Edit tour

Windows Analysis Report
https://currentlyatt64578.weebly.com/

Overview

General Information

Sample URL:	https://currentlyatt64578.weebly.com/
Analysis ID:	1501464
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,17867942854533168435,8923366416195660221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://currentlyatt64578.weebly.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_108	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 22:16:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Ray: 8bafe770df7f8cdc-EWRCF-Cache-Status: DYNAMICVary: Accept-EncodingSurrogate-Control: max-age=60Set-Cookie: __cf_bm=_O2c.FUnbUM5b7YKhH3u_qoHJlyFBjjGvTrqDAekQQI-1724969771-1.0.1.1-tDakbmmKrjZX8OKVVmuGBJZnuxlf1nJIXdG35U_MeftKrQYWHSEOQwK9gjAkyzIm82b0EwUrXMNZHF3Cu2vi4g; path=/; expires=Thu, 29-Aug-24 22:46:11 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare

Source: chromecache_108.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_108.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 51769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51771
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:51769 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@21/9@6/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,17867942854533168435,8923366416195660221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://currentlyatt64578.weebly.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,17867942854533168435,8923366416195660221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://currentlyatt64578.weebly.com/	100%	Avira URL Cloud	phishing
https://currentlyatt64578.weebly.com/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://currentlyatt64578.weebly.com/favicon.ico	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://currentlyatt64578.weebly.com/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://currentlyatt64578.weebly.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
currentlyatt64578.weebly.com	74.115.51.8	true	false		unknown
www.google.com	216.58.212.164	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://currentlyatt64578.weebly.com/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://currentlyatt64578.weebly.com/cdn-cgi/styles/cf.errors.css	true	Avira URL Cloud: phishing	unknown
https://currentlyatt64578.weebly.com/	true		unknown
https://currentlyatt64578.weebly.com/cdn-cgi/images/icon-exclamation.png?1376755637	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_108.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_108.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false
74.115.51.8	currentlyatt64578.weebly.com	United States	27647	WEEBLYUS	false
74.115.51.9	unknown	United States	27647	WEEBLYUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501464
Start date and time:	2024-08-30 00:15:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://currentlyatt64578.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@21/9@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.186.78, 74.125.206.84, 34.104.35.123, 93.184.221.240, 192.229.221.95, 142.250.186.131, 131.107.255.255
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://currentlyatt64578.weebly.com/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://currentlyatt64578.weebly.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (368)
Category:	downloaded
Size (bytes):	3739
Entropy (8bit):	5.398898496786475
Encrypted:	false
SSDEEP:	48:lmIbXy547kz0NqSaNRiQKaNr6BwdTniB0FvC5b1SXSDq9cNgFo:1Be0NqSaNRiuNQqvS1SXSBB
MD5:	2EEB3E560CA8F369BE20CEB5858A4701
SHA1:	6C53E6B66C1BC6D0B93116E14FB79C30424BF36C
SHA-256:	AC2D9485ACF7E9C29D94D31F19D3AEDDA958CD4F6119DDC888FBBDE52D6078DD
SHA-512:	D00C2C8A52E8393A649F1700A7B1EDA0A7F8ADA9F313AFEDAE8039DD94736B7004625853E9E7ACBD85D8CBFF5A1978DED22C09C4DB2D02C42630B67A9DBF0D20
Malicious:	false
Reputation:	low
URL:	https://currentlyatt64578.weebly.com/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">.<head>..<title>404 - Page Not Found</title>..<meta http-equiv="content-type" content="text/html; charset=UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="robots" content="noarchive" />..<link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" />...<style type="text/css">...@font-face {....font-family: 'Proxima Nova';....font-weight: 300;....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot");....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://currentlyatt64578.weebly.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.0823053355875984
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisIA2ZLimwrR49PaQxJbGD:1j9jhjYjIK/Vo+tsEZOmwrO9ieJGD
MD5:	740334F88DBAE7EE058F63B36C18C5D0
SHA1:	E89E670AFE6CE43A89C4F65F4E36CB0D43FBF289
SHA-256:	FF0A4AD45729E34D5B92012F43B600F729CC1506A9FC42FBC1CC602334E0EF72
SHA-512:	5C00200E693154B05C768539452C5671BEB5A3DB3A8B9DB668946F4A53815AE98DD5596919B03880D2070A6194C5F0CF2D2E2D76C1BAEABD883627E736589948
Malicious:	false
Reputation:	low
URL:	https://currentlyatt64578.weebly.com/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:16:08.050021887 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 30, 2024 00:16:09.372498035 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.372529030 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.372602940 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.372709036 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.372715950 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.372766972 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.372925997 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.372937918 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.373126030 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.373136044 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.835925102 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.836236000 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.836247921 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.837343931 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.837423086 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.838416100 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.838483095 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.838593960 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.857702971 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.860253096 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.860268116 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.863432884 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.863496065 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.869801998 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.869920969 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.881386995 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.881397009 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.922853947 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.922853947 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.922864914 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974133968 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.974272013 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974322081 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974355936 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974387884 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974400997 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.974411011 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974456072 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:09.974462032 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974482059 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:09.974519014 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.038995981 CEST	49735	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.039027929 CEST	443	49735	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.040229082 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.084501982 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142126083 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142199993 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142244101 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142277956 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142301083 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.142317057 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142328024 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.142349005 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142394066 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.142400026 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142596960 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.142644882 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.142652035 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.146776915 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.146811962 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.146842957 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.146878004 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.146886110 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.146918058 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.190527916 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.234322071 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234384060 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234452009 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.234472990 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234755039 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234795094 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234802008 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.234810114 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234884024 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.234929085 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.330446005 CEST	49736	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.330471992 CEST	443	49736	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.352083921 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.352129936 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.352205992 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.352425098 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.352442026 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.826195955 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.826514959 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.826539993 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.826880932 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.827347040 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.827414989 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.827501059 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.868503094 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.957284927 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.957370043 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.957442999 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.985624075 CEST	49738	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.985656977 CEST	443	49738	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.998195887 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.998241901 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:10.998308897 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.998524904 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:10.998538017 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.019925117 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.019951105 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.020010948 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.022258043 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.022270918 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.511013031 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.518702030 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.551136971 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.566751003 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.584050894 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.584062099 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.584737062 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.584755898 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.585226059 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.585356951 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.585421085 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.593818903 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.594006062 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.595074892 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.595213890 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.598284960 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.598867893 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.598879099 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.644512892 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.647083998 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.694850922 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.694927931 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.694976091 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.696788073 CEST	49742	443	192.168.2.4	74.115.51.9
Aug 30, 2024 00:16:11.696806908 CEST	443	49742	74.115.51.9	192.168.2.4
Aug 30, 2024 00:16:11.795456886 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.795509100 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.795538902 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.795547962 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.795568943 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.795608044 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.795615911 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.795670986 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:11.795711994 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.809730053 CEST	49741	443	192.168.2.4	74.115.51.8
Aug 30, 2024 00:16:11.809748888 CEST	443	49741	74.115.51.8	192.168.2.4
Aug 30, 2024 00:16:12.537669897 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:12.537714005 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:12.537779093 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:12.537992001 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:12.538007975 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:13.255791903 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:13.267932892 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:13.267961025 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:13.269082069 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:13.269157887 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:13.274007082 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:13.274087906 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:13.310386896 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:13.310424089 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:13.311049938 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:13.313399076 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:13.313415051 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:13.316885948 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:13.316911936 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:13.363759041 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:13.956141949 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:13.956216097 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:13.959860086 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:13.959870100 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:13.960114002 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.004369020 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.008743048 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.052505970 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.227868080 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.227933884 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.227988958 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.228283882 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.228302956 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.283704996 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.283762932 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.283835888 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.284967899 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.284984112 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.941910982 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.942038059 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.944215059 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.944227934 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.944498062 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:14.945966005 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:14.992495060 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:15.221143961 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:15.221225023 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:15.221441984 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:15.221909046 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:15.221927881 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:15.221955061 CEST	49745	443	192.168.2.4	184.28.90.27
Aug 30, 2024 00:16:15.221961975 CEST	443	49745	184.28.90.27	192.168.2.4
Aug 30, 2024 00:16:21.154433012 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:21.154475927 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:21.154613018 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:21.155950069 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:21.155966043 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:21.942269087 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:21.942357063 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:21.946573019 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:21.946583033 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:21.946952105 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:21.989420891 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:22.700436115 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:22.740508080 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958615065 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958642960 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958651066 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958661079 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958690882 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958729982 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:22.958760023 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.958774090 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:22.958811045 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:22.959445953 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.959505081 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:22.959513903 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.959919930 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:22.959974051 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:23.091785908 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:23.091859102 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:23.091923952 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:23.634953976 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:23.635003090 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:23.635018110 CEST	49746	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:16:23.635025978 CEST	443	49746	20.114.59.183	192.168.2.4
Aug 30, 2024 00:16:24.446841955 CEST	49743	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:16:24.446871996 CEST	443	49743	216.58.212.164	192.168.2.4
Aug 30, 2024 00:16:30.433518887 CEST	51767	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:30.438291073 CEST	53	51767	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:30.438366890 CEST	51767	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:30.438436031 CEST	51767	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:30.444098949 CEST	53	51767	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:30.887845993 CEST	53	51767	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:30.890381098 CEST	51767	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:30.895689011 CEST	53	51767	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:30.895802975 CEST	51767	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:17:00.139990091 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:00.140038013 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:00.140161037 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:00.140467882 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:00.140479088 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:00.941450119 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:00.941544056 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:00.954382896 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:00.954396963 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:00.954675913 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:00.982629061 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.028493881 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.272849083 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.272875071 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.272891045 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.272933960 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.272944927 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.272970915 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.272989035 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.274396896 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.274426937 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.274447918 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.274452925 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.274480104 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:01.274487972 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.274513960 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.284115076 CEST	51769	443	192.168.2.4	20.114.59.183
Aug 30, 2024 00:17:01.284128904 CEST	443	51769	20.114.59.183	192.168.2.4
Aug 30, 2024 00:17:12.584445953 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:12.584501982 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:12.584942102 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:12.589348078 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:12.589366913 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:13.251091957 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:13.251419067 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:13.251451015 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:13.251784086 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:13.252171993 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:13.252270937 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:13.302052975 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:23.153855085 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:23.154025078 CEST	443	51771	216.58.212.164	192.168.2.4
Aug 30, 2024 00:17:23.154362917 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:24.511003971 CEST	51771	443	192.168.2.4	216.58.212.164
Aug 30, 2024 00:17:24.511035919 CEST	443	51771	216.58.212.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:16:08.312192917 CEST	53	57953	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:08.312305927 CEST	53	54601	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:09.301044941 CEST	53	64135	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:09.354253054 CEST	62152	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:09.354494095 CEST	59522	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:09.370491982 CEST	53	62152	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:09.371961117 CEST	53	59522	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:11.001790047 CEST	57328	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:11.001939058 CEST	61125	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:11.018531084 CEST	53	57328	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:11.019613981 CEST	53	61125	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:12.522370100 CEST	59891	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:12.525780916 CEST	49748	53	192.168.2.4	1.1.1.1
Aug 30, 2024 00:16:12.532669067 CEST	53	59891	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:12.534638882 CEST	53	49748	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:26.142812967 CEST	138	138	192.168.2.4	192.168.2.255
Aug 30, 2024 00:16:26.570997000 CEST	53	52618	1.1.1.1	192.168.2.4
Aug 30, 2024 00:16:30.433012009 CEST	53	54814	1.1.1.1	192.168.2.4
Aug 30, 2024 00:17:07.885628939 CEST	53	64245	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 00:16:09.354253054 CEST	192.168.2.4	1.1.1.1	0x1a68	Standard query (0)	currentlyatt64578.weebly.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:09.354494095 CEST	192.168.2.4	1.1.1.1	0xf47c	Standard query (0)	currentlyatt64578.weebly.com	65	IN (0x0001)	false
Aug 30, 2024 00:16:11.001790047 CEST	192.168.2.4	1.1.1.1	0x81b1	Standard query (0)	currentlyatt64578.weebly.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:11.001939058 CEST	192.168.2.4	1.1.1.1	0x95e3	Standard query (0)	currentlyatt64578.weebly.com	65	IN (0x0001)	false
Aug 30, 2024 00:16:12.522370100 CEST	192.168.2.4	1.1.1.1	0xe9f4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:12.525780916 CEST	192.168.2.4	1.1.1.1	0xb613	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 00:16:09.370491982 CEST	1.1.1.1	192.168.2.4	0x1a68	No error (0)	currentlyatt64578.weebly.com	74.115.51.8	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:09.370491982 CEST	1.1.1.1	192.168.2.4	0x1a68	No error (0)	currentlyatt64578.weebly.com	74.115.51.9	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:11.018531084 CEST	1.1.1.1	192.168.2.4	0x81b1	No error (0)	currentlyatt64578.weebly.com	74.115.51.9	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:11.018531084 CEST	1.1.1.1	192.168.2.4	0x81b1	No error (0)	currentlyatt64578.weebly.com	74.115.51.8	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:12.532669067 CEST	1.1.1.1	192.168.2.4	0xe9f4	No error (0)	www.google.com	216.58.212.164	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:16:12.534638882 CEST	1.1.1.1	192.168.2.4	0xb613	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

currentlyatt64578.weebly.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	74.115.51.8	443	916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:09 UTC	671	OUT	GET / HTTP/1.1 Host: currentlyatt64578.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:16:09 UTC	222	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:16:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8bafe76609a60ca6-EWR
2024-08-29 22:16:09 UTC	1147	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-29 22:16:09 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-29 22:16:09 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f Data Ascii: <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </
2024-08-29 22:16:09 UTC	517	IN	Data Raw: 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e Data Ascii: d("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=documen
2024-08-29 22:16:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	74.115.51.8	443	916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:10 UTC	583	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: currentlyatt64578.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://currentlyatt64578.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:16:10 UTC	411	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:16:10 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-5df3" Server: cloudflare CF-RAY: 8bafe7671fb87cac-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:16:10 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:16:10 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-08-29 22:16:10 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	74.115.51.8	443	916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:10 UTC	675	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: currentlyatt64578.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://currentlyatt64578.weebly.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:16:10 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:16:10 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-1c4" Server: cloudflare CF-RAY: 8bafe76c2b367c99-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:16:10 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:16:10 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	74.115.51.8	443	916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:11 UTC	612	OUT	GET /favicon.ico HTTP/1.1 Host: currentlyatt64578.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://currentlyatt64578.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:16:11 UTC	534	IN	HTTP/1.1 404 Not Found Date: Thu, 29 Aug 2024 22:16:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Ray: 8bafe770df7f8cdc-EWR CF-Cache-Status: DYNAMIC Vary: Accept-Encoding Surrogate-Control: max-age=60 Set-Cookie: __cf_bm=_O2c.FUnbUM5b7YKhH3u_qoHJlyFBjjGvTrqDAekQQI-1724969771-1.0.1.1-tDakbmmKrjZX8OKVVmuGBJZnuxlf1nJIXdG35U_MeftKrQYWHSEOQwK9gjAkyzIm82b0EwUrXMNZHF3Cu2vi4g; path=/; expires=Thu, 29-Aug-24 22:46:11 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=None Server: cloudflare
2024-08-29 22:16:11 UTC	835	IN	Data Raw: 65 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 Data Ascii: e9b<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><title>404 - Page Not Found</title><meta http-equiv="content-type" conte
2024-08-29 22:16:11 UTC	1369	IN	Data Raw: 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 Data Ascii: .com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';
2024-08-29 22:16:11 UTC	1369	IN	Data Raw: 70 78 20 73 6f 6c 69 64 20 23 45 37 45 37 45 37 3b 0a 09 09 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 77 61 72 6e 69 6e 67 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 33 38 70 78 20 34 30 70 78 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 34 44 34 44 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 Data Ascii: px solid #E7E7E7;border-top: 0;}.warning-container {padding: 38px 40px;padding-bottom: 0;box-sizing: border-box;text-align: center;background-color: white;border: 1px solid #D4D4D4;height: 335px;width: 484px;
2024-08-29 22:16:11 UTC	173	IN	Data Raw: 22 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 2e 3c 2f 70 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 6f 74 68 65 72 77 69 73 65 22 3e 4f 74 68 65 72 77 69 73 65 2c 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 20 74 6f 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 2e 3c 2f 70 3e 0a 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: ">Please check the URL.</p><p class="otherwise">Otherwise, <a href="/">click here</a> to be redirected to the homepage.</p></span></div></div></body></html>
2024-08-29 22:16:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	74.115.51.9	443	916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:11 UTC	398	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: currentlyatt64578.weebly.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:16:11 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:16:11 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-1c4" Server: cloudflare CF-RAY: 8bafe770ce7218f6-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:16:11 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:16:11 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:14 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 22:16:14 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=127239 Date: Thu, 29 Aug 2024 22:16:14 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:14 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 22:16:15 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=127191 Date: Thu, 29 Aug 2024 22:16:15 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-29 22:16:15 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:16:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nRdHN2fUlrzzMF1&MD=Pns6+Dee HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-29 22:16:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 382de536-23f2-4528-b3f6-24b4bc469379 MS-RequestId: a2afa0dd-38de-4d3f-9e3d-81b1b47c960a MS-CV: nI1RyKnK9kmGi+nG.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 29 Aug 2024 22:16:21 GMT Connection: close Content-Length: 24490
2024-08-29 22:16:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-29 22:16:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	51769	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:00 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nRdHN2fUlrzzMF1&MD=Pns6+Dee HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-29 22:17:01 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: ee92e21c-a54a-4749-a690-789047439843 MS-RequestId: 26f0dd09-4442-4030-a2ac-83d452c15a56 MS-CV: LMYyyUrTOUSCAee4.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 29 Aug 2024 22:17:00 GMT Connection: close Content-Length: 30005
2024-08-29 22:17:01 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-29 22:17:01 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	18:16:02
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:16:06
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,17867942854533168435,8923366416195660221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:16:08
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://currentlyatt64578.weebly.com/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://currentlyatt64578.weebly.com/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://currentlyatt64578.weebly.com/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://currentlyatt64578.weebly.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://currentlyatt64578.weebly.com/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing
Source: https://currentlyatt64578.weebly.com/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_108, type: DROPPED

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: currentlyatt64578.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: currentlyatt64578.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://currentlyatt64578.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: currentlyatt64578.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://currentlyatt64578.weebly.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: currentlyatt64578.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://currentlyatt64578.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: currentlyatt64578.weebly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nRdHN2fUlrzzMF1&MD=Pns6+Dee HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nRdHN2fUlrzzMF1&MD=Pns6+Dee HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: currentlyatt64578.weebly.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://currentlyatt64578.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5432, Parent PID: 2736

General

Chronological Activities

Analysis Process: chrome.exePID: 916, Parent PID: 5432

General

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 2736

Windows Analysis Report
https://currentlyatt64578.weebly.com/