Edit tour

Windows Analysis Report
https://schoolmngt.ubpages.com/managent/

Overview

General Information

Sample URL:	https://schoolmngt.ubpages.com/managent/
Analysis ID:	1647450
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Creates files inside the system directory

Deletes files inside the Windows folder

Detected clear text password fields (password is not hidden)

HTML body contains low number of good links

HTML title does not match URL

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 4724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,10938567176322679093,12905942111308703416,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://schoolmngt.ubpages.com/managent/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://schoolmngt.ubpages.com/managent/

Joe Sandbox AI: Score: 9 Reasons: The brand 'Google' is well-known and typically associated with the domain 'google.com'., The URL 'schoolmngt.ubpages.com' does not match the legitimate domain for Google., The domain 'ubpages.com' is not associated with Google and appears to be a third-party domain., The presence of 'schoolmngt' as a subdomain is suspicious and not related to Google., The URL structure suggests a potential phishing attempt by using a third-party domain with a subdomain that could mislead users. DOM: 0.0.pages.csv

Source: https://schoolmngt.ubpages.com/managent/

HTTP Parser: <input type="text"... for password input

Source: https://schoolmngt.ubpages.com/managent/

HTTP Parser: Number of links: 0

Source: https://schoolmngt.ubpages.com/managent/

HTTP Parser: Title: does not match URL

Source: https://schoolmngt.ubpages.com/managent/

HTTP Parser: No favicon

Source: https://schoolmngt.ubpages.com/managent/

HTTP Parser: No <meta name="author".. found

Source: https://schoolmngt.ubpages.com/managent/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.65.196:443 -> 192.168.2.7:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.41.137:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.41.137:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.238.80.20:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.115.141:443 -> 192.168.2.7:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.115.5:443 -> 192.168.2.7:49701 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /managent/ HTTP/1.1Host: schoolmngt.ubpages.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/d5046483-1668-4739-a080-17dfa8f93d47/googleeee.original.png?1742835208 HTTP/1.1Host: schoolmngt.ubpages.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://schoolmngt.ubpages.com/managent/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
Source: global traffic	HTTP traffic detected: GET /_ub/static/ts/786ffa188154a7a81202c5d108dc70f1e0214262.js HTTP/1.1Host: schoolmngt.ubpages.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://schoolmngt.ubpages.com/managent/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
Source: global traffic	HTTP traffic detected: GET /published-css/main-ebbfc5e.z.css HTTP/1.1Host: builder-assets.unbounce.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://schoolmngt.ubpages.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /published-js/main.bundle-f4428e5.z.js HTTP/1.1Host: builder-assets.unbounce.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://schoolmngt.ubpages.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQjJ0c4BCIHWzgEIydzOAQiE4M4BCKLkzgEIr+TOAQjp5M4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png HTTP/1.1Host: d9hhrg4mnvzow.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://schoolmngt.ubpages.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: schoolmngt.ubpages.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://schoolmngt.ubpages.com/managent/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
Source: global traffic	HTTP traffic detected: GET /schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png HTTP/1.1Host: d9hhrg4mnvzow.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: schoolmngt.ubpages.com
Source: global traffic	DNS traffic detected: DNS query: builder-assets.unbounce.com
Source: global traffic	DNS traffic detected: DNS query: d9hhrg4mnvzow.cloudfront.net

Source: unknown

HTTP traffic detected: POST /_ub/i HTTP/1.1Host: schoolmngt.ubpages.comConnection: keep-aliveContent-Length: 1122sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/jsonsec-ch-ua-mobile: ?0Accept: */*Origin: https://schoolmngt.ubpages.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://schoolmngt.ubpages.com/managent/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 20:31:04 GMTContent-Type: text/htmlContent-Length: 47Connection: closeX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'Server: cloudflareCF-RAY: 9258ee14996b9187-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 20:31:06 GMTContent-Type: text/htmlContent-Length: 47Connection: closeX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'Server: cloudflareCF-RAY: 9258ee240aeb9cc1-EWR

Source: chromecache_54.1.dr	String found in binary or memory: http://schoolmngt.ubpages.com/managent/
Source: chromecache_54.1.dr	String found in binary or memory: https://app.unbounce.com/a4d797ce-475e-4026-a42d-99d08655048e
Source: chromecache_54.1.dr	String found in binary or memory: https://app.unbounce.com/c454ed71-3fce-43f4-9345-7523c8fed871

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 142.250.65.196:443 -> 192.168.2.7:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.41.137:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.41.137:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.238.80.20:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.115.141:443 -> 192.168.2.7:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.115.5:443 -> 192.168.2.7:49701 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4724_1877151572

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4724_1877151572

Jump to behavior

Source: classification engine

Classification label: mal48.phis.win@21/19@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,10938567176322679093,12905942111308703416,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://schoolmngt.ubpages.com/managent/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,10938567176322679093,12905942111308703416,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://schoolmngt.ubpages.com/managent/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://schoolmngt.ubpages.com/_ub/i	0%	Avira URL Cloud	safe
https://schoolmngt.ubpages.com/assets/d5046483-1668-4739-a080-17dfa8f93d47/googleeee.original.png?1742835208	0%	Avira URL Cloud	safe
https://d9hhrg4mnvzow.cloudfront.net/schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png	0%	Avira URL Cloud	safe
https://schoolmngt.ubpages.com/_ub/static/ts/786ffa188154a7a81202c5d108dc70f1e0214262.js	0%	Avira URL Cloud	safe
https://schoolmngt.ubpages.com/favicon.ico	0%	Avira URL Cloud	safe
http://schoolmngt.ubpages.com/managent/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
builder-assets.unbounce.com	18.238.80.20	true	false		high
schoolmngt.ubpages.com	104.18.41.137	true	true		unknown
d9hhrg4mnvzow.cloudfront.net	18.164.115.141	true	false		high
www.google.com	142.250.65.196	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://schoolmngt.ubpages.com/managent/	true		unknown
https://builder-assets.unbounce.com/published-css/main-ebbfc5e.z.css	false		high
https://schoolmngt.ubpages.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://schoolmngt.ubpages.com/assets/d5046483-1668-4739-a080-17dfa8f93d47/googleeee.original.png?1742835208	false	Avira URL Cloud: safe	unknown
https://schoolmngt.ubpages.com/_ub/static/ts/786ffa188154a7a81202c5d108dc70f1e0214262.js	false	Avira URL Cloud: safe	unknown
https://schoolmngt.ubpages.com/_ub/i	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://builder-assets.unbounce.com/published-js/main.bundle-f4428e5.z.js	false		high
https://d9hhrg4mnvzow.cloudfront.net/schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://app.unbounce.com/a4d797ce-475e-4026-a42d-99d08655048e	chromecache_54.1.dr	false		high
https://app.unbounce.com/c454ed71-3fce-43f4-9345-7523c8fed871	chromecache_54.1.dr	false		high
http://schoolmngt.ubpages.com/managent/	chromecache_54.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.65.196	www.google.com	United States		15169	GOOGLEUS	false
18.164.115.5	unknown	United States		3	MIT-GATEWAYSUS	false
18.238.80.20	builder-assets.unbounce.com	United States		16509	AMAZON-02US	false
104.18.41.137	schoolmngt.ubpages.com	United States		13335	CLOUDFLARENETUS	true
18.164.115.141	d9hhrg4mnvzow.cloudfront.net	United States		3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647450
Start date and time:	2025-03-24 21:30:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://schoolmngt.ubpages.com/managent/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@21/19@10/6

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.40.131, 142.251.40.110, 142.250.80.46, 172.253.62.84, 142.251.40.206, 142.250.65.206, 142.251.40.238, 142.250.65.170, 142.250.65.234, 142.250.65.202, 142.251.32.106, 142.251.40.138, 142.251.40.202, 142.251.35.170, 142.251.40.170, 142.251.40.234, 142.251.41.10, 142.251.40.106, 172.217.165.138, 142.250.80.74, 142.250.80.106, 142.250.81.234, 142.250.176.202, 199.232.210.172, 142.251.35.174, 142.250.80.110, 142.250.65.238, 142.250.65.195, 142.250.176.206, 142.251.40.195, 20.109.210.53, 184.31.69.3
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://schoolmngt.ubpages.com/managent/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "main.css", last modified: Mon Mar 24 18:03:21 2025, from Unix, original size modulo 2^32 15106
Category:	downloaded
Size (bytes):	2944
Entropy (8bit):	7.923227677104379
Encrypted:	false
SSDEEP:	48:XKho1kyMoWIrJOEUF5GN3CS0c9xd2vUBR591cyRtrkX0uFDiIFEjGnam+M50v7Au:mo1leIrJH85WZOO1cybwXBFuO7+pEX+
MD5:	39FEFDFFDE049F459A5268AC38054B39
SHA1:	D17269E2C4E525F0BF8976BE275850A24F8D2F0A
SHA-256:	E76F00A95835BD40BC14F0003C4CC81ED78CEFD3C536FB09F6C6C36D058BC5C0
SHA-512:	700742785C3BC5F009662A2BBC6203E75909EA4947D2DD28FA6FFFE1AB18998BBA616A92C1EB1B9BBB3F7ED20783A5AAA82983DD2A503082BAA7BDE0DE7FD658
Malicious:	false
Reputation:	low
URL:	https://builder-assets.unbounce.com/published-css/main-ebbfc5e.z.css
Preview:	....i..g..main.css..[.8...O.v.FWu....p....}.....H6........W..%$.\{.DL.....K.....H.....:.....0"pA....MY..".AR..L.....{Z...'P.q.%...)...r......Dfvx@\..J..%....Aw.#)...//......^....)J.m3l.....).](..p.Yp^.....D.r.o.....w~2..\{8.QusH.Y^..a..../.....l.T..Q.....W.......h.P.uR.P.v\|@.0.-!.K.......V.E}NNx.W.q.....\;_...x5........r.._...)S8u..OeQQ..;\.a~.......y.)>.{i.S.S..1..=).V.\|.M.;7..o-..,.D..3%8GmBOl.......;....0....>..Mo..,......k./'4.F....M!}......):.q..Uz..X.d...J.&..^6.%.I.....\...f.D.. E..^..% }9V.9.quL.....=_......B.B.B.[..`7..,p..."7[...-+..D...mk.Q.....}rf....JW..sA.K3..fh6...-.u0(H.j:.`f.P.(..t.^]...?..O...2...k7..n........NnM."?r._A..p.......w.b.g..t/...H.v..0...w..QZT@.......6..K..4kYDN.<.W-....'......r..'....?bp`........$I.Y.~....a.b...........t.%...C#v/.{...).........P..N...>.&.+...EB5=..l.e.F.]wE.......\.....D.....B4kK..j...;..vEY.../...ID.)..`.0s.<.y.i.^...[..;.UQ...7..W.#j.-*...c..v...df&.>.....v..!....E.p8.w.gZ.Wy(..

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.039148671903071
Encrypted:	false
SSDEEP:	3:QQinPrjJiY:+PrB
MD5:	E7DD7096D0232111F1BBB78DFB0261C0
SHA1:	1DBB0ACF17C2C4B3E0525F6CD7A63ACB63187BDD
SHA-256:	909BE5D74A4DF779090FA7974832E4B889F30B80EF66F17093F093E55B772EB4
SHA-512:	F91E6314C395C06DBB8211DC249BF469B3CD43AEED75C273450BDE4F47D31A6452DF11E4809C60AE519B311FA78F9B680A7A46871E3F067B43CA2C7FC49256DA
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCSPUxQgpTqVFEgUNeG8SGRIFDXyAUzUhSUNIxBr_eTM=?alt=proto
Preview:	ChIKBw14bxIZGgAKBw18gFM1GgA=

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44628)
Category:	downloaded
Size (bytes):	44693
Entropy (8bit):	5.391070864416709
Encrypted:	false
SSDEEP:	768:7EAfXgIEtL+jgBD+AkeYa8ADC7qfDfETk:ICXgHtyjgRk1bADC7qb
MD5:	A29B73706E355AF9CECF33791DD81C03
SHA1:	79E86B0E0AE9731141EE3B380FE55530EFCB5988
SHA-256:	870E33C07DFAB900FFC54747F4D21E61F6557C9DDF22FFD892624AE522B824CD
SHA-512:	B6853281C138C784E371140E92561A2AE554753FEB74244A47A676999F978EEFA9B8B2EE8B105C17624C07DFE085DF3C86C58B335DE5AF6B87ABFAD873408C07
Malicious:	false
Reputation:	low
URL:	https://schoolmngt.ubpages.com/_ub/static/ts/786ffa188154a7a81202c5d108dc70f1e0214262.js
Preview:	/! For license information please see tracker.js.LICENSE.txt /.!function(){var e={366:function(e){var n={utf8:{stringToBytes:function(e){return n.bin.stringToBytes(unescape(encodeURIComponent(e)))},bytesToString:function(e){return decodeURIComponent(escape(n.bin.bytesToString(e)))}},bin:{stringToBytes:function(e){for(var n=[],t=0;t<e.length;t++)n.push(255&e.charCodeAt(t));return n},bytesToString:function(e){for(var n=[],t=0;t<e.length;t++)n.push(String.fromCharCode(e[t]));return n.join("")}}};e.exports=n},843:function(e){var n,t;n="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",t={rotl:function(e,n){return e<<n\|e>>>32-n},rotr:function(e,n){return e<<32-n\|e>>>n},endian:function(e){if(e.constructor==Number)return 16711935&t.rotl(e,8)\|4278255360&t.rotl(e,24);for(var n=0;n<e.length;n++)e[n]=t.endian(e[n]);return e},randomBytes:function(e){for(var n=[];e>0;e--)n.push(Math.floor(256*Math.random()));return n},bytesToWords:function(e){for(var n=[],t=0,r=0;t<e.length;t++,r+

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1922)
Category:	downloaded
Size (bytes):	9188
Entropy (8bit):	5.357577735794839
Encrypted:	false
SSDEEP:	192:v45ON3CsopSsqjK36WozqSiQ4aw2TloWC2DYjwlyUoRJk:v43VqjK36WouQvTlop2DYu
MD5:	58E1B32BBD381FA225D48C75A0EC211C
SHA1:	F77548E8401331E05780AE0D96666B6DD7649171
SHA-256:	F172E2C0D5742579EDBC3C4515CC7D22582F0A74A60F518108CB15055F79C034
SHA-512:	F100EBCDDC39B9893253E6F5875A4B17F5CBB5A35DBF968E1B498D29A0BEA1A50114955918D6F174FFB26EB4495EC7C358EB4BA2008A07EBE9D6F9A1B3456715
Malicious:	false
Reputation:	low
URL:	https://schoolmngt.ubpages.com/managent/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8" >. 2865b8d7-7c69-4393-98fa-be4e5df152ba a-->.. <title></title>. <meta name="keywords" content="">. <meta name="description" content="">.. .. <link type="text/css" rel="stylesheet" href="blob:https://app.unbounce.com/a4d797ce-475e-4026-a42d-99d08655048e"><link type="text/css" rel="stylesheet" href="blob:https://app.unbounce.com/c454ed71-3fce-43f4-9345-7523c8fed871"><script>.//.window.gon.ensignFlags = {snapToGrid: false};.// .</script>... .. <meta name="robots" content="noindex, nofollow"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="lp-version" content="v6.24.191"><style title="page-styles" type="text/css" data-page-type="main_desktop">.body {. color:#000;.}.a {. color:#0000ff;. text-decoration:none;.}.#lp-pom-root

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	47
Entropy (8bit):	4.011411723741875
Encrypted:	false
SSDEEP:	3:GAJzRx3G/MRUezQF7hXWL:5zRx3G0Cezo8
MD5:	F9AE9006943E3A67B95CA4C6C733B6D4
SHA1:	9F9E7A7E2602D29E4DF8C38DF6277AB37FB1B079
SHA-256:	CD8B79123A843EEE64985A23257E2FAB80EF2C4C08427B688EA979671FC1C457
SHA-512:	7BCF52C862AAB427DAB5EDE35605A6A8B935CAC3982E6120ECE1FC7D9F81F95C05DDBB49CFB44E9E97C18C810459BE90B0B074F05D427C6592C125D5430F623D
Malicious:	false
Reputation:	low
URL:	https://schoolmngt.ubpages.com/favicon.ico
Preview:	The requested URL was not found on this server.

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 730 x 275, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2810
Entropy (8bit):	7.59883834567946
Encrypted:	false
SSDEEP:	48:8llYu/6OGQWoOIHxh8KtEl9pkpY6FGQmvcTaxQA9g+jtqMkdQawJ6fdRMe6o1IqS:8L1SB4OIRh8KWfpIdFp5T2Pu+WdRuUb0
MD5:	DEA5F9647084A87A0C6A15277F49118B
SHA1:	AB4443A23D16255C65D4DC93A45A4CF552C92B7D
SHA-256:	8EF1BB9D1FE2F4B6E10FB847848B518CAD94A80BE4227CA78C2D5C157AD60EE4
SHA-512:	41C4CB0C10156A0C5A9FB207B0B45D534BC88B2EA034654DD62251B72F46E47C9386CC1349A0352D731E71C0020A9F3142230E4E10FF678ADA498C956DB6FF1D
Malicious:	false
Reputation:	low
URL:	https://d9hhrg4mnvzow.cloudfront.net/schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png
Preview:	.PNG........IHDR.............??Q.....PLTE...C...........1.Q.B6............f..=+%..$7~.<Zz+......8{Y>5FdjK1.':M<4......w...j...........kK..............Mo............08H.....u......}[biwTNMa]c.......yC.g\...sm.L;y..ZL..V..5..[.l..Z..C...e8~Oi..c....pHYs.................IDATx...S.X...;.;....../@.# OE[......O.s...~.....S...t...S'..{Mh................t..[ S...1...m......q}.....N.n.?.8q^.{.!..B..p.rr.a...A...d.>.r....&..@.?\|.../'...m.>./.F...t$H}..I7".....<$..B...d..}.\...l.?.WI7...G.^.d#.~?.5{....... .E;.\|\|.".H....0......h.&.>....5....m..%/._.U.u.i.7.....~...W......U....._v.62..h#[..5$..md#....&.....d.$.H....h#..._.:........R=..........F...\|..m..#.r.^..vs.~h.h...hw....Zo..+.. ..R...$.O.._.O^.>&E.H....m....>I...h#..3y:.....!.u[..C..\C"..~..l...wp#.+..o....C.FF....o.&.^.M>...4%&...Ug..~....C..lu.bqm.........................A.h.w.6.G+....l.#.K...ys^.,.......n.'I..v./.=!.8......BEvi2.j...}s....=..5....#IwM.m.^...m>B3...Kp.`w.<...hE^)....

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	47
Entropy (8bit):	4.011411723741875
Encrypted:	false
SSDEEP:	3:GAJzRx3G/MRUezQF7hXWL:5zRx3G0Cezo8
MD5:	F9AE9006943E3A67B95CA4C6C733B6D4
SHA1:	9F9E7A7E2602D29E4DF8C38DF6277AB37FB1B079
SHA-256:	CD8B79123A843EEE64985A23257E2FAB80EF2C4C08427B688EA979671FC1C457
SHA-512:	7BCF52C862AAB427DAB5EDE35605A6A8B935CAC3982E6120ECE1FC7D9F81F95C05DDBB49CFB44E9E97C18C810459BE90B0B074F05D427C6592C125D5430F623D
Malicious:	false
Reputation:	low
URL:	https://schoolmngt.ubpages.com/assets/d5046483-1668-4739-a080-17dfa8f93d47/googleeee.original.png?1742835208
Preview:	The requested URL was not found on this server.

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 730 x 275, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2810
Entropy (8bit):	7.59883834567946
Encrypted:	false
SSDEEP:	48:8llYu/6OGQWoOIHxh8KtEl9pkpY6FGQmvcTaxQA9g+jtqMkdQawJ6fdRMe6o1IqS:8L1SB4OIRh8KWfpIdFp5T2Pu+WdRuUb0
MD5:	DEA5F9647084A87A0C6A15277F49118B
SHA1:	AB4443A23D16255C65D4DC93A45A4CF552C92B7D
SHA-256:	8EF1BB9D1FE2F4B6E10FB847848B518CAD94A80BE4227CA78C2D5C157AD60EE4
SHA-512:	41C4CB0C10156A0C5A9FB207B0B45D534BC88B2EA034654DD62251B72F46E47C9386CC1349A0352D731E71C0020A9F3142230E4E10FF678ADA498C956DB6FF1D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............??Q.....PLTE...C...........1.Q.B6............f..=+%..$7~.<Zz+......8{Y>5FdjK1.':M<4......w...j...........kK..............Mo............08H.....u......}[biwTNMa]c.......yC.g\...sm.L;y..ZL..V..5..[.l..Z..C...e8~Oi..c....pHYs.................IDATx...S.X...;.;....../@.# OE[......O.s...~.....S...t...S'..{Mh................t..[ S...1...m......q}.....N.n.?.8q^.{.!..B..p.rr.a...A...d.>.r....&..@.?\|.../'...m.>./.F...t$H}..I7".....<$..B...d..}.\...l.?.WI7...G.^.d#.~?.5{....... .E;.\|\|.".H....0......h.&.>....5....m..%/._.U.u.i.7.....~...W......U....._v.62..h#[..5$..md#....&.....d.$.H....h#..._.:........R=..........F...\|..m..#.r.^..vs.~h.h...hw....Zo..+.. ..R...$.O.._.O^.>&E.H....m....>I...h#..3y:.....!.u[..C..\C"..~..l...wp#.+..o....C.FF....o.&.^.M>...4%&...Ug..~....C..lu.bqm.........................A.h.w.6.G+....l.#.K...ys^.,.......n.'I..v./.=!.8......BEvi2.j...}s....=..5....#IwM.m.^...m>B3...Kp.`w.<...hE^)....

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3915)
Category:	downloaded
Size (bytes):	3920
Entropy (8bit):	5.8250301044464825
Encrypted:	false
SSDEEP:	96:MKhlcH6666rpofyTyRsBcoDHwQ5jHkxzeGM17hJZQffffo:9XcH6666rpoR+BcorwQ1v1R
MD5:	415D1C34B1D0F1A57E4B62CCC0901858
SHA1:	721A72E60F4EC536F0C6540A5363F5F216557855
SHA-256:	EE638686135750F2FAC62BBEAA7597F0782E0CC5D73293AE044C6034D7E329B4
SHA-512:	BD6CD8FB4B829BBA4BE111876277D21D6861601E662C45FC859DC8087EF067FE7D7BD18B6F637FAD36DA2A23832D8F929B058FE394EB53487CF642FC513898D2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["bill chisholm celtics","assassin creed shadows","boeing fighter jets f 47","dairy queen blizzards 85 cents","1923 season 2 episode 5","fincen boi reporting","okc thunder la clippers","apple iphone 17 pro max price"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXR4X3h4cHg2EgpWaWRlbyBnYW1lMs8QZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CRVFBQ0VRRURFUUgveEFBYkFBRUFBZ01CQVFBQUFBQUFBQUFBQUFBQUJRWUNBd1FIQWYvRUFEUVFBQUVEQXdJQ0J3WUdBd0FBQUFBQUFBRUNBd1FBQlJFU0lRWXhFeUpCVVdGeGdRY1VJMktSc1JVeVFsS2g0VFNDa3YvRUFCb0JBUUFEQVFFQkFBQUFBQUFBQUFBQUFBQ

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "main.bundle.js", last modified: Mon Mar 24 18:03:21 2025, from Unix, original size modulo 2^32 141610
Category:	downloaded
Size (bytes):	41663
Entropy (8bit):	7.993428287053838
Encrypted:	true
SSDEEP:	768:pdNzUh9MZ4rjJhri/4+sTe7SE78zsAYfbVjTPdP1t0YLOqT1kfleGzlsLJ:pdNoE4S/wepZfbVjT3t0Ykfl7G
MD5:	A942D0203943698FDCB45C73A57FE5A1
SHA1:	41C68888DC5E22F56308E628FD5F824B1E397858
SHA-256:	D33C9752EC2E075A999D45AAD3F334D04CAAD2C8C96B68C5562F874528569C27
SHA-512:	AAFCBC08CDABF5A74C3A7DB4613F3AE562C6AE08988E46EB8E0D5F80EC3A350FE59046D79185C32C49BD793A6AB18046F726A992E78DBBB4685B6EAB6E592939
Malicious:	false
Reputation:	low
URL:	https://builder-assets.unbounce.com/published-js/main.bundle-f4428e5.z.js
Preview:	....i..g..main.bundle.js..[.s.F..+".N..#.R.{.h..q..\./r.UG1.....1.``Y+r..}=......rU{uW...y.....Ao.T3-d.W..B...a;.'2.X....b5..&.9=.."..z..._K...a.e...YQ..N]9.,<../e..0.$.t+.U^1..r..y.R.....T.c......t:..Q..J..........W......:......x.C.T..<...~.....~5.....jy...n.......x..]e..7%...{.sts.k..w..,.:...........2....<.[..A..T.I3U..5..S.K.L..mk.;.f....US.....A".!.b.J....>..4V}i..._..u..6.v"@E...x.uw..1.SQ..]L%....xT.l....s..jGm.vT.:.......,"H..4....c.ZI-i.._.U.YV.......Ip../..6...y......]...~Tp.V...".j...T..b~2.!(F...dy.....Ya...P...V.U.E...t53-Ug..4\._.S..tj..M`.>.:K.^...._l.X.)............[g.1.....4.".k...j..3..E).B..^3...[.&.Y..y..;..5.un..;. ....T....W.e5s.~g....YQ.x.k.d1..oR..82.".SQ.........^ .%..fO.c.......u.=Z....]..V..-y....._.J/8.....[...&a...P..:.....".L.u..X=..t..QxD}f..Uu)f..tB..qT.[....G......]<..9..j.k3]W..;......._.\|A.~....F....A..=..[7{.......q4m..R@.i.<...J...X.y5...%,3...{.6N.....x[.0..j}..V.?.P....I.'[E0..-D.n.R.K#..

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 165
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 21:30:52.519197941 CET	49677	443	192.168.2.7	2.18.98.62
Mar 24, 2025 21:30:52.519210100 CET	49676	80	192.168.2.7	23.199.215.203
Mar 24, 2025 21:30:54.019006968 CET	49675	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:30:54.019083977 CET	49674	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:30:54.019083023 CET	49673	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:31:02.128631115 CET	49676	80	192.168.2.7	23.199.215.203
Mar 24, 2025 21:31:02.128638983 CET	49677	443	192.168.2.7	2.18.98.62
Mar 24, 2025 21:31:02.816997051 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:02.817049026 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:02.817121029 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:02.817301035 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:02.817317009 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:03.030751944 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:03.030822992 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:03.032391071 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:03.032402992 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:03.032681942 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:03.082434893 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:03.618632078 CET	49675	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:31:03.618653059 CET	49674	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:31:03.623044968 CET	49673	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:31:03.778702974 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:03.778760910 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:03.778841019 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:03.779485941 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:03.779524088 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:03.779611111 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:03.779745102 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:03.779762983 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:03.779978991 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:03.779990911 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.005626917 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.005729914 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.006481886 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.006552935 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.006915092 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.006926060 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.007215977 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.007756948 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.007774115 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.008018017 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.008119106 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.048324108 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.050548077 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.311489105 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.311614037 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.311687946 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.311702013 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.311770916 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.311800003 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.311846018 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.311855078 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.311986923 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.314316988 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.317435026 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.317509890 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.317529917 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.317574024 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.317656994 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.334148884 CET	49691	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.334175110 CET	443	49691	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.370353937 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.416325092 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.454184055 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:04.454225063 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:04.454308033 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:04.454679966 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:04.454694986 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:04.597151041 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.597198963 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.597753048 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.598267078 CET	49690	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.598300934 CET	443	49690	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.601353884 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.601408958 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.601548910 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.601952076 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.601965904 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.824639082 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.825228930 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.825257063 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:04.825634956 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:04.825644016 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.078159094 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.078294039 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.101356030 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.101404905 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.101469994 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.101501942 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.101504087 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.101516008 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.101552963 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.101567984 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.101615906 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.103176117 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.106316090 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.108350039 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.108386040 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.108436108 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.108447075 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.108483076 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.111090899 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.113435030 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.113444090 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.115659952 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.115694046 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.115746975 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.115755081 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.115801096 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.118117094 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.120620966 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.120673895 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.120687962 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.120697975 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.120773077 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.124181986 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.127991915 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.129429102 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.129437923 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.130693913 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.132452011 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.132483959 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.132527113 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.132539034 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.132558107 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.188589096 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.202828884 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.202858925 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.203169107 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.203634024 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.210289001 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.211133003 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.211172104 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.211200953 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.211216927 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.211256027 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.213453054 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.217341900 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.217370987 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.217380047 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.217391968 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.217437029 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.217443943 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.217463970 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.217535973 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.218453884 CET	49694	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.218473911 CET	443	49694	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.224561930 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.224596977 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.224776030 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.225100994 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.225114107 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.248334885 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.352924109 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.352956057 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.353069067 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.353092909 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.353110075 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.353167057 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.354150057 CET	49693	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.354171038 CET	443	49693	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.406282902 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.406328917 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.406512022 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.415705919 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.415719986 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.426537991 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.426907063 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.426922083 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.427117109 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.427123070 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.638004065 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.638326883 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.638354063 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.638933897 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.638940096 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.639044046 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.639049053 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.693758965 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.693785906 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.693800926 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.693847895 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.693871975 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.693958044 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.696533918 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.696640968 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.702394009 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:05.712580919 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.712600946 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.712697983 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.712714911 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.712733984 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.712800980 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.744352102 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.787214041 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.787291050 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.787314892 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.787354946 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.787970066 CET	49695	443	192.168.2.7	18.238.80.20
Mar 24, 2025 21:31:05.787988901 CET	443	49695	18.238.80.20	192.168.2.7
Mar 24, 2025 21:31:05.836059093 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.836117029 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.836144924 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.836195946 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:05.836215973 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.836275101 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:05.842636108 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.843780041 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.843858004 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:05.844106913 CET	49689	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:31:05.844127893 CET	443	49689	142.250.65.196	192.168.2.7
Mar 24, 2025 21:31:05.903980970 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.904047966 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.904164076 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.905064106 CET	49696	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:05.905083895 CET	443	49696	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:05.935961008 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:05.935997009 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:05.936228991 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:05.936392069 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:05.936405897 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.141607046 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.141669989 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.143637896 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.143646002 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.143906116 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.144387007 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.188322067 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.468966961 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.468992949 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.469038010 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.469050884 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.469400883 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.469505072 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.469888926 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.469898939 CET	443	49698	18.164.115.141	192.168.2.7
Mar 24, 2025 21:31:06.469912052 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.469935894 CET	49698	443	192.168.2.7	18.164.115.141
Mar 24, 2025 21:31:06.479037046 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.479057074 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.479168892 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.479326963 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.479334116 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.618253946 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:06.618299961 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:06.618371010 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:06.618587971 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:06.618602991 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:06.694654942 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.694987059 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.695010900 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.695177078 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.695182085 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.920698881 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:06.920783997 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:06.921283960 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:06.921293974 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:06.921530962 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:06.921876907 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:06.951836109 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.951888084 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.952007055 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.952815056 CET	49699	443	192.168.2.7	104.18.41.137
Mar 24, 2025 21:31:06.952831984 CET	443	49699	104.18.41.137	192.168.2.7
Mar 24, 2025 21:31:06.968316078 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:07.148463964 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:07.148482084 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:07.148632050 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:07.148648024 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:07.149260044 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:07.149753094 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:07.149760962 CET	443	49701	18.164.115.5	192.168.2.7
Mar 24, 2025 21:31:07.149811983 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:07.149811983 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:07.149836063 CET	49701	443	192.168.2.7	18.164.115.5
Mar 24, 2025 21:31:13.448298931 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:31:13.545150995 CET	80	49704	142.250.81.227	192.168.2.7
Mar 24, 2025 21:31:13.545414925 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:31:13.545536041 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:31:13.646150112 CET	80	49704	142.250.81.227	192.168.2.7
Mar 24, 2025 21:31:13.648607016 CET	80	49704	142.250.81.227	192.168.2.7
Mar 24, 2025 21:31:13.654210091 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:31:13.753511906 CET	80	49704	142.250.81.227	192.168.2.7
Mar 24, 2025 21:31:13.800704002 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:31:14.903553963 CET	49672	443	192.168.2.7	2.23.227.208
Mar 24, 2025 21:31:14.903598070 CET	443	49672	2.23.227.208	192.168.2.7
Mar 24, 2025 21:31:29.371428967 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:29.684983015 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:30.290404081 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:31.493458033 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:33.899094105 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:37.936769962 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:31:38.248327017 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:31:38.713413954 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:38.855031967 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:31:40.057903051 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:31:42.464303970 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:31:47.275500059 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:31:48.324510098 CET	49671	443	192.168.2.7	204.79.197.203
Mar 24, 2025 21:31:56.885782957 CET	49678	443	192.168.2.7	20.189.173.15
Mar 24, 2025 21:32:02.763829947 CET	49716	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:32:02.763883114 CET	443	49716	142.250.65.196	192.168.2.7
Mar 24, 2025 21:32:02.764003992 CET	49716	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:32:02.764189005 CET	49716	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:32:02.764203072 CET	443	49716	142.250.65.196	192.168.2.7
Mar 24, 2025 21:32:02.981059074 CET	443	49716	142.250.65.196	192.168.2.7
Mar 24, 2025 21:32:02.981483936 CET	49716	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:32:02.981509924 CET	443	49716	142.250.65.196	192.168.2.7
Mar 24, 2025 21:32:13.026478052 CET	443	49716	142.250.65.196	192.168.2.7
Mar 24, 2025 21:32:13.026531935 CET	443	49716	142.250.65.196	192.168.2.7
Mar 24, 2025 21:32:13.026580095 CET	49716	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:32:13.969383955 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:32:14.065808058 CET	80	49704	142.250.81.227	192.168.2.7
Mar 24, 2025 21:32:14.065864086 CET	49704	80	192.168.2.7	142.250.81.227
Mar 24, 2025 21:32:14.958189011 CET	49716	443	192.168.2.7	142.250.65.196
Mar 24, 2025 21:32:14.958230019 CET	443	49716	142.250.65.196	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 21:30:58.463381052 CET	53	50724	1.1.1.1	192.168.2.7
Mar 24, 2025 21:30:58.509856939 CET	53	61359	1.1.1.1	192.168.2.7
Mar 24, 2025 21:30:59.295650959 CET	53	49804	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:02.708710909 CET	49969	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:02.708890915 CET	63307	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:02.814264059 CET	53	49969	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:02.815804958 CET	53	63307	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:03.619959116 CET	61224	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:03.620173931 CET	62809	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:03.735443115 CET	53	62809	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:03.777915001 CET	53	61224	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:04.333796024 CET	65462	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:04.333956003 CET	51788	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:04.440988064 CET	53	51788	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:04.453466892 CET	53	65462	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:05.525789976 CET	53	60321	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:05.815371037 CET	54704	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:05.815826893 CET	52012	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:05.923439980 CET	53	52012	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:05.935223103 CET	53	54704	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:06.481286049 CET	53800	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:06.481553078 CET	56790	53	192.168.2.7	1.1.1.1
Mar 24, 2025 21:31:06.589454889 CET	53	56790	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:06.617304087 CET	53	53800	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:16.518253088 CET	53	56856	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:35.310235023 CET	53	65186	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:57.817069054 CET	53	62098	1.1.1.1	192.168.2.7
Mar 24, 2025 21:31:58.043822050 CET	53	49792	1.1.1.1	192.168.2.7
Mar 24, 2025 21:32:01.155019045 CET	53	57848	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 21:31:02.708710909 CET	192.168.2.7	1.1.1.1	0x16c6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:02.708890915 CET	192.168.2.7	1.1.1.1	0x554	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 21:31:03.619959116 CET	192.168.2.7	1.1.1.1	0x629d	Standard query (0)	schoolmngt.ubpages.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:03.620173931 CET	192.168.2.7	1.1.1.1	0x70b5	Standard query (0)	schoolmngt.ubpages.com	65	IN (0x0001)	false
Mar 24, 2025 21:31:04.333796024 CET	192.168.2.7	1.1.1.1	0x2ebb	Standard query (0)	builder-assets.unbounce.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:04.333956003 CET	192.168.2.7	1.1.1.1	0x46b2	Standard query (0)	builder-assets.unbounce.com	65	IN (0x0001)	false
Mar 24, 2025 21:31:05.815371037 CET	192.168.2.7	1.1.1.1	0xf4c3	Standard query (0)	d9hhrg4mnvzow.cloudfront.net	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:05.815826893 CET	192.168.2.7	1.1.1.1	0x736d	Standard query (0)	d9hhrg4mnvzow.cloudfront.net	65	IN (0x0001)	false
Mar 24, 2025 21:31:06.481286049 CET	192.168.2.7	1.1.1.1	0x7c6	Standard query (0)	d9hhrg4mnvzow.cloudfront.net	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.481553078 CET	192.168.2.7	1.1.1.1	0x5953	Standard query (0)	d9hhrg4mnvzow.cloudfront.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 21:31:02.814264059 CET	1.1.1.1	192.168.2.7	0x16c6	No error (0)	www.google.com		142.250.65.196	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:02.815804958 CET	1.1.1.1	192.168.2.7	0x554	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 21:31:03.777915001 CET	1.1.1.1	192.168.2.7	0x629d	No error (0)	schoolmngt.ubpages.com		104.18.41.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:03.777915001 CET	1.1.1.1	192.168.2.7	0x629d	No error (0)	schoolmngt.ubpages.com		172.64.146.119	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:04.453466892 CET	1.1.1.1	192.168.2.7	0x2ebb	No error (0)	builder-assets.unbounce.com		18.238.80.20	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:04.453466892 CET	1.1.1.1	192.168.2.7	0x2ebb	No error (0)	builder-assets.unbounce.com		18.238.80.123	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:04.453466892 CET	1.1.1.1	192.168.2.7	0x2ebb	No error (0)	builder-assets.unbounce.com		18.238.80.39	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:04.453466892 CET	1.1.1.1	192.168.2.7	0x2ebb	No error (0)	builder-assets.unbounce.com		18.238.80.109	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:05.935223103 CET	1.1.1.1	192.168.2.7	0xf4c3	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.141	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:05.935223103 CET	1.1.1.1	192.168.2.7	0xf4c3	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.5	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:05.935223103 CET	1.1.1.1	192.168.2.7	0xf4c3	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.116	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:05.935223103 CET	1.1.1.1	192.168.2.7	0xf4c3	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.225	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.617304087 CET	1.1.1.1	192.168.2.7	0x7c6	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.5	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.617304087 CET	1.1.1.1	192.168.2.7	0x7c6	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.225	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.617304087 CET	1.1.1.1	192.168.2.7	0x7c6	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.116	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.617304087 CET	1.1.1.1	192.168.2.7	0x7c6	No error (0)	d9hhrg4mnvzow.cloudfront.net		18.164.115.141	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

schoolmngt.ubpages.com

builder-assets.unbounce.com

d9hhrg4mnvzow.cloudfront.net

www.google.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.7	49704	142.250.81.227	80

Timestamp	Bytes transferred	Direction	Data
Mar 24, 2025 21:31:13.545536041 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 21:31:13.648607016 CET	222	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 20:19:48 GMT Expires: Mon, 24 Mar 2025 21:09:48 GMT Age: 685 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 24, 2025 21:31:13.654210091 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 21:31:13.753511906 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 20:10:24 GMT Expires: Mon, 24 Mar 2025 21:00:24 GMT Age: 1249 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49691	104.18.41.137	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:04 UTC	681	OUT	GET /managent/ HTTP/1.1 Host: schoolmngt.ubpages.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:04 UTC	1361	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close set-cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; Max-Age=15552000; Path=/; SameSite=Lax content-location: https://schoolmngt.ubpages.com/managent/ etag: W/"a:29666bf2d1ad44a5af17c44eff30603c" link: <https://schoolmngt.ubpages.com/managent/>; rel="canonical" x-unbounce-pageid: 2865b8d7-7c69-4393-98fa-be4e5df152ba x-unbounce-variant: a x-unbounce-visitorid: 29666bf2-d1ad-44a5-af17-c44eff30603c cf-cache-status: DYNAMIC vary: accept-encoding Set-Cookie: ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; Max-Age=259200; Domain=ubpages.com; Path=/; SameSite=Lax Set-Cookie: ubpv=a%2C2865b8d7-7c69-4393-98fa-be4e5df152ba; Max-Age=15897600; Path=/managent/; SameSite=Lax Set-Cookie: __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI; path=/; expires=Mon, 24-Mar-25 21:01:04 GMT; domain=.ubpages.com; HttpOnly; Secure; SameSite=None X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval' Server: cloudflare
2025-03-24 20:31:04 UTC	32	IN	Data Raw: 43 46 2d 52 41 59 3a 20 39 32 35 38 65 65 31 33 32 39 33 30 34 66 37 37 2d 45 57 52 0d 0a 0d 0a Data Ascii: CF-RAY: 9258ee1329304f77-EWR
2025-03-24 20:31:04 UTC	1369	IN	Data Raw: 32 33 65 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 32 38 36 35 62 38 64 37 2d 37 63 36 Data Ascii: 23e4<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8" > ...2865b8d7-7c6
2025-03-24 20:31:04 UTC	1369	IN	Data Raw: 3a 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 23 6c 70 2d 70 6f 6d 2d 69 6d 61 67 65 2d 31 34 20 7b 0a 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 20 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 29 3b 0a 20 6c 65 66 74 3a 31 35 70 78 3b 0a 20 74 6f 70 3a 39 38 70 78 3b 0a 20 7a 2d 69 6e 64 65 78 3a 31 3b 0a 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 7d 0a 23 6c 70 2d 70 6f 6d 2d 62 75 74 74 6f 6e 2d 31 36 20 7b 0a 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 0a 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 0a 20 6c 65 66 74 3a 33 34 30 70 78 3b 0a 20 74 6f 70 3a 31 32 38 70 78 3b 0a 20 7a 2d 69 6e 64 65 78 3a 33 3b 0a 20 77 69 64 Data Ascii: :relative;}#lp-pom-image-14 { display:block; background:rgba(255,255,255,0); left:15px; top:98px; z-index:1; position:absolute;}#lp-pom-button-16 { display:block; border-style:none; border-radius:5px; left:340px; top:128px; z-index:3; wid
2025-03-24 20:31:04 UTC	1369	IN	Data Raw: 68 74 3a 35 33 70 78 3b 0a 7d 0a 2e 6c 70 2d 70 6f 6d 2d 66 6f 72 6d 2d 66 69 65 6c 64 20 2e 75 62 2d 69 6e 70 75 74 2d 69 74 65 6d 2e 73 69 6e 67 6c 65 2e 66 6f 72 6d 5f 65 6c 65 6d 5f 70 61 73 73 77 6f 72 64 20 7b 0a 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 20 74 6f 70 3a 31 39 70 78 3b 0a 20 6c 65 66 74 3a 30 70 78 3b 0a 20 77 69 64 74 68 3a 34 38 39 70 78 3b 0a 20 68 65 69 67 68 74 3a 33 34 70 78 3b 0a 7d 0a 23 6c 61 62 65 6c 5f 70 61 73 73 77 6f 72 64 20 7b 0a 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 20 74 6f 70 3a 30 70 78 3b 0a 20 6c 65 66 74 3a 30 70 78 3b 0a 20 77 69 64 74 68 3a 34 38 39 70 78 3b 0a 20 68 65 69 67 68 74 3a 31 35 70 78 3b 0a 7d 0a 23 6c 70 2d 70 6f 6d 2d 62 75 74 74 6f 6e 2d 31 36 3a 68 6f 76 Data Ascii: ht:53px;}.lp-pom-form-field .ub-input-item.single.form_elem_password { position:absolute; top:19px; left:0px; width:489px; height:34px;}#label_password { position:absolute; top:0px; left:0px; width:489px; height:15px;}#lp-pom-button-16:hov
2025-03-24 20:31:04 UTC	1369	IN	Data Raw: 2d 66 6f 72 6d 2d 66 69 65 6c 64 20 2e 6c 70 2d 66 6f 72 6d 2d 6c 61 62 65 6c 20 7b 0a 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 0a 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 0a 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 70 78 3b 0a 20 63 6f 6c 6f 72 3a 23 30 30 30 3b 0a 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 70 78 3b 0a 20 77 69 64 74 68 3a 61 75 74 6f 3b 0a 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 0a 7d 0a 23 6c 70 2d 70 6f 6d 2d 66 6f 72 6d 2d 31 35 20 2e 6c 70 2d 70 6f 6d 2d 66 6f 72 6d 2d 66 69 65 6c 64 20 2e 6c 70 2d 66 6f 72 6d 2d 6c 61 62 65 6c 20 2e 6c 61 62 65 6c 2d 73 74 79 6c 65 20 7b 0a 20 66 6f 6e Data Ascii: -form-field .lp-form-label { font-family:arial; font-weight:400; font-size:14px; line-height:15px; color:#000; display:block; margin-bottom:4px; width:auto; margin-right:0px;}#lp-pom-form-15 .lp-pom-form-field .lp-form-label .label-style { fon
2025-03-24 20:31:04 UTC	1369	IN	Data Raw: 2d 62 65 34 65 35 64 66 31 35 32 62 61 22 2c 22 76 61 72 69 61 6e 74 49 64 22 3a 22 61 22 2c 22 75 73 65 64 41 73 22 3a 22 6d 61 69 6e 22 2c 22 6e 61 6d 65 22 3a 22 42 6c 61 6e 6b 20 50 61 67 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 73 63 68 6f 6f 6c 6d 6e 67 74 2e 75 62 70 61 67 65 73 2e 63 6f 6d 2f 6d 61 6e 61 67 65 6e 74 2f 22 2c 22 64 69 6d 65 6e 73 69 6f 6e 73 22 3a 7b 22 62 72 65 61 6b 70 6f 69 6e 74 73 22 3a 5b 22 64 65 73 6b 74 6f 70 22 5d 2c 22 64 65 73 6b 74 6f 70 22 3a 7b 22 68 65 69 67 68 74 22 3a 35 35 31 2c 22 77 69 64 74 68 22 3a 37 36 30 7d 7d 7d 2c 22 68 6f 6f 6b 73 22 3a 7b 22 62 65 66 6f 72 65 46 6f 72 6d 53 75 62 6d 69 74 22 3a 5b 5d 2c 22 61 66 74 65 72 46 6f 72 6d 53 75 62 6d 69 74 22 3a 5b 5d 7d 7d 3b 3c 2f 73 63 72 69 70 Data Ascii: -be4e5df152ba","variantId":"a","usedAs":"main","name":"Blank Page","url":"http://schoolmngt.ubpages.com/managent/","dimensions":{"breakpoints":["desktop"],"desktop":{"height":551,"width":760}}},"hooks":{"beforeFormSubmit":[],"afterFormSubmit":[]}};</scrip
2025-03-24 20:31:04 UTC	1369	IN	Data Raw: 6c 65 6d 65 6e 74 20 6c 70 2d 70 6f 6d 2d 69 6d 61 67 65 22 20 69 64 3d 22 6c 70 2d 70 6f 6d 2d 69 6d 61 67 65 2d 31 34 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 70 2d 70 6f 6d 2d 69 6d 61 67 65 2d 63 6f 6e 74 61 69 6e 65 72 22 20 73 74 79 6c 65 3d 22 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 67 69 66 3b 62 61 73 65 36 34 2c 52 30 6c 47 4f 44 6c 68 41 51 41 42 41 49 41 41 41 41 41 41 41 50 2f 2f 2f 79 48 35 42 41 45 41 41 41 41 41 4c 41 41 41 41 41 41 42 41 41 45 41 41 41 49 42 52 41 41 37 22 20 61 6c 74 3d 22 22 20 64 61 74 61 2d 73 72 63 2d 64 65 73 6b 74 6f 70 2d 31 78 3d 22 2f 2f 64 39 68 68 72 67 34 6d 6e 76 7a 6f 77 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 73 63 Data Ascii: lement lp-pom-image" id="lp-pom-image-14"><div class="lp-pom-image-container" style="overflow: hidden;"><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" alt="" data-src-desktop-1x="//d9hhrg4mnvzow.cloudfront.net/sc
2025-03-24 20:31:04 UTC	982	IN	Data Raw: 73 73 77 6f 72 64 22 20 72 65 71 75 69 72 65 64 3d 22 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 6c 70 2d 65 6c 65 6d 65 6e 74 20 6c 70 2d 70 6f 6d 2d 62 75 74 74 6f 6e 22 20 69 64 3d 22 6c 70 2d 70 6f 6d 2d 62 75 74 74 6f 6e 2d 31 36 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6c 61 62 65 6c 22 3e 3c 73 74 72 6f 6e 67 3e 4e 65 78 74 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 66 6f 72 6d 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 70 2d 65 6c 65 6d 65 6e 74 20 6c 70 2d 70 6f 6d 2d 62 6c 6f 63 6b 22 20 69 64 3d 22 6c 70 2d 70 6f 6d 2d 62 6c 6f 63 6b 2d 31 31 22 3e 3c 64 69 76 20 69 64 3d 22 6c 70 2d Data Ascii: ssword" required=""></div></div><button class="lp-element lp-pom-button" id="lp-pom-button-16" type="submit"><span class="label"><strong>Next</strong></span></button></form></div></div><div class="lp-element lp-pom-block" id="lp-pom-block-11"><div id="lp-
2025-03-24 20:31:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49690	104.18.41.137	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:04 UTC	1022	OUT	GET /assets/d5046483-1668-4739-a080-17dfa8f93d47/googleeee.original.png?1742835208 HTTP/1.1 Host: schoolmngt.ubpages.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://schoolmngt.ubpages.com/managent/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
2025-03-24 20:31:04 UTC	342	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Mar 2025 20:31:04 GMT Content-Type: text/html Content-Length: 47 Connection: close X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval' Server: cloudflare CF-RAY: 9258ee14996b9187-EWR
2025-03-24 20:31:04 UTC	47	IN	Data Raw: 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e Data Ascii: The requested URL was not found on this server.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49694	104.18.41.137	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:04 UTC	942	OUT	GET /_ub/static/ts/786ffa188154a7a81202c5d108dc70f1e0214262.js HTTP/1.1 Host: schoolmngt.ubpages.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://schoolmngt.ubpages.com/managent/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
2025-03-24 20:31:05 UTC	770	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:05 GMT Content-Type: application/javascript Transfer-Encoding: chunked Connection: close Last-Modified: Wed, 23 Oct 2024 21:59:14 GMT ETag: W/"a29b73706e355af9cecf33791dd81c03" x-amz-server-side-encryption: AES256 Cache-Control: public, max-age=31536000 x-amz-version-id: Gs6AC.4YTqhBRS9cAYuxlXQ5U5YOYxx2 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 dee6858c751ff64f8ae28f155bee69b2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: EWR53-C2 X-Amz-Cf-Id: NpBqiUWqPxX-rT6uZ95TyPRYQU5tck6ljnxsPM33DghM9G5J83x8tg== Age: 1075753 Referrer-Policy: no-referrer CF-Cache-Status: HIT Expires: Tue, 24 Mar 2026 20:31:05 GMT X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 9258ee186d793902-EWR
2025-03-24 20:31:05 UTC	599	IN	Data Raw: 37 63 39 64 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 74 72 61 63 6b 65 72 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 36 36 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 7b 75 74 66 38 3a 7b 73 74 72 69 6e 67 54 6f 42 79 74 65 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 2e 62 69 6e 2e 73 74 72 69 6e 67 54 6f 42 79 74 65 73 28 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 29 29 29 7d 2c 62 79 74 65 73 54 6f 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 Data Ascii: 7c9d/! For license information please see tracker.js.LICENSE.txt /!function(){var e={366:function(e){var n={utf8:{stringToBytes:function(e){return n.bin.stringToBytes(unescape(encodeURIComponent(e)))},bytesToString:function(e){return decodeURICompone
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 31 32 33 34 35 36 37 38 39 2b 2f 22 2c 74 3d 7b 72 6f 74 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 65 3c 3c 6e 7c 65 3e 3e 3e 33 32 2d 6e 7d 2c 72 6f 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 65 3c 3c 33 32 2d 6e 7c 65 3e 3e 3e 6e 7d 2c 65 6e 64 69 61 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 4e 75 6d 62 65 72 29 72 65 74 75 72 6e 20 31 36 37 31 31 39 33 35 26 74 2e 72 6f 74 6c 28 65 2c 38 29 7c 34 32 37 38 32 35 35 33 36 30 26 74 2e 72 6f 74 6c 28 65 2c 32 34 29 3b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 65 5b 6e 5d 3d 74 2e 65 6e 64 69 61 6e 28 65 5b 6e 5d 29 3b 72 65 74 75 72 6e 20 65 7d 2c 72 61 6e 64 Data Ascii: 123456789+/",t={rotl:function(e,n){return e<<n\|e>>>32-n},rotr:function(e,n){return e<<32-n\|e>>>n},endian:function(e){if(e.constructor==Number)return 16711935&t.rotl(e,8)\|4278255360&t.rotl(e,24);for(var n=0;n<e.length;n++)e[n]=t.endian(e[n]);return e},rand
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 3d 74 79 70 65 6f 66 20 42 75 66 66 65 72 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 42 75 66 66 65 72 2e 69 73 42 75 66 66 65 72 26 26 42 75 66 66 65 72 2e 69 73 42 75 66 66 65 72 28 65 29 3f 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 65 2c 30 29 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 7c 7c 28 65 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 29 3b 76 61 72 20 6e 3d 72 2e 62 79 74 65 73 54 6f 57 6f 72 64 73 28 65 29 2c 74 3d 38 2a 65 2e 6c 65 6e 67 74 68 2c 69 3d 5b 5d 2c 61 3d 31 37 33 32 35 38 34 31 39 33 2c 63 3d 2d 32 37 31 37 33 33 38 37 39 2c 75 3d 2d 31 37 33 32 35 38 34 31 39 34 2c 73 3d 32 37 31 37 33 33 38 37 38 2c 6c 3d 2d 31 30 30 39 35 38 39 37 37 36 3b 6e 5b 74 3e 3e 35 5d Data Ascii: =typeof Buffer&&"function"==typeof Buffer.isBuffer&&Buffer.isBuffer(e)?e=Array.prototype.slice.call(e,0):Array.isArray(e)\|\|(e=e.toString());var n=r.bytesToWords(e),t=8*e.length,i=[],a=1732584193,c=-271733879,u=-1732584194,s=271733878,l=-1009589776;n[t>>5]
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 6c 75 65 73 2e 62 69 6e 64 28 6d 73 43 72 79 70 74 6f 29 3b 69 66 28 6e 29 7b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 31 36 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 28 74 29 2c 74 7d 7d 65 6c 73 65 7b 76 61 72 20 72 3d 6e 65 77 20 41 72 72 61 79 28 31 36 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 2c 6e 3d 30 3b 6e 3c 31 36 3b 6e 2b 2b 29 30 3d 3d 28 33 26 6e 29 26 26 28 65 3d 34 32 39 34 39 36 37 32 39 36 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 72 5b 6e 5d 3d 65 3e 3e 3e 28 28 33 26 6e 29 3c 3c 33 29 26 32 35 35 3b 72 65 74 75 72 6e 20 72 7d 7d 7d 2c 36 37 39 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 Data Ascii: lues.bind(msCrypto);if(n){var t=new Uint8Array(16);e.exports=function(){return n(t),t}}else{var r=new Array(16);e.exports=function(){for(var e,n=0;n<16;n++)0==(3&n)&&(e=4294967296*Math.random()),r[n]=e>>>((3&n)<<3)&255;return r}}},679:function(e,n,t){var
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 28 76 6f 69 64 20 30 21 3d 3d 6f 29 72 65 74 75 72 6e 20 6f 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 6e 5b 72 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 28 69 2c 69 2e 65 78 70 6f 72 74 73 2c 74 29 2c 69 2e 65 78 70 6f 72 74 73 7d 74 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 64 65 66 61 75 6c 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 3b 72 65 74 75 72 6e 20 74 2e 64 28 6e 2c 7b 61 3a 6e 7d 29 2c 6e 7d 2c 74 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 20 69 6e 20 6e 29 74 2e 6f 28 6e 2c 72 29 26 26 21 74 2e 6f 28 65 2c 72 29 26 26 Data Ascii: (void 0!==o)return o.exports;var i=n[r]={exports:{}};return e[r](i,i.exports,t),i.exports}t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,{a:n}),n},t.d=function(e,n){for(var r in n)t.o(n,r)&&!t.o(e,r)&&
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 6f 6e 50 72 6f 63 65 73 73 6f 72 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 65 3d 6e 7d 2c 62 75 69 6c 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 7c 7c 65 28 74 68 69 73 2c 72 2c 6f 29 2c 6e 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 69 29 7b 66 6f 72 28 76 61 72 20 61 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 72 2c 69 29 7b 76 61 72 20 61 2c 63 3d 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 6e 29 3b 65 3f 74 2e 61 64 64 28 72 2c 28 61 3d 63 29 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 74 2c 72 2c 69 2c 61 2c 63 3d 30 2c 75 3d 30 2c 73 3d 5b 5d 3b 69 66 28 21 65 29 72 65 74 75 72 6e 20 65 3b 65 3d 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 Data Ascii: onProcessor:function(n){e=n},build:function(){return null==e\|\|e(this,r,o),n}}}function a(e){return function(t,r,i){for(var a=function(n,r,i){var a,c=JSON.stringify(n);e?t.add(r,(a=c)?function(e){var n,t,r,i,a,c=0,u=0,s=[];if(!e)return e;e=unescape(encodeU
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 2c 75 3d 76 6f 69 64 20 30 2c 73 3d 30 2c 6c 3d 72 3b 73 3c 6c 2e 6c 65 6e 67 74 68 3b 73 2b 2b 29 7b 76 61 72 20 66 3d 6c 5b 73 5d 3b 22 63 78 22 3d 3d 3d 66 2e 6b 65 79 49 66 45 6e 63 6f 64 65 64 3f 75 3d 63 28 75 2c 66 2e 6a 73 6f 6e 29 3a 61 28 66 2e 6a 73 6f 6e 2c 66 2e 6b 65 79 49 66 45 6e 63 6f 64 65 64 2c 66 2e 6b 65 79 49 66 4e 6f 74 45 6e 63 6f 64 65 64 29 7d 72 2e 6c 65 6e 67 74 68 3d 30 2c 69 2e 6c 65 6e 67 74 68 26 26 28 75 3d 63 28 75 2c 7b 73 63 68 65 6d 61 3a 22 69 67 6c 75 3a 63 6f 6d 2e 73 6e 6f 77 70 6c 6f 77 61 6e 61 6c 79 74 69 63 73 2e 73 6e 6f 77 70 6c 6f 77 2f 63 6f 6e 74 65 78 74 73 2f 6a 73 6f 6e 73 63 68 65 6d 61 2f 31 2d 30 2d 30 22 2c 64 61 74 61 3a 6e 28 5b 5d 2c 69 2c 21 30 29 7d 29 2c 69 2e 6c 65 6e 67 74 68 3d 30 29 2c 75 Data Ascii: ,u=void 0,s=0,l=r;s<l.length;s++){var f=l[s];"cx"===f.keyIfEncoded?u=c(u,f.json):a(f.json,f.keyIfEncoded,f.keyIfNotEncoded)}r.length=0,i.length&&(u=c(u,{schema:"iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0",data:n([],i,!0)}),i.length=0),u
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 2b 2b 29 74 5b 72 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 72 5d 3b 66 3e 3d 73 2e 69 6e 66 6f 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 26 26 63 6f 6e 73 6f 6c 65 2e 69 6e 66 6f 2e 61 70 70 6c 79 28 63 6f 6e 73 6f 6c 65 2c 6e 28 5b 6c 2b 65 5d 2c 74 2c 21 31 29 29 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 76 28 29 7b 76 61 72 20 65 3d 5b 5d 2c 6e 3d 5b 5d 3b 72 65 74 75 72 6e 7b 67 65 74 47 6c 6f 62 61 6c 50 72 69 6d 69 74 69 76 65 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 2c 67 65 74 43 6f 6e 64 69 74 69 6f 6e 61 6c 50 72 6f 76 69 64 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 2c 61 64 64 47 6c 6f 62 61 6c 43 6f 6e 74 65 78 74 73 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: ++)t[r-1]=arguments[r];f>=s.info&&"undefined"!=typeof console&&console.info.apply(console,n([l+e],t,!1))}});function v(){var e=[],n=[];return{getGlobalPrimitives:function(){return e},getConditionalProviders:function(){return n},addGlobalContexts:function(
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 72 2b 2b 3b 76 61 72 20 69 3d 65 2e 72 65 6a 65 63 74 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 69 29 3f 65 2e 72 65 6a 65 63 74 2e 73 6f 6d 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 54 28 65 2c 6e 29 7d 29 29 26 26 74 2b 2b 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 69 26 26 54 28 69 2c 6e 29 26 26 74 2b 2b 2c 72 3e 30 26 26 30 3d 3d 3d 74 7d 28 65 5b 30 5d 2c 72 29 29 72 65 74 75 72 6e 20 49 28 65 5b 31 5d 2c 6e 2c 74 2c 72 29 3b 72 65 74 75 72 6e 5b 5d 7d 28 65 2c 6e 2c 74 2c 72 29 3b 69 66 28 6f 26 26 30 21 3d 3d 6f 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 6f 7d 29 29 3b 72 65 74 75 72 6e 28 6f 3d 5b 5d 29 2e 63 6f 6e 63 61 74 2e 61 70 70 6c 79 28 6f 2c 69 2e 66 69 6c 74 65 72 28 28 66 75 Data Ascii: r++;var i=e.reject;return Array.isArray(i)?e.reject.some((function(e){return T(e,n)}))&&t++:"string"==typeof i&&T(i,n)&&t++,r>0&&0===t}(e[0],r))return I(e[1],n,t,r);return[]}(e,n,t,r);if(o&&0!==o.length)return o}));return(o=[]).concat.apply(o,i.filter((fu
2025-03-24 20:31:05 UTC	1369	IN	Data Raw: 79 28 62 29 3a 77 28 65 5b 30 5d 29 26 26 62 28 65 5b 31 5d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 65 29 7b 72 65 74 75 72 6e 21 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 7c 7c 32 21 3d 3d 65 2e 6c 65 6e 67 74 68 29 26 26 21 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2c 74 3d 30 3b 69 66 28 6e 75 6c 6c 21 3d 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 7b 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6e 2c 22 61 63 63 65 70 74 22 29 29 7b 69 66 28 21 68 28 6e 2e 61 63 63 65 70 74 29 29 72 65 74 75 72 6e 21 31 3b 74 2b 3d 31 7d 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 Data Ascii: y(b):w(e[0])&&b(e[1]))}function S(e){return!(!Array.isArray(e)\|\|2!==e.length)&&!!function(e){var n=e,t=0;if(null!=e&&"object"==typeof e&&!Array.isArray(e)){if(Object.prototype.hasOwnProperty.call(n,"accept")){if(!h(n.accept))return!1;t+=1}if(Object.protot

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49693	18.238.80.20	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:05 UTC	620	OUT	GET /published-css/main-ebbfc5e.z.css HTTP/1.1 Host: builder-assets.unbounce.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://schoolmngt.ubpages.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:05 UTC	656	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 2944 Connection: close Date: Mon, 24 Mar 2025 20:31:06 GMT Last-Modified: Mon, 24 Mar 2025 18:03:26 GMT ETag: "39fefdffde049f459a5268ac38054b39" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000 Content-Encoding: gzip x-amz-version-id: fTxJ7t0ok557dn_kmw2_5vs7RIbVea6b Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 891301f67eeb14db1b941c87f006cfaa.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P5 X-Amz-Cf-Id: F3jWEZH6lzjXJ8hKCIN_Vt5gA0Adj3Z3eilZztBu4GuKlSRP0JRahA== Referrer-Policy: no-referrer X-Content-Type-Options: nosniff
2025-03-24 20:31:05 UTC	2944	IN	Data Raw: 1f 8b 08 08 69 9e e1 67 00 03 6d 61 69 6e 2e 63 73 73 00 c5 5b e9 92 a3 38 12 fe bf 4f c1 76 c7 46 57 75 80 c7 1c be 70 cc c4 ee ff 7d 82 9d e8 e8 10 48 36 da 92 81 06 b9 ca d5 84 e7 d9 57 12 87 25 24 83 5c 7b f5 44 4c 1b 91 99 ca f3 4b 01 d9 10 bf 2e 48 e9 95 c5 c9 ab 8a 82 3a fd c5 a1 a8 d8 ff 30 22 70 41 d0 11 a4 ef 4d 59 d4 98 e2 22 8f 41 52 17 e4 4c d1 9e a0 03 8d 97 7b 5a 94 ec ff 27 50 1d 71 ee 25 05 a5 c5 29 f6 83 f2 72 85 b6 b2 1d 02 12 44 66 76 78 40 5c 8d 08 4a e9 9c c6 25 80 10 e7 c7 41 77 f6 23 29 2a 88 aa d8 2f 2f 0e e3 c0 d0 f9 bc 5e af 1f de d8 29 4a be 6d 33 6c b0 08 d0 e9 01 29 14 5d 28 a8 10 70 ed 59 70 5e 9e e9 ef f4 bd 44 bf 72 ee 6f ff 07 db c7 2a c4 b1 77 2a 7e 32 c2 f4 5c 7b 38 cf 51 75 73 48 bf 59 5e e4 e8 61 f7 fe 17 04 2f da 88 Data Ascii: igmain.css[8OvFWup}H6W%$\{DLK.H:0"pAMY"ARL{Z'Pq%)rDfvx@\J%Aw#)//^)Jm3l)](pYp^Drow*~2\{8QusHY^a/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49695	18.238.80.20	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:05 UTC	611	OUT	GET /published-js/main.bundle-f4428e5.z.js HTTP/1.1 Host: builder-assets.unbounce.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://schoolmngt.ubpages.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:05 UTC	671	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 41663 Connection: close Date: Mon, 24 Mar 2025 20:31:06 GMT Last-Modified: Mon, 24 Mar 2025 18:03:22 GMT ETag: "a942d0203943698fdcb45c73a57fe5a1" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000 Content-Encoding: gzip x-amz-version-id: zRedflaPKCJEETb_d7jW6gI6h1uvS9qS Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 08c43f80b07f0023f38f7f0e417359b4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P5 X-Amz-Cf-Id: elx7TDZ-h1a7TNDj00-5BFX1GotX5Vyqj8huX3B7z3AmCa1ANbQBrQ== Referrer-Policy: no-referrer X-Content-Type-Options: nosniff
2025-03-24 20:31:05 UTC	14588	IN	Data Raw: 1f 8b 08 08 69 9e e1 67 00 03 6d 61 69 6e 2e 62 75 6e 64 6c 65 2e 6a 73 00 ec 5b 0b 73 db 46 92 fe 2b 22 f6 4e 05 84 23 88 52 b2 7b 09 68 14 d7 71 9c dd 5c d9 b1 2f 72 2e 55 47 31 2a 90 1c 8a b3 06 31 cc 60 60 59 2b 72 7f fb 7d 3d 0f 0c f8 90 9d b8 72 55 7b 75 57 a5 a2 80 79 f6 f4 f4 e3 eb 9e 41 6f d1 54 33 2d 64 15 57 c9 c3 bb 42 9d a8 fc 61 3b f4 85 27 32 e6 b6 58 0f 15 d7 8d aa 62 35 e6 93 cd 26 d6 39 3d e4 0f 22 e3 ac cc 7a 17 8c bf 5f 4b a5 eb ec 61 bb 65 15 aa d2 59 51 96 b1 4e 5d 39 d3 2c 3c cb 04 2f 65 de 1b 30 9d 24 be 74 2b d3 55 5e 31 99 ce 72 85 df 79 de 52 c6 d1 19 d4 c9 54 d2 63 b2 d9 bc 9a fe 8d cf 74 3a e7 0b 51 f1 d7 4a ae b9 d2 f7 a6 d9 03 af 9a 15 57 c5 b4 e4 19 86 bf e5 3a ab b6 c9 16 e3 a9 ce 78 c9 43 d4 54 b6 f7 3c ea e5 fa 7e cd e5 Data Ascii: igmain.bundle.js[sF+"N#R{hq\/r.UG1*1``Y+r}=rU{uWyAoT3-dWBa;'2Xb5&9="z_KaeYQN]9,</e0$t+U^1ryRTct:QJW:xCT<~
2025-03-24 20:31:05 UTC	2302	IN	Data Raw: 78 5e 95 f8 e9 c7 30 6f 34 3a df 97 6a ed 7f 3f d3 5a c2 6a b2 cb 00 0e b1 15 05 02 cc 8e ef 8c c4 c6 03 57 3d a1 16 8d a1 8e b8 5a eb c8 d5 12 b0 b3 2b 5f 7b c3 6a 57 04 90 c0 eb 64 f2 ce 66 ff 66 42 2c 0c b6 ac 34 29 9a b0 c8 61 f7 1f 81 9c bb 52 7b ca ba 6a 0d 35 ca 2e 22 25 75 5a 8f a5 6f 3d db f4 0c 2e 88 6b bf 3a ac 8e c3 a3 5a f9 84 86 8d c8 0b 75 21 ed ca 6c b0 6b 4f e3 f9 10 b1 4c 41 a4 aa c9 1e 07 86 ee b7 55 1a 73 2f 79 a5 d5 f8 36 11 4d 7a bf d2 18 0c 47 90 e1 bc 4c 39 14 27 73 d6 12 52 13 aa f8 c6 ad 3d 8f 84 e3 0d dd 22 cc f4 a4 2b 2c 1c bb 36 b1 a8 37 16 30 00 74 68 bd ca b0 36 55 7e 6b 26 66 11 8b 0a 5c 59 c9 16 f6 e0 af e9 45 f5 76 9e fa 67 37 ab 41 c9 d6 c1 54 e8 37 ed b0 0f 95 33 b0 45 7a 17 f0 b1 34 2d cf 54 46 07 2a 54 5b 5e c0 5b e6 Data Ascii: x^0o4:j?ZjW=Z+_{jWdffB,4)aR{j5."%uZo=.k:Zu!lkOLAUs/y6MzGL9'sR="+,670th6U~k&f\YEvg7AT73Ez4-TF*T[^[
2025-03-24 20:31:05 UTC	16384	IN	Data Raw: b5 50 ca 2e 5b e5 3a b0 6c aa 90 08 97 06 7e 08 b7 7a e6 82 2d 95 6f 87 57 6b 6a 08 dc a8 89 dd 21 79 06 08 fd 08 d7 23 df 5e 06 a7 10 b6 99 d0 c5 d2 3b 77 68 1e 03 9a e7 24 ac 88 da ae c0 dd 8b c2 de 20 3a d4 06 39 3b 3b 91 58 1a ab 30 a3 e5 c4 77 03 a5 72 12 9f 5e 5f 6f ad f4 0f 62 3a 56 0c 96 4f 0d 3f 17 e2 8e 09 78 06 2c c7 85 4a 44 f7 3d 69 4c 85 db 13 7c 44 bc da ca e0 eb 0b f4 69 90 25 5a 4a e2 83 ed 6d 27 8f a6 49 66 52 ae af 11 43 8d 51 aa a1 2b 95 94 10 e4 31 5e 2c cb 4b 61 55 d3 2c a8 fe 19 22 25 c9 a2 43 53 99 9b 8c 44 c3 c6 56 fe a1 7e b2 33 60 7e 02 eb 17 ae 39 d9 86 b7 d0 6d 56 e5 7a 80 20 4c d2 55 ac 83 fd 6c 15 3a 4d 04 2f 61 12 b8 bb a0 f3 2e 59 8a 78 50 f2 53 7d 65 24 a3 ff ad ba 12 c5 8e 64 eb ad 3e 89 d5 bd c1 f4 70 6e 26 6e 2a 06 78 Data Ascii: P.[:l~z-oWkj!y#^;wh$ :9;;X0wr^_ob:VO?x,JD=iL\|Di%ZJm'IfRCQ+1^,KaU,"%CSDV~3`~9mVz LUl:M/a.YxPS}e$d>pn&n*x
2025-03-24 20:31:05 UTC	8389	IN	Data Raw: 3f 68 6f 4e ed eb 07 b2 3d 7a 17 6c 09 b7 94 b2 5f 2f ef 4b 8d 15 2d 45 84 86 29 d1 86 f9 fe ed bb 1b a7 d5 77 59 29 25 89 a7 ea 9e 42 dc 2b 6c 6f e7 dd 8a 1c 52 6b f8 81 40 bc e6 57 c0 05 53 03 51 19 87 83 a0 7e f8 6d ea 6c f3 5e 2a ae 05 91 c7 77 22 36 3c 0b bd ac 91 11 14 f1 55 3e 79 2c e8 75 96 77 85 72 27 10 88 d9 ea 08 fd 08 9e c9 98 70 dc c0 31 e9 c5 f8 55 65 f6 bf 0c 36 9e f1 22 c3 57 75 1e a3 bf 99 8a ed f7 e5 5a da b7 98 d4 83 30 11 4c 29 2f aa 03 bd c8 d5 32 5c a7 0d f6 32 51 e5 dd 32 1c b7 9e 56 f9 6d 74 6b 13 c3 d1 e0 0d c1 b3 49 79 53 b0 6e 0c ef 6c 0b bb 7e 41 09 35 69 97 83 b7 d4 e5 5d 7f 2e 32 56 05 5e 7f 26 52 2b 12 af 1f 87 fd f8 e0 3e 9b d5 53 31 ee cc 17 8f d1 7b 9a 24 c8 4f 69 53 bb d8 be 07 2b 06 ba bf 07 c9 65 0a 26 22 7b 4b ca 6b Data Ascii: ?hoN=zl_/K-E)wY)%B+loRk@WSQ~ml^*w"6<U>y,uwr'p1Ue6"WuZ0L)/2\2Q2VmtkIySnl~A5i].2V^&R+>S1{$OiS+e&"{Kk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49696	104.18.41.137	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:05 UTC	981	OUT	POST /_ub/i HTTP/1.1 Host: schoolmngt.ubpages.com Connection: keep-alive Content-Length: 1122 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/json sec-ch-ua-mobile: ?0 Accept: / Origin: https://schoolmngt.ubpages.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://schoolmngt.ubpages.com/managent/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
2025-03-24 20:31:05 UTC	1122	OUT	Data Raw: 7b 22 73 63 68 65 6d 61 22 3a 22 69 67 6c 75 3a 63 6f 6d 2e 73 6e 6f 77 70 6c 6f 77 61 6e 61 6c 79 74 69 63 73 2e 73 6e 6f 77 70 6c 6f 77 2f 70 61 79 6c 6f 61 64 5f 64 61 74 61 2f 6a 73 6f 6e 73 63 68 65 6d 61 2f 31 2d 30 2d 34 22 2c 22 64 61 74 61 22 3a 5b 7b 22 65 22 3a 22 70 76 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 6f 6f 6c 6d 6e 67 74 2e 75 62 70 61 67 65 73 2e 63 6f 6d 2f 6d 61 6e 61 67 65 6e 74 2f 22 2c 22 65 69 64 22 3a 22 35 34 37 32 64 62 62 36 2d 39 34 37 38 2d 34 39 64 34 2d 61 30 38 35 2d 35 62 63 31 39 65 34 62 32 36 39 35 22 2c 22 74 76 22 3a 22 6a 73 2d 33 2e 31 35 2e 30 22 2c 22 74 6e 61 22 3a 22 73 70 2d 75 62 22 2c 22 61 69 64 22 3a 22 6c 61 6e 64 69 6e 67 5f 70 61 67 65 22 2c 22 70 22 3a 22 77 65 62 22 2c 22 63 6f Data Ascii: {"schema":"iglu:com.snowplowanalytics.snowplow/payload_data/jsonschema/1-0-4","data":[{"e":"pv","url":"https://schoolmngt.ubpages.com/managent/","eid":"5472dbb6-9478-49d4-a085-5bc19e4b2695","tv":"js-3.15.0","tna":"sp-ub","aid":"landing_page","p":"web","co
2025-03-24 20:31:05 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:05 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 2 Connection: close P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" Access-Control-Allow-Origin: https://schoolmngt.ubpages.com Access-Control-Allow-Credentials: true cf-cache-status: DYNAMIC Referrer-Policy: no-referrer Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' Server: cloudflare CF-RAY: 9258ee1c8b6442d8-EWR
2025-03-24 20:31:05 UTC	2	IN	Data Raw: 6f 6b Data Ascii: ok

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49689	142.250.65.196	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:05 UTC	579	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQjJ0c4BCIHWzgEIydzOAQiE4M4BCKLkzgEIr+TOAQjp5M4B Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:05 UTC	1303	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:05 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-GQ_Xw3GUUij_sB0q_Fqd4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-24 20:31:05 UTC	1303	IN	Data Raw: 65 30 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 69 6c 6c 20 63 68 69 73 68 6f 6c 6d 20 63 65 6c 74 69 63 73 22 2c 22 61 73 73 61 73 73 69 6e 20 63 72 65 65 64 20 73 68 61 64 6f 77 73 22 2c 22 62 6f 65 69 6e 67 20 66 69 67 68 74 65 72 20 6a 65 74 73 20 66 20 34 37 22 2c 22 64 61 69 72 79 20 71 75 65 65 6e 20 62 6c 69 7a 7a 61 72 64 73 20 38 35 20 63 65 6e 74 73 22 2c 22 31 39 32 33 20 73 65 61 73 6f 6e 20 32 20 65 70 69 73 6f 64 65 20 35 22 2c 22 66 69 6e 63 65 6e 20 62 6f 69 20 72 65 70 6f 72 74 69 6e 67 22 2c 22 6f 6b 63 20 74 68 75 6e 64 65 72 20 6c 61 20 63 6c 69 70 70 65 72 73 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 20 70 72 69 63 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 Data Ascii: e06)]}'["",["bill chisholm celtics","assassin creed shadows","boeing fighter jets f 47","dairy queen blizzards 85 cents","1923 season 2 episode 5","fincen boi reporting","okc thunder la clippers","apple iphone 17 pro max price"],["","","","","","","","
2025-03-24 20:31:05 UTC	1303	IN	Data Raw: 4c 57 54 42 30 5a 31 42 31 55 33 52 4e 5a 47 68 7a 4f 44 46 50 53 30 39 43 61 6e 68 49 55 44 42 78 62 58 55 76 64 54 4a 6c 62 48 4e 74 52 47 56 4d 61 6b 70 50 65 57 70 74 4d 33 6c 58 64 6e 4e 53 4d 33 4e 78 56 6a 64 32 59 55 70 73 63 47 5a 68 52 46 55 79 4d 33 6c 73 62 32 5a 55 4d 7a 56 50 55 57 5a 31 55 46 4e 76 4e 47 4a 4c 54 47 6b 35 56 57 46 4f 64 48 4a 6d 63 6c 4a 79 65 47 51 30 65 6c 4e 68 54 48 5a 58 5a 7a 68 56 56 55 46 76 51 6c 46 44 5a 30 5a 42 56 6b 64 54 64 47 51 35 4e 44 5a 61 61 55 6f 7a 5a 31 64 57 51 57 56 6c 54 30 35 73 65 55 5a 6d 61 30 67 72 62 7a 4d 34 64 32 46 76 5a 6d 5a 78 4d 6a 52 4d 4d 56 42 57 5a 32 78 6f 63 30 4d 31 4c 30 5a 56 65 56 67 33 56 6e 49 34 4f 55 39 6f 63 48 56 34 54 6d 63 30 4b 32 68 59 54 45 64 74 52 6d 51 77 51 30 Data Ascii: LWTB0Z1B1U3RNZGhzODFPS09CanhIUDBxbXUvdTJlbHNtRGVMakpPeWptM3lXdnNSM3NxVjd2YUpscGZhRFUyM3lsb2ZUMzVPUWZ1UFNvNGJLTGk5VWFOdHJmclJyeGQ0elNhTHZXZzhVVUFvQlFDZ0ZBVkdTdGQ5NDZaaUozZ1dWQWVlT05seUZma0grbzM4d2FvZmZxMjRMMVBWZ2xoc0M1L0ZVeVg3VnI4OU9ocHV4Tmc0K2hYTEdtRmQwQ0
2025-03-24 20:31:05 UTC	991	IN	Data Raw: 78 6b 53 7a 4e 77 62 45 6f 78 53 45 52 34 51 33 6b 30 52 6d 5a 4d 63 46 56 30 64 32 64 45 62 48 49 79 64 31 46 44 51 55 39 47 56 6e 4e 72 53 6d 52 71 55 45 35 52 54 6c 4d 35 56 48 70 35 4d 54 64 6f 56 45 52 74 61 6b 45 77 62 6b 38 72 63 6c 56 52 63 46 46 34 63 54 56 75 5a 6b 70 76 52 45 55 79 63 44 6c 76 51 58 4e 58 4f 55 39 56 53 6b 4e 46 51 6b 6c 56 54 6e 52 44 61 55 46 4f 64 30 46 4f 57 6e 64 43 65 56 52 72 4e 45 46 43 54 31 46 4b 55 32 52 33 4e 6e 68 4b 61 56 4e 4a 65 6c 64 73 61 45 56 73 64 33 56 31 4e 44 4e 4c 57 46 4e 43 4f 46 4a 32 4f 57 6c 33 56 54 5a 6e 55 69 74 76 62 46 64 44 56 47 31 6e 53 6e 5a 4c 4c 7a 4a 77 4c 7a 59 76 63 57 64 4e 63 55 46 56 51 6c 67 31 56 6e 4e 74 54 30 31 59 4d 55 78 55 59 57 4e 36 52 30 5a 77 59 54 46 46 57 6b 74 35 62 Data Ascii: xkSzNwbEoxSER4Q3k0RmZMcFV0d2dEbHIyd1FDQU9GVnNrSmRqUE5RTlM5VHp5MTdoVERtakEwbk8rclVRcFF4cTVuZkpvREUycDlvQXNXOU9VSkNFQklVTnRDaUFOd0FOWndCeVRrNEFCT1FKU2R3NnhKaVNJeldsaEVsd3V1NDNLWFNCOFJ2OWl3VTZnUitvbFdDVG1nSnZLLzJwLzYvcWdNcUFVQlg1VnNtT01YMUxUYWN6R0ZwYTFFWkt5b
2025-03-24 20:31:05 UTC	122	IN	Data Raw: 37 34 0d 0a 37 37 32 32 39 33 30 30 34 33 37 31 35 32 31 32 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 0d 0a Data Ascii: 747722930043715212","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,1
2025-03-24 20:31:05 UTC	220	IN	Data Raw: 64 36 0d 0a 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: d643,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2025-03-24 20:31:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49698	18.164.115.141	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:06 UTC	712	OUT	GET /schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png HTTP/1.1 Host: d9hhrg4mnvzow.cloudfront.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://schoolmngt.ubpages.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:06 UTC	570	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 2810 Connection: close Date: Mon, 24 Mar 2025 20:31:07 GMT Last-Modified: Mon, 24 Mar 2025 17:06:00 GMT ETag: "dea5f9647084a87a0c6a15277f49118b" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31557600 x-amz-version-id: ACv8KxJ9vZ13JOz.Z4.69NnF7xx_9at4 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 d98647edce17345f3d148190339e9d8c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P6 X-Amz-Cf-Id: Gazbh26sDUWBajt9Cuq4HTdCADHhcBmks_TPMzwwZgEcuVPIjoO7tA==
2025-03-24 20:31:06 UTC	2810	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 da 00 00 01 13 08 03 00 00 00 3f 3f 51 e0 00 00 00 d8 50 4c 54 45 ff ff ff 43 86 f5 ed fd ff ff fa e6 0c 09 0c 31 a7 51 e9 42 36 fe fe fd fd fe ff fb fc fd fa ba 04 66 89 ad 3d 2b 25 12 18 24 37 7e f3 3c 5a 7a 2b 1b 11 d6 eb fb e9 38 2a 7b 59 3e 35 46 64 6a 4b 31 1c 27 3a 4d 3c 34 f5 e7 de ff fc f4 77 9f c5 aa 89 6a bf db f2 a4 ce f9 ae cb e2 f7 d5 b3 8d 6b 4b c1 bf c1 d2 da d5 94 b9 d8 fb ec ca ec d6 c8 4d 6f 92 88 8d 96 f6 f6 f5 86 b9 f9 e2 c9 a7 30 38 48 d8 b7 92 e5 ed ed bd 97 75 cd a9 82 9a a2 ac a1 7d 5b 62 69 77 54 4e 4d 61 5d 63 97 d2 a6 aa 99 8b f1 a9 9e ed 87 79 43 ab 67 5c 9b f6 7f 73 6d e8 4c 3b 79 c4 8c ea 5a 4c b3 98 56 fc c8 35 fd e2 8f 5b b6 6c fd d4 5a eb 94 2e 43 92 c1 cd 99 65 38 Data Ascii: PNGIHDR??QPLTEC1QB6f=+%$7~<Zz+8*{Y>5FdjK1':M<4wjkKMo08Hu}[biwTNMa]cyCg\smL;yZLV5[lZ.Ce8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49699	104.18.41.137	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:06 UTC	956	OUT	GET /favicon.ico HTTP/1.1 Host: schoolmngt.ubpages.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://schoolmngt.ubpages.com/managent/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ubvs=29666bf2-d1ad-44a5-af17-c44eff30603c; ubvt=v2%7C29666bf2-d1ad-44a5-af17-c44eff30603c%7C2865b8d7-7c69-4393-98fa-be4e5df152ba%3Aa%3Asingle%3Asingle; __cf_bm=xTUxLBnJvQhkgoFuBkN3yvUL7S8Y0Ld_J4TWfRMEJzs-1742848264-1.0.1.1-8VC2I0EcZIe9yZ44JWwIkMoQZqYyybcrCnuICpbnfau8CnAkACKeFfkj09DZW56y0Ib2vJB_0kINPuPs3CpWX.zrGEbjMvl1oZ50NMBP5VI
2025-03-24 20:31:06 UTC	342	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Mar 2025 20:31:06 GMT Content-Type: text/html Content-Length: 47 Connection: close X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval' Server: cloudflare CF-RAY: 9258ee240aeb9cc1-EWR
2025-03-24 20:31:06 UTC	47	IN	Data Raw: 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e Data Ascii: The requested URL was not found on this server.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49701	18.164.115.5	443	1864	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:06 UTC	469	OUT	GET /schoolmngt.ubpages.com/managent/ee408d78-googleeee_10l408h0ka07n00000e028.png HTTP/1.1 Host: d9hhrg4mnvzow.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:07 UTC	570	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 2810 Connection: close Date: Mon, 24 Mar 2025 20:31:08 GMT Last-Modified: Mon, 24 Mar 2025 17:06:00 GMT ETag: "dea5f9647084a87a0c6a15277f49118b" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31557600 x-amz-version-id: ACv8KxJ9vZ13JOz.Z4.69NnF7xx_9at4 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 cedbf7a51c689bd1e26af4b73768d270.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P6 X-Amz-Cf-Id: xn3MlVTcfiHY0QXvyfGZ3ptGah_fQx_nhUXGugaJE9Zpf7e7l2bPyQ==
2025-03-24 20:31:07 UTC	2810	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 da 00 00 01 13 08 03 00 00 00 3f 3f 51 e0 00 00 00 d8 50 4c 54 45 ff ff ff 43 86 f5 ed fd ff ff fa e6 0c 09 0c 31 a7 51 e9 42 36 fe fe fd fd fe ff fb fc fd fa ba 04 66 89 ad 3d 2b 25 12 18 24 37 7e f3 3c 5a 7a 2b 1b 11 d6 eb fb e9 38 2a 7b 59 3e 35 46 64 6a 4b 31 1c 27 3a 4d 3c 34 f5 e7 de ff fc f4 77 9f c5 aa 89 6a bf db f2 a4 ce f9 ae cb e2 f7 d5 b3 8d 6b 4b c1 bf c1 d2 da d5 94 b9 d8 fb ec ca ec d6 c8 4d 6f 92 88 8d 96 f6 f6 f5 86 b9 f9 e2 c9 a7 30 38 48 d8 b7 92 e5 ed ed bd 97 75 cd a9 82 9a a2 ac a1 7d 5b 62 69 77 54 4e 4d 61 5d 63 97 d2 a6 aa 99 8b f1 a9 9e ed 87 79 43 ab 67 5c 9b f6 7f 73 6d e8 4c 3b 79 c4 8c ea 5a 4c b3 98 56 fc c8 35 fd e2 8f 5b b6 6c fd d4 5a eb 94 2e 43 92 c1 cd 99 65 38 Data Ascii: PNGIHDR??QPLTEC1QB6f=+%$7~<Zz+8*{Y>5FdjK1':M<4wjkKMo08Hu}[biwTNMa]cyCg\smL;yZLV5[lZ.Ce8

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Behavior

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4724, Parent PID: 3440

General

Target ID:	0
Start time:	16:30:55
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1864, Parent PID: 4724

General

Target ID:	1
Start time:	16:30:56
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,10938567176322679093,12905942111308703416,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6436, Parent PID: 3440

General

Target ID:	5
Start time:	16:31:02
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://schoolmngt.ubpages.com/managent/"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly