Edit tour

Windows Analysis Report
https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7

Overview

General Information

Sample URL:	https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7
Analysis ID:	1671070
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2388,i,15685943199002576949,2264304956721745155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2436 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: POST /t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1Host: app.salesloft.comConnection: keep-aliveContent-Length: 0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://app.salesloft.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 13:38:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1564Connection: closeX-Request-Id: 843765ede5e4fd35e761eaf41481ffb7X-Runtime: 0.001232Strict-Transport-Security: max-age=31536000; includeSubDomainsvary: OriginX-Entry-Cluster: k8s04X-Entry-PoP: us-east-1X-Global-Request-Start: t=1745329107.481

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.93.97.115:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.93.97.115:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.209.207.32:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.58.14:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.58.14:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.45.26.173:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49740 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/5@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2388,i,15685943199002576949,2264304956721745155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2436 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2388,i,15685943199002576949,2264304956721745155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2436 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
rsms.me	104.21.58.14	true	false	high
www.google.com	142.250.69.4	true	false	high
custom-tracking.salesloft.com	3.93.97.115	true	false	high
app.salesloft.com	3.209.207.32	true	false	high
gtm.ceros.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://app.salesloft.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7?host=gtm.ceros.com	false	high
https://app.salesloft.com/favicon.ico	false	high
https://rsms.me/inter/inter.css	false	high
https://rsms.me/inter/font-files/InterVariable.woff2?v=4.1	false	high
https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7	false	unknown
https://app.salesloft.com/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7	false	high
https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States	15169	GOOGLEUS	false
104.21.58.14	rsms.me	United States	13335	CLOUDFLARENETUS	false
3.93.97.115	custom-tracking.salesloft.com	United States	14618	AMAZON-AESUS	false
52.45.26.173	unknown	United States	14618	AMAZON-AESUS	false
3.209.207.32	app.salesloft.com	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1671070
Start date and time:	2025-04-22 15:37:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@22/5@10/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.69.14, 142.250.69.3, 142.250.141.84, 23.220.73.6, 192.178.49.163, 184.29.183.29, 20.12.23.50
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 352240, version 4.66
Category:	downloaded
Size (bytes):	352240
Entropy (8bit):	7.999090558199155
Encrypted:	true
SSDEEP:	6144:NXxnNQ1mzp/C4K2K9y0deanlT3TPkHW644MVz66Z2YS78Eq/H493abRLF/VBoGuB:RxnNXpq4XF0tTPk2jzRkYS8/GabjC+a
MD5:	2BF3D951BF9D6109437EA0874BBF12FB
SHA1:	F55B18FDF5A4FBCA23E23010FBE89DF27D70D1FF
SHA-256:	693B77D4F32EE9B8BFC995589B5FAD5E99ADF2832738661F5402F9978429A8E3
SHA-512:	9C34339E338BC88488195216A834004C3CC2934896DF8A5849C26801A88C7A4C4D84563D9CDAE449D81BB379549F69F57C5FB9B199826ADB8A88C3EB7D22BAC1
Malicious:	false
Reputation:	low
URL:	https://rsms.me/inter/font-files/InterVariable.woff2?v=4.1
Preview:	wOF2......_.......u..._u...B..............................V?HVAR.g?MVAR.(.`?STAT.\'4...,/.6...h...0..,.6.$..d..h.. ..L....[..._.;}{.....:(...)..."......?..o.wa......xd..w...5..`.p...w.c.r...Vu.f6..........E........H.......................UuR.._............(...0:...D..k]...T:....ED^.l....j..Jk%C.a.!9h......V..o[mt.Ut.1.H.z9..:.....y.....0.}Ngt.v.T.D.$.2"..E)...k...V[+.....P.`m=..f.6-."..'b.E..oU.B..#.`g....};.V..n.#....FV..=.......g...C...=..~.3..8.....{ZB...c.4.uR@.t...y...O.F]..,.1k3..N...../......h..<:Bn..XF......\d,6.=Y..Q.Y..H?V"......:su.6;.gZ..V.T."...J .6+...X.\Ik.S.,....5.f..i*)H$.,v{..1..&.?..x..Y. ....=.o.i..=b.5.0M\WOsE.!..!.....R..``%;X..-g....N.B``T+B.........T].aa....9?E.m..=...S../..Y.."..vv.l..../\|`>.......%...0WA.\>..8Vv[8.[._jBe4..3m.O.h}6u9.....2...S....g.h..JH...:8.e..n....spl......G.aEX9u...@o...>..C...E7.e,....\7 9l.0.........\."..\|c........$........6.'F......%.]B.......U(sa....FL............;.Q\|=...b...?j..uV..

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	11497
Entropy (8bit):	4.9490205739633435
Encrypted:	false
SSDEEP:	192:AEjyGqj29TSatEr5quxdNsF+r2D2rFaaDOzhEYRtd81oZyEjJczGXyEjJczGpyER:d8j29TSatEr5quxdNsF+r2D2rFaaDOz3
MD5:	1454FD08F0A55E5811DDDF1D02ACC997
SHA1:	3E9CB739B9E8B732B556FDDAFD71C89CBFAFA2F5
SHA-256:	46D01C7807F64A24C1B2853B756EF15F3A2FACDF4A9F066EAF5D39C0C9935441
SHA-512:	E5E91CB83A3C44E893DF6BBC1F0F4B2BBEF744EF9AE72DD6F3F61588726579F77B6B3439618F0C6C61E2B0A13A058FB83DDF3BA916F0E48C790A457897EF4CB6
Malicious:	false
Reputation:	low
URL:	https://rsms.me/inter/inter.css
Preview:	/.Font families defined by this CSS:. - InterVariable variable font for modern web browsers. - Inter static fonts for older web browsers (small optical size). - InterDisplay static fonts for older web browsers (large optical size)..Usage example:. :root { font-family: Inter, sans-serif; }. @supports (font-variation-settings: normal) {. :root { font-family: InterVariable, sans-serif; }. }../.@font-face {. font-family: InterVariable;. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url('font-files/InterVariable.woff2?v=4.1') format('woff2');.}.@font-face {. font-family: InterVariable;. font-style: italic;. font-weight: 100 900;. font-display: swap;. src: url('font-files/InterVariable-Italic.woff2?v=4.1') format('woff2');.}./* legacy name "Inter var" (Oct 2023) */.@font-face { font-family:'Inter var'; font-style:normal; font-weight:100 900; font-display:swap; src: url('font-files/InterVariable.woff2?v=4.1') format('woff2'); }.@font-fa

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1564
Entropy (8bit):	4.964935627344969
Encrypted:	false
SSDEEP:	24:hY6KgqF2VQbs8WSn5vMblivwlPMx0vgvGjS1jCMXNwR90KySRVMh76RqFpZBwbMU:9K8db3l0HoAzXaeF2+ZBwb5
MD5:	6CC3545F1D476B4B4E9F0785B4811BE5
SHA1:	D5C1BEC006232DE1B0E036E6BE8BF934F7CE1A0B
SHA-256:	B8C03554A54FCD04DDE6BEFA1F0CBAFF733C54435021C08CB8A4E3474812D015
SHA-512:	269A6A6CD4F0B599E6D78400EB706DBE30CD98F00C66186361A6A764C6FE103B2AA463F17654FE37CB78F1C5D4BD9C81A3C63C9FB16AF225656B8F1F61BE2CE9
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>. <title>The page you were looking for doesn't exist (404)</title>. <meta name="viewport" content="width=device-width,initial-scale=1">. <style>. body {. background-color: #EFEFEF;. color: #2E2F30;. text-align: center;. font-family: arial, sans-serif;. margin: 0;. }.. div.dialog {. width: 95%;. max-width: 33em;. margin: 4em auto 0;. }.. div.dialog > div {. border: 1px solid #CCC;. border-right-color: #999;. border-left-color: #999;. border-bottom-color: #BBB;. border-top: #B00100 solid 4px;. border-top-left-radius: 9px;. border-top-right-radius: 9px;. background-color: white;. padding: 7px 12% 0;. box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);. }.. h1 {. font-size: 100%;. color: #730E15;. line-height: 1.5em;. }.. div.dialog > p {. margin: 0 0 1em;. padding: 1em;. background-color: #F7F7F7;. border: 1px solid #CCC;. border-right-color: #999;. border-left-color: #999;.

Total Packets: 220
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2025 15:37:52.426920891 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 22, 2025 15:38:00.234375954 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:00.535706997 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:01.145198107 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:02.035797119 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 22, 2025 15:38:02.348336935 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:03.224416018 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:03.224451065 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:03.224503994 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:03.224659920 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:03.224673033 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:03.547458887 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:03.547646046 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:03.548585892 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:03.548594952 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:03.548911095 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:03.597657919 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:04.753905058 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:05.326163054 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.326184034 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.326236963 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.326400042 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.326412916 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.326869011 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.326936007 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.327006102 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.327151060 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.327177048 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.723530054 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.723597050 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.725781918 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.725840092 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.727150917 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.727158070 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.727408886 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.727790117 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.728274107 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:05.728282928 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.728516102 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.768304110 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:05.771473885 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:06.105165958 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:06.105241060 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:06.105289936 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:06.105648041 CEST	49729	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:06.105659962 CEST	443	49729	3.93.97.115	192.168.2.4
Apr 22, 2025 15:38:06.290716887 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:06.290746927 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:06.290807009 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:06.291011095 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:06.291023016 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:06.879437923 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:06.879523039 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:06.880790949 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:06.880805969 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:06.881004095 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:06.881287098 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:06.924278975 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.098026037 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.098114967 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.098160028 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.098763943 CEST	49731	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.098782063 CEST	443	49731	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.101583004 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.101609945 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.101713896 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.101888895 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.101898909 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.686804056 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.687401056 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.687418938 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.687783957 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.687789917 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882288933 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882352114 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882399082 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.882405996 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882417917 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882451057 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.882460117 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882503033 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:07.882513046 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:07.882553101 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:08.074790001 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:08.074840069 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:08.074856043 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:08.074898005 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:08.075141907 CEST	49732	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:08.075156927 CEST	443	49732	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:08.114094019 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.114131927 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.114186049 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.114357948 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.114372015 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.409046888 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.409101009 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.414923906 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.414932013 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.415354013 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.415668964 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.456274033 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730274916 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730325937 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730351925 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730372906 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.730397940 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730459929 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.730716944 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730782986 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730815887 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730846882 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730865955 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.730873108 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730899096 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.730937004 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.730981112 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.732363939 CEST	49735	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.732376099 CEST	443	49735	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.768325090 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.768368006 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.768501043 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.768908978 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:08.768924952 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:08.985620022 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:09.055989027 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.056058884 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.056703091 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.056710958 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.056907892 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.057322979 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.104270935 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.287045002 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:09.383656979 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.383713961 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.383752108 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.383781910 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.383795023 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.383814096 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.383831978 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.383867979 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.384325981 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.384371996 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.384378910 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.384428024 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.384459019 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.384475946 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.384481907 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.384494066 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.385145903 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.385175943 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.385209084 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.385214090 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.385221004 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.385263920 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.385932922 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.385974884 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.385981083 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386027098 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386082888 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.386090040 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386810064 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386838913 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386868954 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386885881 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.386892080 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.386908054 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.387588024 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.387617111 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.387639046 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.387670994 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.387677908 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.387706041 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.388617992 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.388659000 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.388662100 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.388672113 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.388710976 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.388716936 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.389121056 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.389148951 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.389198065 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.389204025 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.389971972 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390002012 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390019894 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.390024900 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390038013 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.390635014 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390672922 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390701056 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390717983 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.390726089 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.390738010 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.391288996 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.391346931 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.391352892 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.435417891 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.524203062 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.524257898 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.524266005 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.524272919 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.524302959 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.524389982 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.524749994 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.524806023 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.525511026 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.525567055 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.526650906 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.526714087 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.526926994 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.526985884 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.527168989 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.527225971 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.528495073 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.528554916 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.528915882 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.528963089 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.529917955 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.529968977 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.530055046 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.530114889 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.530514002 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.530561924 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.531517029 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.531572104 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.531793118 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.531836987 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.556662083 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:09.572071075 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.572109938 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.572195053 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.572216034 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.575392962 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.663188934 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.663259029 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.664073944 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.664125919 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.664436102 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.664536953 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.665200949 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.665246010 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.665812016 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.665855885 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.665858984 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.665865898 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.665901899 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.666615009 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.666667938 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.667404890 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.667458057 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.668180943 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.668231964 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.668979883 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.669011116 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.669039965 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.669045925 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.669071913 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.669775009 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.669825077 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.669831038 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.669883966 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.670368910 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.670419931 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.671292067 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.671356916 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.671941996 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.671993971 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.672677994 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.672715902 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.672724962 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.672729015 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.672759056 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.673544884 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.673614025 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.673619986 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.673862934 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.674380064 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.674442053 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.674916029 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.674961090 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.675762892 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.675817013 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.676426888 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.676491976 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.676517963 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.676569939 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.679394007 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.679399967 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.679431915 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.679450035 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.679456949 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.679490089 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.679511070 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.681859016 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.681874037 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.681936979 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.681942940 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.684609890 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.684626102 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.684670925 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.684676886 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.684710979 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.686600924 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.686614990 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.686671019 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.686678886 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.686693907 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.688981056 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.688997030 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.689037085 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.689042091 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.689066887 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.712310076 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.712322950 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.712373018 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.712380886 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.770598888 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.803075075 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.803085089 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.803107023 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.803142071 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.803148985 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.803189039 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.803200960 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.804932117 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.804968119 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.804991961 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.805015087 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.805059910 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.805403948 CEST	49736	443	192.168.2.4	104.21.58.14
Apr 22, 2025 15:38:09.805417061 CEST	443	49736	104.21.58.14	192.168.2.4
Apr 22, 2025 15:38:09.849457979 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:09.849489927 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:09.849730968 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:09.850279093 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:09.850291967 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:09.897002935 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:10.238888979 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.239308119 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:10.239331007 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.239562035 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:10.239567041 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.667543888 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.667588949 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.667634964 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.667644024 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:10.667681932 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:10.669919968 CEST	49737	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:10.669935942 CEST	443	49737	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:10.859458923 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:10.859483957 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:10.859549046 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:10.859723091 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:10.859735966 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.097964048 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:11.444802999 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.444855928 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:11.445357084 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:11.445373058 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.445557117 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.445801973 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:11.492274046 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.640758991 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.640805960 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.640851974 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:11.640876055 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:11.641041040 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:11.658772945 CEST	49738	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:11.658802986 CEST	443	49738	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:12.468677998 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 22, 2025 15:38:12.608694077 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 22, 2025 15:38:12.654506922 CEST	49740	443	192.168.2.4	131.253.33.254
Apr 22, 2025 15:38:12.654534101 CEST	443	49740	131.253.33.254	192.168.2.4
Apr 22, 2025 15:38:12.654596090 CEST	49740	443	192.168.2.4	131.253.33.254
Apr 22, 2025 15:38:12.669936895 CEST	49740	443	192.168.2.4	131.253.33.254
Apr 22, 2025 15:38:12.669954062 CEST	443	49740	131.253.33.254	192.168.2.4
Apr 22, 2025 15:38:13.155857086 CEST	443	49740	131.253.33.254	192.168.2.4
Apr 22, 2025 15:38:13.155932903 CEST	49740	443	192.168.2.4	131.253.33.254
Apr 22, 2025 15:38:13.509243011 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:13.528732061 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:13.528795004 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:13.528846979 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:14.320358992 CEST	49726	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:38:14.320394039 CEST	443	49726	142.250.69.4	192.168.2.4
Apr 22, 2025 15:38:18.316687107 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:19.160244942 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 22, 2025 15:38:25.650425911 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:25.650476933 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:25.650577068 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:25.650763035 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:25.650775909 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.237164974 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.237565994 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:26.237607956 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.237777948 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:26.237786055 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.760404110 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.760580063 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.761064053 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:26.761099100 CEST	443	49742	3.209.207.32	192.168.2.4
Apr 22, 2025 15:38:26.762996912 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:26.763024092 CEST	49742	443	192.168.2.4	3.209.207.32
Apr 22, 2025 15:38:26.769428968 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:26.769469023 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:26.769546032 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:26.769733906 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:26.769747019 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.364650965 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.374221087 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:27.374257088 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.374347925 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:27.374355078 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.578242064 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.578274012 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.578346014 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.579560041 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:27.583515882 CEST	49743	443	192.168.2.4	52.45.26.173
Apr 22, 2025 15:38:27.583534956 CEST	443	49743	52.45.26.173	192.168.2.4
Apr 22, 2025 15:38:27.920602083 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 22, 2025 15:38:44.603420973 CEST	80	49710	84.201.221.35	192.168.2.4
Apr 22, 2025 15:38:44.603593111 CEST	49710	80	192.168.2.4	84.201.221.35
Apr 22, 2025 15:38:44.603638887 CEST	49710	80	192.168.2.4	84.201.221.35
Apr 22, 2025 15:38:44.750750065 CEST	80	49710	84.201.221.35	192.168.2.4
Apr 22, 2025 15:38:45.053008080 CEST	80	49712	84.201.221.35	192.168.2.4
Apr 22, 2025 15:38:45.053199053 CEST	49712	80	192.168.2.4	84.201.221.35
Apr 22, 2025 15:38:45.053199053 CEST	49712	80	192.168.2.4	84.201.221.35
Apr 22, 2025 15:38:45.056068897 CEST	49711	80	192.168.2.4	142.250.68.227
Apr 22, 2025 15:38:45.200320959 CEST	80	49712	84.201.221.35	192.168.2.4
Apr 22, 2025 15:38:45.204271078 CEST	80	49711	142.250.68.227	192.168.2.4
Apr 22, 2025 15:38:45.204340935 CEST	49711	80	192.168.2.4	142.250.68.227
Apr 22, 2025 15:38:50.738751888 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:38:50.738773108 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:39:03.146332979 CEST	49748	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:39:03.146378994 CEST	443	49748	142.250.69.4	192.168.2.4
Apr 22, 2025 15:39:03.146444082 CEST	49748	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:39:03.146651983 CEST	49748	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:39:03.146667004 CEST	443	49748	142.250.69.4	192.168.2.4
Apr 22, 2025 15:39:03.459816933 CEST	443	49748	142.250.69.4	192.168.2.4
Apr 22, 2025 15:39:03.460344076 CEST	49748	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:39:03.460366964 CEST	443	49748	142.250.69.4	192.168.2.4
Apr 22, 2025 15:39:05.717037916 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:39:05.717128038 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:39:05.717340946 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:39:06.319864988 CEST	49730	443	192.168.2.4	3.93.97.115
Apr 22, 2025 15:39:06.319905043 CEST	443	49730	3.93.97.115	192.168.2.4
Apr 22, 2025 15:39:13.510814905 CEST	443	49748	142.250.69.4	192.168.2.4
Apr 22, 2025 15:39:13.510876894 CEST	443	49748	142.250.69.4	192.168.2.4
Apr 22, 2025 15:39:13.511138916 CEST	49748	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:39:14.319092989 CEST	49748	443	192.168.2.4	142.250.69.4
Apr 22, 2025 15:39:14.319123983 CEST	443	49748	142.250.69.4	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2025 15:37:59.385684967 CEST	53	64133	1.1.1.1	192.168.2.4
Apr 22, 2025 15:37:59.441601038 CEST	53	64203	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:00.578383923 CEST	53	63920	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:00.823848009 CEST	53	52193	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:03.083311081 CEST	64725	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:03.083482027 CEST	56910	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:03.223557949 CEST	53	64725	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:03.223584890 CEST	53	56910	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:05.164026022 CEST	50157	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:05.164170980 CEST	53046	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:05.323507071 CEST	53	50157	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:05.325683117 CEST	53	53046	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:06.110486031 CEST	52124	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:06.110914946 CEST	55330	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:06.258147001 CEST	53	52124	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:06.290177107 CEST	53	55330	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:07.966679096 CEST	55815	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:07.967422962 CEST	50045	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:08.107109070 CEST	53	55815	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:08.113368034 CEST	53	50045	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:10.688354015 CEST	60171	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:10.688530922 CEST	65195	53	192.168.2.4	1.1.1.1
Apr 22, 2025 15:38:10.834609985 CEST	53	60171	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:10.859052896 CEST	53	65195	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:17.755024910 CEST	53	51459	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:36.724656105 CEST	53	64900	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:58.561548948 CEST	53	58700	1.1.1.1	192.168.2.4
Apr 22, 2025 15:38:59.729171038 CEST	53	58476	1.1.1.1	192.168.2.4
Apr 22, 2025 15:39:01.411751032 CEST	53	52194	1.1.1.1	192.168.2.4
Apr 22, 2025 15:39:08.402139902 CEST	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 22, 2025 15:38:03.083311081 CEST	192.168.2.4	1.1.1.1	0xa590	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:03.083482027 CEST	192.168.2.4	1.1.1.1	0x6d3b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 22, 2025 15:38:05.164026022 CEST	192.168.2.4	1.1.1.1	0xf572	Standard query (0)	gtm.ceros.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:05.164170980 CEST	192.168.2.4	1.1.1.1	0xa8b0	Standard query (0)	gtm.ceros.com	65	IN (0x0001)	false
Apr 22, 2025 15:38:06.110486031 CEST	192.168.2.4	1.1.1.1	0x4744	Standard query (0)	app.salesloft.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:06.110914946 CEST	192.168.2.4	1.1.1.1	0xfd28	Standard query (0)	app.salesloft.com	65	IN (0x0001)	false
Apr 22, 2025 15:38:07.966679096 CEST	192.168.2.4	1.1.1.1	0x135d	Standard query (0)	rsms.me	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:07.967422962 CEST	192.168.2.4	1.1.1.1	0x723f	Standard query (0)	rsms.me	65	IN (0x0001)	false
Apr 22, 2025 15:38:10.688354015 CEST	192.168.2.4	1.1.1.1	0x707a	Standard query (0)	app.salesloft.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:10.688530922 CEST	192.168.2.4	1.1.1.1	0x25f5	Standard query (0)	app.salesloft.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 22, 2025 15:38:03.223557949 CEST	1.1.1.1	192.168.2.4	0xa590	No error (0)	www.google.com		142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:03.223584890 CEST	1.1.1.1	192.168.2.4	0x6d3b	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 22, 2025 15:38:05.323507071 CEST	1.1.1.1	192.168.2.4	0xf572	No error (0)	gtm.ceros.com	custom-tracking.salesloft.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 22, 2025 15:38:05.323507071 CEST	1.1.1.1	192.168.2.4	0xf572	No error (0)	custom-tracking.salesloft.com		3.93.97.115	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:05.323507071 CEST	1.1.1.1	192.168.2.4	0xf572	No error (0)	custom-tracking.salesloft.com		3.91.146.216	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:05.323507071 CEST	1.1.1.1	192.168.2.4	0xf572	No error (0)	custom-tracking.salesloft.com		3.219.11.181	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:05.325683117 CEST	1.1.1.1	192.168.2.4	0xa8b0	No error (0)	gtm.ceros.com	custom-tracking.salesloft.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 22, 2025 15:38:06.258147001 CEST	1.1.1.1	192.168.2.4	0x4744	No error (0)	app.salesloft.com		3.209.207.32	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:06.258147001 CEST	1.1.1.1	192.168.2.4	0x4744	No error (0)	app.salesloft.com		54.164.169.190	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:06.258147001 CEST	1.1.1.1	192.168.2.4	0x4744	No error (0)	app.salesloft.com		52.45.26.173	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:08.107109070 CEST	1.1.1.1	192.168.2.4	0x135d	No error (0)	rsms.me		104.21.58.14	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:08.107109070 CEST	1.1.1.1	192.168.2.4	0x135d	No error (0)	rsms.me		172.67.197.50	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:08.113368034 CEST	1.1.1.1	192.168.2.4	0x723f	No error (0)	rsms.me			65	IN (0x0001)	false
Apr 22, 2025 15:38:10.834609985 CEST	1.1.1.1	192.168.2.4	0x707a	No error (0)	app.salesloft.com		52.45.26.173	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:10.834609985 CEST	1.1.1.1	192.168.2.4	0x707a	No error (0)	app.salesloft.com		3.209.207.32	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:38:10.834609985 CEST	1.1.1.1	192.168.2.4	0x707a	No error (0)	app.salesloft.com		54.164.169.190	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

gtm.ceros.com

app.salesloft.com

rsms.me

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49729	3.93.97.115	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:05 UTC	714	OUT	GET /t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1 Host: gtm.ceros.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:06 UTC	331	IN	HTTP/1.1 302 Moved Temporarily Date: Tue, 22 Apr 2025 13:38:06 GMT Content-Type: text/html Content-Length: 145 Connection: close Location: https://app.salesloft.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7?host=gtm.ceros.com Strict-Transport-Security: max-age=31536000; includeSubDomains X-Robots-Tag: noindex
2025-04-22 13:38:06 UTC	145	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 37 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx/1.27.4</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	3.209.207.32	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:06 UTC	737	OUT	GET /t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7?host=gtm.ceros.com HTTP/1.1 Host: app.salesloft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:07 UTC	922	IN	HTTP/1.1 302 Found Date: Tue, 22 Apr 2025 13:38:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Location: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 Cache-Control: no-cache Content-Security-Policy-Report-Only: default-src 'self' https: blob: data:; img-src 'self' https: http:; frame-ancestors 'none' X-Request-Id: 7b732089f908cc83862c17ff87086f74 X-Runtime: 0.006918 Strict-Transport-Security: max-age=31536000; includeSubDomains vary: Origin X-Entry-Cluster: k8s04 X-Entry-PoP: us-east-1 X-Global-Request-Start: t=1745329087.002
2025-04-22 13:38:07 UTC	235	IN	Data Raw: 65 35 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 70 2e 73 61 6c 65 73 6c 6f 66 74 2e 63 6f 6d 2f 75 6e 73 75 62 73 63 72 69 62 65 3f 69 64 3d 33 33 61 30 36 36 39 66 2d 33 31 64 63 2d 34 64 32 65 2d 38 63 35 61 2d 34 32 39 39 30 37 32 35 64 38 66 37 26 61 6d 70 3b 63 6f 6e 66 69 72 6d 5f 6f 70 74 5f 6f 75 74 5f 70 61 74 68 3d 2f 74 2f 39 38 31 33 2f 63 6f 6e 66 69 72 6d 5f 6f 70 74 5f 6f 75 74 2f 33 33 61 30 36 36 39 66 2d 33 31 64 63 2d 34 64 32 65 2d 38 63 35 61 2d 34 32 39 39 30 37 32 35 64 38 66 37 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: e5<html><body>You are being <a href="https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7">redirected</a>.</body></html>
2025-04-22 13:38:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	3.209.207.32	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:07 UTC	800	OUT	GET /unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1 Host: app.salesloft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:07 UTC	638	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:38:07 GMT Content-Type: text/html Content-Length: 17165 Connection: close Last-Modified: Tue, 22 Apr 2025 11:54:10 GMT ETag: "68078362-430d" Cache-Control: no-store Content-Security-Policy-Report-Only: default-src https: wss: blob: data: 'unsafe-inline'; img-src http: https:; object-src 'none'; frame-ancestors 'none'; X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubDomains X-Entry-Cluster: k8s04 X-Entry-PoP: us-east-1 X-Global-Request-Start: t=1745329087.786
2025-04-22 13:38:07 UTC	4096	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 35 33 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 61 6c 65 73 6c 6f 66 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 73 6d 73 2e 6d 65 2f 69 6e 74 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=530"> <title>Salesloft</title> <link rel="stylesheet" href="https://rsms.me/int
2025-04-22 13:38:07 UTC	4096	IN	Data Raw: 30 30 3a 23 61 33 65 36 63 31 3b 2d 2d 73 6c 2d 67 72 65 65 6e 2d 30 3a 23 65 65 66 66 66 33 3b 2d 2d 73 6c 2d 67 72 61 79 2d 39 30 30 3a 23 31 64 32 30 32 64 3b 2d 2d 73 6c 2d 67 72 61 79 2d 38 30 30 3a 23 32 61 32 65 33 65 3b 2d 2d 73 6c 2d 67 72 61 79 2d 37 30 30 3a 23 34 31 34 35 35 37 3b 2d 2d 73 6c 2d 67 72 61 79 2d 36 30 30 3a 23 35 38 35 63 36 62 3b 2d 2d 73 6c 2d 67 72 61 79 2d 35 30 30 3a 23 36 63 37 30 37 66 3b 2d 2d 73 6c 2d 67 72 61 79 2d 35 30 3a 23 65 35 65 37 65 65 3b 2d 2d 73 6c 2d 67 72 61 79 2d 34 30 30 3a 23 38 61 38 64 39 61 3b 2d 2d 73 6c 2d 67 72 61 79 2d 33 30 30 3a 23 61 36 61 61 62 37 3b 2d 2d 73 6c 2d 67 72 61 79 2d 32 30 30 3a 23 63 34 63 37 64 31 3b 2d 2d 73 6c 2d 67 72 61 79 2d 31 30 30 30 3a 23 30 38 30 62 31 34 3b 2d 2d 73 Data Ascii: 00:#a3e6c1;--sl-green-0:#eefff3;--sl-gray-900:#1d202d;--sl-gray-800:#2a2e3e;--sl-gray-700:#414557;--sl-gray-600:#585c6b;--sl-gray-500:#6c707f;--sl-gray-50:#e5e7ee;--sl-gray-400:#8a8d9a;--sl-gray-300:#a6aab7;--sl-gray-200:#c4c7d1;--sl-gray-1000:#080b14;--s
2025-04-22 13:38:07 UTC	4096	IN	Data Raw: 2d 70 72 69 6d 61 72 79 2d 64 65 66 61 75 6c 74 3a 76 61 72 28 2d 2d 73 6c 2d 74 65 61 6c 2d 35 30 29 3b 2d 2d 73 6c 2d 73 75 72 66 61 63 65 2d 70 72 69 6d 61 72 79 2d 63 6f 6e 74 72 61 73 74 2d 6d 75 74 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 74 65 61 6c 2d 35 30 30 29 3b 2d 2d 73 6c 2d 73 75 72 66 61 63 65 2d 70 72 69 6d 61 72 79 2d 63 6f 6e 74 72 61 73 74 3a 76 61 72 28 2d 2d 73 6c 2d 74 65 61 6c 2d 37 30 30 29 3b 2d 2d 73 6c 2d 73 75 72 66 61 63 65 2d 6e 65 75 74 72 61 6c 2d 73 65 6c 65 63 74 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 67 72 61 79 2d 31 30 30 29 3b 2d 2d 73 6c 2d 73 75 72 66 61 63 65 2d 6e 65 75 74 72 61 6c 2d 70 72 65 73 73 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 67 72 61 79 2d 32 30 30 29 3b 2d 2d 73 6c 2d 73 75 72 66 61 63 65 2d 6e 65 75 74 72 61 Data Ascii: -primary-default:var(--sl-teal-50);--sl-surface-primary-contrast-muted:var(--sl-teal-500);--sl-surface-primary-contrast:var(--sl-teal-700);--sl-surface-neutral-selected:var(--sl-gray-100);--sl-surface-neutral-pressed:var(--sl-gray-200);--sl-surface-neutra
2025-04-22 13:38:08 UTC	4096	IN	Data Raw: 72 64 65 72 2d 69 6e 66 6f 2d 6d 75 74 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 62 6c 75 65 2d 31 30 30 29 3b 2d 2d 73 6c 2d 62 6f 72 64 65 72 2d 69 6e 66 6f 2d 68 6f 76 65 72 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 62 6c 75 65 2d 36 30 30 29 3b 2d 2d 73 6c 2d 62 6f 72 64 65 72 2d 69 6e 66 6f 2d 64 65 66 61 75 6c 74 3a 76 61 72 28 2d 2d 73 6c 2d 62 6c 75 65 2d 35 30 30 29 3b 2d 2d 73 6c 2d 62 6f 72 64 65 72 2d 64 69 73 63 6f 76 65 72 79 2d 70 72 65 73 73 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 70 75 72 70 6c 65 2d 37 30 30 29 3b 2d 2d 73 6c 2d 62 6f 72 64 65 72 2d 64 69 73 63 6f 76 65 72 79 2d 6d 75 74 65 64 3a 76 61 72 28 2d 2d 73 6c 2d 70 75 72 70 6c 65 2d 31 30 30 29 3b 2d 2d 73 6c 2d 62 6f 72 64 65 72 2d 64 69 73 63 6f 76 65 72 79 2d 68 6f 76 65 72 65 64 3a 76 61 Data Ascii: rder-info-muted:var(--sl-blue-100);--sl-border-info-hovered:var(--sl-blue-600);--sl-border-info-default:var(--sl-blue-500);--sl-border-discovery-pressed:var(--sl-purple-700);--sl-border-discovery-muted:var(--sl-purple-100);--sl-border-discovery-hovered:va
2025-04-22 13:38:08 UTC	781	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6d 61 69 6e 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 76 61 72 20 70 61 72 61 6d 73 20 3d 20 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 0a 20 20 20 20 20 20 20 20 2e 73 75 62 73 74 72 28 31 29 0a 20 20 20 20 20 20 20 20 2e 73 70 6c 69 74 28 22 26 22 29 0a 20 20 20 20 20 20 20 20 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 70 61 72 61 6d 73 2c 20 70 61 72 61 6d 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 72 61 6d 73 5b 70 61 72 61 6d 2e 73 70 6c 69 74 28 27 3d 27 29 5b 30 5d 5d 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 70 61 72 61 6d 2e 73 70 6c 69 74 28 27 3d 27 29 5b 31 5d 29 0a 20 20 20 Data Ascii: </div> </div> </main> <script> var params = location.search .substr(1) .split("&") .reduce(function(params, param) { params[param.split('=')[0]] = decodeURIComponent(param.split('=')[1])

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	104.21.58.14	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:08 UTC	578	OUT	GET /inter/inter.css HTTP/1.1 Host: rsms.me Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://app.salesloft.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:08 UTC	716	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:38:08 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Last-Modified: Sat, 16 Nov 2024 01:00:53 GMT Access-Control-Allow-Origin: * Etag: W/"6737eec5-2ce9" Expires: Mon, 31 Mar 2025 20:19:30 GMT Cache-Control: max-age=14400 X-Proxy-Cache: MISS X-Github-Request-Id: 8047:88BC:41896E8:4868EAE:67EAF679 Age: 45 Via: 1.1 varnish X-Served-By: cache-dfw-kdfw8210064-DFW X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1744883255.459242,VS0,VE1 Vary: Accept-Encoding X-Fastly-Request-Id: fa633183c79526241cebb046170dc9329766410c Cf-Cache-Status: HIT CF-RAY: 934585141e8b1a78-PHX alt-svc: h3=":443"; ma=86400
2025-04-22 13:38:08 UTC	653	IN	Data Raw: 31 38 61 36 0d 0a 2f 2a 0a 46 6f 6e 74 20 66 61 6d 69 6c 69 65 73 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 69 73 20 43 53 53 3a 0a 20 20 2d 20 49 6e 74 65 72 56 61 72 69 61 62 6c 65 20 20 76 61 72 69 61 62 6c 65 20 66 6f 6e 74 20 66 6f 72 20 6d 6f 64 65 72 6e 20 77 65 62 20 62 72 6f 77 73 65 72 73 0a 20 20 2d 20 49 6e 74 65 72 20 20 20 20 20 20 20 20 20 20 73 74 61 74 69 63 20 66 6f 6e 74 73 20 66 6f 72 20 6f 6c 64 65 72 20 77 65 62 20 62 72 6f 77 73 65 72 73 20 28 73 6d 61 6c 6c 20 6f 70 74 69 63 61 6c 20 73 69 7a 65 29 0a 20 20 2d 20 49 6e 74 65 72 44 69 73 70 6c 61 79 20 20 20 73 74 61 74 69 63 20 66 6f 6e 74 73 20 66 6f 72 20 6f 6c 64 65 72 20 77 65 62 20 62 72 6f 77 73 65 72 73 20 28 6c 61 72 67 65 20 6f 70 74 69 63 61 6c 20 73 69 7a 65 29 0a 0a 55 Data Ascii: 18a6/*Font families defined by this CSS: - InterVariable variable font for modern web browsers - Inter static fonts for older web browsers (small optical size) - InterDisplay static fonts for older web browsers (large optical size)U
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 20 39 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 27 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 56 61 72 69 61 62 6c 65 2d 49 74 61 6c 69 63 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 7d 0a 2f 2a 20 6c 65 67 61 63 79 20 6e 61 6d 65 20 22 49 6e 74 65 72 20 76 61 72 22 20 28 4f 63 74 20 32 30 32 33 29 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 49 6e 74 65 72 20 76 61 72 27 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 31 30 30 20 39 30 Data Ascii: -style: italic; font-weight: 100 900; font-display: swap; src: url('font-files/InterVariable-Italic.woff2?v=4.1') format('woff2');}/* legacy name "Inter var" (Oct 2023) */@font-face { font-family:'Inter var'; font-style:normal; font-weight:100 90
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 2d 4c 69 67 68 74 49 74 61 6c 69 63 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 3b 20 7d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 49 6e 74 65 72 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 2d 52 65 67 75 6c 61 72 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 Data Ascii: nt-weight:300; font-display:swap; src:url("font-files/Inter-LightItalic.woff2?v=4.1") format("woff2"); }@font-face { font-family:Inter; font-style:normal; font-weight:400; font-display:swap; src:url("font-files/Inter-Regular.woff2?v=4.1") format("woff2")
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 69 6c 79 3a 49 6e 74 65 72 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 38 30 30 3b 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 2d 45 78 74 72 61 42 6f 6c 64 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 3b 20 7d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 49 6e 74 65 72 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 38 30 30 3b 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 2d 45 78 74 72 61 42 6f Data Ascii: ily:Inter; font-style:normal; font-weight:800; font-display:swap; src:url("font-files/Inter-ExtraBold.woff2?v=4.1") format("woff2"); }@font-face { font-family:Inter; font-style:italic; font-weight:800; font-display:swap; src:url("font-files/Inter-ExtraBo
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 44 69 73 70 6c 61 79 2d 4c 69 67 68 74 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 3b 20 7d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 49 6e 74 65 72 44 69 73 70 6c 61 79 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 44 69 73 70 6c 61 79 2d 4c 69 67 68 74 49 74 61 6c 69 63 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 Data Ascii: t-display:swap; src:url("font-files/InterDisplay-Light.woff2?v=4.1") format("woff2"); }@font-face { font-family:InterDisplay; font-style:italic; font-weight:300; font-display:swap; src:url("font-files/InterDisplay-LightItalic.woff2?v=4.1") format("woff2"
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 73 2f 49 6e 74 65 72 44 69 73 70 6c 61 79 2d 42 6f 6c 64 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 3b 20 7d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 49 6e 74 65 72 44 69 73 70 6c 61 79 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 20 73 72 63 3a 75 72 6c 28 22 66 6f 6e 74 2d 66 69 6c 65 0d 0a 31 34 34 33 0d 0a 73 2f 49 6e 74 65 72 44 69 73 70 6c 61 79 2d 42 6f 6c 64 49 74 61 6c 69 63 2e 77 6f 66 66 32 3f 76 3d 34 2e 31 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 3b 20 7d 0a 40 Data Ascii: ap; src:url("font-files/InterDisplay-Bold.woff2?v=4.1") format("woff2"); }@font-face { font-family:InterDisplay; font-style:italic; font-weight:700; font-display:swap; src:url("font-file1443s/InterDisplay-BoldItalic.woff2?v=4.1") format("woff2"); }@
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 2f 0a 20 20 20 20 20 20 20 20 6c 63 2d 6c 2d 77 69 74 68 2d 74 61 69 6c 3a 20 20 20 35 3b 20 2f 2a 20 4c 6f 77 65 72 2d 63 61 73 65 20 4c 20 77 69 74 68 20 74 61 69 6c 20 2a 2f 0a 20 20 20 20 20 20 20 20 73 69 6d 70 6c 69 66 69 65 64 2d 75 3a 20 20 20 20 20 36 3b 20 2f 2a 20 53 69 6d 70 6c 69 66 69 65 64 20 75 20 2a 2f 0a 20 20 20 20 20 20 20 20 61 6c 74 2d 64 6f 75 62 6c 65 2d 73 3a 20 20 20 20 20 37 3b 20 2f 2a 20 41 6c 74 65 72 6e 61 74 65 20 47 65 72 6d 61 6e 20 64 6f 75 62 6c 65 20 73 20 2a 2f 0a 20 20 20 20 20 20 20 20 75 63 2d 69 2d 77 69 74 68 2d 73 65 72 69 66 3a 20 20 38 3b 20 2f 2a 20 55 70 70 65 72 2d 63 61 73 65 20 69 20 77 69 74 68 20 73 65 72 69 66 20 2a 2f 0a 20 20 20 20 20 20 20 20 75 63 2d 67 2d 77 69 74 68 2d 73 70 75 72 3a 20 20 31 30 Data Ascii: / lc-l-with-tail: 5; /* Lower-case L with tail / simplified-u: 6; / Simplified u / alt-double-s: 7; / Alternate German double s / uc-i-with-serif: 8; / Upper-case i with serif */ uc-g-with-spur: 10
2025-04-22 13:38:08 UTC	1369	IN	Data Raw: 20 32 3b 20 2f 2a 20 4f 70 65 6e 20 66 6f 75 72 20 2a 2f 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 2d 36 3a 20 20 20 20 20 20 20 20 20 20 20 33 3b 20 2f 2a 20 4f 70 65 6e 20 73 69 78 20 2a 2f 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 2d 39 3a 20 20 20 20 20 20 20 20 20 20 20 34 3b 20 2f 2a 20 4f 70 65 6e 20 6e 69 6e 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 6c 63 2d 6c 2d 77 69 74 68 2d 74 61 69 6c 3a 20 20 20 35 3b 20 2f 2a 20 4c 6f 77 65 72 2d 63 61 73 65 20 4c 20 77 69 74 68 20 74 61 69 6c 20 2a 2f 0a 20 20 20 20 20 20 20 20 73 69 6d 70 6c 69 66 69 65 64 2d 75 3a 20 20 20 20 20 36 3b 20 2f 2a 20 53 69 6d 70 6c 69 66 69 65 64 20 75 20 2a 2f 0a 20 20 20 20 20 20 20 20 61 6c 74 2d 64 6f 75 62 6c 65 2d 73 3a 20 20 20 20 20 37 3b 20 2f 2a 20 41 6c 74 65 72 6e 61 74 Data Ascii: 2; /* Open four / open-6: 3; / Open six / open-9: 4; / Open nine / lc-l-with-tail: 5; / Lower-case L with tail / simplified-u: 6; / Simplified u / alt-double-s: 7; / Alternat
2025-04-22 13:38:08 UTC	1282	IN	Data Raw: 74 2d 31 3a 20 20 20 20 20 20 20 20 20 20 20 20 31 3b 20 2f 2a 20 41 6c 74 65 72 6e 61 74 65 20 6f 6e 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 61 6c 74 2d 33 3a 20 20 20 20 20 20 20 20 20 20 20 20 39 3b 20 2f 2a 20 46 6c 61 74 2d 74 6f 70 20 74 68 72 65 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 2d 34 3a 20 20 20 20 20 20 20 20 20 20 20 32 3b 20 2f 2a 20 4f 70 65 6e 20 66 6f 75 72 20 2a 2f 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 2d 36 3a 20 20 20 20 20 20 20 20 20 20 20 33 3b 20 2f 2a 20 4f 70 65 6e 20 73 69 78 20 2a 2f 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 2d 39 3a 20 20 20 20 20 20 20 20 20 20 20 34 3b 20 2f 2a 20 4f 70 65 6e 20 6e 69 6e 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 6c 63 2d 6c 2d 77 69 74 68 2d 74 61 69 6c 3a 20 20 20 35 3b 20 2f 2a 20 Data Ascii: t-1: 1; /* Alternate one / alt-3: 9; / Flat-top three / open-4: 2; / Open four / open-6: 3; / Open six / open-9: 4; / Open nine / lc-l-with-tail: 5; /

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49736	104.21.58.14	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:09 UTC	592	OUT	GET /inter/font-files/InterVariable.woff2?v=4.1 HTTP/1.1 Host: rsms.me Connection: keep-alive Origin: https://app.salesloft.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://rsms.me/inter/inter.css Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:09 UTC	746	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:38:09 GMT Content-Type: font/woff2 Content-Length: 352240 Connection: close Server: cloudflare Accept-Ranges: bytes X-Origin-Cache: HIT Last-Modified: Sat, 16 Nov 2024 01:00:53 GMT Access-Control-Allow-Origin: * Etag: "6737eec5-55ff0" Expires: Tue, 08 Apr 2025 06:55:32 GMT Cache-Control: max-age=2678400 X-Proxy-Cache: MISS X-Github-Request-Id: C00F:62CF9:23D945F:24FA401:67F7742A Via: 1.1 varnish Age: 4305 X-Served-By: cache-lax-kwhp1940077-LAX X-Cache: HIT X-Cache-Hits: 2 X-Timer: S1745213878.959319,VS0,VE1 Vary: Accept-Encoding X-Fastly-Request-Id: e41f9242f7d8b5c20781f0f1d24ec31dd545b1fd Cf-Cache-Status: HIT CF-RAY: 934585182d945711-PHX alt-svc: h3=":443"; ma=86400
2025-04-22 13:38:09 UTC	623	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 05 5f f0 00 13 00 00 00 0d 75 b8 00 05 5f 75 00 04 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a c1 02 1b 89 b3 0a 1c 81 be 56 3f 48 56 41 52 d7 67 3f 4d 56 41 52 81 28 06 60 3f 53 54 41 54 81 5c 27 34 00 81 ca 2c 2f 81 36 0a 88 cb 68 87 b0 04 30 9b ef 2c 01 36 02 24 03 db 64 0b db 68 00 04 20 05 9a 4c 07 82 80 05 5b a1 f8 dc 86 5f d2 3b 7d 7b b6 14 f0 c4 ef 8e 3a 28 b1 d9 13 29 dd 80 da cd 22 8a cb b4 cc 85 a6 d7 9f 7f 3f 9e ff 6f fd 77 61 83 2a d5 99 a9 ba 0c be 78 64 b3 f7 77 82 0b 15 2a 35 91 e0 60 d7 70 fc 94 8a 77 a7 63 8c 72 b0 01 a8 56 75 ff 66 36 94 ca d8 fd d8 2a c0 00 0c ad 16 45 ed 1a de 0a a9 bc 1a 12 48 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 7f cb c9 8f a7 dc ea 55 75 52 f5 7f 5f Data Ascii: wOF2_u_uBV?HVARg?MVAR(`?STAT\'4,/6h0,6$dh L[_;}{:()"?owaxdw5`pwcrVuf6*EHUuR_
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: 69 2a 29 48 24 18 2c 76 7b f6 1d 31 1e 96 26 dc 3f 16 95 78 02 1f 59 c5 a6 20 05 a3 f6 bd 3d ed 6f 91 69 e2 0f 3d 62 8c 35 ee 30 4d 5c 57 4f 73 45 d2 21 e6 fd 21 b3 07 ad b2 85 52 c9 14 60 60 25 3b 58 d5 c8 2d 67 ca cc eb c2 4e 10 42 60 60 54 2b 42 8d 94 c4 13 18 1f 81 c0 c0 54 5d d4 61 61 8b 08 ad da 39 3f 45 da 6d bd b9 3d bb ab d2 53 09 d6 94 2f e3 1d 59 f8 d3 22 a4 ba 76 76 c5 6c 96 f7 13 d5 bd 2f 7c 60 3e 9e dc e9 03 dd 1b a1 25 d8 80 90 8e 30 57 41 c0 5c 3e 1a c3 8a 38 56 76 5b 38 8f 5b c4 5f 6a 42 65 34 f1 1f 33 6d 8c 4f e3 68 7d 36 75 39 b7 a6 fd 19 cc 32 02 9d aa 53 e3 fc b9 f0 67 09 68 b0 af 4a 48 b5 03 ea 3a 38 16 65 c6 f9 6e 02 1a ec a7 1e 73 70 6c cc 09 2e 89 b5 d6 a2 47 8d 61 45 58 39 75 d8 c6 f1 9a 40 6f d7 b5 e7 ee 3e eb c3 43 d0 a8 e7 05 Data Ascii: i*)H$,v{1&?xY =oi=b50M\WOsE!!R``%;X-gNB``T+BT]aa9?Em=S/Y"vvl/\|`>%0WA\>8Vv[8[_jBe43mOh}6u92SghJH:8enspl.GaEX9u@o>C
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: b3 4e bb d3 f0 3c cf 5f eb dc 3f 88 2b 2b 91 8b 6a 55 0b 0a f3 e0 ff 3f 5b 55 dd f7 cd cc dd 03 33 2b b3 a0 9b 63 08 96 48 ea 88 5c 66 69 8f 8e 82 6a 2f cc 07 80 a5 06 a0 1a 44 70 48 6b 90 5a 5a c9 be 9f 30 96 09 0d 2a 63 65 05 98 74 78 de 6e ef fe dd c6 59 e7 8c d9 b2 52 29 b2 32 e6 b1 b3 32 76 48 94 95 8c b1 8b 8c 79 56 56 43 42 9a 28 63 67 9c d9 12 42 d6 0e e1 86 60 6e dd 46 f4 1a 96 8c 55 b1 b1 51 23 e3 41 14 91 b0 0a 6d de 6a 30 be ca c4 e6 31 09 89 94 1e 51 3d 62 a3 d2 91 c2 00 cd ad 33 10 45 54 44 a4 4b d8 06 1b 8b 0e 56 41 8f 6d 8c 15 03 46 b6 12 82 08 06 a8 58 89 f1 fa fa a9 ef fb 7e b4 fa ed 77 0f d0 dc ba 6d 54 08 2a 26 3e 2a 56 bc fa c6 87 0e c1 e8 7f f5 ab 7d bf fd b4 3f 16 55 ac 8a 15 db 18 1b b0 22 2a 24 4a 04 01 51 10 a9 0d 4f 4b b5 7f 2b Data Ascii: N<_?++jU?[U3+cH\fij/DpHkZZ0cetxnYR)22vHyVVCB(cgB`nFUQ#Amj01Q=b3ETDKVAmFX~wmT&>V}?U"$JQOK+
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: 44 8c 8a c8 6a 7b 77 4c 98 20 eb 59 c9 10 6c b3 33 63 da 9b 33 66 e6 9c 4e 9d 09 46 13 da 88 20 8a 62 a0 20 22 2a a2 94 36 58 89 05 d6 9c 3d 75 33 36 5d 95 ab 72 95 bf fd fa f7 bf b7 48 97 ff 55 8f 56 5a 7f 20 4e f1 28 02 a0 90 30 be cb 5d d3 92 d7 87 90 5d 4a e9 45 80 19 20 f8 3f 60 ef 0a 66 ba e0 ff e1 ff ca 7e ed aa 64 92 91 5d dd 91 38 c4 4d e7 41 5f f4 17 35 24 5f 9f 05 cf e7 de be bc 49 d2 7b 9d 7f c8 4e 31 20 33 73 17 4f c8 f0 aa d5 3b b6 d9 96 39 0a 09 19 20 d7 b2 19 9d fe 01 c8 81 0c 95 4d 36 d9 5c 3e 9f ab a9 44 1a 10 e8 a7 08 8b 70 a4 d4 4c a0 80 79 f7 6b 93 21 24 fc 44 fb dc f7 a7 aa fb fa 78 6c 42 20 98 ae 2a f0 7c f7 9b 6b df 1e e0 ad 99 c3 73 d4 42 e2 33 7e 45 5b ca d4 a4 b1 c0 66 93 81 dc 15 98 5d 15 b1 90 24 2c 4b 56 ad 71 68 64 85 22 57 Data Ascii: Dj{wL Yl3c3fNF b "6X=u36]rHUVZ N(0]]JE ?`f~d]8MA_5$_I{N1 3sO;9 M6\>DpLyk!$DxlB \|ksB3~E[f]$,KVqhd"W
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: 96 ec 4a c9 15 92 2b 03 a4 5d 0d 90 76 1b a4 4a 56 b0 6b 94 2a 38 74 92 2a 25 bb 52 74 e8 94 82 ab 57 aa 5a 55 ef 7a 76 53 8b dd 2c fb cc aa 5c 13 42 d8 ad f2 62 5f bd 9c d5 32 a4 b0 9a e5 fc ff 65 a9 f5 db f7 92 84 26 8a ed 12 68 f7 8a a4 e6 bc a2 c6 dc a4 c6 04 d8 6e 4b cc 7c e3 ec 4e bd d8 45 be a8 02 22 23 ab c8 c8 48 80 8c 8c 04 a8 57 51 80 3a 2a 8b 60 bf 8c 02 d8 51 91 20 06 a4 80 62 81 a2 70 48 49 ad c3 e9 a6 d0 8e e4 a1 da 50 9e a3 1e a3 73 23 12 a0 5e 65 91 ea a8 2a a2 95 2c 4a 73 20 70 8c 33 52 1b 8e e3 18 e3 56 df 2e b6 7f f7 17 cb 59 f6 ac b6 df ac f7 7f b1 d8 7c f8 ff 5a fa 49 f5 ea 38 69 9c d4 8e b7 8c 56 65 9c a6 ca c5 e5 40 a8 09 9f 9e 4d 3d ea 4d 9a 76 e8 ff e5 20 e7 f9 fb 1d 34 8e 1b 32 72 4c 84 1a b0 71 48 6c 03 da 65 66 2e 13 42 97 20 Data Ascii: J+]vJVk8t%RtWZUzvS,\Bb_2e&hnK\|NE"#HWQ:`Q bpHIPs#^e,Js p3RV.Y\|ZI8iVe@M=Mv 42rLqHlef.B
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: b7 63 e9 b7 26 3b ad b9 a4 fc d2 a7 64 4b a6 e9 d7 29 6d 98 b2 0d 19 c6 f8 8f a6 99 2d 40 60 28 8a a3 38 94 8e 8a 47 c7 d0 b9 26 1c 79 aa be 54 4d 55 ce 62 f0 f5 28 12 c3 55 e2 85 18 db 1d 8e 03 40 3a 70 e9 34 ce 6b 17 55 ac ce 4d 69 02 d9 a5 71 62 d1 30 e0 81 1d 46 1e 8c 62 18 d8 e3 83 11 37 dd 6c 7f 57 e0 65 45 1a 73 3c fc b7 d7 32 3a f5 ff 55 7d f7 77 96 8d 66 2c 53 13 aa 30 6f c2 e1 0e 08 da 72 48 e5 10 37 a2 10 09 9b d3 55 dd 93 4a 02 78 11 5c 0c 23 5c c8 7b 16 e9 34 0f f5 d3 4a aa 7e bf 65 55 2d ba 33 61 26 6c 42 af 16 d2 8b 19 3a 12 60 40 d2 d7 cc 26 8d 01 b1 09 e2 29 b6 06 13 10 d3 4e a8 a7 bd ce 66 52 9f 8a 44 ba 18 c9 37 9a 52 53 9a a4 1b dd ca 1d fd 5c 84 84 be 0f ba c4 aa 38 8f b2 9f 40 c0 aa 39 6d a2 5d c1 3a 00 34 2a ba ee 0f f6 66 b6 04 4e Data Ascii: c&;dK)m-@`(8G&yTMUb(U@:p4kUMiqb0Fb7lWeEs<2:U}wf,S0orH7UJx\#\{4J~eU-3a&lB:`@&)NfRD7RS\8@9m]:4*fN
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: 1d d0 1a de 80 d6 0b 05 64 00 3f 20 4f 30 06 e4 1d b6 80 7c ac 34 c0 8f fe 04 38 6b 29 c0 45 9b 41 6e 08 07 b9 29 0b 0b e0 01 47 e2 80 d0 21 e9 80 30 c4 9d 30 25 98 b0 24 99 b0 a7 9e 08 64 99 88 e4 9c 5c ce 37 11 ab 6c 22 55 64 22 53 72 a2 50 76 44 33 d6 88 76 9c 91 9b 09 46 0c 12 8f 98 a7 1a b1 4c 3d e2 5c d5 88 7b f5 23 45 c9 c7 54 a5 1b 8b 8d 6c ea 1c c3 94 80 dc 28 35 8c 51 46 a4 a3 cc 18 46 d9 6b 18 e5 cb 37 2a 1a 7a ac 44 c4 b1 52 d1 c6 2a a3 1c ab 92 6e ac 26 be a9 56 d1 a9 76 f1 a9 3e d9 a9 41 c5 a9 11 e4 d4 2f fc d4 12 b1 dc 04 ae 29 9e 03 30 3d b7 33 01 a6 b7 75 09 80 f4 a9 2e 19 90 56 ba 27 80 b4 bf cb 04 a4 3f e9 ba 80 e9 db 5d 2f 30 fd b8 1b 06 a6 9f 76 23 c0 34 ee 0e 80 e9 b2 ee 10 91 70 83 c4 38 c1 8c 8b fb 60 66 ca 53 30 33 eb bf 70 b3 ec Data Ascii: d? O0\|48k)EAn)G!00%$d\7l"Ud"SrPvD3vFL=\{#ETl(5QFFk7zDRn&Vv>A/)0=3u.V'?]/0v#4p8`fS03p
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: 68 d4 62 82 e1 07 32 1c 8a 51 98 ed 7a 7e e1 04 77 7f 68 e9 fe de 39 a5 47 b2 46 d3 47 1f b3 66 1c 8f 4f 99 21 22 d6 7c a1 2c 2e 18 87 e0 d2 3d 7d 92 7b a7 f5 04 4f ec 1d 73 ab 3c c1 c6 c8 8e 66 b3 69 a0 a6 a6 f5 f5 ca ea d6 44 e5 48 c7 63 7c f3 58 cf a4 b6 ae ae 29 25 ca 25 ae c8 ca 6a 07 38 4b e7 98 d3 41 34 a8 71 f5 be 76 ff 0f 55 fc cd 65 72 0c bd 9e a5 5c e4 86 91 19 9f d7 bc 9c b2 e6 b7 20 d8 7f 3c 05 7f af 43 a6 86 a0 76 70 04 83 23 e4 4d d4 b1 21 cd 60 e7 94 43 f0 87 c1 0f bf c7 88 6e fa 11 da e5 11 63 5d 3a 60 88 b4 3f cb a8 26 b3 27 fe 95 26 26 31 c1 d8 1c b1 a2 90 8c 5b 32 4f 52 a8 38 2f 99 e4 16 57 65 1d 1d 65 65 03 81 b4 6c 28 10 57 76 50 d9 f8 7c 15 b7 4a a9 35 c5 17 0b e8 d2 be 25 d3 b6 6f 0f cb 10 85 fd 03 c5 b2 29 e2 9c 6d 3b 0e b7 da 48 Data Ascii: hb2Qz~wh9GFGfO!"\|,.=}{Os<fiDHc\|X)%%j8KA4qvUer\ <Cvp#M!`Cnc]:`?&'&&1[2OR8/Weeel(WvP\|J5%o)m;H
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: 40 dc 0b ab c0 7a 8d ee f1 88 fb be b2 39 b2 be 5f a9 78 4e df 50 05 ef ea 9b 5c 33 21 e9 0b 1b 1e 28 ee ff 84 d6 2c e8 6f 2e 0f d4 b0 b9 59 fd 51 31 1f 06 fe 8d 36 6b 07 ee ac 90 d3 d7 bb ea e5 14 f5 96 ea 2b f3 1a 06 86 ca 9c 32 fb 0f 85 d7 55 7d 4b 2a 7f 73 90 f3 c8 81 09 b5 d7 3c 10 36 dc 5f 38 c0 2f 40 c4 80 e6 e2 85 9b 27 6e 4d f7 cf 1c 6c d9 41 4b 06 db e7 7a f4 83 c3 d5 50 7e c3 52 42 ba 07 39 12 5c 24 58 1a 87 2e 72 37 74 43 57 b9 6b f4 b7 1b 73 e1 d0 60 e9 98 1e 2a 73 9b 86 86 17 78 b4 aa 8b 3d aa 21 4b f5 64 d7 72 54 47 3d ea cd ad b1 31 fb 24 70 d5 b8 bb aa a7 da 21 6e d8 51 43 d4 72 5b 36 94 9c af eb 86 af 3f cd 52 61 11 3d dc b4 23 99 18 be b5 23 11 c7 6a ad db 4f 59 6d dd 11 d9 dd f6 5c 82 be a0 e9 98 eb ca 1c ee a9 ee 12 0e f7 96 bb b4 88 Data Ascii: @z9_xNP\3!(,o.YQ16k+2U}Ks<6_8/@'nMlAKzP~RB9\$X.r7tCWks`sx=!KdrTG=1$p!nQCr[6?Ra=##jOYm\
2025-04-22 13:38:09 UTC	1369	IN	Data Raw: a9 18 e6 bc 1b 33 26 ee c5 0c 2c 82 a6 c8 ad 4f 61 1a 7e 4f 0b a6 2a ee dc 53 a1 93 bb fd 08 c5 72 03 d9 e2 29 8e 03 18 f7 22 3b 2a f2 eb 73 51 d4 5f 18 d1 62 fc fb e5 b8 38 5c aa 45 40 60 e3 88 30 44 31 8e 3a 04 d2 a8 0d a0 63 9d 1d 4d 46 45 84 44 da 72 9b 35 aa e3 da c4 19 8d e4 0b 27 00 6b b2 42 c0 39 f3 2f 7c 42 9f be 72 6e a8 35 25 42 b4 83 42 4c 03 c3 f9 48 a5 bd 4b 85 ba 32 1c 08 b6 54 27 18 2c d1 89 3f 12 e8 66 92 61 c0 0d 14 18 96 3a 87 95 45 d8 a4 a0 6b c5 25 4c a3 7b 4f 1b 25 88 7c 28 44 05 a9 b1 42 fc 68 cb 3d 3f ce 08 82 6f 32 8a 60 9b 58 cb 69 e1 d4 b2 bb 41 61 f8 23 cd a8 10 c6 8e 6e 83 8b e7 6b 69 88 18 15 09 ce 27 62 e4 b7 83 92 42 f2 97 a0 5d 03 55 22 95 bc e2 3b 32 ee b4 6b 7c cd a4 2f 5e e8 92 f1 7d 5d e3 b4 5b 15 98 b5 05 61 4b 2f 89 Data Ascii: 3&,Oa~OSr)";sQ_b8\E@`0D1:cMFEDr5'kB9/\|Brn5%BBLHK2T',?fa:Ek%L{O%\|(DBh=?o2`XiAa#nki'bB]U";2k\|/^}][aK/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49737	3.209.207.32	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:10 UTC	730	OUT	GET /favicon.ico HTTP/1.1 Host: app.salesloft.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:10 UTC	639	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:38:10 GMT Content-Type: image/x-icon Content-Length: 2261 Connection: close Last-Modified: Tue, 22 Apr 2025 11:54:51 GMT ETag: "6807838b-8d5" Cache-Control: no-store Content-Security-Policy-Report-Only: default-src https: wss: blob: data: 'unsafe-inline'; img-src http: https:; object-src 'none'; frame-ancestors 'none'; X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubDomains X-Entry-Cluster: k8s04 X-Entry-PoP: us-east-1 X-Global-Request-Start: t=1745329090.571
2025-04-22 13:38:10 UTC	2261	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 08 87 49 44 41 54 78 9c ed 9b 79 6c 94 c7 19 c6 7f b3 87 af 5d df 78 c1 07 b6 b1 0d 18 0c 18 30 d8 40 00 0b 73 18 68 21 a1 82 a4 25 10 55 40 29 a5 44 25 69 5a 94 70 a5 69 a2 28 12 09 54 a9 48 a4 36 34 12 84 10 b5 55 a9 20 40 68 81 60 0e bb 18 8c 21 60 1b 83 09 97 ef 13 1f 78 bd b6 bf e9 1f 08 27 d6 ae d7 bb de 6f 59 4b f1 f3 df cc 3b 33 df 33 cf be 33 f3 7e ef 7c 2b f4 0b c7 49 7e c0 d0 78 9a 80 a7 31 20 80 a7 09 78 1a 03 02 78 9a 80 a7 31 20 80 a7 09 78 1a ba a7 f9 30 29 25 fe de be 24 46 c5 92 10 11 43 64 a8 89 10 63 00 3e 7a 2f 9a cd ad d4 36 3f e4 41 4d 25 25 65 f7 b8 55 7e 9f 66 8b 19 Data Ascii: PNGIHDR@@iqpHYs+IDATxyl]x0@sh!%U@)D%iZpi(TH64U @h`!`x'oYK;333~\|+I~x1 xx1 x0)%$FCdc>z/6?AM%%eU~f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49738	52.45.26.173	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:11 UTC	392	OUT	GET /favicon.ico HTTP/1.1 Host: app.salesloft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:11 UTC	639	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:38:11 GMT Content-Type: image/x-icon Content-Length: 2261 Connection: close Last-Modified: Tue, 22 Apr 2025 11:54:51 GMT ETag: "6807838b-8d5" Cache-Control: no-store Content-Security-Policy-Report-Only: default-src https: wss: blob: data: 'unsafe-inline'; img-src http: https:; object-src 'none'; frame-ancestors 'none'; X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubDomains X-Entry-Cluster: k8s04 X-Entry-PoP: us-east-1 X-Global-Request-Start: t=1745329091.544
2025-04-22 13:38:11 UTC	2261	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 08 87 49 44 41 54 78 9c ed 9b 79 6c 94 c7 19 c6 7f b3 87 af 5d df 78 c1 07 b6 b1 0d 18 0c 18 30 d8 40 00 0b 73 18 68 21 a1 82 a4 25 10 55 40 29 a5 44 25 69 5a 94 70 a5 69 a2 28 12 09 54 a9 48 a4 36 34 12 84 10 b5 55 a9 20 40 68 81 60 0e bb 18 8c 21 60 1b 83 09 97 ef 13 1f 78 bd b6 bf e9 1f 08 27 d6 ae d7 bb de 6f 59 4b f1 f3 df cc 3b 33 df 33 cf be 33 f3 7e ef 7c 2b f4 0b c7 49 7e c0 d0 78 9a 80 a7 31 20 80 a7 09 78 1a 03 02 78 9a 80 a7 31 20 80 a7 09 78 1a ba a7 f9 30 29 25 fe de be 24 46 c5 92 10 11 43 64 a8 89 10 63 00 3e 7a 2f 9a cd ad d4 36 3f e4 41 4d 25 25 65 f7 b8 55 7e 9f 66 8b 19 Data Ascii: PNGIHDR@@iqpHYs+IDATxyl]x0@sh!%U@)D%iZpi(TH64U @h`!`x'oYK;333~\|+I~x1 xx1 x0)%$FCdc>z/6?AM%%eU~f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49742	3.209.207.32	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:26 UTC	769	OUT	POST /t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1 Host: app.salesloft.com Connection: keep-alive Content-Length: 0 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://app.salesloft.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:26 UTC	971	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:38:26 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: close access-control-allow-origin: https://app.salesloft.com access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE access-control-expose-headers: access-control-max-age: 86400 access-control-allow-credentials: true X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cache-Control: no-cache Content-Security-Policy-Report-Only: default-src 'self' https: blob: data:; img-src 'self' https: http:; frame-ancestors 'none' X-Request-Id: 98eba2fa47d60346d582be36adb0b53e X-Runtime: 0.316897 Strict-Transport-Security: max-age=31536000; includeSubDomains vary: Accept, Origin X-Entry-Cluster: k8s04 X-Entry-PoP: us-east-1 X-Global-Request-Start: t=1745329106.664

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49743	52.45.26.173	443	5356	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:38:27 UTC	440	OUT	GET /t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1 Host: app.salesloft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:38:27 UTC	381	IN	HTTP/1.1 404 Not Found Date: Tue, 22 Apr 2025 13:38:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1564 Connection: close X-Request-Id: 843765ede5e4fd35e761eaf41481ffb7 X-Runtime: 0.001232 Strict-Transport-Security: max-age=31536000; includeSubDomains vary: Origin X-Entry-Cluster: k8s04 X-Entry-PoP: us-east-1 X-Global-Request-Start: t=1745329107.481
2025-04-22 13:38:27 UTC	1564	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 77 65 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 28 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 46 45 46 45 46 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 45 32 46 33 30 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 Data Ascii: <!DOCTYPE html><html><head> <title>The page you were looking for doesn't exist (404)</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <style> body { background-color: #EFEFEF; color: #2E2F30; text-align: ce

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	09:37:55
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	09:37:56
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2388,i,15685943199002576949,2264304956721745155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2436 /prefetch:3
Imagebase:	0x7ff7e4870000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:38:03
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7	HTTP Parser: No favicon
Source: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7	HTTP Parser: No favicon

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 84.201.221.35
Source: unknown	TCP traffic detected without corresponding DNS query: 84.201.221.35
Source: unknown	TCP traffic detected without corresponding DNS query: 84.201.221.35
Source: unknown	TCP traffic detected without corresponding DNS query: 84.201.221.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.68.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.68.227
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1Host: gtm.ceros.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7?host=gtm.ceros.com HTTP/1.1Host: app.salesloft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1Host: app.salesloft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /inter/inter.css HTTP/1.1Host: rsms.meConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://app.salesloft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /inter/font-files/InterVariable.woff2?v=4.1 HTTP/1.1Host: rsms.meConnection: keep-aliveOrigin: https://app.salesloft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rsms.me/inter/inter.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.salesloft.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.salesloft.com/unsubscribe?id=33a0669f-31dc-4d2e-8c5a-42990725d8f7&confirm_opt_out_path=/t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.salesloft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/9813/confirm_opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7 HTTP/1.1Host: app.salesloft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: gtm.ceros.com
Source: global traffic	DNS traffic detected: DNS query: app.salesloft.com
Source: global traffic	DNS traffic detected: DNS query: rsms.me

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4156, Parent PID: 5916

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Windows Analysis Report
https://gtm.ceros.com/t/9813/opt_out/33a0669f-31dc-4d2e-8c5a-42990725d8f7