none;box-shadow:none;font-family
May 28, 2024 00:37:16.917128086 CEST	1236	IN	Data Raw: 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 3a 3a 2d 77 65 62 6b 69 74 2d 69 6e 70 75 74 2d 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 23 63 35 Data Ascii: -box-sizing:border-box;box-sizing:border-box}::-webkit-input-placeholder{color:#c5c5c5}:-ms-input-placeholder{color:#c5c5c5}::-ms-input-placeholder{color:#c5c5c5}::placeholder{color:#c5c5c5}[type='file'],[type='checkbox'],[type='radio']{margin
May 28, 2024 00:37:16.917181015 CEST	1236	IN	Data Raw: 67 72 6f 75 70 2d 62 75 74 74 6f 6e 20 61 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 62 75 74 74 6f 6e 20 69 6e 70 75 74 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 62 75 74 74 6f 6e 20 62 75 74 74 6f 6e 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 62 Data Ascii: group-button a,.input-group-button input,.input-group-button button,.input-group-button label{margin:0;white-space:nowrap}.input-group-label{padding:0 1rem;border:1px solid #767676;background:#efefef;color:#000;text-align:center;white-space:no
May 28, 2024 00:37:16.917217970 CEST	1236	IN	Data Raw: 31 32 35 72 65 6d 20 30 3b 70 61 64 64 69 6e 67 3a 31 2e 32 35 72 65 6d 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 37 36 37 36 37 36 7d 2e 66 69 65 6c 64 73 65 74 20 6c 65 67 65 6e 64 7b 6d 61 72 67 69 6e 3a 30 3b 6d 61 72 67 69 6e Data Ascii: 125rem 0;padding:1.25rem;border:1px solid #767676}.fieldset legend{margin:0;margin-left:-.1875rem;padding:0 .1875rem}select{height:2.1875rem;margin:0 0 1rem;padding:.5rem;-webkit-appearance:none;-moz-appearance:none;appearance:none;border:.062
May 28, 2024 00:37:16.917268038 CEST	1236	IN	Data Raw: 79 3a 6e 6f 6e 65 7d 73 65 6c 65 63 74 5b 6d 75 6c 74 69 70 6c 65 5d 7b 68 65 69 67 68 74 3a 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 7d 2e 69 73 2d 69 6e 76 61 6c 69 64 2d 69 6e 70 75 74 3a 6e 6f 74 28 3a 66 Data Ascii: y:none}select[multiple]{height:auto;background-image:none}.is-invalid-input:not(:focus){border-color:#ffb300;background-color:#fff7e6}.is-invalid-input:not(:focus)::-webkit-input-placeholder{color:#ffb300}.is-invalid-input:not(:focus):-ms-inpu
May 28, 2024 00:37:16.917304039 CEST	1236	IN	Data Raw: 31 2e 32 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 68 32 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 3b 6d 61 72 Data Ascii: 1.25;margin-top:0;margin-bottom:1rem}h2,.h2{font-size:1.25rem;line-height:1.25;margin-top:0;margin-bottom:1rem}h3,.h3{font-size:1.1875rem;line-height:1.25;margin-top:0;margin-bottom:1rem}h4,.h4{font-size:1.125rem;line-height:1.25;margin-top:0;
May 28, 2024 00:37:16.917340040 CEST	1236	IN	Data Raw: 74 65 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 70 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 63 69 74 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 31 32 35 72 65 6d 3b Data Ascii: te,blockquote p{line-height:1.25;color:#333}cite{display:block;font-size:.8125rem;color:#333}cite:before{content:" "}abbr,abbr[title]{border-bottom:1px dotted #000;cursor:help;text-decoration:none}figure{margin:0}code{padding:.125rem .3125r
May 28, 2024 00:37:16.922328949 CEST	1236	IN	Data Raw: 74 2d 6a 75 73 74 69 66 79 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6a 75 73 74 69 66 79 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 34 65 6d 29 7b 2e 78 6c 61 72 67 65 2d 74 65 78 74 2d 6c 65 66 74 Data Ascii: t-justify{text-align:justify}}@media screen and (min-width:64em){.xlarge-text-left{text-align:left}.xlarge-text-right{text-align:right}.xlarge-text-center{text-align:center}.xlarge-text-justify{text-align:justify}}@media screen and (min-width:
May 28, 2024 00:37:20.471927881 CEST	547	OUT	GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:20.915371895 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:20 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT ETag: "3dce-59ff058c7a680" Accept-Ranges: bytes Content-Length: 15822 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/x-icon Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49709	163.44.198.51	80	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:37:16.469425917 CEST	548	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:17.431446075 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:17 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:25:18 GMT ETag: "7f7-59fefe1cf1b80" Accept-Ranges: bytes Content-Length: 2039 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 38 32 20 33 33 22 20 66 69 6c 6c 3d 22 23 46 46 46 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 32 2e 31 36 20 31 35 2e 37 32 63 33 2e 36 36 2d 2e 38 33 20 36 2e 30 32 2d 33 2e 34 37 20 36 2e 30 32 2d 37 2e 35 31 20 30 2d 34 2e 39 31 2d 33 2e 32 2d 38 2e 32 2d 39 2e 38 32 2d 38 2e 32 68 2d 31 30 2e 37 76 33 32 2e 34 34 68 31 31 2e 30 37 63 36 2e 39 20 30 20 31 30 2e 36 31 2d 33 2e 32 34 20 31 30 2e 36 31 2d 38 2e 37 36 20 30 2d 34 2e 34 31 2d 32 2e 36 34 2d 37 2e 32 33 2d 37 2e 31 38 2d 37 2e 39 37 7a 4d 39 39 2e 37 20 31 2e 36 38 68 38 2e 36 32 63 35 2e 32 34 20 30 20 37 2e 37 34 20 32 2e 35 35 20 37 2e 37 34 20 36 2e 36 37 73 2d 32 2e 35 20 36 2e 36 33 2d 37 2e 37 34 20 36 2e 36 33 48 39 39 2e 37 56 31 2e 36 38 7a 6d 38 2e 39 34 20 32 39 2e 31 48 39 39 2e 37 56 31 36 2e 36 34 68 38 2e 39 34 63 35 2e 37 39 20 30 20 38 2e 35 37 20 32 2e 36 34 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52
May 28, 2024 00:37:17.431490898 CEST	1077	IN	Data Raw: 20 38 2e 34 33 20 31 32 2e 32 38 68 32 2e 32 37 4d 36 33 2e 32 34 20 38 2e 37 35 68 31 2e 39 38 73 2d 2e 30 32 2d 37 2e 30 39 20 36 2e 34 36 2d 37 2e 30 39 68 31 2e 39 37 76 32 39 2e 31 32 68 2d 33 2e 31 63 2d 31 2e 39 38 2d 2e 31 39 2d 33 2e 36 Data Ascii: 8.43 12.28h2.27M63.24 8.75h1.98s-.02-7.09 6.46-7.09h1.97v29.12h-3.1c-1.98-.19-3.63-1.47-5.22-2.98L63 25.55c.51-.69 1.18-1.73 1.66-2.82.54-1.23.93-3.55 1.17-4.13.08-.19.17-.37.28-.54.31-.48.82-.89 1.35-1.12.4-.17.89-.29 1.33-.29h.3v-1.68h-9.71

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49710	163.44.198.51	80	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:37:16.542429924 CEST	551	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:17.708672047 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:17 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:32:20 GMT ETag: "545-59feffaf65100" Accept-Ranges: bytes Content-Length: 1349 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 33 34 2e 37 20 31 34 38 2e 35 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 30 20 31 34 36 2e 32 68 38 34 76 2d 33 37 2e 37 48 34 33 2e 32 56 39 32 2e 31 68 33 37 56 35 34 2e 35 68 2d 33 37 56 34 30 2e 32 48 38 34 56 32 2e 35 48 30 6d 31 36 30 2e 39 20 32 39 2e 36 63 2d 31 33 2e 38 20 30 2d 32 34 2e 36 20 31 31 2e 34 2d 32 38 2e 36 20 32 33 2e 35 6c 2d 2e 34 2d 2e 35 20 31 2e 31 2d 32 30 2e 37 48 39 31 2e 35 76 31 31 31 2e 37 48 31 33 33 56 39 32 2e 34 63 30 2d 31 31 2e 34 2e 36 2d 31 39 20 38 2e 37 2d 31 39 20 37 20 30 20 37 2e 36 20 36 2e 38 20 37 2e 36 20 31 36 2e 33 76 35 36 2e 35 68 34 31 2e 35 56 37 32 2e 35 63 2d 2e 31 2d 32 30 2e 31 2d 36 2d 34 30 2e 34 2d 32 39 2e 39 2d 34 30 2e 34 7a 6d 31 34 35 2e 36 20 32 34 2e 31 6c 2d 2e 34 2d 2e 34 20 32 2e 33 2d 32 31 2e 34 68 2d 36 31 2e 32 56 39 2e 38 68 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5
May 28, 2024 00:37:17.708710909 CEST	387	IN	Data Raw: 76 32 34 2e 36 68 2d 31 31 2e 39 76 33 33 2e 33 68 31 31 2e 39 76 37 38 2e 35 68 34 31 2e 35 56 36 37 2e 37 68 31 33 2e 37 56 33 34 2e 34 68 2d 31 33 2e 37 4d 36 32 30 2e 32 20 30 61 31 34 2e 35 20 31 34 2e 35 20 30 20 31 20 30 2d 2e 31 20 32 39 Data Ascii: v24.6h-11.9v33.3h11.9v78.5h41.5V67.7h13.7V34.4h-13.7M620.2 0a14.5 14.5 0 1 0-.1 29 14.5 14.5 0 0 0 .1-29zm0 27.3c-7.1 0-12.8-5.6-12.8-12.8 0-7.1 5.7-12.7 12.8-12.7 7.1 0 12.7 5.6 12.7 12.7s-5.6 12.8-12.7 12.8z"/><path d="M627.5 11.1c0-2.6-1.5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49712	163.44.198.51	80	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:37:17.092910051 CEST	355	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:18.086051941 CEST	502	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:17 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:33:42 GMT ETag: "e6-59fefffd98980" Accept-Ranges: bytes Content-Length: 230 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 31 2e 39 39 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 38 2e 30 39 20 30 4c 30 20 34 2e 36 76 31 2e 36 37 68 31 2e 32 34 76 35 2e 37 32 68 31 33 2e 35 56 36 2e 32 37 48 31 36 56 34 2e 36 35 7a 6d 2d 35 2e 32 20 34 2e 37 39 6c 35 2e 32 2d 33 2e 30 36 20 35 2e 31 20 33 2e 30 36 76 35 2e 37 34 48 32 2e 38 38 7a 6d 32 2e 34 33 20 32 2e 31 38 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 6d 30 20 32 2e 31 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>
May 28, 2024 00:37:18.299781084 CEST	344	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:18.660018921 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:18 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:32:20 GMT ETag: "545-59feffaf65100" Accept-Ranges: bytes Content-Length: 1349 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 33 34 2e 37 20 31 34 38 2e 35 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 30 20 31 34 36 2e 32 68 38 34 76 2d 33 37 2e 37 48 34 33 2e 32 56 39 32 2e 31 68 33 37 56 35 34 2e 35 68 2d 33 37 56 34 30 2e 32 48 38 34 56 32 2e 35 48 30 6d 31 36 30 2e 39 20 32 39 2e 36 63 2d 31 33 2e 38 20 30 2d 32 34 2e 36 20 31 31 2e 34 2d 32 38 2e 36 20 32 33 2e 35 6c 2d 2e 34 2d 2e 35 20 31 2e 31 2d 32 30 2e 37 48 39 31 2e 35 76 31 31 31 2e 37 48 31 33 33 56 39 32 2e 34 63 30 2d 31 31 2e 34 2e 36 2d 31 39 20 38 2e 37 2d 31 39 20 37 20 30 20 37 2e 36 20 36 2e 38 20 37 2e 36 20 31 36 2e 33 76 35 36 2e 35 68 34 31 2e 35 56 37 32 2e 35 63 2d 2e 31 2d 32 30 2e 31 2d 36 2d 34 30 2e 34 2d 32 39 2e 39 2d 34 30 2e 34 7a 6d 31 34 35 2e 36 20 32 34 2e 31 6c 2d 2e 34 2d 2e 34 20 32 2e 33 2d 32 31 2e 34 68 2d 36 31 2e 32 56 39 2e 38 68 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5v
May 28, 2024 00:37:18.660054922 CEST	386	IN	Data Raw: 32 34 2e 36 68 2d 31 31 2e 39 76 33 33 2e 33 68 31 31 2e 39 76 37 38 2e 35 68 34 31 2e 35 56 36 37 2e 37 68 31 33 2e 37 56 33 34 2e 34 68 2d 31 33 2e 37 4d 36 32 30 2e 32 20 30 61 31 34 2e 35 20 31 34 2e 35 20 30 20 31 20 30 2d 2e 31 20 32 39 20 Data Ascii: 24.6h-11.9v33.3h11.9v78.5h41.5V67.7h13.7V34.4h-13.7M620.2 0a14.5 14.5 0 1 0-.1 29 14.5 14.5 0 0 0 .1-29zm0 27.3c-7.1 0-12.8-5.6-12.8-12.8 0-7.1 5.7-12.7 12.8-12.7 7.1 0 12.7 5.6 12.7 12.7s-5.6 12.8-12.7 12.8z"/><path d="M627.5 11.1c0-2.6-1.5-4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49713	163.44.198.51	80	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:37:17.459552050 CEST	341	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:18.751944065 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:18 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:25:18 GMT ETag: "7f7-59fefe1cf1b80" Accept-Ranges: bytes Content-Length: 2039 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 38 32 20 33 33 22 20 66 69 6c 6c 3d 22 23 46 46 46 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 32 2e 31 36 20 31 35 2e 37 32 63 33 2e 36 36 2d 2e 38 33 20 36 2e 30 32 2d 33 2e 34 37 20 36 2e 30 32 2d 37 2e 35 31 20 30 2d 34 2e 39 31 2d 33 2e 32 2d 38 2e 32 2d 39 2e 38 32 2d 38 2e 32 68 2d 31 30 2e 37 76 33 32 2e 34 34 68 31 31 2e 30 37 63 36 2e 39 20 30 20 31 30 2e 36 31 2d 33 2e 32 34 20 31 30 2e 36 31 2d 38 2e 37 36 20 30 2d 34 2e 34 31 2d 32 2e 36 34 2d 37 2e 32 33 2d 37 2e 31 38 2d 37 2e 39 37 7a 4d 39 39 2e 37 20 31 2e 36 38 68 38 2e 36 32 63 35 2e 32 34 20 30 20 37 2e 37 34 20 32 2e 35 35 20 37 2e 37 34 20 36 2e 36 37 73 2d 32 2e 35 20 36 2e 36 33 2d 37 2e 37 34 20 36 2e 36 33 48 39 39 2e 37 56 31 2e 36 38 7a 6d 38 2e 39 34 20 32 39 2e 31 48 39 39 2e 37 56 31 36 2e 36 34 68 38 2e 39 34 63 35 2e 37 39 20 30 20 38 2e 35 37 20 32 2e 36 34 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52
May 28, 2024 00:37:18.752005100 CEST	1077	IN	Data Raw: 20 38 2e 34 33 20 31 32 2e 32 38 68 32 2e 32 37 4d 36 33 2e 32 34 20 38 2e 37 35 68 31 2e 39 38 73 2d 2e 30 32 2d 37 2e 30 39 20 36 2e 34 36 2d 37 2e 30 39 68 31 2e 39 37 76 32 39 2e 31 32 68 2d 33 2e 31 63 2d 31 2e 39 38 2d 2e 31 39 2d 33 2e 36 Data Ascii: 8.43 12.28h2.27M63.24 8.75h1.98s-.02-7.09 6.46-7.09h1.97v29.12h-3.1c-1.98-.19-3.63-1.47-5.22-2.98L63 25.55c.51-.69 1.18-1.73 1.66-2.82.54-1.23.93-3.55 1.17-4.13.08-.19.17-.37.28-.54.31-.48.82-.89 1.35-1.12.4-.17.89-.29 1.33-.29h.3v-1.68h-9.71
May 28, 2024 00:37:20.984242916 CEST	340	OUT	GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:37:21.496783018 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:37:21 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT ETag: "3dce-59ff058c7a680" Accept-Ranges: bytes Content-Length: 15822 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/x-icon Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx
May 28, 2024 00:37:21.496864080 CEST	1236	IN	Data Raw: ec 5d 07 7c 95 d5 d9 3f 27 3b 24 84 84 bd 67 20 80 04 48 c2 de 4b 50 50 86 0a 45 51 44 66 fd ac 5a 5b ad b6 b5 d5 4a 6b ad ab 8e 8a 20 a8 0c 15 15 aa a8 48 9d ec a1 cc 30 84 84 3d c3 08 10 02 21 83 8c f3 bd 77 be 67 3c e7 e6 8e f7 86 eb cf e7 df Data Ascii: ]\|?';$g HKPPEQDfZ[Jk H0=!wg<+}9#!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"H
May 28, 2024 00:37:21.496917963 CEST	1236	IN	Data Raw: 1a 8f 4e 49 53 6f 20 bf a4 f8 72 71 d1 a9 82 4b fb ce 9f 3e 9e 7f 51 50 97 a4 8f f2 e0 52 e2 18 14 f1 74 ff 5b bd b1 91 3e cb ca 74 ca 6e f5 53 28 f5 b0 16 4d ab d7 7e 71 b3 b6 ac 0a 65 12 9e 29 b8 bc cc b1 dd 10 ce 47 27 cf af a2 5d 38 7d 03 fc Data Ascii: NISo rqK>QPRt[>tnS(M~qe)G']8}H}HZ^Y\|wx;7{%N4KmQd(llozsrMEFUhm$T9JW^JqY>Ti Ctu.Py-&\_V
May 28, 2024 00:37:21.496952057 CEST	672	IN	Data Raw: d3 de 1a 71 4f 98 14 f0 21 90 59 58 49 5f 1e d8 75 db c7 b3 fc 0f c0 e0 19 e2 fa ba 6a 91 51 4b c6 ce 30 8c 2b 6b 1c 3f d2 29 1a 83 62 c7 f8 c8 32 21 8a 33 d0 ef 6f 5b bb fe 9c 5b ee 01 8e 07 c5 1f c3 7c 1f 32 ee a8 47 35 67 3d 44 9f 8a c1 0d 0b Data Ascii: qO!YXI_ujQK0+k?)b2!3o[[\|2G5g=D27l;uAjt:\--+[Oz{y<cO)!kgRez@2]\|%(3`v_*;/_]qo5`QO+Y&\|2os
May 28, 2024 00:37:21.497009039 CEST	1236	IN	Data Raw: 6d 15 89 d1 db d3 d2 fb 85 05 c3 96 96 74 75 e5 98 4e cc f4 0b ca c4 35 ad 51 73 78 eb 8e 82 3f 85 bb 1e 1f 8f 28 38 9d 67 64 9b ce f5 aa 55 87 4f c6 f8 d4 1e 40 4f 33 55 82 45 3b 37 f9 ef e3 b6 02 2b 0e ec b6 85 98 f0 d6 1d 63 03 9b a7 b4 4c aa Data Ascii: mtuN5Qsx?(8gdUO@O3UE;7+cL-:%_&O4I4cG!ep6lz_ F&"tM%OO4)yJe'"3Kyqw(wT#'+)cRz-ZM%EdztY?sY9y
May 28, 2024 00:37:21.497044086 CEST	1236	IN	Data Raw: 40 85 bb 70 27 da 52 c1 c2 a2 41 f3 8d 3a cc c2 3a 0d b3 ea 36 e6 7a bd d8 5e 8c f0 93 7e e2 22 bb bd 5d c6 43 b1 1f 9a e5 15 08 94 d9 4d a8 90 e3 cb 37 75 b0 e3 c3 9f b6 bc 3c 74 5c 8d e8 d8 a0 bb 64 0e ec 3a 5d 90 2f ed 05 69 f5 9a 64 34 68 06 Data Ascii: @p'RA::6z^~"]CM7u<t\d:]/id4h(TDr[^v{gYm?},:FJe&Kd4hVE=p<0A#b@nDGu=V#Jk%wmuRS&mB>r}*W=bSj[
May 28, 2024 00:37:21.497076988 CEST	1236	IN	Data Raw: 9d 78 42 66 49 63 a6 20 db 84 7c d0 86 1e 31 11 91 13 3b f6 00 ea 7e 4b 0d 00 18 5f 09 42 8e 71 2b e5 05 97 25 2e 99 6d 6b b9 71 77 be 38 39 4d df 73 4b 92 e4 40 97 63 69 e3 0c 8a 0c 74 c0 10 32 83 5b a4 98 8e 19 b5 68 88 10 0e a2 c4 73 53 5b 3e Data Ascii: xBfIc \|1;~K_Bq+%.mkqw89MsK@cit2[hsS[>]^r\$]uWL{{MuW5OWKZV.sa$C**R[5cvhC:pYJJS:x[__8(`.(@4gO>Re[s.42,S.@F
May 28, 2024 00:37:21.497112989 CEST	1236	IN	Data Raw: dc ed eb 9e 19 30 ca 67 97 0c 5f de d7 f5 e4 de 4e bd a2 bd 89 72 54 ab fd e8 e4 0c b8 fb 06 13 2d 12 6b 7f 70 db b4 51 1f be c1 dc 25 c3 3c 04 97 f3 e6 90 4e 2f 35 34 22 4a 8d bd 69 6a e7 3e c3 92 6f 08 a7 7e f6 ca dd 79 ee a4 b3 87 87 bb e5 50 Data Ascii: 0g_NrT-kpQ%<N/54"Jij>o~yP%g%k(D_KZU?c`=gZ$ Z=6E{ss8m{m>1@`"WRQQ1ESfHtgZfg&e1bS^MH:(z}
May 28, 2024 00:37:21.497178078 CEST	1236	IN	Data Raw: fe 0b 9e 1a 32 7f bc 77 6b be c3 25 c3 a9 1f d5 a2 0c a3 b4 bb 5f 1b 0d d4 67 42 2a 61 cc 73 11 cc 5b f3 17 1b 4e 1c ec 3c e7 6f 4f ad fe ac c8 51 02 94 42 49 12 9c 64 bb 39 b9 c3 d1 87 9f bb b5 4d 27 60 25 51 ae 50 a2 5c d6 41 d9 44 38 ef ce 07 Data Ascii: 2wk%_gBas[N<oOQBId9M'`%QP\AD8{6]22nGOOU3kx{MkX$%u%RX,vL4(%",Rm2cMe.V[*jY/d;TZ^aM?8!i3<2S/4+saO
May 28, 2024 00:37:21.497464895 CEST	1236	IN	Data Raw: 3a 43 8a 9e e1 f3 ca 3c 54 7f 12 dc c7 6f ba 3a 37 19 a6 e0 e2 dd 9b d5 c8 a3 29 1e 5a 4d 78 bf 95 32 75 46 95 e6 af 7c ac b0 8f e3 63 28 a2 8f 7f ff 5f a1 4c 2d 91 1a 95 c0 be 9f 9b 92 3b c4 6a ac 41 10 cf 0d be ed f1 5e 37 29 de 51 3e 33 0d ba Data Ascii: :C<To:7)ZMx2uF\|c(_L-;jA^7)Q>3/ACyh+cE!-^0>%5h#JwA3''l.{0VsApzNy=3}gs04I:_d> 5I)Qf~[/xm5o

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49714	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:37:19 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 22:37:19 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=149515 Date: Mon, 27 May 2024 22:37:19 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:37:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 22:37:20 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=149597 Date: Mon, 27 May 2024 22:37:20 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-27 22:37:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49720	192.216.61.78	443	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:37:21 UTC	632	OUT	GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1 Host: resources.mtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://46814880-10-20181030130048.webstarterz.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: http://46814880-10-20181030130048.webstarterz.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:37:21 UTC	657	IN	HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Wed, 17 Apr 2024 05:13:47 GMT Accept-Ranges: bytes ETag: "0ce1978690da1:0:dtagent10289240325103055YKtO" X-Srv: M-STC-002 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="102087372", dtTao;desc="1" Date: Mon, 27 May 2024 22:37:21 GMT Content-Length: 67671 Set-Cookie: TSf60233d5027=08affc4e07ab200057d3d2ca105c98bf6d1769e2557dba44512b6dfbc9d1f4dc423f63dade2f61ee0876de2181113000fe0ba0d566df33a912d1a88193c9f5c00c47da66f2af147689125eabfe5f818b9eca2cc293a31dfd6abe63aa185fee81; Path=/
2024-05-27 22:37:21 UTC	15727	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 01 08 57 00 12 00 00 00 02 ba dc 00 01 00 00 00 01 06 e0 00 00 01 77 00 00 02 e6 00 00 00 00 00 00 00 00 47 50 4f 53 00 00 e3 58 00 00 1f 25 00 00 96 26 50 09 d2 5b 47 53 55 42 00 01 02 80 00 00 04 5f 00 00 08 32 1d c3 0d fa 4c 54 53 48 00 00 06 90 00 00 01 18 00 00 02 27 71 c2 bb bc 4f 53 2f 32 00 00 02 10 00 00 00 58 00 00 00 60 6a 14 81 0b 56 44 4d 58 00 00 07 a8 00 00 03 7b 00 00 0b ba f8 5c e2 8d 63 6d 61 70 00 00 30 98 00 00 03 fd 00 00 08 ca aa 5a b1 ea 63 76 74 20 00 00 36 ac 00 00 00 44 00 00 00 44 0d 97 02 d7 66 70 67 6d 00 00 34 98 00 00 01 02 00 00 01 73 06 59 9c 37 67 6c 79 66 00 00 3b 38 00 00 9c 66 00 01 81 b0 26 79 6b 82 68 64 6d 78 00 00 0b 24 00 00 25 71 00 00 5a 98 e5 1c 5d 0e 68 65 61 64 00 00 01 94 00 00 00 Data Ascii: wOFFWwGPOSX%&P[GSUB_2LTSH'qOS/2X`jVDMX{\cmap0Zcvt 6DDfpgm4sY7glyf;8f&ykhdmx$%qZ]head
2024-05-27 22:37:21 UTC	657	IN	Data Raw: 26 0e bc bf fc f2 ad eb 8d eb b7 c2 c7 f6 3b 02 de ac b6 bc f2 70 a1 ab d0 93 12 48 c9 0e 7b 37 3e 36 98 b2 e7 c6 1b f7 00 ea 20 0e 1b 69 2e 9f 38 0d 3f 0c 34 73 46 98 a9 a4 29 c4 24 c4 60 68 76 99 92 ca db 7f 85 04 0e 10 a0 7c 34 8e 9e 06 ac 48 56 0c 34 d8 4a 88 63 2b e2 8c ac 33 87 4e 03 4a 31 c5 4c 63 66 82 bf 30 80 9e 86 55 84 d7 25 c1 b7 42 d7 21 7e 5b a9 ce 0e 4f b4 d0 d8 d5 d7 d6 bb c2 ae 7a af c5 9b ef cd af 35 f6 2c fb ed 6f d9 d6 48 cf cb 3d 39 ec 40 e4 81 8d 3d 1b 7f d1 f3 77 78 b4 55 81 0f e8 63 b2 72 5f e2 3e 26 63 1f f7 c3 83 a1 6b 26 c0 06 3b 60 83 1d 26 78 d6 ee 59 b1 c2 2a bb 67 8d e9 9e 81 ba 67 9d a5 7b 1c c2 ee 19 74 dd 3b 0d 6d 93 9d f2 60 a7 bc d0 29 57 d0 65 5d 3e b8 7c f9 20 0b 2d 2a 63 81 bf 94 2d 2a 8b 7c 8a ad 82 0b a7 a7 95 7c Data Ascii: &;pH{7>6 i.8?4sF)$`hv\|4HV4Jc+3NJ1Lcf0U%B!~[Oz5,oH=9@=wxUcr_>&ck&;`&xYgg{t;m`)We]>\| -c-*\|\|
2024-05-27 22:37:21 UTC	16384	IN	Data Raw: d7 1a 60 03 10 7f be 09 80 63 f4 67 18 47 06 b8 63 0c 41 6d 08 d6 49 3b 2e 5a 8e 05 8c b0 00 77 33 e5 2c ed a3 8a 7c 8a 42 7f c1 b5 6c c2 bf b4 e3 0a 1b a5 4b 10 00 0a 01 23 e2 81 f2 fc c0 c0 c0 7f 45 3e c3 ae 56 b3 f1 13 fb c0 94 05 ac 96 bd c3 76 42 a3 bd a7 f1 65 d0 72 6a 04 62 a4 0a c8 c6 80 a8 b0 77 22 6b d9 ce e6 66 bc be 5f b9 8e fd 41 0d 2a c9 cc 82 4b 39 99 f7 34 c4 e9 86 41 39 22 81 03 04 c0 a3 6c d0 1f f5 2c 75 41 25 b2 6f c5 89 85 69 6c c5 e5 11 80 8e ae 81 aa 4b e4 e8 64 d0 a0 e0 20 aa 8a 8d 5f 65 80 ab 10 e3 0c 7c b4 1e 54 70 0b 31 e0 e5 26 65 39 00 9b e8 47 94 08 f1 7e 88 9b 19 dd 7c 17 0d 1f 21 31 53 e8 ef a3 9c 37 31 4e f1 31 35 4d 21 c1 32 28 56 41 88 b4 26 26 c3 fd 16 e8 56 b2 f2 00 94 93 d8 e1 51 be ec 6d 44 3c 81 56 95 d4 e3 f6 e4 b7 Data Ascii: `cgGcAmI;.Zw3,\|BlK#E>VvBerjbw"kf_A*K94A9"l,uA%oilKd _e\|Tp1&e9G~\|!1S71N15M!2(VA&&VQmD<V
2024-05-27 22:37:21 UTC	16384	IN	Data Raw: 28 37 87 f4 1a 8d 3f 93 2d 10 42 16 4c 1f a6 71 4c 02 63 04 50 14 be 95 32 7f e1 39 84 98 0a 6c 3f 79 bc f3 b3 08 01 63 f0 68 b3 2f f0 34 ce 26 ed cc 33 f2 41 d2 0e 25 42 3f 76 1e a1 9b 8c ba 89 7b a0 e2 31 99 9e dd 29 58 7b 8b 96 91 26 59 da 99 2c 9a 9d a9 43 98 96 fe af 0f 1b 62 98 23 80 1b 7e 35 cf 03 79 82 d8 da 2d df dc b1 66 d8 15 73 24 9b ba 6a 62 22 92 4c c7 b0 45 8f 65 e3 7c ce f8 f4 dd ca 0f 68 2e 2c ca 91 a8 9e c8 28 38 d2 99 fa 22 93 16 67 41 e3 86 f9 e8 3a e8 87 38 fe c6 88 dd ef 80 db 87 a0 8c e1 04 f2 c9 31 72 46 92 cf 09 83 a7 31 e2 2e f7 63 64 cc a8 76 a2 e5 7e 29 77 a0 00 32 44 72 07 57 31 f9 3d 41 cf 0f b6 ac 48 dd 98 8a 5d f9 4e c4 c6 fe 06 77 06 a6 df 63 df 52 1f 81 15 f3 35 b4 9d f0 f3 86 6c 62 8b 4a a7 0d 48 c1 43 de 62 9d ba b3 12 Data Ascii: (7?-BLqLcP29l?ych/4&3A%B?v{1)X{&Y,Cb#~5y-fs$jb"LEe\|h.,(8"gA:81rF1.cdv~)w2DrW1=AH]NwcR5lbJHCb
2024-05-27 22:37:21 UTC	8363	IN	Data Raw: 01 43 b2 87 28 3a 1e 50 56 b2 49 75 31 1c 1f 17 c7 7b e0 38 1f 8e 4f d1 f1 02 e5 66 f6 9e ea 80 e3 68 3a 5e a4 bc ca de 65 3f 82 e3 02 3a 6e 56 c6 d8 5f d5 66 38 9e 41 c7 f3 95 31 d5 44 c7 85 e2 7a dd 70 bd 35 70 fc b0 df f1 23 d1 9c e7 ed 0b 6a 04 7b 07 8e 9f 14 d7 6f 66 ef aa 63 70 fc 40 34 36 df 92 c9 43 aa 4d 67 21 32 c3 99 ea 77 25 fe c4 83 4f 09 17 78 15 b9 3b 2a 10 ab 4e 89 4b 41 36 b1 34 31 c2 73 6c 0a 47 dc 12 14 a5 4b 02 4f 0e 07 60 52 34 94 ca 02 99 c8 0a 06 43 49 09 a2 e9 97 4a 45 34 b8 66 78 db 4e 9e e0 eb 7d 23 a9 e7 10 c3 ff 26 c8 1f 28 1a 3d a9 14 74 12 7e 82 44 ca 3a b1 f3 0d a1 9d 2f 99 e3 14 49 c2 23 12 9f 92 89 1d 32 f1 55 b1 19 f6 e0 60 38 4a 00 cb c9 24 41 2b 27 85 9b b4 ce 1c 00 6f 41 63 9c 2f 30 25 c4 03 4c 31 10 0e e5 00 c8 51 34 Data Ascii: C(:PVIu1{8Ofh:^e?:nV_f8A1Dzp5p#j{ofcp@46CMg!2w%Ox;*NKA641slGKO`R4CIJE4fxN}#&(=t~D:/I#2U`8J$A+'oAc/0%L1Q4
2024-05-27 22:37:21 UTC	7243	IN	Data Raw: 89 d5 85 31 10 cf 29 f8 95 24 44 2f c4 90 e6 62 50 c8 38 a5 b2 9b 97 cc d3 e1 70 8d a6 9a cc d9 ca 90 1f 94 ed 62 4e 5f ce b3 cb 43 3a a3 30 c1 38 b0 c2 37 37 59 fa 4b 9c a2 09 c6 db b2 3d 5d 76 b2 15 57 0f 4e b9 bd 1d aa 3b 2c 3b 9a 9d e5 59 cf 2e e4 fc 11 f9 d4 ba 34 70 ca 02 8b e2 d4 b0 17 c8 7c ad 0f a5 d1 4e 93 2c c4 41 43 ce 5d e6 ea a9 dc 58 08 bc 8a 3b ec 8d ea d7 5e 1a d8 9e 6c f6 9c b2 c0 d2 f9 92 63 87 3f 0e b2 5d 96 e2 ef ad d1 7a 1c b7 d8 c3 c3 25 7f 79 1c 36 16 fd 4a ec 37 e4 7c cf d3 b7 49 45 cf d1 58 0e 77 7a 66 d0 5b a3 5a e6 74 54 64 82 92 5f 26 bd cf c9 9b 1a 69 d0 3f 48 53 2a 76 a6 5e 17 53 e8 a4 a4 9a c4 4a 39 85 b6 c1 d4 93 40 74 41 69 47 2a 4a 30 52 52 82 31 35 25 9e 29 2a 01 e9 aa 0a 9d e6 5a 59 85 51 4b a2 ae c2 b0 35 59 58 61 3c Data Ascii: 1)$D/bP8pbN_C:0877YK=]vWN;,;Y.4p\|N,AC]X;^lc?]z%y6J7\|IEXwzf[ZtTd_&i?HSv^SJ9@tAiGJ0RR15%)*ZYQK5YXa<
2024-05-27 22:37:21 UTC	2913	IN	Data Raw: f0 26 cb e9 3f 48 79 d7 df d0 6f 91 e6 ff e8 03 c8 e2 77 a0 25 f4 21 7d 82 f4 a7 e8 34 74 e1 0c 33 3d ca 16 5b f4 38 17 71 09 3d c1 a5 5c 86 2b e5 5c 41 4b b8 92 ab 68 29 57 73 2d 2d e3 21 3c 94 9e e4 28 d7 d1 72 ae e7 91 b4 82 1b 78 34 ad e4 31 3c 96 56 f1 38 1e 47 8b 78 3c 3c c5 12 9e c0 13 a8 98 2f e7 cb e9 31 9e 08 8f f6 04 37 72 23 11 fc da 24 e4 70 05 5f 49 3b e1 af a6 d2 1a 6e e2 26 5a 07 af 35 9d d6 f3 f5 7c 23 6d 80 5f 9a 41 4d 7c 13 df 44 53 79 26 fc e0 64 9e c5 b3 f0 ac f2 86 3b f8 16 be 15 e7 b7 f1 6d 78 6a 36 df 8e 7c ee e0 3b 69 17 cf e5 79 f4 1c df cd f7 d0 5e be 97 3f 4b cf f3 02 5e 48 2f f0 43 bc 88 f6 f3 62 7e 8c f6 f1 e3 fc 04 1d e0 25 bc 04 65 2d e5 a5 54 c3 cb 78 19 72 78 92 9f a4 ed bc 9c 97 d3 d5 bc 82 57 e0 ca 4a f8 dc 39 bc 8a 57 Data Ascii: &?Hyow%!}4t3=[8q=\+\AKh)Ws--!<(rx41<V8Gx<</17r#$p_I;n&Z5\|#m_AM\|DSy&d;mxj6\|;iy^?K^H/Cb~%e-TxrxWJ9W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49718	192.216.61.78	443	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:37:21 UTC	634	OUT	GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1 Host: resources.mtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://46814880-10-20181030130048.webstarterz.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: http://46814880-10-20181030130048.webstarterz.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:37:21 UTC	657	IN	HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Wed, 17 Apr 2024 05:13:47 GMT Accept-Ranges: bytes ETag: "0ce1978690da1:0:dtagent10289240325103055YKtO" X-Srv: M-STC-002 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="967569379", dtTao;desc="1" Date: Mon, 27 May 2024 22:37:21 GMT Content-Length: 64318 Set-Cookie: TSf60233d5027=08affc4e07ab2000135eef4d5ebbc4b5696cb6754b561c2a381428a3a8845e4a3a6aa9949c43f4a50849c6c414113000e496d2bbf1b7f27912d1a88193c9f5c0a3d55034d2dfeb0537c09198e2514de03f782734fbe4863370b5aad552c0590e; Path=/
2024-05-27 22:37:21 UTC	6814	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 fb 3e 00 13 00 00 00 02 92 d4 00 01 00 00 00 00 f9 c4 00 00 01 7a 00 00 02 e8 00 00 00 00 00 00 00 00 47 50 4f 53 00 00 cc 54 00 00 29 10 00 00 af a6 a9 17 60 ae 47 53 55 42 00 00 f5 64 00 00 04 5f 00 00 08 32 1d c3 0d fa 4c 54 53 48 00 00 06 b0 00 00 01 10 00 00 02 27 f0 da 10 6a 4f 53 2f 32 00 00 02 24 00 00 00 58 00 00 00 60 6a 68 83 66 56 44 4d 58 00 00 07 c0 00 00 03 78 00 00 0b ba f7 1c e1 61 63 6d 61 70 00 00 1d 8c 00 00 03 fd 00 00 08 ca aa 5a b1 ea 63 76 74 20 00 00 23 e4 00 00 00 5e 00 00 00 5e 08 80 0e eb 66 70 67 6d 00 00 21 8c 00 00 01 02 00 00 01 73 06 59 9c 37 67 61 73 70 00 00 cc 40 00 00 00 14 00 00 00 14 00 75 00 0c 67 6c 79 66 00 00 28 8c 00 00 97 f2 00 01 6c 34 91 9f fc 1a 68 64 6d 78 00 00 0b 38 00 00 12 Data Ascii: wOFF>zGPOST)`GSUBd_2LTSH'jOS/2$X`jhfVDMXxacmapZcvt #^^fpgm!sY7gasp@uglyf(l4hdmx8
2024-05-27 22:37:21 UTC	7243	IN	Data Raw: 0d 55 e8 fa 31 2c 50 61 0e 4d ff 6d e1 f1 af 6a ac e3 18 31 56 35 cf cb b7 9f c7 d7 0a 5f c6 7d 3b 76 13 73 8b ae fe 31 0f f3 30 d0 7a f0 0f 5e a1 79 18 5d a8 ba b2 75 cb 29 e9 2c b2 44 0e f0 40 b2 f3 8c 77 c4 7e d8 04 48 0c 43 1c f6 15 22 41 e6 1b ba fa 65 88 0a 0f dd 2e 54 bc 3b 94 a7 57 e8 9e 78 77 87 08 f9 6f b0 6a d9 97 fa e7 c7 3a 60 23 73 83 53 36 c0 dc 23 8b 1d a6 07 50 f9 f6 cf a6 f1 fe 31 ad ae bf ca d8 0d 30 6b 65 87 43 62 b6 1e 1e ff 60 b2 18 3e 95 63 e8 b3 be 27 4c 6c 65 28 8b 8c a3 b5 6e 02 4e 7e fc 5b df a7 c9 d3 0c eb 34 75 61 9a 74 d9 4c f3 d7 57 c6 c3 09 89 b5 5b 71 ee 80 46 3f e3 0b 8b 70 fd 76 5b 6f f7 79 ba df 6d 7b 9f 7e b9 bf ae af b7 65 ba ad df 71 45 1e 18 26 fc 1f a7 31 8c a3 31 a3 f9 85 a7 14 21 69 1c de c7 a1 43 31 38 22 e7 cf Data Ascii: U1,PaMmj1V5_};vs10z^y]u),D@w~HC"Ae.T;Wxwoj:`#sS6#P10keCb`>c'Lle(nN~[4uatLW[qF?pv[oym{~eqE&11!iC18"
2024-05-27 22:37:21 UTC	14486	IN	Data Raw: 0c 3c 10 b3 f3 13 71 e0 89 a6 27 49 c1 8e 14 5e 12 71 15 05 e6 44 2d 85 36 aa 35 84 54 02 0f 2c d4 96 27 4a 05 ac 1b 37 24 6a 71 e0 2c 09 c3 99 d2 e0 69 00 04 78 3a 77 7e 61 75 5f cd fa bb 22 5b 96 8b 6f b9 f3 ed 2b 9d 65 79 d7 fe 71 f9 72 49 af d2 e0 cf bb 30 ef 99 e2 26 a9 18 c1 59 47 da 82 af e9 30 69 f4 5c 7e 32 28 d0 e0 15 50 ce c0 01 06 ea 09 e0 c7 49 c5 d1 a7 9a 1e c7 87 1d 3e f9 38 e9 64 18 4a 55 da c9 61 f8 95 74 d2 06 9b 2c 23 a8 3b a4 ae 64 90 64 90 5c e2 7c 59 34 64 7a 71 c1 ad 92 7f b1 30 db 62 51 94 30 93 34 cf c4 44 28 44 dc 0c c0 10 a2 98 bc 50 a3 0b 1d f0 c3 e9 34 6b 8e 90 a1 77 c0 e9 eb 40 0c ca 1c 26 da 6a 88 6f 6e 29 fa 1c 03 e0 0c b4 47 71 76 e0 26 5e 78 35 ae f1 4a 19 67 13 00 07 a0 1d 83 76 06 da a3 d0 ac 48 0a e1 e8 20 5c b3 07 49 Data Ascii: <q'I^qD-65T,'J7$jq,ix:w~au_"[o+eyqrI0&YG0i\~2(PI>8dJUat,#;dd\\|Y4dzq0bQ04D(DP4kw@&jon)Gqv&^x5JgvH \I
2024-05-27 22:37:21 UTC	5840	IN	Data Raw: bb aa bf 5a a1 e2 40 a5 dc 13 e0 0c 20 c7 d8 f6 da ca 40 3e 03 8f c5 d9 67 9f 62 fb 6c 71 68 a2 e8 61 15 2c 1c 1c a7 66 ab ea 68 c0 8e 06 43 02 2a 66 09 a8 98 b3 36 15 03 b7 55 0c dc 56 31 67 6d 2a 66 91 a8 98 3e c5 a3 a9 d8 90 80 f2 0d 09 08 dd 03 1a 8c a4 63 58 e3 a7 5a 7a 71 8e a0 45 b8 58 2b 8b 5a 84 dd 2a e5 7c 25 92 cd 4a 25 73 54 82 cc 51 49 3c 5a 2d 0c 38 5f ca db 9c d1 69 9c 7c 59 e3 c9 1b aa 68 90 1e c1 5c 4f 5d 89 87 39 2c 3e 72 fc f8 be 29 ab 72 73 57 74 ed 8a 91 34 7a d6 e4 e6 ae 9a b2 ef b8 94 37 aa 8d 90 79 c7 be fb ea ab 27 35 44 45 8c fa ea ea fa fb f6 21 8f 50 25 aa f5 26 f1 d0 98 bc 8b 22 84 13 e2 53 25 27 f5 a6 6b 7f 16 0f ed da a5 ae b7 d8 3e e0 7a 8b ed 5a a9 bc 1e 7d f9 be 2e 6e a1 1c 92 a9 da 23 d1 2c 92 c9 2a fa 8d a3 b1 8c ca 3a Data Ascii: Z@ @>gblqha,fhCf6UV1gmf>cXZzqEX+Z\|%J%sTQI<Z-8_i\|Yh\O]9,>r)rsWt4z7y'5DE!P%&"S%'k>zZ}.n#,:
2024-05-27 22:37:21 UTC	16384	IN	Data Raw: 0a 59 09 07 3c 9c 03 58 09 24 1b 0e 20 1b 0e 4a 15 7d 0a 1a d6 8c c7 f0 2a 87 aa 76 a4 bc ac 2e 1e 7c 0a 19 00 19 ca 74 13 9e f6 46 4d 07 c9 df 9d a2 d9 58 29 6b 3d 8c 56 60 9d 67 55 eb 21 aa 5b 54 35 20 90 ee e7 aa ab 4d 35 1a ce 41 ff cf eb e3 6b 37 10 dd 1f a7 06 04 d6 68 f8 65 bb b9 1f ef bf 5f d6 b0 98 8d fd 6b b9 1f c6 b3 59 fc 17 8c 67 ad 5c b3 9f 47 af bf 4d 8e e7 e7 e6 eb 65 1d 56 ba cf 66 ec 5f a7 6a 3a a4 8d 56 52 7d d6 a9 fa fc a8 cd a4 4c 65 7f 1f 6b 33 e9 e0 1a 2b b7 b0 19 a4 99 01 df 78 f6 90 e8 9e 6b c2 8e 26 b9 8a ff 63 76 90 26 53 b1 95 26 d2 53 e9 86 4d 44 1f 6b 13 b1 1a f6 10 55 f3 35 4d 26 43 60 d3 87 9d f2 eb dd 02 ed 04 3e ad 3c 1e 3d 24 f5 4a 5b 48 13 db 42 30 0f fc 99 b1 e6 0f e4 b7 33 81 df ce a4 ee 5c 75 b5 c9 9a 61 25 7b c5 66 Data Ascii: Y<X$ J}*v.\|tFMX)k=V`gU![T5 M5Ak7he_kYg\GMeVf_j:VR}Lek3+xk&cv&S&SMDkU5M&C`><=$J[HB03\ua%{f
2024-05-27 22:37:21 UTC	6748	IN	Data Raw: c4 3f f3 3e fe 85 f7 f3 01 3e c8 87 f8 30 1f e1 a3 7c 8c 8f f3 09 3e c9 a7 f8 34 9f e1 5f f9 2c 9f e3 f3 7c 81 2f f2 25 be cc bf f1 15 be ca d7 f8 3a df e0 9b 7c 8b 6f f3 1d be cb f7 f8 3e 3f e0 87 fc 88 1f f3 13 7e ca cf f8 39 bf e0 97 fc 3b ff c1 7f f2 5f fc 37 ff c3 ff f2 2b 7e cd ff f1 1b 7e cb ef f8 3d 7f 50 50 54 4a 8d 53 75 6a bc b2 54 4a d5 ab 06 95 56 8d aa 49 35 ab 16 d5 aa 26 a8 89 6a 92 5a 45 ad aa 56 53 ab ab 35 d4 9a 6a 2d b5 b6 5a 47 ad ab d6 53 eb ab 0d d4 86 6a 23 b5 b1 9a ac 36 51 9b aa cd d4 e6 6a 0b b5 a5 da 4a 6d ad b6 51 db aa 29 6a 3b d5 a6 da 55 87 ea 54 53 d5 34 d5 a5 ba d5 74 d5 a3 b6 57 3b a8 1d d5 4e 6a 67 b5 8b da 35 15 14 dd b6 b6 de b6 ba be a0 e4 b7 0c 3b 25 d7 cf 65 9d 62 c5 29 39 39 ab 60 67 4b 7e b1 b9 3c 6c 67 9d c5 02 Data Ascii: ?>>0\|>4_,\|/%:\|o>?~9;_7+~~=PPTJSujTJVI5&jZEVS5j-ZGSj#6QjJmQ)j;UTS4tW;Njg5;%eb)99`gK~<lg
2024-05-27 22:37:21 UTC	6803	IN	Data Raw: 38 b1 a2 12 f9 be 7c 2f da 47 3c ca 3e c6 86 6e e7 a1 bb e7 5e 1d be 84 e6 3e cc fb d0 d4 c5 e0 8f 71 98 36 ea 48 fc dd 67 d0 4b 68 d5 6b 09 02 e6 9a 38 6b 65 9c f9 1e bb bd 9e d9 c7 ab e1 42 fc 3d 14 bf 5a 30 11 fb 56 27 48 7b 3d eb a4 7a a4 ee 91 fa eb e2 c3 d4 db 53 4d ec 9d 3c b6 17 8b e8 98 db f4 61 c1 af e6 b7 12 c3 af f3 bc 64 08 32 7b 62 fb 4a f0 e3 6d 76 1c 1a 30 df b1 d1 6b c7 c2 e6 7a 41 ea f6 7f 3d 6d b9 47 ea 1e a9 bf 26 3e cc 7c 43 ae 25 ba 8a 99 ff f3 3b 27 ea cd 59 33 d6 3c c4 6f 77 3b 2f d6 4d c7 38 13 b8 5f 21 1b 64 b3 fc a3 ac 93 6f f1 7a 21 bf 1d ad d4 e9 f7 43 9b 79 ee 9d d7 85 f1 e8 99 df 7a 03 49 f7 bb da bb 4d 2d 77 cf dd 39 3c 09 cc 7b 9d 6c 97 1f ca 5a 35 f7 08 8b e6 f1 5c f8 70 9f dc 25 b7 a9 88 14 77 9a 79 56 7e 0d 52 48 ba e5 Data Ascii: 8\|/G<>n^>q6HgKhk8keB=Z0V'H{=zSM<ad2{bJmv0kzA=mG&>\|C%;'Y3<ow;/M8_!doz!CyzIM-w9<{lZ5\p%wyV~RH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49719	192.216.61.78	443	6084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:37:21 UTC	630	OUT	GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1 Host: resources.mtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://46814880-10-20181030130048.webstarterz.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: http://46814880-10-20181030130048.webstarterz.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:37:21 UTC	658	IN	HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Wed, 17 Apr 2024 05:13:47 GMT Accept-Ranges: bytes ETag: "0ce1978690da1:0:dtagent10289240325103055YKtO" X-Srv: M-STC-002 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="-2134881940", dtTao;desc="1" Date: Mon, 27 May 2024 22:37:21 GMT Content-Length: 4776 Set-Cookie: TSf60233d5027=08affc4e07ab2000d36cecb4db45a51551f670fc4644cb600df8196794b73bdf379d0a1193867fe40899ae53ef113000d09f1d9f207ce8d212d1a88193c9f5c0135d1f24ae8f5d258afd4294e1d3715ac2c612e6258468cc51ad6a3243586d92; Path=/
2024-05-27 22:37:21 UTC	4776	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 12 a8 00 0b 00 00 00 00 1f bc 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 53 55 42 00 00 01 08 00 00 00 3b 00 00 00 54 20 8b 25 7a 4f 53 2f 32 00 00 01 44 00 00 00 41 00 00 00 56 3f 24 4b b0 63 6d 61 70 00 00 01 88 00 00 00 f0 00 00 03 5a 7b c1 f0 2f 67 6c 79 66 00 00 02 78 00 00 0c c2 00 00 15 08 a7 be b4 c4 68 65 61 64 00 00 0f 3c 00 00 00 33 00 00 00 36 12 cb f6 0c 68 68 65 61 00 00 0f 70 00 00 00 1e 00 00 00 24 07 bd 04 06 68 6d 74 78 00 00 0f 90 00 00 00 1d 00 00 00 94 8c c8 ff d8 6c 6f 63 61 00 00 0f b0 00 00 00 4c 00 00 00 4c 4f fa 55 62 6d 61 78 70 00 00 0f fc 00 00 00 1f 00 00 00 20 01 3b 00 a5 6e 61 6d 65 00 00 10 1c 00 00 01 5e 00 00 02 b2 a7 4a 4c 17 70 6f 73 74 00 00 11 7c 00 00 01 Data Ascii: wOFFGSUB;T %zOS/2DAV?$KcmapZ{/glyfxhead<36hheap$hmtxlocaLLOUbmaxp ;name^JLpost\|

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7052, Parent PID: 6140

General

Target ID:	0
Start time:	18:37:08
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6084, Parent PID: 7052

General

Target ID:	2
Start time:	18:37:10
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2180,i,4538153266985756418,1836816677918798091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2016, Parent PID: 6140

General

Target ID:	3
Start time:	18:37:14
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOn"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly