Edit tour

Windows Analysis Report
http://btwebmailservicecare.weebly.com/

Overview

General Information

Sample URL:	http://btwebmailservicecare.weebly.com/
Analysis ID:	1639077
Infos:

Detection

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2280,i,12641882907520560829,12871458640340117564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2308 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://btwebmailservicecare.weebly.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://btwebmailservicecare.weebly.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://btwebmailservicecare.weebly.com/gdpr/gdprscript.js?buildTime=1741893511

Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious URL

Source: https://btwebmailservicecare.weebly.com

Joe Sandbox AI: The URL 'btwebmailservicecare.weebly.com' appears to target the BT brand, a known telecommunications company. The use of 'bt' at the beginning of the subdomain suggests an attempt to mimic BT's legitimate services. The inclusion of 'webmailservicecare' implies a customer service or email-related function, which is a common tactic in typosquatting to mislead users into thinking they are accessing a legitimate service. The use of 'weebly.com' as a hosting platform is not inherently suspicious, but it is often used for personal or small business sites, which could indicate a lack of official affiliation with BT. The structural similarity is high due to the inclusion of 'bt' and service-related terms, increasing the likelihood of user confusion. However, the presence of 'weebly.com' suggests a non-official site, which contributes to the high spoofing score.

Source: unknown	HTTPS traffic detected: 142.250.186.132:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.51.9:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: btwebmailservicecare.weebly.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gdpr/gdprscript.js?buildTime=1741893511 HTTP/1.1Host: btwebmailservicecare.weebly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://btwebmailservicecare.weebly.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=60x3cKoGMzdOdytTq4E6m6DQAWXPGMHDS1wUriQmSxQ-1741999027-1.0.1.1-F3p83wFunp0qSJufti26EpI.oa1lrjlEs1H7unwzIDd.Hc4GCjizF_B6p072Rwykjd4VOkP6dnBy3Kg18EcktT1mUxWa04HWZJozlbegQgg
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://btwebmailservicecare.weebly.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveOrigin: https://btwebmailservicecare.weebly.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://btwebmailservicecare.weebly.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveOrigin: https://btwebmailservicecare.weebly.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://btwebmailservicecare.weebly.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://btwebmailservicecare.weebly.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCMnRzgEIvtXOAQiA1s4BCMjczgEIiuDOAQiu5M4BCIvlzgEIs+XOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: btwebmailservicecare.weebly.com
Source: global traffic	DNS traffic detected: DNS query: cdn1.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: cdn2.editmysite.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 15 Mar 2025 00:37:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 9207f0bf1ed06a56-EWRCF-Cache-Status: BYPASSCache-Control: privateSet-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Tue, 13-Mar-2035 00:37:07 GMT; Max-Age=315360000; path=/Vary: User-Agent, Accept-EncodingX-Host: blu105.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Set-Cookie: __cf_bm=60x3cKoGMzdOdytTq4E6m6DQAWXPGMHDS1wUriQmSxQ-1741999027-1.0.1.1-F3p83wFunp0qSJufti26EpI.oa1lrjlEs1H7unwzIDd.Hc4GCjizF_B6p072Rwykjd4VOkP6dnBy3Kg18EcktT1mUxWa04HWZJozlbegQgg; path=/; expires=Sat, 15-Mar-25 01:07:07 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 15 Mar 2025 00:37:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 9207f0c5afa142c6-EWRCF-Cache-Status: DYNAMICCache-Control: privateVary: User-AgentX-Host: blu93.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Server: cloudflare

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.250.186.132:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.51.9:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4084_2066175645

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4084_2066175645

Jump to behavior

Source: classification engine

Classification label: mal60.win@22/16@12/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2280,i,12641882907520560829,12871458640340117564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2308 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://btwebmailservicecare.weebly.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2280,i,12641882907520560829,12871458640340117564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2308 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://btwebmailservicecare.weebly.com/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://btwebmailservicecare.weebly.com/gdpr/gdprscript.js?buildTime=1741893511	100%	Avira URL Cloud	phishing

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
btwebmailservicecare.weebly.com	74.115.51.8	true	true	unknown
weebly.map.fastly.net	151.101.1.46	true	false	high
www.google.com	142.250.186.132	true	false	high
cdn2.editmysite.com	unknown	unknown	false	high
cdn1.editmysite.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff	false		high
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff	false		high
https://cdn1.editmysite.com/developer/none.ico	false		high
https://btwebmailservicecare.weebly.com/gdpr/gdprscript.js?buildTime=1741893511	true	Avira URL Cloud: phishing	unknown
https://cdn1.editmysite.com/images/weebly-logo-blue.png	false		high
https://btwebmailservicecare.weebly.com/	true		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.115.51.8	btwebmailservicecare.weebly.com	United States	27647	WEEBLYUS	true
74.115.51.9	unknown	United States	27647	WEEBLYUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1639077
Start date and time:	2025-03-15 01:35:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://btwebmailservicecare.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@22/16@12/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 216.58.206.46, 142.250.184.238, 74.125.206.84, 172.217.16.206, 142.250.184.206, 216.58.206.78, 199.232.214.172, 2.23.77.188, 172.217.16.142, 142.250.185.238, 142.250.185.131, 142.250.186.174, 216.58.206.35, 2.16.185.191, 52.149.20.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://btwebmailservicecare.weebly.com/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (368)
Category:	downloaded
Size (bytes):	3909
Entropy (8bit):	5.4022923326194485
Encrypted:	false
SSDEEP:	48:lmIbcBpy547kz0NqSaNRiQKaNr6BwdtniB0FvC5b1SXSDqqJfCFu:1wBXe0NqSaNRiuNaqvS1SXS5
MD5:	6374EE39C9CB3AFB25EF9D9760884123
SHA1:	33EC698E31C6BF72CE63EAFC72F5931E1488AD66
SHA-256:	FAD39A953BDA01108768D69F86EB3F755648D3A53C9799250127A86F88A059DA
SHA-512:	89A43FE30E63F56302B8B07ADF0A685C9F493BA03647B72A3172043DA2DFE1E2B4F5DC9ECF10E20B68C375EC63672A7D0E76008DCC07AA5D3266C462624ED9B4
Malicious:	false
Reputation:	low
URL:	https://btwebmailservicecare.weebly.com/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">.<head><script src="/gdpr/gdprscript.js?buildTime=1741893511"></script>..<title>404 - Page Not Found</title>..<meta http-equiv="content-type" content="text/html; charset=UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="robots" content="noarchive" />..<link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" />...<style type="text/css">...@font-face {....font-family: 'Proxima Nova';....font-weight: 300;....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot");....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmy

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (368)
Category:	downloaded
Size (bytes):	3909
Entropy (8bit):	5.4022923326194485
Encrypted:	false
SSDEEP:	48:lmIbcBpy547kz0NqSaNRiQKaNr6BwdtniB0FvC5b1SXSDqqJfCFu:1wBXe0NqSaNRiuNaqvS1SXS5
MD5:	6374EE39C9CB3AFB25EF9D9760884123
SHA1:	33EC698E31C6BF72CE63EAFC72F5931E1488AD66
SHA-256:	FAD39A953BDA01108768D69F86EB3F755648D3A53C9799250127A86F88A059DA
SHA-512:	89A43FE30E63F56302B8B07ADF0A685C9F493BA03647B72A3172043DA2DFE1E2B4F5DC9ECF10E20B68C375EC63672A7D0E76008DCC07AA5D3266C462624ED9B4
Malicious:	false
Reputation:	low
URL:	https://btwebmailservicecare.weebly.com/gdpr/gdprscript.js?buildTime=1741893511
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">.<head><script src="/gdpr/gdprscript.js?buildTime=1741893511"></script>..<title>404 - Page Not Found</title>..<meta http-equiv="content-type" content="text/html; charset=UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="robots" content="noarchive" />..<link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" />...<style type="text/css">...@font-face {....font-family: 'Proxima Nova';....font-weight: 300;....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot");....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmy

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 46052, version 0.0
Category:	downloaded
Size (bytes):	46052
Entropy (8bit):	7.9887889934165575
Encrypted:	false
SSDEEP:	768:7JzF4duQslnWgRpPD+dfFhPaHQBFmMvhEhc28OeNHxa++JdI4qUEkXqfjkHT:7dF4diWIJSpTawBFt+wOoRa3r0UEk6b6
MD5:	61F3BC4FC6146CC65961A8C8E917855A
SHA1:	02E25E22CF1C0A26D838A477B1F21BF33B71CA38
SHA-256:	AABC1A485E0941F1E2927B6A4BEED2B368431466977483068BBE367DE253A05C
SHA-512:	77CDA181F023FF6597D3B7A0FD269CEE76306EA650E2CC6FDDCBEF675C245B3D9F95178FE8A9D5EF65A5D8CA3DC0D3F675DBFB49DB05DAFC1FE822D79506C7B4
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff
Preview:	wOFF..............W........x...l............OS/2.......X...`.>..cmap................cvt ...$...(...(....fpgm...L........C>..gasp...............#glyf..,...........<head...d...6...6....hhea.......!...$.d.rhmtx.......\...@...loca..$<...W......d.maxp...D... ... ....name........... ..l.post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........AB..t_.<..................\|..E...p..............x.c`f.c..................D......X.A....S;P....rs......~.0.....<.....\|...c..@J.......)x..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	downloaded
Size (bytes):	1406
Entropy (8bit):	0.26311615565583923
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l//555555555555555n:G70X555555555555555n
MD5:	199783F9459A960310D18EE4DD251027
SHA1:	67C08624719A35553C34083112804CAFD8CE6EE6
SHA-256:	29BD61683747E9288F62407525D5ED4DCCF3FEAAD2684BBB2C2DF41F6027E4DB
SHA-512:	2C673FBA041762E1894C2E8C1414D97448FB18ED550EA2BEC004E302887CC14CED7F4772D3DD184AABD08FDF14793D109E665B8AC149A8FE8DEAEEE4CD0E8DBD
Malicious:	false
Reputation:	low
URL:	https://cdn1.editmysite.com/developer/none.ico
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 45516, version 0.0
Category:	downloaded
Size (bytes):	45516
Entropy (8bit):	7.988068052263367
Encrypted:	false
SSDEEP:	768:lJ7LJDvQuQslnT3dv/fVA+J/8fIAhZtG1JvBqqKhlXheg7wvtrM19EmMhVyK7d:lTvQizdn6+JUxtGD4jfogwtrM8mMDd
MD5:	861DFBEE66A135B4421BA3F0F3BC297F
SHA1:	1B379173B64E92893538FF39DA0B16410DD5F653
SHA-256:	ABBC659E9C167B41E012D7B7D7F8CF22D4EDD74A7FFB85704E213B1418C8B177
SHA-512:	3397ABA8B2BE2B5269899ACCEA9106F6895CDA10A17D8E9D92F86F914386F1903087CF87878504DB9BC8BFE1FD461B165197966AA7186FD1BA5570FB2C31D84B
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff
Preview:	wOFF..............V........`...l............OS/2.......X...`.u..cmap................cvt .......(...(....fpgm...4........C>..gasp...............#glyf..,....\........head...d...6...6....hhea.......!...$....hmtx.......[...@I.Eloca..$H...W.......Bmaxp...D... ... ....name...........A .&2post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........A...._.<..................\|..<..................x.c`f.d..................D......X.A....S;P....rs......~.0....P.<.....\|...c..@J.......Lx..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
URL:	https://cdn1.editmysite.com/images/weebly-logo-blue.png
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (886)
Category:	downloaded
Size (bytes):	891
Entropy (8bit):	5.171021081193559
Encrypted:	false
SSDEEP:	24:4CtS8YpPMuc0yBHslgT1d1uawBATYuoBN2t2t2t2t2t2t2tomffffffo:46CpPMZ0yKlgJXwBAkuSNYYYYYYYomfg
MD5:	0BD20A0CD675B806D4F889C437A378FB
SHA1:	6B0B1D339B1A2FECDF5E816A9C5D32419A2973E3
SHA-256:	52F69DE16E1D678BB396794D7F315DF597616EEBFF379BA971BA149EB6FFA6C5
SHA-512:	8A07511F8B70FAFC282DE5F89596C5697C20DBC685389414675B7D5004C4FE48129FFD9F09364368238506789F92268C55594F448E1177377F4D7547E6872899
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["robert hight retires john force racing","nasa spacex rocket launch","recap severance season 2 episode 9","bird flu egg prices","nvidia stock price","college basketball tournament bracket","happy holi festival","wheel of time season 3 episodes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"1525356796225265036","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	0.26311615565583923
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l//555555555555555n:G70X555555555555555n
MD5:	199783F9459A960310D18EE4DD251027
SHA1:	67C08624719A35553C34083112804CAFD8CE6EE6
SHA-256:	29BD61683747E9288F62407525D5ED4DCCF3FEAAD2684BBB2C2DF41F6027E4DB
SHA-512:	2C673FBA041762E1894C2E8C1414D97448FB18ED550EA2BEC004E302887CC14CED7F4772D3DD184AABD08FDF14793D109E665B8AC149A8FE8DEAEEE4CD0E8DBD
Malicious:	false
Reputation:	low
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Total Packets: 159
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2025 01:36:56.128530025 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:36:56.440325022 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:36:57.049561977 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:36:58.252698898 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:37:00.693315029 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:37:04.261645079 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:04.261667967 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:04.261769056 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:04.261924028 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:04.261935949 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:04.894032955 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:04.916418076 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:04.916512966 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:04.917877913 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:04.917886019 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:04.918138981 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:04.970854044 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:05.205246925 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:05.502095938 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:37:05.814598083 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:06.477917910 CET	49721	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:06.478070974 CET	49722	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:06.482569933 CET	80	49721	74.115.51.8	192.168.2.4
Mar 15, 2025 01:37:06.482670069 CET	49721	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:06.482703924 CET	80	49722	74.115.51.8	192.168.2.4
Mar 15, 2025 01:37:06.482758999 CET	49722	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:06.500757933 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:06.500799894 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:06.500853062 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:06.501105070 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:06.501117945 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:06.961517096 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:06.961604118 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:06.962822914 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:06.962831974 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:06.963076115 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:06.963366032 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.004324913 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.021713972 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:07.292398930 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.292450905 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.292480946 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.292506933 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.292526960 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.292563915 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.292570114 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.292597055 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.292687893 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.294507980 CET	49723	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.294521093 CET	443	49723	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.366537094 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.366554976 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.366676092 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.367736101 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.367749929 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.384382010 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:07.384406090 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:07.384474039 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:07.384619951 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:07.384634018 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:07.825129986 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:07.868796110 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:07.870309114 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:07.870428085 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.043193102 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:08.043224096 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.046655893 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:08.046663046 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.047719002 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.047748089 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.048075914 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.048347950 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.092372894 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.160064936 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.160156012 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.160191059 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.160209894 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.160233021 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.160253048 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.160285950 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.162381887 CET	49726	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.162396908 CET	443	49726	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.184736013 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.184755087 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.184937954 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.185081005 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.185089111 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.320660114 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.320792913 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.320873022 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:08.320908070 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.320936918 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.320990086 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:08.321037054 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.321257114 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.321331024 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:08.322555065 CET	49725	443	192.168.2.4	74.115.51.9
Mar 15, 2025 01:37:08.322582960 CET	443	49725	74.115.51.9	192.168.2.4
Mar 15, 2025 01:37:08.436583996 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.436620951 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.436690092 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.436768055 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.436805010 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.436976910 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.437099934 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.437113047 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.437235117 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.437247992 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.657664061 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.657977104 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.661451101 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.661458015 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.661689043 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.662024021 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.704355001 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.760910034 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.760973930 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.761009932 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.761030912 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.761045933 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.761080980 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.761106014 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.761131048 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.762177944 CET	49729	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.762193918 CET	443	49729	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.890007019 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.890083075 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.893346071 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.893362045 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.893593073 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.893908024 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.898895025 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.898976088 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.899323940 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.899333000 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.899554968 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.899916887 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.940332890 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.944329023 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.989706993 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.989783049 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.989814997 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.989845037 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.989844084 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.989870071 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.989892006 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.990096092 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.990125895 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.990154028 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.990169048 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.990176916 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.990195036 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.990210056 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.990250111 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.990262032 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.998771906 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999209881 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999242067 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999269009 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.999274969 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999284029 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999311924 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.999496937 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999548912 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.999557972 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999587059 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:08.999629974 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:08.999634981 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.000123978 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.000243902 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.000248909 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.003015041 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.003066063 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.003073931 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.013772011 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.013823986 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.013834000 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.054650068 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.054655075 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.076437950 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076549053 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076575041 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076592922 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076598883 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.076611042 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076637030 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076646090 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.076657057 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076687098 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.076694965 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.076761007 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.077440977 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.077486992 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.077510118 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.077529907 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.077534914 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.077541113 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.077579975 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.078412056 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.078440905 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.078459024 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.078466892 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.078489065 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.078520060 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.078526974 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.078646898 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.079314947 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.079356909 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.079442024 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.079493046 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.079534054 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.079889059 CET	49730	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.079900980 CET	443	49730	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087265968 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087310076 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087342978 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087389946 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.087399006 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087438107 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.087455034 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087498903 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087532043 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087536097 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.087539911 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087567091 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.087570906 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087594986 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.087622881 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.087626934 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088449001 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088481903 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088510036 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088524103 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.088529110 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088552952 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088568926 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.088572979 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.088584900 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.089344978 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.089379072 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.089381933 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.089389086 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.089423895 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.089432955 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.089488983 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.089708090 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.090893030 CET	49731	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.090904951 CET	443	49731	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.107647896 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.107685089 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.107790947 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.107937098 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.107950926 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.422270060 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:09.568577051 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.569262028 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.569282055 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.569434881 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.569439888 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.669033051 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.669086933 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.669147968 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.669207096 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.670031071 CET	49732	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.670056105 CET	443	49732	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.676335096 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.676362991 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.676805973 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.676980019 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:09.676991940 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:09.946319103 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:09.992321968 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:10.148750067 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:10.149146080 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:10.149158955 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:10.149507046 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:10.149512053 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:10.157615900 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:10.159522057 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:10.159589052 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:10.163142920 CET	49719	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:37:10.163153887 CET	443	49719	142.250.186.132	192.168.2.4
Mar 15, 2025 01:37:10.251832962 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:10.251897097 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:10.251949072 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:10.251995087 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:10.253921986 CET	49733	443	192.168.2.4	151.101.1.46
Mar 15, 2025 01:37:10.253930092 CET	443	49733	151.101.1.46	192.168.2.4
Mar 15, 2025 01:37:11.170718908 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:37:11.472445965 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:37:12.080076933 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:37:13.283267975 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:37:14.236339092 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:15.112193108 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 01:37:15.690287113 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:37:20.493467093 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:37:21.841375113 CET	80	49722	74.115.51.8	192.168.2.4
Mar 15, 2025 01:37:21.841479063 CET	49722	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:21.842109919 CET	80	49721	74.115.51.8	192.168.2.4
Mar 15, 2025 01:37:21.842156887 CET	49721	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:22.679554939 CET	49722	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:22.679611921 CET	49721	80	192.168.2.4	74.115.51.8
Mar 15, 2025 01:37:22.684387922 CET	80	49722	74.115.51.8	192.168.2.4
Mar 15, 2025 01:37:22.684401035 CET	80	49721	74.115.51.8	192.168.2.4
Mar 15, 2025 01:37:23.850131035 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 01:37:30.111406088 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 01:38:04.316122055 CET	49745	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:38:04.316154003 CET	443	49745	142.250.186.132	192.168.2.4
Mar 15, 2025 01:38:04.316245079 CET	49745	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:38:04.316541910 CET	49745	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:38:04.316553116 CET	443	49745	142.250.186.132	192.168.2.4
Mar 15, 2025 01:38:04.953974962 CET	443	49745	142.250.186.132	192.168.2.4
Mar 15, 2025 01:38:04.954391956 CET	49745	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:38:04.954410076 CET	443	49745	142.250.186.132	192.168.2.4
Mar 15, 2025 01:38:14.894489050 CET	443	49745	142.250.186.132	192.168.2.4
Mar 15, 2025 01:38:14.894582987 CET	443	49745	142.250.186.132	192.168.2.4
Mar 15, 2025 01:38:14.894625902 CET	49745	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:38:16.676682949 CET	49745	443	192.168.2.4	142.250.186.132
Mar 15, 2025 01:38:16.676714897 CET	443	49745	142.250.186.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2025 01:37:00.350871086 CET	53	63784	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:00.417690039 CET	53	56049	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:01.407130003 CET	53	60447	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:01.519623995 CET	53	62821	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:04.253726959 CET	64465	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:04.254061937 CET	62281	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:04.260473013 CET	53	64465	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:04.260485888 CET	53	62281	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:06.461337090 CET	55092	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:06.461519957 CET	53668	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:06.476224899 CET	53	53668	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:06.476321936 CET	53	55092	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:06.484690905 CET	53149	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:06.484833956 CET	58038	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:06.500046015 CET	53	58038	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:06.500056982 CET	53	53149	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:07.367304087 CET	58647	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:07.367445946 CET	65267	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:07.375766039 CET	53	58647	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:07.383888960 CET	53	65267	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:08.167047024 CET	58397	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:08.167385101 CET	61897	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:08.175292969 CET	53	58397	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:08.184338093 CET	53	61897	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:08.387759924 CET	59003	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:08.388247013 CET	59722	53	192.168.2.4	1.1.1.1
Mar 15, 2025 01:37:08.404118061 CET	53	59722	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:08.436036110 CET	53	59003	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:18.600761890 CET	53	62191	1.1.1.1	192.168.2.4
Mar 15, 2025 01:37:37.433038950 CET	53	56033	1.1.1.1	192.168.2.4
Mar 15, 2025 01:38:00.029119968 CET	53	51937	1.1.1.1	192.168.2.4
Mar 15, 2025 01:38:00.183038950 CET	53	61152	1.1.1.1	192.168.2.4
Mar 15, 2025 01:38:03.041526079 CET	53	64995	1.1.1.1	192.168.2.4
Mar 15, 2025 01:38:04.399641037 CET	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 15, 2025 01:37:04.253726959 CET	192.168.2.4	1.1.1.1	0x52d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:04.254061937 CET	192.168.2.4	1.1.1.1	0x95f0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 15, 2025 01:37:06.461337090 CET	192.168.2.4	1.1.1.1	0xaad8	Standard query (0)	btwebmailservicecare.weebly.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:06.461519957 CET	192.168.2.4	1.1.1.1	0x5ae4	Standard query (0)	btwebmailservicecare.weebly.com	65	IN (0x0001)	false
Mar 15, 2025 01:37:06.484690905 CET	192.168.2.4	1.1.1.1	0xacb9	Standard query (0)	btwebmailservicecare.weebly.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:06.484833956 CET	192.168.2.4	1.1.1.1	0xd989	Standard query (0)	btwebmailservicecare.weebly.com	65	IN (0x0001)	false
Mar 15, 2025 01:37:07.367304087 CET	192.168.2.4	1.1.1.1	0xd792	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:07.367445946 CET	192.168.2.4	1.1.1.1	0xa381	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
Mar 15, 2025 01:37:08.167047024 CET	192.168.2.4	1.1.1.1	0x4115	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.167385101 CET	192.168.2.4	1.1.1.1	0x2e02	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
Mar 15, 2025 01:37:08.387759924 CET	192.168.2.4	1.1.1.1	0x461a	Standard query (0)	cdn2.editmysite.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.388247013 CET	192.168.2.4	1.1.1.1	0x9022	Standard query (0)	cdn2.editmysite.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 15, 2025 01:37:04.260473013 CET	1.1.1.1	192.168.2.4	0x52d	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:04.260485888 CET	1.1.1.1	192.168.2.4	0x95f0	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 15, 2025 01:37:06.476321936 CET	1.1.1.1	192.168.2.4	0xaad8	No error (0)	btwebmailservicecare.weebly.com		74.115.51.8	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:06.476321936 CET	1.1.1.1	192.168.2.4	0xaad8	No error (0)	btwebmailservicecare.weebly.com		74.115.51.9	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:06.500056982 CET	1.1.1.1	192.168.2.4	0xacb9	No error (0)	btwebmailservicecare.weebly.com		74.115.51.9	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:06.500056982 CET	1.1.1.1	192.168.2.4	0xacb9	No error (0)	btwebmailservicecare.weebly.com		74.115.51.8	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:07.375766039 CET	1.1.1.1	192.168.2.4	0xd792	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 01:37:07.375766039 CET	1.1.1.1	192.168.2.4	0xd792	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:07.375766039 CET	1.1.1.1	192.168.2.4	0xd792	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:07.375766039 CET	1.1.1.1	192.168.2.4	0xd792	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:07.375766039 CET	1.1.1.1	192.168.2.4	0xd792	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:07.383888960 CET	1.1.1.1	192.168.2.4	0xa381	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 01:37:08.175292969 CET	1.1.1.1	192.168.2.4	0x4115	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 01:37:08.175292969 CET	1.1.1.1	192.168.2.4	0x4115	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.175292969 CET	1.1.1.1	192.168.2.4	0x4115	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.175292969 CET	1.1.1.1	192.168.2.4	0x4115	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.175292969 CET	1.1.1.1	192.168.2.4	0x4115	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.184338093 CET	1.1.1.1	192.168.2.4	0x2e02	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 01:37:08.404118061 CET	1.1.1.1	192.168.2.4	0x9022	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 01:37:08.436036110 CET	1.1.1.1	192.168.2.4	0x461a	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 01:37:08.436036110 CET	1.1.1.1	192.168.2.4	0x461a	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.436036110 CET	1.1.1.1	192.168.2.4	0x461a	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.436036110 CET	1.1.1.1	192.168.2.4	0x461a	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Mar 15, 2025 01:37:08.436036110 CET	1.1.1.1	192.168.2.4	0x461a	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

btwebmailservicecare.weebly.com

cdn1.editmysite.com

cdn2.editmysite.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49723	74.115.51.9	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:06 UTC	681	OUT	GET / HTTP/1.1 Host: btwebmailservicecare.weebly.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:07 UTC	955	IN	HTTP/1.1 404 Not Found Date: Sat, 15 Mar 2025 00:37:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 9207f0bf1ed06a56-EWR CF-Cache-Status: BYPASS Cache-Control: private Set-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Tue, 13-Mar-2035 00:37:07 GMT; Max-Age=315360000; path=/ Vary: User-Agent, Accept-Encoding X-Host: blu105.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Set-Cookie: __cf_bm=60x3cKoGMzdOdytTq4E6m6DQAWXPGMHDS1wUriQmSxQ-1741999027-1.0.1.1-F3p83wFunp0qSJufti26EpI.oa1lrjlEs1H7unwzIDd.Hc4GCjizF_B6p072Rwykjd4VOkP6dnBy3Kg18EcktT1mUxWa04HWZJozlbegQgg; path=/; expires=Sat, 15-Mar-25 01:07:07 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=None Server: cloudflare
2025-03-15 00:37:07 UTC	414	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 34 31 38 39 33 35 31 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1741893511"></script><title>404
2025-03-15 00:37:07 UTC	1369	IN	Data Raw: 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 63 64 6e 31 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 64 65 76 65 6c 6f 70 65 72 2f 6e 6f 6e 65 2e 69 63 6f 22 20 2f 3e 0a 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e Data Ascii: ale=1"><meta name="robots" content="noarchive" /><link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" /><style type="text/css">@font-face {font-family: 'Proxima Nova';font-weight: 300;src: url("//cdn2.editmysite.
2025-03-15 00:37:07 UTC	1369	IN	Data Raw: 41 43 39 36 5f 32 5f 30 2e 65 6f 74 22 29 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 73 65 6d 69 62 6f 6c 64 2f 33 31 41 43 39 36 5f 32 5f 30 2e 65 6f 74 3f 23 69 65 66 69 78 22 29 20 66 6f 72 6d 61 74 28 22 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 73 65 6d 69 62 6f 6c 64 2f 33 31 41 43 39 36 5f 32 5f 30 2e 77 6f 66 66 22 29 20 66 6f Data Ascii: AC96_2_0.eot");src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff") fo
2025-03-15 00:37:07 UTC	764	IN	Data Raw: 3a 20 31 32 30 70 78 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 0a 09 09 7d 0a 0a 09 09 2e 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 20 3e 20 73 70 61 6e 20 7b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 09 09 7d 0a 0a 09 09 61 20 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 32 39 39 30 45 41 3b 0a 09 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 69 6e 68 65 72 69 74 3b 0a 09 09 7d 0a 0a 09 09 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 35 35 30 70 78 29 20 7b 0a 09 09 09 2e 77 61 72 6e 69 6e 67 2d 63 6f 6e 74 61 69 6e 65 Data Ascii: : 120px;line-height: 120px;}.bottom-content > span {display: inline-block;vertical-align: middle;line-height: normal;}a {color: #2990EA;text-decoration: inherit;}@media (max-width: 550px) {.warning-containe
2025-03-15 00:37:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49725	74.115.51.9	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:08 UTC	1010	OUT	GET /gdpr/gdprscript.js?buildTime=1741893511 HTTP/1.1 Host: btwebmailservicecare.weebly.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://btwebmailservicecare.weebly.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=60x3cKoGMzdOdytTq4E6m6DQAWXPGMHDS1wUriQmSxQ-1741999027-1.0.1.1-F3p83wFunp0qSJufti26EpI.oa1lrjlEs1H7unwzIDd.Hc4GCjizF_B6p072Rwykjd4VOkP6dnBy3Kg18EcktT1mUxWa04HWZJozlbegQgg
2025-03-15 00:37:08 UTC	341	IN	HTTP/1.1 404 Not Found Date: Sat, 15 Mar 2025 00:37:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 9207f0c5afa142c6-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Vary: User-Agent X-Host: blu93.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Server: cloudflare
2025-03-15 00:37:08 UTC	1028	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 34 31 38 39 33 35 31 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1741893511"></script><title>404
2025-03-15 00:37:08 UTC	1369	IN	Data Raw: 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 72 65 67 75 6c 61 72 2f 33 31 41 43 39 36 5f 31 5f 30 2e 65 6f 74 22 29 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 Data Ascii: framework/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.eot");src: url("//cdn2.editmys
2025-03-15 00:37:08 UTC	1369	IN	Data Raw: 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 34 44 34 44 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 25 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 30 70 78 20 34 31 70 78 20 2d 38 70 78 20 72 67 62 61 28 32 33 37 2c 32 33 34 2c 32 33 37 2c 31 29 3b 0a 09 09 09 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 30 70 78 20 34 31 70 Data Ascii: r-box;text-align: center;background-color: white;border: 1px solid #D4D4D4;height: 335px;width: 484px;margin: 0 auto;margin-top: 10%;-webkit-box-shadow: 0px 0px 41px -8px rgba(237,234,237,1);-moz-box-shadow: 0px 0px 41p
2025-03-15 00:37:08 UTC	150	IN	Data Raw: 2f 70 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 6f 74 68 65 72 77 69 73 65 22 3e 4f 74 68 65 72 77 69 73 65 2c 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 20 74 6f 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 2e 3c 2f 70 3e 0a 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: /p><p class="otherwise">Otherwise, <a href="/">click here</a> to be redirected to the homepage.</p></span></div></div></body></html>
2025-03-15 00:37:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49726	151.101.1.46	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:08 UTC	662	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://btwebmailservicecare.weebly.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:08 UTC	621	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Tue, 11 Mar 2025 23:16:10 GMT ETag: "67d0c43a-e9c" Expires: Wed, 12 Mar 2025 12:19:46 GMT Cache-Control: max-age=300 X-Host: blu113.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 217341 Date: Sat, 15 Mar 2025 00:37:08 GMT X-Served-By: cache-sjc10042-SJC, cache-nyc-kteb1890039-NYC X-Cache: HIT, HIT X-Cache-Hits: 81, 0 X-Timer: S1741999028.103259,VS0,VE12 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+*
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 6f 8a bb 55 71 87 ba bb 2b ee ee ee ee 33 e7 3d bb 67 64 97 cf e1 ff 29 3a bf 67 ce 39 ef 3b ef ce e5 03 48 0e 1c 74 09 c4 e0 21 dd 69 1b 7a 45 2b 88 ff 0f cb 27 99 5b 56 08 a5 fc ca e6 ed e9 18 3e 62 e4 28 f8 f5 1d 3d a6 28 46 d2 2a 1a 3b ae 6d ca b8 62 7c bb 09 51 00 13 fd 71 27 4d 9e 32 75 5a 01 92 3a 77 9b 5e 7f d2 e5 33 66 42 cc aa 49 2d 34 5b 7e 3f 99 5a ad 39 b0 45 5b 84 a8 fd 6b b0 9d 7d ee 40 ba 0c 3d 36 0a 97 79 75 2c 1a d9 83 e6 07 e3 1a 43 17 44 02 71 45 c5 02 88 73 17 52 14 5d 25 69 73 a8 e9 fe 57 18 62 52 e8 6a 00 d7 d0 a8 d3 aa 61 03 fa 8c b8 d6 3c bf ae a3 4f ec e2 f2 60 5c e3 fa 0b 02 87 41 3b 0e 8e 1b 6e 64 52 0b d8 6e a2 db b1 28 ce a4 4b e3 62 dc 4c b7 5b 18 64 dd 1a 85 d2 34 c4 a0 9c 05 c1 b8 c6 80 dc 34 71 79 1b 80 db 3d 6b 73 07 70 Data Ascii: oUq+3=gd):g9;Ht!izE+'[V>b(=(F*;mb\|Qq'M2uZ:w^3fBI-4[~?Z9E[k}@=6yu,CDqEsR]%isWbRja<O`\A;ndRn(KbL[d44qy=ksp
2025-03-15 00:37:08 UTC	984	IN	Data Raw: 51 95 b6 35 30 a6 d0 d6 1a 46 a1 ff 45 e1 7e 2a cf b9 af 2b b6 df 57 17 6f aa 2d 3e 31 aa 4f 43 11 93 8e b9 32 1e dd 98 29 71 c5 65 7a f1 87 9e 01 f1 49 30 ae 94 b7 56 d2 c3 75 d2 cc 73 bc 1d 8c 25 f2 59 c9 68 47 65 0a 44 74 4d 86 0e 5b 76 bb aa d0 cf 69 7b 1a a2 d7 50 8a 8a 77 0a f4 01 30 71 51 43 2d f7 98 2c 88 47 ac 14 71 7b c2 f8 9a 66 10 70 1d b7 1e 66 f3 a3 8b 68 9b 1c 85 66 a6 e5 79 d0 2e 6a 51 b3 4f 45 9d aa 55 20 5e a5 ad 1a b4 e8 ba a9 0b 2b 9e bc eb ac 38 c4 22 89 ab ed 7c 79 fd 6e b3 7c 8b 19 8c 2b c5 a6 7d 68 86 42 cf 8f ea 21 e1 1b 2a d7 22 a1 1e b5 d7 3b 22 a5 17 f5 5b 8a d4 ea 9b b8 7e df 66 fb e2 fa 8b ad 8a 45 72 78 18 6e df d1 36 0c 09 b7 9a 6a 16 c3 98 f0 36 52 89 d4 91 45 39 17 a9 74 66 da b8 f1 73 98 32 ae 29 b6 c3 64 e0 e9 bf b6 0d Data Ascii: Q50FE~+Wo->1OC2)qezI0Vus%YhGeDtM[vi{Pw0qQC-,Gq{fpfhfy.jQOEU ^+8"\|yn\|+}hB!";"[~fErxn6j6RE9tfs2)d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49729	151.101.1.46	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:08 UTC	410	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:08 UTC	620	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Tue, 11 Mar 2025 23:16:10 GMT ETag: "67d0c43a-e9c" Expires: Wed, 12 Mar 2025 12:19:46 GMT Cache-Control: max-age=300 X-Host: blu113.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sat, 15 Mar 2025 00:37:08 GMT Age: 217342 X-Served-By: cache-sjc10042-SJC, cache-nyc-kteb1890032-NYC X-Cache: HIT, HIT X-Cache-Hits: 81, 1 X-Timer: S1741999029.716868,VS0,VE1 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+*
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 6f 8a bb 55 71 87 ba bb 2b ee ee ee ee 33 e7 3d bb 67 64 97 cf e1 ff 29 3a bf 67 ce 39 ef 3b ef ce e5 03 48 0e 1c 74 09 c4 e0 21 dd 69 1b 7a 45 2b 88 ff 0f cb 27 99 5b 56 08 a5 fc ca e6 ed e9 18 3e 62 e4 28 f8 f5 1d 3d a6 28 46 d2 2a 1a 3b ae 6d ca b8 62 7c bb 09 51 00 13 fd 71 27 4d 9e 32 75 5a 01 92 3a 77 9b 5e 7f d2 e5 33 66 42 cc aa 49 2d 34 5b 7e 3f 99 5a ad 39 b0 45 5b 84 a8 fd 6b b0 9d 7d ee 40 ba 0c 3d 36 0a 97 79 75 2c 1a d9 83 e6 07 e3 1a 43 17 44 02 71 45 c5 02 88 73 17 52 14 5d 25 69 73 a8 e9 fe 57 18 62 52 e8 6a 00 d7 d0 a8 d3 aa 61 03 fa 8c b8 d6 3c bf ae a3 4f ec e2 f2 60 5c e3 fa 0b 02 87 41 3b 0e 8e 1b 6e 64 52 0b d8 6e a2 db b1 28 ce a4 4b e3 62 dc 4c b7 5b 18 64 dd 1a 85 d2 34 c4 a0 9c 05 c1 b8 c6 80 dc 34 71 79 1b 80 db 3d 6b 73 07 70 Data Ascii: oUq+3=gd):g9;Ht!izE+'[V>b(=(F*;mb\|Qq'M2uZ:w^3fBI-4[~?Z9E[k}@=6yu,CDqEsR]%isWbRja<O`\A;ndRn(KbL[d44qy=ksp
2025-03-15 00:37:08 UTC	984	IN	Data Raw: 51 95 b6 35 30 a6 d0 d6 1a 46 a1 ff 45 e1 7e 2a cf b9 af 2b b6 df 57 17 6f aa 2d 3e 31 aa 4f 43 11 93 8e b9 32 1e dd 98 29 71 c5 65 7a f1 87 9e 01 f1 49 30 ae 94 b7 56 d2 c3 75 d2 cc 73 bc 1d 8c 25 f2 59 c9 68 47 65 0a 44 74 4d 86 0e 5b 76 bb aa d0 cf 69 7b 1a a2 d7 50 8a 8a 77 0a f4 01 30 71 51 43 2d f7 98 2c 88 47 ac 14 71 7b c2 f8 9a 66 10 70 1d b7 1e 66 f3 a3 8b 68 9b 1c 85 66 a6 e5 79 d0 2e 6a 51 b3 4f 45 9d aa 55 20 5e a5 ad 1a b4 e8 ba a9 0b 2b 9e bc eb ac 38 c4 22 89 ab ed 7c 79 fd 6e b3 7c 8b 19 8c 2b c5 a6 7d 68 86 42 cf 8f ea 21 e1 1b 2a d7 22 a1 1e b5 d7 3b 22 a5 17 f5 5b 8a d4 ea 9b b8 7e df 66 fb e2 fa 8b ad 8a 45 72 78 18 6e df d1 36 0c 09 b7 9a 6a 16 c3 98 f0 36 52 89 d4 91 45 39 17 a9 74 66 da b8 f1 73 98 32 ae 29 b6 c3 64 e0 e9 bf b6 0d Data Ascii: Q50FE~+Wo->1OC2)qezI0Vus%YhGeDtM[vi{Pw0qQC-,Gq{fpfhfy.jQOEU ^+8"\|yn\|+}hB!";"[~fErxn6j6RE9tfs2)d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49730	151.101.1.46	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:08 UTC	652	OUT	GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive Origin: https://btwebmailservicecare.weebly.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://btwebmailservicecare.weebly.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:08 UTC	629	IN	HTTP/1.1 200 OK Connection: close Content-Length: 45516 Server: nginx Content-Type: font/woff Last-Modified: Fri, 07 Mar 2025 00:38:29 GMT ETag: "67ca4005-b1cc" Expires: Sun, 23 Mar 2025 14:21:53 GMT Cache-Control: max-age=1209600 X-Host: blu11.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sat, 15 Mar 2025 00:37:08 GMT Age: 468915 X-Served-By: cache-sjc1000141-SJC, cache-ewr-kewr1740030-EWR X-Cache: HIT, HIT X-Cache-Hits: 27, 488 X-Timer: S1741999029.948306,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b1 cc 00 0e 00 00 00 01 56 88 00 00 00 00 00 00 b0 60 00 00 01 6c 00 00 02 d8 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8e 75 b9 9a 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b c2 c8 63 76 74 20 00 00 af 0c 00 00 00 28 00 00 00 28 08 e6 08 b2 66 70 67 6d 00 00 af 34 00 00 00 b2 00 00 01 09 43 3e f0 88 67 61 73 70 00 00 ae fc 00 00 00 10 00 00 00 10 00 1a 00 23 67 6c 79 66 00 00 2c a0 00 00 82 5c 00 00 fa 88 8b a2 ff 97 68 65 61 64 00 00 01 64 00 00 00 36 00 00 00 36 08 9e a2 8d 68 68 65 61 00 00 08 94 00 00 00 21 00 00 00 24 07 7f 07 8b 68 6d 74 78 00 00 08 b8 00 00 06 5b 00 00 11 40 49 d4 97 45 6c 6f 63 61 00 00 24 48 00 00 08 57 00 00 08 a2 19 b2 db 42 6d 61 78 70 00 00 01 44 00 00 00 Data Ascii: wOFFV`lOS/2X`ucmapcvt ((fpgm4C>gasp#glyf,\headd66hhea!$hmtx[@IEloca$HWBmaxpD
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 0c c3 08 19 29 47 e5 0d 39 02 2d e3 24 5d d6 cb 26 73 8e f2 64 b4 9a 2b d9 72 c9 9c 2c b7 2c 92 3d 6a a1 5c 14 97 f8 34 d4 1c 95 2b 7f 97 15 6a a9 54 c8 2d 99 6d 4e 59 1b dd 4e 3e c0 54 7c 84 c9 98 8e 29 48 c2 02 a4 21 1d ab b0 06 6b b1 0f bb b0 07 d9 7c 10 27 70 06 a7 e0 42 31 4e cb 31 78 19 40 cd 9a ac c5 c6 8c e6 6e fe 86 31 fc 15 5b f0 d7 fc 1d 1f 61 2f 0e e4 2b ec cf 38 7e c4 7f f2 43 4e e4 75 a3 82 ab b8 8c 2b 98 ce 95 52 c8 b5 3c c4 83 cc 61 2e 3d bc c1 b3 98 c6 87 30 89 cd 91 c8 df 62 31 7b 62 09 7b 63 29 fb 60 19 fb 62 39 5f c2 0a be 8c 4f f9 2a 56 33 16 9f 70 00 d6 71 10 d6 73 30 b6 f0 5d 6c e5 7b f8 92 e3 90 c5 78 ec 30 3b 71 3b c7 e3 20 a7 60 3f 27 61 37 27 e0 00 27 63 2f 3f 40 2e 93 70 88 c9 38 cc 19 9c 89 23 4c 41 1e 53 71 94 b3 90 cf d9 28 Data Ascii: )G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@n1[a/+8~CNu+R<a.=0b1{b{c)`b9_O*V3pqs0]l{x0;q; `?'a7''c/?@.p8#LASq(
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: f7 f6 f9 89 e4 71 db 83 75 67 2d 7d cc 72 8c 74 56 52 4e f0 70 ea 6d 79 1e cb 8b 02 6c 0c f8 a4 20 d5 b4 35 7d 94 f5 53 16 f7 2b 72 9e 1c 25 ad a4 83 5c 22 c7 d9 3f d2 f3 67 a8 52 67 3c bf e6 fb 36 df bf 91 3a d5 48 1b 2c 25 77 21 55 fc 9d c1 6f 9b ea f9 37 52 6e 65 1f e2 0f 93 c6 fd 62 28 7a ce 4e cf d7 1a 3f bb 18 e5 71 7f 7b 1d f4 2a f6 89 1f a7 2f e6 9a 53 8d b4 5c b3 e6 ff 0a 7d 7b 10 f1 f1 03 21 be 7f 20 24 26 f8 c4 e3 89 c4 88 a4 e1 fd 1e a4 df 99 e9 ba 42 3c f6 24 22 b1 68 0d c2 7e 4c 4a 1e 77 57 b0 6e 62 da ef 8c 95 fb 6c 6c 0b b2 2e 81 16 9e 0b e3 9e 1f fb 70 c5 fd 9a ec 24 17 c9 71 b6 cd a0 fc 9e 74 93 1f 58 bf 59 da 18 8f fa c5 c9 38 bf 12 f1 43 1b 6c dc 0c 22 b1 33 69 dc 0b 43 d1 73 3e b4 f1 b9 b4 0f 13 a3 af 83 5e 46 db f4 7a f1 3b 11 13 cf Data Ascii: qug-}rtVRNpmyl 5}S+r%\"?gRg<6:H,%w!Uo7Rneb(zN?q{*/S\}{! $&B<$"h~LJwWnbll.p$qtXY8Cl"3iCs>^Fz;
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: af bb 67 b5 06 4e f2 e8 ae 49 ba 33 f9 00 19 e6 22 ea 05 dc d1 da 35 e6 2f 99 a9 6a 7d 74 a8 79 c3 4c 4c 77 1e 7d ec e3 00 11 4f 2d f4 69 08 1c 5b 0d fd 66 fd 1a 25 e3 57 bb d0 a7 0b ac 53 47 bf e7 2a b6 fe c3 fb 80 f3 9e ef cc 0f df bf bf a1 32 77 a1 29 66 4d c0 5a f9 e5 58 b0 aa 32 f4 a6 bd 21 7b 3a 13 e3 96 8a ba 5b 02 87 8c fc 90 7a fd 5d c4 ec c9 26 b2 8c 8e 89 61 dd eb f6 fb 6f ff d5 7f 73 dd da 2c 3b a5 d8 95 0e 3b a9 98 93 46 4d 62 c7 ac 43 6c f3 f6 73 fc 12 fc 4f 36 60 b6 28 00 00 00 78 da 6d 59 05 58 5c 57 16 3e 72 19 02 43 02 91 ba bb a7 a3 48 7d e4 41 48 08 a4 10 4a 92 4a 3a c0 00 93 0c 33 74 24 09 a9 bb bb 6c 7d eb ba 75 77 77 df ba bb eb ee b6 dd b6 bb 6d f7 bd 77 0f cc 65 b2 7c 1f fc f7 dc 77 ee f9 8f dc 77 de 7d 3c 20 70 7f fe 3c 12 66 c0 Data Ascii: gNI3"5/j}tyLLw}O-i[f%WSG*2w)fMZX2!{:[z]&aos,;;FMbClsO6`(xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<f
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: e1 03 f8 90 27 71 15 57 b3 97 6b 78 32 4f e1 5a ae e3 a9 3c 8d a7 f3 0c 5e 8d 57 e7 35 78 4d 5e 8b d7 e6 75 78 5d 5e 8f d7 e7 0d 78 43 de 88 37 e6 4d 78 53 de 8c 37 e7 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 8b 78 4f de 8b f7 e6 7d 78 31 ef cb 09 ee e5 3e ee e7 24 0f f0 20 0f 71 8a 97 f0 52 4e f3 30 67 38 cb 23 bc 1f e7 38 cf 05 2e f2 32 5e ce 2b 78 94 57 f2 fe 7c 00 1f c8 07 f1 c1 7c 08 1f ca 87 f1 e1 7c 04 1f c9 47 f1 d1 7c 0c 1f cb c7 f1 f1 7c 02 9f c8 27 f1 c9 7c 0a 9f ca a7 f1 e9 7c 06 9f c9 67 f1 5f f8 6c 3e 87 cf e5 f3 f8 7c be 80 2f e4 bf f2 45 Data Ascii: 'qWkx2OZ<^W5xM^ux]^xC7MxS7-xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 19 cc 25 96 25 bd 0b 4b 17 3d 0b dd 29 59 2e 19 6e 16 ba e6 46 cf 22 d7 5c f5 a2 d2 cd 94 d0 db 29 21 21 24 26 dc ea 7e c1 a0 60 58 30 2e d8 20 d8 24 d8 2c 18 95 9b 49 d6 47 65 7d 54 d6 47 1b 2a 13 49 1d 58 c2 05 77 cb 7b 13 a5 3b a6 2e 51 76 7f 4c 49 8c 45 2d ba 6e 9c ee b8 46 7c 17 41 07 e0 0a d5 09 a7 10 b2 c0 ad 86 d6 91 e0 4c 21 68 0a 61 53 88 9b 42 83 29 34 99 42 b3 29 44 0d 21 6a f2 44 4d 9e a8 c9 13 d5 a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc e2 94 fb 77 89 fb 37 5d ed fe 35 e2 f1 37 7b 07 8d 78 06 cb 5b 68 50 0d 39 3d 70 68 95 1e 18 f4 a4 f4 a6 Data Ascii: %%K=)Y.nF"\)!!$&~`X0. $,IGe}TG*IXw{;.QvLIE-nF\|AL!haSB)4B)D!jDMHRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=ph
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: c3 31 a5 e7 1d f5 b1 6d 51 2b 4a 63 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 b0 51 b0 49 30 22 18 15 8c 09 c6 05 2d 41 fd 1a 13 0a 88 1f 01 b1 1f 10 3f 02 e2 47 40 fc 08 88 1f 01 e1 0f 08 7f 40 f8 03 c2 1f 10 fe 80 f0 07 84 3f 20 fc 01 e1 0f 08 bf 4f f8 7c c2 e7 13 3e 9f d8 f3 89 3d 9f d8 f1 89 5d 9f d8 f1 89 9d 26 89 c3 27 fe f9 c4 3f 9f f8 e7 13 ff 9b 84 af 49 ec 46 45 d6 ff bb f2 f9 1b c5 5e d0 57 23 38 fe 8a 6f 0b 63 28 8b 82 e2 74 50 9c 0e 0a 49 78 4c 4f 9c 09 8a 33 41 71 26 28 c1 05 c5 89 a0 04 15 94 20 83 92 ac a0 04 19 14 a7 42 12 64 48 ec 87 c4 8f 90 f8 11 12 3f 42 e2 47 48 f8 43 c2 1f 12 fe Data Ascii: 1mQ+JcruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH?BGHC
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: a1 e6 6f e2 6e a2 37 07 6f 6e 55 f1 aa c2 55 5f 6f 89 6f e9 6f f5 de ca dc 1a bb 35 05 e0 80 52 00 00 b8 40 2d 80 02 66 c0 01 78 81 10 10 07 fa 80 21 60 1c d8 05 0e 81 33 a0 70 9b 78 5b 73 3b 72 7b 85 56 46 63 d2 20 9a 92 66 a2 35 d3 5a 69 1d b4 18 ad 97 96 a1 6d d2 76 69 87 b4 33 5a 81 4e a4 57 d0 99 74 88 ae a4 b7 d3 23 f4 24 7d 90 3e 4a 9f a4 cf d2 97 e9 eb f4 6d fa 0f 7a 81 41 64 54 30 98 0c 88 d1 ca e8 60 c4 18 bd 8c 0c 63 8c 31 c5 98 bf 53 74 c7 7b 27 74 27 7e a7 ef ce 16 13 60 26 98 c7 cc 3f d5 d6 6a 57 b5 bf 3a 5c 9d a8 1e a8 de ad 3e ac 3e ab 2e b0 88 ac 0a 16 93 05 b1 b2 ac 1c 6b 89 55 60 33 d9 10 5b c9 36 b1 9b d9 ad ec 0e 76 8c dd cb ce b0 c7 d8 53 ec 23 76 9e 7d 09 92 40 0b e8 04 7d 60 27 88 81 fd e0 30 38 01 ce 80 8b e0 67 70 13 dc 05 0f c1 Data Ascii: on7onUU_ooo5R@-fx!`3px[s;r{VFc f5Zimvi3ZNWt#$}>JmzAdT0`c1St{'t'~`&?jW:\>>.kU`3[6vS#v}@}`'08gp
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: fc 88 df e3 ef f5 6f bc a0 be 60 be 08 bd 58 7c 71 de 8e b4 eb db d3 ed 9f da 4f 5e 12 5e 9a 5f 0e bc cc bd dc 7a 99 0f 50 03 8e 40 2c 90 09 4c 07 e6 02 4b 81 2f 81 ef 81 fd c0 51 e0 3c 48 08 96 06 99 41 5e 50 1c 34 06 ad 41 7f 30 14 8c 06 07 83 c3 c1 b3 8e e6 8e d1 8e 89 8e a3 57 f6 57 8b af 4e 42 cc 10 16 da 0a 15 fe e1 fd 13 fe 67 b3 13 ea b4 74 ae bc 26 bf d6 be b6 be 76 bd 5e 7d 7d 1e 56 86 d3 e1 f9 70 fe df e6 7f 97 23 94 88 3e 32 1a d9 89 ec 77 41 5d 68 97 a5 cb db 15 e9 9a ea 5a e8 5a ef fa d9 95 8f 92 a3 fa a8 25 da 1a 8d 44 df 47 97 a2 fb d1 c2 1b e0 0d fc 66 f0 cd c2 9b ad 18 3f 16 88 0d c6 72 b1 8d d8 e5 5b c6 5b d7 db 89 b7 53 6f 77 e3 a5 71 7b 3c 1e 4f c7 b3 f1 d9 f8 61 37 a1 1b ed 36 76 7b bb b3 dd 1b dd df ba f7 bb 8f bb f3 dd 05 8c 80 95 Data Ascii: o`X\|qO^^_zP@,LK/Q<HA^P4A0WWNBgt&v^}}Vp#>2wA]hZZ%DGf?r[[Sowq{<Oa76v{
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 70 d2 dc 86 6e ba 8d 36 9b 3d 82 97 26 7a f6 dc 6a ef ac 86 b5 95 de b5 8d ad de ea b9 f5 43 f5 0d 43 f5 e4 86 46 4f 71 63 47 5e 5e 7b 98 a3 2a 2e be ca d1 56 56 d2 fe c1 82 98 e8 d6 f2 d2 36 9b ad ad b4 bc 35 3a 66 41 45 c9 9c e9 d9 73 4a 49 9f c3 91 95 95 1b 1c 9c 9b 25 fe 2b 37 4e a3 89 cb 4d cd 2e 2c cc 46 7e b2 4d 7c c1 e7 f3 47 60 dc b3 11 6b 0d 1b 79 bb 11 98 67 3c d5 18 a5 a1 23 cf 68 ec 96 30 2d f4 1b 79 4e 1a 1e 2c e3 d9 9a 58 95 5b da 66 8f ef f3 54 ac ac 60 f4 87 81 19 9a 49 56 cd 68 cc aa 48 69 2d 9d de 1a 77 6f 52 92 77 79 49 74 46 89 93 51 7f ff d2 be fd 0b 66 92 43 8b ac ee c4 d2 8a ec 74 20 e7 c4 04 67 07 7a 56 00 3d 79 4e 27 22 7d e5 ef ff 2d f9 15 ff 5f 92 5f 57 00 af ec 9e 2c bf 08 93 5f 24 c1 4f 80 51 de 6a 01 a2 27 d1 f9 1b cd 81 f0 Data Ascii: pn6=&zjCCFOqcG^^{*.VV65:fAEsJI%+7NM.,F~M\|G`kyg<#h0-yN,X[fT`IVhHi-woRwyItFQfCt gzV=yN'"}-__W,_$OQj'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49731	151.101.1.46	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:08 UTC	651	OUT	GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive Origin: https://btwebmailservicecare.weebly.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://btwebmailservicecare.weebly.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:08 UTC	629	IN	HTTP/1.1 200 OK Connection: close Content-Length: 46052 Server: nginx Content-Type: font/woff Last-Modified: Fri, 07 Mar 2025 00:38:29 GMT ETag: "67ca4005-b3e4" Expires: Sun, 23 Mar 2025 10:25:39 GMT Cache-Control: max-age=1209600 X-Host: grn31.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sat, 15 Mar 2025 00:37:08 GMT Age: 483089 X-Served-By: cache-sjc1000121-SJC, cache-ewr-kewr1740028-EWR X-Cache: HIT, HIT X-Cache-Hits: 21, 152 X-Timer: S1741999029.957360,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b3 e4 00 0e 00 00 00 01 57 a4 00 00 00 00 00 00 b2 78 00 00 01 6c 00 00 02 d7 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8d 3e b9 af 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b c2 c8 63 76 74 20 00 00 b1 24 00 00 00 28 00 00 00 28 08 b6 08 99 66 70 67 6d 00 00 b1 4c 00 00 00 b2 00 00 01 09 43 3e f0 88 67 61 73 70 00 00 b1 14 00 00 00 10 00 00 00 10 00 1a 00 23 67 6c 79 66 00 00 2c 94 00 00 84 7f 00 00 fb c8 be a3 8f 3c 68 65 61 64 00 00 01 64 00 00 00 36 00 00 00 36 08 84 a2 8a 68 68 65 61 00 00 08 94 00 00 00 21 00 00 00 24 07 64 07 72 68 6d 74 78 00 00 08 b8 00 00 06 5c 00 00 11 40 1b e8 b2 08 6c 6f 63 61 00 00 24 3c 00 00 08 57 00 00 08 a2 a3 9d 64 f8 6d 61 78 70 00 00 01 44 00 00 00 Data Ascii: wOFFWxlOS/2X`>cmapcvt $((fpgmLC>gasp#glyf,<headd66hhea!$drhmtx\@loca$<WdmaxpD
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 0c c3 08 19 29 47 e5 0d 39 02 2d e3 24 5d d6 cb 26 73 8e f2 64 b4 9a 2b d9 72 c9 9c 2c b7 2c 92 3d 6a a1 5c 14 97 f8 34 d4 1c 95 2b 7f 97 15 6a a9 54 c8 2d 99 6d 4e 59 1b dd 4e 3e c0 54 7c 84 c9 98 8e 29 48 c2 02 a4 21 1d ab b0 06 6b b1 0f bb b0 07 d9 7c 10 27 70 06 a7 e0 42 31 4e cb 31 78 19 40 cd 9a ac c5 c6 8c e6 6e fe 86 31 fc 15 5b f0 d7 fc 1d 1f 61 2f 0e e4 2b ec cf 38 7e c4 7f f2 43 4e e4 75 a3 82 ab b8 8c 2b 98 ce 95 52 c8 b5 3c c4 83 cc 61 2e 3d bc c1 b3 98 c6 87 30 89 cd 91 c8 df 62 31 7b 62 09 7b 63 29 fb 60 19 fb 62 39 5f c2 0a be 8c 4f f9 2a 56 33 16 9f 70 00 d6 71 10 d6 73 30 b6 f0 5d 6c e5 7b f8 92 e3 90 c5 78 ec 30 3b 71 3b c7 e3 20 a7 60 3f 27 61 37 27 e0 00 27 63 2f 3f 40 2e 93 70 88 c9 38 cc 19 9c 89 23 4c 41 1e 53 71 94 b3 90 cf d9 28 Data Ascii: )G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@n1[a/+8~CNu+R<a.=0b1{b{c)`b9_O*V3pqs0]l{x0;q; `?'a7''c/?@.p8#LASq(
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 26 fd 44 fa 38 9d c1 ba b9 9b 3e a6 0e 63 cc 7c fa 9b 3e 17 53 e4 4a fa 8a 31 66 7c 80 f9 01 9f 14 a4 82 7b 2f be c8 f5 53 1e ce e7 e4 77 12 27 3b c9 8f a4 97 1c a1 7d 94 eb cf d0 a0 f6 ba 7e cd f7 6d be 7f b3 b6 52 ee 41 0d 29 46 58 fc 9d e5 06 4f 37 cd f5 6f e4 66 4f 26 11 7f 98 36 ce f1 ab 69 67 f6 b8 be d6 fa d9 66 d4 93 46 eb 6f 07 40 df c5 36 e2 c7 e9 8b 55 3d 89 24 f9 c7 9c ff 2d f4 ed 41 c4 c7 0f 86 f8 fe c1 90 98 e0 93 88 27 e2 cb d3 c6 ee e3 a0 76 53 8b e1 42 22 f6 a4 b2 ce c6 a0 bc 44 4c 1a 98 c5 83 db 9c 83 fd ea 12 d3 be 61 ac fc c8 8b 6d 41 36 a5 f0 02 cf 85 71 cf 8f 7d e8 72 f6 92 f7 48 2f f9 89 ba 05 94 c7 c8 79 72 94 f5 4c d1 e9 cd fd e3 64 82 4e 72 8a 7d 6e f0 e2 66 10 89 9d e9 93 71 35 ed cc 27 5e 7c 9e 94 c4 c6 e8 01 90 3b 6a 7a dd f8 Data Ascii: &D8>c\|>SJ1f\|{/Sw';}~mRA)FXO7ofO&6igfFo@6U=$-A'vSB"DLamA6q}rH/yrLdNr}nfq5'^\|;jz
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 43 a2 a9 8a bb 28 31 16 92 cf e5 89 e4 ef e0 91 9d 65 ad 8d 09 19 bb cc 8b a8 cd a6 8a 33 9c 23 64 cf c6 12 83 85 ba 66 68 29 6d b2 a3 ec 64 61 9f 55 f2 4e 15 1c fd bf ce 15 95 0b 8d 25 5c 2f 55 ff 76 17 8b 11 39 73 89 22 e6 b8 9c b7 f8 56 6b 31 cb 5f fb a2 f6 9a 33 19 89 a8 c0 53 93 b2 70 41 ab ad c9 97 ef 1f 71 1e 87 28 d3 26 ca d6 4d 6e 3e eb bf ad 5a 7e b5 79 6e 99 93 0a 38 95 09 67 19 30 26 14 9b c0 89 f2 3d 1c f3 e5 ab fc 17 38 5f d7 76 ae 20 00 00 00 78 da 6d 59 05 58 5c 57 16 3e 72 19 02 43 02 91 ba bb a7 a3 48 7d e4 41 48 08 a4 10 4a 92 4a 3a c0 00 93 0c 33 74 24 09 a9 bb bb 6c 7d eb ba 75 77 77 df ba bb eb ee b6 dd b6 bb 6d f7 bd 77 0f cc 65 b2 7c 1f fc f7 dc 77 ee f9 8f dc 77 de 7d 3c 20 70 7f fe 3c 12 66 c0 ff f9 51 f3 00 90 80 80 91 51 c1 74 Data Ascii: C(1e3#dfh)mdaUN%\/Uv9s"Vk1_3SpAq(&Mn>Z~yn8g0&=8_v xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<fQQt
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 32 4f e1 5a ae e3 a9 3c 8d a7 f3 0c 5e 8d 57 e7 35 78 4d 5e 8b d7 e6 75 78 5d 5e 8f d7 e7 0d 78 43 de 88 37 e6 4d 78 53 de 8c 37 e7 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 8b 78 4f de 8b f7 e6 7d 78 31 ef cb 09 ee e5 3e ee e7 24 0f f0 20 0f 71 8a 97 f0 52 4e f3 30 67 38 cb 23 bc 1f e7 38 cf 05 2e f2 32 5e ce 2b 78 94 57 f2 fe 7c 00 1f c8 07 f1 c1 7c 08 1f ca 87 f1 e1 7c 04 1f c9 47 f1 d1 7c 0c 1f cb c7 f1 f1 7c 02 9f c8 27 f1 c9 7c 0a 9f ca a7 f1 e9 7c 06 9f c9 67 f1 5f f8 6c 3e 87 cf e5 f3 f8 7c be 80 2f e4 bf f2 45 7c 31 5f c2 97 f2 65 7c 39 5f c1 57 Data Ascii: 2OZ<^W5xM^ux]^xC7MxS7-xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E\|1_e\|9_W
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 29 59 2e 19 6e 16 ba e6 46 cf 22 d7 5c f5 a2 d2 cd 94 d0 db 29 21 21 24 26 dc ea 7e c1 a0 60 58 30 2e d8 20 d8 24 d8 2c 18 95 9b 49 d6 47 65 7d 54 d6 47 1b 2a 13 49 1d 58 c2 05 77 cb 7b 13 a5 3b a6 2e 51 76 7f 4c 49 8c 45 2d ba 6e 9c ee b8 46 7c 17 41 07 e0 0a d5 09 a7 10 b2 c0 ad 86 d6 91 e0 4c 21 68 0a 61 53 88 9b 42 83 29 34 99 42 b3 29 44 0d 21 6a f2 44 4d 9e a8 c9 13 d5 a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc e2 94 fb 77 89 fb 37 5d ed fe 35 e2 f1 37 7b 07 8d 78 06 cb 5b 68 50 0d 39 3d 70 68 95 1e 18 f4 a4 f4 a6 4d 49 58 29 09 2b 65 f6 40 09 2b 16 Data Ascii: )Y.nF"\)!!$&~`X0. $,IGe}TG*IXw{;.QvLIE-nF\|AL!haSB)4B)D!jDMHRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=phMIX)+e@+
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 b0 51 b0 49 30 22 18 15 8c 09 c6 05 2d 41 fd 1a 13 0a 88 1f 01 b1 1f 10 3f 02 e2 47 40 fc 08 88 1f 01 e1 0f 08 7f 40 f8 03 c2 1f 10 fe 80 f0 07 84 3f 20 fc 01 e1 0f 08 bf 4f f8 7c c2 e7 13 3e 9f d8 f3 89 3d 9f d8 f1 89 5d 9f d8 f1 89 9d 26 89 c3 27 fe f9 c4 3f 9f f8 e7 13 ff 9b 84 af 49 ec 46 45 d6 ff bb f2 f9 1b c5 5e d0 57 23 38 fe 8a 6f 0b 63 28 8b 82 e2 74 50 9c 0e 0a 49 78 4c 4f 9c 09 8a 33 41 71 26 28 c1 05 c5 89 a0 04 15 94 20 83 92 ac a0 04 19 14 a7 42 12 64 48 ec 87 c4 8f 90 f8 11 12 3f 42 e2 47 48 f8 43 c2 1f 12 fe 90 f0 87 84 3f 24 fc 21 e1 0f 09 7f Data Ascii: ruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH?BGHC?$!
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 04 29 69 2d 99 2d 59 2a 59 2b d9 02 a8 00 17 50 00 26 c0 0a 38 00 2f 10 04 e2 c0 28 30 0d 24 81 15 e0 2b 70 5d 8a 2e c5 97 92 4a 99 a5 ad a5 93 a5 07 a4 6a 92 81 84 90 1c 24 2f 29 48 8a 93 46 49 d3 a4 24 69 85 74 4e ba 21 63 c9 04 32 85 cc 22 4b c8 06 32 42 76 90 13 e4 29 f2 1c 79 99 bc 4e 4e 91 b7 c9 07 e4 0c f9 92 7c 47 a1 52 b8 14 05 c5 44 b1 52 86 28 e3 94 8f 94 05 ca 67 ca 26 e5 07 e5 77 19 ab 6c a4 6c b2 6c b6 6c a9 ec aa dc 50 9e ac c0 57 94 57 04 2b e2 15 a3 15 d3 15 c9 8a 95 8a 3b 6a 3e b5 98 0a 52 f9 54 15 b5 8e 6a a3 fe a4 ee 51 8f 69 4c 1a 4c 6b a1 79 68 9d b4 18 2d 41 9b a2 cd d1 96 69 eb b4 14 6d 1b 24 80 14 90 05 4a c0 10 f8 01 1c 03 67 c0 79 70 15 dc 00 d3 e0 2e 78 04 9e 81 d7 74 34 1d 4f 27 d1 99 74 11 5d 47 87 e9 2d 74 0f 7d 8e be 43 3f Data Ascii: )i--Y*Y+P&8/(0$+p].Jj$/)HFI$itN!c2"K2Bv)yNN\|GRDR(g&wllllPWW+;j>RTjQiLLkyh-Aim$Jgyp.xt4O't]G-t}C?
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: e5 e9 f0 2c 7b d6 3c 57 af 25 af 3d af 3f bc de 7c 7d eb 2d f7 1a bd 7e ef 98 37 ed 3d f5 a1 7c 24 1f e8 83 7c 2a 1f ec b3 f9 9c be 0e 5f cc 37 ec 9b f6 cd fa 16 7c eb be 6f be 3d df 91 2f e3 bb f5 63 fd 7e 7f fa 0d ee 0d f1 8d fb cd af 76 51 7b 7b fb 5c fb f5 5b e4 6d fc ed d2 db eb 0e 47 c7 66 c7 fe 3b cb bb e4 bb dd 77 47 ef ce 02 f6 c0 78 60 fb 7d f1 7b f3 fb b1 f7 a7 9d 96 ce a5 ce bd 2e a8 ab bd ab b7 2b d5 b5 d3 75 d4 75 15 cc 0e 6a 82 70 b0 35 18 0d 8e 05 17 82 fb c1 3f c1 ab ee dc 6e b0 db d2 1d ee 9e ee fe d2 9d 0e 51 43 70 c8 1f da ea c1 f6 30 7b cc 3d ed 3d 33 3d eb 3d 7f 7b 25 bd 9a de 50 ef 52 ef 69 1f be af b8 4f d6 67 ea 8b f7 25 fb 7e f7 1d f6 dd 84 15 61 6f b8 33 1c 0d 0f 87 c7 c3 33 e1 64 78 39 bc 16 fe 16 fe 11 de 0d 1f 86 33 e1 8b f0 Data Ascii: ,{<W%=?\|}-~7=\|$\|*_7\|o=/c~vQ{{\[mGf;wGx`}{.+uujp5?nQCp0{==3=={%PRiOg%~ao33dx93
2025-03-15 00:37:08 UTC	1378	IN	Data Raw: 4d fa f2 85 2d 0d 03 8d 6b ab aa d6 36 0d 34 b6 2c 6c d8 d0 d4 bc a1 9e 5c 12 ac ab ef 1f 72 bb 87 62 2a 3a 52 53 3b 2b 16 36 36 2c 7c 6f 51 82 d0 57 5b d9 6d b7 77 57 d6 f6 09 09 8b ea 7d fd 45 45 fd 3e b2 b5 a6 c6 e5 f1 44 47 7b 3c e2 3f 2b 32 34 9a 8c 8a bc f2 86 06 3a 06 65 93 5f f0 69 fc 9d f2 18 68 d8 c8 3b 84 38 18 83 2c 21 41 43 47 9e 11 b8 dc 21 a1 5a 2e 33 38 0a 0d 4e 1a 1a 2c e3 db 95 d6 ec 6c 98 e3 20 c9 6b aa 6b 57 00 f5 db ae d8 45 47 85 ac eb ef 71 b6 d9 60 1c 16 a6 5c 6e b5 05 2e 6c 16 18 f1 ab 56 d4 3c be 77 e8 d0 50 2f b9 6b 53 61 a3 b5 cd ef 2d 06 72 4e 4e 72 45 40 cf 02 a0 27 cf 69 bf 46 fa ca df ff b7 64 59 94 5a 96 c1 5f 35 53 65 59 41 a3 22 cb e6 3a 2f 6b 01 59 e6 2d 9a 2b 1e 9b 49 96 9d 0f 3f 76 4f 95 65 84 c9 32 52 74 b5 eb 14 0a Data Ascii: M-k64,l\rb*:RS;+66,\|oQW[mwW}EE>DG{<?+24:e_ih;8,!ACG!Z.38N,l kkWEGq`\n.lV<wP/kSa-rNNrE@'iFdYZ_5SeYA":/kY-+I?vOe2Rt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49732	151.101.1.46	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:09 UTC	653	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://btwebmailservicecare.weebly.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:09 UTC	646	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1406 Server: nginx Content-Type: image/x-icon Last-Modified: Mon, 03 Mar 2025 23:06:51 GMT ETag: "67c6360b-57e" Expires: Tue, 04 Mar 2025 02:39:38 GMT Cache-Control: max-age=300 X-Host: grn51.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 943350 Date: Sat, 15 Mar 2025 00:37:09 GMT X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740044-EWR X-Cache: HIT, HIT X-Cache-Hits: 214, 0 X-Timer: S1741999030.627080,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-15 00:37:09 UTC	1378	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(
2025-03-15 00:37:09 UTC	28	IN	Data Raw: ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49719	142.250.186.132	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:09 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCMnRzgEIvtXOAQiA1s4BCMjczgEIiuDOAQiu5M4BCIvlzgEIs+XOAQ== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:10 UTC	1303	IN	HTTP/1.1 200 OK Date: Sat, 15 Mar 2025 00:37:10 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-hfDxd0i1P2BxwL-TfG7Rxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-15 00:37:10 UTC	87	IN	Data Raw: 33 37 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 6f 62 65 72 74 20 68 69 67 68 74 20 72 65 74 69 72 65 73 20 6a 6f 68 6e 20 66 6f 72 63 65 20 72 61 63 69 6e 67 22 2c 22 6e 61 73 61 20 73 70 61 63 65 78 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 22 2c 22 72 65 Data Ascii: 37b)]}'["",["robert hight retires john force racing","nasa spacex rocket launch","re
2025-03-15 00:37:10 UTC	811	IN	Data Raw: 63 61 70 20 73 65 76 65 72 61 6e 63 65 20 73 65 61 73 6f 6e 20 32 20 65 70 69 73 6f 64 65 20 39 22 2c 22 62 69 72 64 20 66 6c 75 20 65 67 67 20 70 72 69 63 65 73 22 2c 22 6e 76 69 64 69 61 20 73 74 6f 63 6b 20 70 72 69 63 65 22 2c 22 63 6f 6c 6c 65 67 65 20 62 61 73 6b 65 74 62 61 6c 6c 20 74 6f 75 72 6e 61 6d 65 6e 74 20 62 72 61 63 6b 65 74 22 2c 22 68 61 70 70 79 20 68 6f 6c 69 20 66 65 73 74 69 76 61 6c 22 2c 22 77 68 65 65 6c 20 6f 66 20 74 69 6d 65 20 73 65 61 73 6f 6e 20 33 20 65 70 69 73 6f 64 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 Data Ascii: cap severance season 2 episode 9","bird flu egg prices","nvidia stock price","college basketball tournament bracket","happy holi festival","wheel of time season 3 episodes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"goog
2025-03-15 00:37:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49733	151.101.1.46	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 00:37:10 UTC	401	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 00:37:10 UTC	646	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1406 Server: nginx Content-Type: image/x-icon Last-Modified: Mon, 03 Mar 2025 23:06:51 GMT ETag: "67c6360b-57e" Expires: Tue, 04 Mar 2025 02:39:38 GMT Cache-Control: max-age=300 X-Host: grn51.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sat, 15 Mar 2025 00:37:10 GMT Age: 943351 X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740086-EWR X-Cache: HIT, HIT X-Cache-Hits: 214, 1 X-Timer: S1741999030.207870,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-15 00:37:10 UTC	1378	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(
2025-03-15 00:37:10 UTC	28	IN	Data Raw: ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 Data Ascii:

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	20:36:55
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	20:36:58
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2280,i,12641882907520560829,12871458640340117564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2308 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	20:37:05
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://btwebmailservicecare.weebly.com/"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://btwebmailservicecare.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4084, Parent PID: 3472

General

File Activities

File Opened

File Created

File Deleted

Windows Analysis Report
http://btwebmailservicecare.weebly.com/