Edit tour

Windows Analysis Report
https://mailsecurityref.weebly.com/

Overview

General Information

Sample URL:	https://mailsecurityref.weebly.com/
Analysis ID:	1522075
Tags:	openphish
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2220,i,10968166353073153794,4525681176389252038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mailsecurityref.weebly.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://mailsecurityref.weebly.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: mailsecurityref.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gdpr/gdprscript.js?buildTime=1727448693 HTTP/1.1Host: mailsecurityref.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mailsecurityref.weebly.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mailsecurityref.weebly.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: mailsecurityref.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw
Source: global traffic	HTTP traffic detected: GET /gdpr/gdprscript.js?buildTime=1727448693 HTTP/1.1Host: mailsecurityref.weebly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: "66f6c1c6-e9c"If-Modified-Since: Fri, 27 Sep 2024 14:31:34 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailsecurityref.weebly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: mailsecurityref.weebly.com
Source: global traffic	DNS traffic detected: DNS query: cdn1.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: cdn2.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 29 Sep 2024 06:14:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8ca9d5b82f848c0b-EWRCF-Cache-Status: DYNAMICCache-Control: privateSet-Cookie: is_mobile=0; path=/; domain=mailsecurityref.weebly.comVary: X-W-SSL,User-AgentX-Host: blu112.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Set-Cookie: language=en; expires=Sun, 13-Oct-2024 06:14:45 GMT; Max-Age=1209600; path=/Set-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Wed, 27-Sep-2034 06:14:45 GMT; Max-Age=315360000; path=/Set-Cookie: __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw; path=/; expires=Sun, 29-Sep-24 06:44:45 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 29 Sep 2024 06:14:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8ca9d5ba2bee32ee-EWRCF-Cache-Status: DYNAMICCache-Control: privateSet-Cookie: language=en; expires=Sun, 13-Oct-2024 06:14:46 GMT; Max-Age=1209600; path=/Vary: X-W-SSL,User-AgentX-Host: grn45.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Server: cloudflare
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 29 Sep 2024 06:15:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8ca9d639ac057d24-EWRCF-Cache-Status: DYNAMICCache-Control: privateSet-Cookie: language=en; expires=Sun, 13-Oct-2024 06:15:06 GMT; Max-Age=1209600; path=/Vary: X-W-SSL,User-AgentX-Host: blu70.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Server: cloudflare
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 29 Sep 2024 06:15:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8ca9d63b2996c34e-EWRCF-Cache-Status: DYNAMICCache-Control: privateSet-Cookie: language=en; expires=Sun, 13-Oct-2024 06:15:06 GMT; Max-Age=1209600; path=/Vary: X-W-SSL,User-AgentX-Host: grn91.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Server: cloudflare

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49744 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/12@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2220,i,10968166353073153794,4525681176389252038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mailsecurityref.weebly.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2220,i,10968166353073153794,4525681176389252038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mailsecurityref.weebly.com/	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
weebly.map.fastly.net	151.101.1.46	true	false	unknown
www.google.com	172.217.16.196	true	false	unknown
mailsecurityref.weebly.com	74.115.51.8	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
cdn2.editmysite.com	unknown	unknown	false	unknown
cdn1.editmysite.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff	false	unknown
https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff	false	unknown
https://cdn1.editmysite.com/developer/none.ico	false	unknown
https://cdn1.editmysite.com/images/weebly-logo-blue.png	false	unknown
https://mailsecurityref.weebly.com/	true	unknown
https://mailsecurityref.weebly.com/gdpr/gdprscript.js?buildTime=1727448693	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.115.51.8	mailsecurityref.weebly.com	United States	27647	WEEBLYUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522075
Start date and time:	2024-09-29 08:13:50 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mailsecurityref.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/12@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 64.233.167.84, 142.250.186.46, 34.104.35.123, 4.245.163.56, 192.229.221.95, 20.242.39.171, 199.232.210.172, 13.95.31.18, 93.184.221.240, 20.114.59.183, 142.250.185.131, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mailsecurityref.weebly.com/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://mailsecurityref.weebly.com/ Model: jbxai	{ "brand":["weebly"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://mailsecurityref.weebly.com/ Model: jbxai

{
"brand":["weebly"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 46052, version 0.0
Category:	downloaded
Size (bytes):	46052
Entropy (8bit):	7.9887889934165575
Encrypted:	false
SSDEEP:	768:7JzF4duQslnWgRpPD+dfFhPaHQBFmMvhEhc28OeNHxa++JdI4qUEkXqfjkHT:7dF4diWIJSpTawBFt+wOoRa3r0UEk6b6
MD5:	61F3BC4FC6146CC65961A8C8E917855A
SHA1:	02E25E22CF1C0A26D838A477B1F21BF33B71CA38
SHA-256:	AABC1A485E0941F1E2927B6A4BEED2B368431466977483068BBE367DE253A05C
SHA-512:	77CDA181F023FF6597D3B7A0FD269CEE76306EA650E2CC6FDDCBEF675C245B3D9F95178FE8A9D5EF65A5D8CA3DC0D3F675DBFB49DB05DAFC1FE822D79506C7B4
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff
Preview:	wOFF..............W........x...l............OS/2.......X...`.>..cmap................cvt ...$...(...(....fpgm...L........C>..gasp...............#glyf..,...........<head...d...6...6....hhea.......!...$.d.rhmtx.......\...@...loca..$<...W......d.maxp...D... ... ....name........... ..l.post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........AB..t_.<..................\|..E...p..............x.c`f.c..................D......X.A....S;P....rs......~.0.....<.....\|...c..@J.......)x..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	downloaded
Size (bytes):	1406
Entropy (8bit):	0.26311615565583923
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l//555555555555555n:G70X555555555555555n
MD5:	199783F9459A960310D18EE4DD251027
SHA1:	67C08624719A35553C34083112804CAFD8CE6EE6
SHA-256:	29BD61683747E9288F62407525D5ED4DCCF3FEAAD2684BBB2C2DF41F6027E4DB
SHA-512:	2C673FBA041762E1894C2E8C1414D97448FB18ED550EA2BEC004E302887CC14CED7F4772D3DD184AABD08FDF14793D109E665B8AC149A8FE8DEAEEE4CD0E8DBD
Malicious:	false
Reputation:	low
URL:	https://cdn1.editmysite.com/developer/none.ico
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 45516, version 0.0
Category:	downloaded
Size (bytes):	45516
Entropy (8bit):	7.988068052263367
Encrypted:	false
SSDEEP:	768:lJ7LJDvQuQslnT3dv/fVA+J/8fIAhZtG1JvBqqKhlXheg7wvtrM19EmMhVyK7d:lTvQizdn6+JUxtGD4jfogwtrM8mMDd
MD5:	861DFBEE66A135B4421BA3F0F3BC297F
SHA1:	1B379173B64E92893538FF39DA0B16410DD5F653
SHA-256:	ABBC659E9C167B41E012D7B7D7F8CF22D4EDD74A7FFB85704E213B1418C8B177
SHA-512:	3397ABA8B2BE2B5269899ACCEA9106F6895CDA10A17D8E9D92F86F914386F1903087CF87878504DB9BC8BFE1FD461B165197966AA7186FD1BA5570FB2C31D84B
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff
Preview:	wOFF..............V........`...l............OS/2.......X...`.u..cmap................cvt .......(...(....fpgm...4........C>..gasp...............#glyf..,....\........head...d...6...6....hhea.......!...$....hmtx.......[...@I.Eloca..$H...W.......Bmaxp...D... ... ....name...........A .&2post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........A...._.<..................\|..<..................x.c`f.d..................D......X.A....S;P....rs......~.0....P.<.....\|...c..@J.......Lx..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
URL:	https://cdn1.editmysite.com/images/weebly-logo-blue.png
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (368)
Category:	downloaded
Size (bytes):	3909
Entropy (8bit):	5.4027342301915295
Encrypted:	false
SSDEEP:	48:lmIbcBF9cy547kz0NqSaNRiQKaNr6BwdtniB0FvC5b1SXSDqqJfCFu:1wBFSe0NqSaNRiuNaqvS1SXS5
MD5:	7133C6F8128DA2C0B74246A3C2B96C35
SHA1:	88C020D1CA48EFCEAB2CD30B25523DD2D0CEF7AF
SHA-256:	834E774E2A4DA38716640494BCA1C014E6F1E1292089476E4AE4EFDD3C80D187
SHA-512:	F1C29FE37E4F8F18D130B24A186355971881FB109F4D9A9D05589C123BD0E0921DEBF172C2EC5A5C3967A354CF4417BDBC504CE636467D5B80515FB1B8C52A23
Malicious:	false
Reputation:	low
URL:	https://mailsecurityref.weebly.com/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">.<head><script src="/gdpr/gdprscript.js?buildTime=1727448693"></script>..<title>404 - Page Not Found</title>..<meta http-equiv="content-type" content="text/html; charset=UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="robots" content="noarchive" />..<link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" />...<style type="text/css">...@font-face {....font-family: 'Proxima Nova';....font-weight: 300;....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot");....src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmy

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	0.26311615565583923
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l//555555555555555n:G70X555555555555555n
MD5:	199783F9459A960310D18EE4DD251027
SHA1:	67C08624719A35553C34083112804CAFD8CE6EE6
SHA-256:	29BD61683747E9288F62407525D5ED4DCCF3FEAAD2684BBB2C2DF41F6027E4DB
SHA-512:	2C673FBA041762E1894C2E8C1414D97448FB18ED550EA2BEC004E302887CC14CED7F4772D3DD184AABD08FDF14793D109E665B8AC149A8FE8DEAEEE4CD0E8DBD
Malicious:	false
Reputation:	low
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 08:14:36.245620966 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:36.245667934 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:36.558093071 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:44.887691021 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:44.887722015 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:44.887784958 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:44.888426065 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:44.888437986 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.226017952 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.226058960 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.226118088 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.226423025 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.226437092 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.226973057 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.227030039 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.227101088 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.227277994 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.227293968 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.481959105 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.482036114 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.487072945 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.487085104 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.487498999 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.489265919 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.489322901 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.489332914 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.489487886 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.531404018 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.593266010 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.593427896 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.593601942 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.593601942 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.709381104 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.709806919 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.709825039 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.710850000 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.710948944 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.713141918 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.713340998 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.713377953 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.714366913 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.714433908 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.719558954 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.719692945 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.721259117 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.721273899 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.721390009 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.721472025 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.762902975 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.763232946 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.763284922 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.808656931 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.854099989 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:45.854100943 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:45.900962114 CEST	49715	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:45.900995016 CEST	443	49715	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:45.978607893 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.978662014 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.978691101 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.978709936 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.978740931 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.978785038 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.978792906 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.978813887 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:45.978852987 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.982180119 CEST	49716	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:45.982196093 CEST	443	49716	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.058729887 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:46.074681997 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.074718952 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.074791908 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.099406004 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.101217031 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.101231098 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.166856050 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:46.299942017 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.299985886 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.300004959 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.300033092 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:46.300060987 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.300093889 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.300107002 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:46.300134897 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:46.317792892 CEST	49717	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:14:46.317833900 CEST	443	49717	74.115.51.8	192.168.2.6
Sep 29, 2024 08:14:46.393479109 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.393538952 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.393595934 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.393948078 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.393964052 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.394016027 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.394737959 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.394774914 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.395077944 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.395097971 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.589627028 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.606487036 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.606507063 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.608330965 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.608421087 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.854417086 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.863893032 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.883152008 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.883364916 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.898127079 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.908999920 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.936069012 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.936095953 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.975871086 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.975903034 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.977101088 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.977170944 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.980453968 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.988738060 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:46.988760948 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.989861965 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:46.989928007 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.041078091 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.041253090 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.041506052 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.041600943 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.041851044 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.042715073 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.042746067 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.042911053 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.042936087 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.087398052 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.088776112 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.089155912 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.137888908 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.137980938 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.138020992 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.138044119 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.138051033 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.138078928 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.138103962 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.138628960 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.138693094 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.138706923 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.138982058 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.139019966 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.139035940 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.139048100 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.139106035 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.139118910 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140369892 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140450954 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140484095 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140516996 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140539885 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.140553951 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140582085 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.140933037 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140970945 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.140999079 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141021013 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141028881 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.141041040 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141058922 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141073942 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141073942 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.141091108 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141093016 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.141104937 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141140938 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.141141891 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.141179085 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.141237020 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.141804934 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.142587900 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.142715931 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.142728090 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.156567097 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.156708956 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.156721115 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.157265902 CEST	49720	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.157289028 CEST	443	49720	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.185662985 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.186364889 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.186397076 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.186472893 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.186815977 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.186827898 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.196806908 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.228106976 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228164911 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228233099 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228277922 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228288889 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228305101 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.228322983 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228354931 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.228475094 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228506088 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228529930 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228533983 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.228548050 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228574991 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.228596926 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228616953 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228789091 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.228801012 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.228863955 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.229357958 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.229446888 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.229474068 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.229527950 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.229542971 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.229579926 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.229598045 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.229609013 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.229774952 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.230155945 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.230211973 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.230293989 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.230698109 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.230709076 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.230740070 CEST	443	49721	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.230767012 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.230772972 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.230787039 CEST	49721	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.230803967 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.230837107 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.230849981 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231034040 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.231118917 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231487036 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231517076 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231543064 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231544971 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.231556892 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231606960 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.231617928 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.231666088 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.232250929 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.232320070 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.232352018 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.232378960 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.232408047 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.232431889 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.232462883 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.233253002 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.233287096 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.233319998 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.233319998 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.233340979 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.233372927 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.233391047 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.233457088 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.233469963 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.234160900 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.234215021 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.252835035 CEST	49722	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.252886057 CEST	443	49722	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.273427010 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.273458004 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.273526907 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.273976088 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.273989916 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.657135010 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.657390118 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.657402039 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.658874035 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.658956051 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.659631968 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.659728050 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.659746885 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.703403950 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.709081888 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.709089041 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.747139931 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.747786045 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.747797966 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.748244047 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.749188900 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.749273062 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.749650002 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.754728079 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.754777908 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.754827023 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.754842997 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.754858017 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.754894018 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.754899025 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.755058050 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.764873028 CEST	49723	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.764890909 CEST	443	49723	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.791404009 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.801086903 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:47.801145077 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:47.801239967 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:47.801816940 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:47.801848888 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:47.807046890 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 29, 2024 08:14:47.807120085 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 29, 2024 08:14:47.847232103 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.847310066 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.847368956 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:47.847417116 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.873800993 CEST	49724	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:47.873817921 CEST	443	49724	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:48.488495111 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:48.517466068 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:48.517513037 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:48.519138098 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:48.519210100 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:48.535906076 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:48.536075115 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:48.588452101 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:48.588526011 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:48.635334969 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:48.695162058 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:48.695202112 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:48.695312023 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:48.710427046 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:48.710445881 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.359312057 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.362823963 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.395402908 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.395427942 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.395684958 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.447916031 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.653893948 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.664231062 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:49.664282084 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:49.664463043 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:49.664748907 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:49.664762974 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:49.699418068 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.840493917 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.840569973 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.840615034 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.968050957 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.968077898 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:49.968111992 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:49.968117952 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:50.126146078 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.126544952 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:50.126564026 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.126924992 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.127768040 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:50.127825022 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.128487110 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:50.175396919 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.228653908 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.228724003 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.228765965 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:50.228780031 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.228796005 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.228842974 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:50.289149046 CEST	49727	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:14:50.289165020 CEST	443	49727	151.101.1.46	192.168.2.6
Sep 29, 2024 08:14:50.300796032 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:50.300896883 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:50.300976992 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:50.301317930 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:50.301346064 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:50.953752995 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:50.953855991 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:50.954988003 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:50.955023050 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:50.955280066 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:50.956373930 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:50.999428988 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:51.232628107 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:51.232711077 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:51.238846064 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:51.247812986 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:51.247812986 CEST	49728	443	192.168.2.6	184.28.90.27
Sep 29, 2024 08:14:51.247833967 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:51.247838974 CEST	443	49728	184.28.90.27	192.168.2.6
Sep 29, 2024 08:14:52.142750978 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.142791986 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.142869949 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.143407106 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.143418074 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.721091032 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.721182108 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.723056078 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.723067999 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.723311901 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.725210905 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.725280046 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.725285053 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.725393057 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.767431974 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.829304934 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.829380035 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:52.829551935 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.829673052 CEST	49730	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:14:52.829704046 CEST	443	49730	20.7.1.246	192.168.2.6
Sep 29, 2024 08:14:58.382677078 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:58.382726908 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:14:58.382817030 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:59.527579069 CEST	49725	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:14:59.527621031 CEST	443	49725	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:02.627008915 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:02.627059937 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:02.627170086 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:02.627799034 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:02.627810001 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.240004063 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.240077019 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.243122101 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.243133068 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.243366957 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.255089045 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.255162954 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.255168915 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.255284071 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.295423985 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.362194061 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.362487078 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.362550974 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.363085985 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:03.363105059 CEST	443	49735	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:03.363131046 CEST	49735	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:05.918555975 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:05.918622017 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:05.918916941 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:05.920172930 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:05.920201063 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:05.923487902 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:05.923580885 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:05.923837900 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:05.928371906 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:05.928415060 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.374219894 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.387789965 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.390927076 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.390949965 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.391058922 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.391140938 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.391480923 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.392297029 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.398936987 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.399310112 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.433839083 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.438859940 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.455048084 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.455265999 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.455528021 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.497966051 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.499435902 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677329063 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677489996 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677561998 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.677593946 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677685022 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677736044 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.677747965 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677886963 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.677956104 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.678662062 CEST	49737	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.678689003 CEST	443	49737	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.693418026 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.693943977 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:06.693986893 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:06.694188118 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:06.694449902 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:06.694464922 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:06.735433102 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.931564093 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.931623936 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.931669950 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.931723118 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.931749105 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.931813002 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:06.931855917 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.933715105 CEST	49736	443	192.168.2.6	74.115.51.8
Sep 29, 2024 08:15:06.933729887 CEST	443	49736	74.115.51.8	192.168.2.6
Sep 29, 2024 08:15:07.189876080 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.190152884 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.190180063 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.191564083 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.191896915 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.192028999 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.192034006 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.192065001 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.243735075 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.286209106 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.286358118 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.286565065 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.286703110 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.286724091 CEST	443	49738	151.101.1.46	192.168.2.6
Sep 29, 2024 08:15:07.286734104 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:07.286780119 CEST	49738	443	192.168.2.6	151.101.1.46
Sep 29, 2024 08:15:16.958806038 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:16.958852053 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:16.959068060 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:16.959861040 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:16.959877014 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.600459099 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.600594044 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.605424881 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.605443954 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.605705023 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.607882977 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.607882977 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.607899904 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.608011007 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.655400991 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.718041897 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.718123913 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:17.718209982 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.718447924 CEST	49739	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:17.718470097 CEST	443	49739	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:39.491975069 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:39.492024899 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:39.492088079 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:39.493747950 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:39.493760109 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.070751905 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.070868969 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.072869062 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.072877884 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.073115110 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.075299978 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.075299978 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.075313091 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.075443983 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.123406887 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.178560019 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.178787947 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:40.179024935 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.181144953 CEST	49741	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:15:40.181159019 CEST	443	49741	20.7.1.246	192.168.2.6
Sep 29, 2024 08:15:47.841532946 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:47.841574907 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:47.841639996 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:47.842380047 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:47.842401981 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:48.483809948 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:48.484157085 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:48.484181881 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:48.484505892 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:48.484901905 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:48.484962940 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:48.525167942 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:58.399976969 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:58.400046110 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:15:58.400116920 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:59.531007051 CEST	49743	443	192.168.2.6	172.217.16.196
Sep 29, 2024 08:15:59.531042099 CEST	443	49743	172.217.16.196	192.168.2.6
Sep 29, 2024 08:16:02.609189034 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:02.609253883 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:02.609394073 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:02.611196995 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:02.611212015 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.202326059 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.202408075 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.204957962 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.204968929 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.205164909 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.207439899 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.207525015 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.207529068 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.207726955 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.251406908 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.313108921 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.313363075 CEST	443	49744	20.7.1.246	192.168.2.6
Sep 29, 2024 08:16:03.313529015 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.313699007 CEST	49744	443	192.168.2.6	20.7.1.246
Sep 29, 2024 08:16:03.313716888 CEST	443	49744	20.7.1.246	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 08:14:43.326283932 CEST	53	53879	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:43.326302052 CEST	53	49947	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:44.569829941 CEST	53	55540	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:45.204070091 CEST	65513	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:45.204240084 CEST	58515	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:45.212229013 CEST	53	58515	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:45.225430965 CEST	53	65513	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:46.058023930 CEST	62150	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:46.058398008 CEST	50313	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:46.066432953 CEST	53	62150	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:46.076597929 CEST	53	50313	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:46.383680105 CEST	56235	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:46.383879900 CEST	56813	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:46.391663074 CEST	53	56813	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:46.391936064 CEST	53	56235	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:47.168962002 CEST	50249	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:47.169291019 CEST	61419	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:47.177448034 CEST	53	50249	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:47.187156916 CEST	53	61419	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:47.792475939 CEST	64832	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:47.792679071 CEST	63230	53	192.168.2.6	1.1.1.1
Sep 29, 2024 08:14:47.799006939 CEST	53	64832	1.1.1.1	192.168.2.6
Sep 29, 2024 08:14:47.799246073 CEST	53	63230	1.1.1.1	192.168.2.6
Sep 29, 2024 08:15:01.556025028 CEST	53	60183	1.1.1.1	192.168.2.6
Sep 29, 2024 08:15:20.585381031 CEST	53	59404	1.1.1.1	192.168.2.6
Sep 29, 2024 08:15:42.910842896 CEST	53	57116	1.1.1.1	192.168.2.6
Sep 29, 2024 08:15:43.392740011 CEST	53	58034	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 29, 2024 08:14:46.076663971 CEST	192.168.2.6	1.1.1.1	c248	(Port unreachable)	Destination Unreachable
Sep 29, 2024 08:14:47.187211037 CEST	192.168.2.6	1.1.1.1	c248	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 08:14:45.204070091 CEST	192.168.2.6	1.1.1.1	0xfac4	Standard query (0)	mailsecurityref.weebly.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:45.204240084 CEST	192.168.2.6	1.1.1.1	0xf1c8	Standard query (0)	mailsecurityref.weebly.com	65	IN (0x0001)	false
Sep 29, 2024 08:14:46.058023930 CEST	192.168.2.6	1.1.1.1	0x1693	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.058398008 CEST	192.168.2.6	1.1.1.1	0xda76	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
Sep 29, 2024 08:14:46.383680105 CEST	192.168.2.6	1.1.1.1	0x9c76	Standard query (0)	cdn2.editmysite.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.383879900 CEST	192.168.2.6	1.1.1.1	0xabf8	Standard query (0)	cdn2.editmysite.com	65	IN (0x0001)	false
Sep 29, 2024 08:14:47.168962002 CEST	192.168.2.6	1.1.1.1	0x5b18	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.169291019 CEST	192.168.2.6	1.1.1.1	0x2fa5	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
Sep 29, 2024 08:14:47.792475939 CEST	192.168.2.6	1.1.1.1	0x8df0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.792679071 CEST	192.168.2.6	1.1.1.1	0x9879	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 08:14:45.225430965 CEST	1.1.1.1	192.168.2.6	0xfac4	No error (0)	mailsecurityref.weebly.com		74.115.51.8	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:45.225430965 CEST	1.1.1.1	192.168.2.6	0xfac4	No error (0)	mailsecurityref.weebly.com		74.115.51.9	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.066432953 CEST	1.1.1.1	192.168.2.6	0x1693	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:46.066432953 CEST	1.1.1.1	192.168.2.6	0x1693	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.066432953 CEST	1.1.1.1	192.168.2.6	0x1693	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.066432953 CEST	1.1.1.1	192.168.2.6	0x1693	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.066432953 CEST	1.1.1.1	192.168.2.6	0x1693	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.076597929 CEST	1.1.1.1	192.168.2.6	0xda76	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:46.391663074 CEST	1.1.1.1	192.168.2.6	0xabf8	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:46.391936064 CEST	1.1.1.1	192.168.2.6	0x9c76	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:46.391936064 CEST	1.1.1.1	192.168.2.6	0x9c76	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.391936064 CEST	1.1.1.1	192.168.2.6	0x9c76	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.391936064 CEST	1.1.1.1	192.168.2.6	0x9c76	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:46.391936064 CEST	1.1.1.1	192.168.2.6	0x9c76	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.177448034 CEST	1.1.1.1	192.168.2.6	0x5b18	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:47.177448034 CEST	1.1.1.1	192.168.2.6	0x5b18	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.177448034 CEST	1.1.1.1	192.168.2.6	0x5b18	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.177448034 CEST	1.1.1.1	192.168.2.6	0x5b18	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.177448034 CEST	1.1.1.1	192.168.2.6	0x5b18	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.187156916 CEST	1.1.1.1	192.168.2.6	0x2fa5	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:47.799006939 CEST	1.1.1.1	192.168.2.6	0x8df0	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:47.799246073 CEST	1.1.1.1	192.168.2.6	0x9879	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 08:14:56.972641945 CEST	1.1.1.1	192.168.2.6	0x64e9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:14:56.972641945 CEST	1.1.1.1	192.168.2.6	0x64e9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:58.531064034 CEST	1.1.1.1	192.168.2.6	0xfed5	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:14:58.531064034 CEST	1.1.1.1	192.168.2.6	0xfed5	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mailsecurityref.weebly.com

https:

cdn1.editmysite.com

cdn2.editmysite.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49715	20.7.1.246	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 37 67 7a 38 71 44 45 41 6b 75 34 49 4a 75 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 36 65 64 36 30 32 31 30 61 65 39 61 61 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: s7gz8qDEAku4IJuV.1Context: dd6ed60210ae9aa5
2024-09-29 06:14:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 06:14:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 37 67 7a 38 71 44 45 41 6b 75 34 49 4a 75 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 36 65 64 36 30 32 31 30 61 65 39 61 61 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: s7gz8qDEAku4IJuV.2Context: dd6ed60210ae9aa5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-29 06:14:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 37 67 7a 38 71 44 45 41 6b 75 34 49 4a 75 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 36 65 64 36 30 32 31 30 61 65 39 61 61 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: s7gz8qDEAku4IJuV.3Context: dd6ed60210ae9aa5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 06:14:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 06:14:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4b 77 63 45 43 2f 31 52 2b 6b 65 30 42 45 6e 72 51 6c 31 61 4e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: KwcEC/1R+ke0BEnrQl1aNg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	74.115.51.8	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:45 UTC	669	OUT	GET / HTTP/1.1 Host: mailsecurityref.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:45 UTC	1083	IN	HTTP/1.1 404 Not Found Date: Sun, 29 Sep 2024 06:14:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 8ca9d5b82f848c0b-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Set-Cookie: is_mobile=0; path=/; domain=mailsecurityref.weebly.com Vary: X-W-SSL,User-Agent X-Host: blu112.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Set-Cookie: language=en; expires=Sun, 13-Oct-2024 06:14:45 GMT; Max-Age=1209600; path=/ Set-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Wed, 27-Sep-2034 06:14:45 GMT; Max-Age=315360000; path=/ Set-Cookie: __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw; path=/; expires=Sun, 29-Sep-24 06:44:45 GMT; domain=.weebly.com; HttpOnly; Secure; SameSite=None Server: cloudflare
2024-09-29 06:14:45 UTC	286	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 32 37 34 34 38 36 39 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1727448693"></script><title>404
2024-09-29 06:14:45 UTC	1369	IN	Data Raw: 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 63 64 6e 31 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 64 65 76 65 6c 6f 70 65 72 2f 6e 6f 6e 65 2e 69 63 6f 22 20 Data Ascii: a http-equiv="content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noarchive" /><link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico"
2024-09-29 06:14:45 UTC	1369	IN	Data Raw: 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 73 65 6d 69 62 6f 6c 64 2f 33 31 41 43 39 36 5f 32 5f 30 2e 65 6f 74 22 29 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 73 65 6d 69 62 6f 6c 64 2f 33 31 41 43 39 36 5f 32 5f 30 2e 65 6f 74 3f 23 69 65 66 69 78 22 29 20 Data Ascii: : 'Proxima Nova';font-weight: 500;src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.eot");src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.eot?#iefix")
2024-09-29 06:14:45 UTC	892	IN	Data Raw: 09 7d 0a 0a 09 09 2e 6f 74 68 65 72 77 69 73 65 20 7b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 6c 6f 67 6f 20 7b 0a 09 09 09 77 69 64 74 68 3a 20 38 32 70 78 3b 0a 09 09 7d 0a 0a 09 09 2e 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 20 7b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 0a 09 09 7d 0a 0a 09 09 2e 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 20 3e 20 73 70 61 6e 20 7b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 Data Ascii: }.otherwise {margin-top: 0;}.logo {width: 82px;}.bottom-content {display: inline-block;height: 120px;line-height: 120px;}.bottom-content > span {display: inline-block;vertical-align: middle;line-he
2024-09-29 06:14:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	74.115.51.8	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:46 UTC	998	OUT	GET /gdpr/gdprscript.js?buildTime=1727448693 HTTP/1.1 Host: mailsecurityref.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw
2024-09-29 06:14:46 UTC	438	IN	HTTP/1.1 404 Not Found Date: Sun, 29 Sep 2024 06:14:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 8ca9d5ba2bee32ee-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Set-Cookie: language=en; expires=Sun, 13-Oct-2024 06:14:46 GMT; Max-Age=1209600; path=/ Vary: X-W-SSL,User-Agent X-Host: grn45.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Server: cloudflare
2024-09-29 06:14:46 UTC	931	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 32 37 34 34 38 36 39 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1727448693"></script><title>404
2024-09-29 06:14:46 UTC	1369	IN	Data Raw: 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d Data Ascii: ts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';src: url("//cdn2.editmysite.com
2024-09-29 06:14:46 UTC	1369	IN	Data Raw: 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 77 61 72 6e 69 6e 67 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 32 39 70 78 20 34 30 70 78 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 34 44 34 44 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 Data Ascii: 0;}.warning-container {padding: 29px 40px;padding-bottom: 0;box-sizing: border-box;text-align: center;background-color: white;border: 1px solid #D4D4D4;height: 335px;width: 484px;margin: 0 auto;margin-top: 1
2024-09-29 06:14:46 UTC	247	IN	Data Raw: 3e 0a 09 09 3c 68 72 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 73 70 61 6e 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 63 68 65 63 6b 2d 75 72 6c 22 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 2e 3c 2f 70 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 6f 74 68 65 72 77 69 73 65 22 3e 4f 74 68 65 72 77 69 73 65 2c 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 20 74 6f 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 2e 3c 2f 70 3e 0a 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ><hr><div class="bottom-content"><span><p class="check-url">Please check the URL.</p><p class="otherwise">Otherwise, <a href="/">click here</a> to be redirected to the homepage.</p></span></div></div></body></html>
2024-09-29 06:14:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49720	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:47 UTC	616	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:47 UTC	620	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Fri, 27 Sep 2024 14:31:34 GMT ETag: "66f6c1c6-e9c" Expires: Fri, 27 Sep 2024 15:11:49 GMT Cache-Control: max-age=300 X-Host: grn157.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sun, 29 Sep 2024 06:14:47 GMT Age: 140877 X-Served-By: cache-sjc10042-SJC, cache-ewr-kewr1740063-EWR X-Cache: HIT, HIT X-Cache-Hits: 41, 3 X-Timer: S1727590487.092234,VS0,VE0 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+*
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 6f 8a bb 55 71 87 ba bb 2b ee ee ee ee 33 e7 3d bb 67 64 97 cf e1 ff 29 3a bf 67 ce 39 ef 3b ef ce e5 03 48 0e 1c 74 09 c4 e0 21 dd 69 1b 7a 45 2b 88 ff 0f cb 27 99 5b 56 08 a5 fc ca e6 ed e9 18 3e 62 e4 28 f8 f5 1d 3d a6 28 46 d2 2a 1a 3b ae 6d ca b8 62 7c bb 09 51 00 13 fd 71 27 4d 9e 32 75 5a 01 92 3a 77 9b 5e 7f d2 e5 33 66 42 cc aa 49 2d 34 5b 7e 3f 99 5a ad 39 b0 45 5b 84 a8 fd 6b b0 9d 7d ee 40 ba 0c 3d 36 0a 97 79 75 2c 1a d9 83 e6 07 e3 1a 43 17 44 02 71 45 c5 02 88 73 17 52 14 5d 25 69 73 a8 e9 fe 57 18 62 52 e8 6a 00 d7 d0 a8 d3 aa 61 03 fa 8c b8 d6 3c bf ae a3 4f ec e2 f2 60 5c e3 fa 0b 02 87 41 3b 0e 8e 1b 6e 64 52 0b d8 6e a2 db b1 28 ce a4 4b e3 62 dc 4c b7 5b 18 64 dd 1a 85 d2 34 c4 a0 9c 05 c1 b8 c6 80 dc 34 71 79 1b 80 db 3d 6b 73 07 70 Data Ascii: oUq+3=gd):g9;Ht!izE+'[V>b(=(F*;mb\|Qq'M2uZ:w^3fBI-4[~?Z9E[k}@=6yu,CDqEsR]%isWbRja<O`\A;ndRn(KbL[d44qy=ksp
2024-09-29 06:14:47 UTC	984	IN	Data Raw: 51 95 b6 35 30 a6 d0 d6 1a 46 a1 ff 45 e1 7e 2a cf b9 af 2b b6 df 57 17 6f aa 2d 3e 31 aa 4f 43 11 93 8e b9 32 1e dd 98 29 71 c5 65 7a f1 87 9e 01 f1 49 30 ae 94 b7 56 d2 c3 75 d2 cc 73 bc 1d 8c 25 f2 59 c9 68 47 65 0a 44 74 4d 86 0e 5b 76 bb aa d0 cf 69 7b 1a a2 d7 50 8a 8a 77 0a f4 01 30 71 51 43 2d f7 98 2c 88 47 ac 14 71 7b c2 f8 9a 66 10 70 1d b7 1e 66 f3 a3 8b 68 9b 1c 85 66 a6 e5 79 d0 2e 6a 51 b3 4f 45 9d aa 55 20 5e a5 ad 1a b4 e8 ba a9 0b 2b 9e bc eb ac 38 c4 22 89 ab ed 7c 79 fd 6e b3 7c 8b 19 8c 2b c5 a6 7d 68 86 42 cf 8f ea 21 e1 1b 2a d7 22 a1 1e b5 d7 3b 22 a5 17 f5 5b 8a d4 ea 9b b8 7e df 66 fb e2 fa 8b ad 8a 45 72 78 18 6e df d1 36 0c 09 b7 9a 6a 16 c3 98 f0 36 52 89 d4 91 45 39 17 a9 74 66 da b8 f1 73 98 32 ae 29 b6 c3 64 e0 e9 bf b6 0d Data Ascii: Q50FE~+Wo->1OC2)qezI0Vus%YhGeDtM[vi{Pw0qQC-,Gq{fpfhfy.jQOEU ^+8"\|yn\|+}hB!";"[~fErxn6j6RE9tfs2)d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49721	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:47 UTC	635	OUT	GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://mailsecurityref.weebly.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:47 UTC	629	IN	HTTP/1.1 200 OK Connection: close Content-Length: 45516 Server: nginx Content-Type: font/woff Last-Modified: Mon, 23 Sep 2024 18:05:57 GMT ETag: "66f1ae05-b1cc" Expires: Mon, 07 Oct 2024 22:00:07 GMT Cache-Control: max-age=1209600 X-Host: blu63.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sun, 29 Sep 2024 06:14:47 GMT Age: 461681 X-Served-By: cache-sjc1000141-SJC, cache-ewr-kewr1740076-EWR X-Cache: HIT, HIT X-Cache-Hits: 607, 83 X-Timer: S1727590487.093047,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b1 cc 00 0e 00 00 00 01 56 88 00 00 00 00 00 00 b0 60 00 00 01 6c 00 00 02 d8 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8e 75 b9 9a 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b c2 c8 63 76 74 20 00 00 af 0c 00 00 00 28 00 00 00 28 08 e6 08 b2 66 70 67 6d 00 00 af 34 00 00 00 b2 00 00 01 09 43 3e f0 88 67 61 73 70 00 00 ae fc 00 00 00 10 00 00 00 10 00 1a 00 23 67 6c 79 66 00 00 2c a0 00 00 82 5c 00 00 fa 88 8b a2 ff 97 68 65 61 64 00 00 01 64 00 00 00 36 00 00 00 36 08 9e a2 8d 68 68 65 61 00 00 08 94 00 00 00 21 00 00 00 24 07 7f 07 8b 68 6d 74 78 00 00 08 b8 00 00 06 5b 00 00 11 40 49 d4 97 45 6c 6f 63 61 00 00 24 48 00 00 08 57 00 00 08 a2 19 b2 db 42 6d 61 78 70 00 00 01 44 00 00 00 Data Ascii: wOFFV`lOS/2X`ucmapcvt ((fpgm4C>gasp#glyf,\headd66hhea!$hmtx[@IEloca$HWBmaxpD
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 0c c3 08 19 29 47 e5 0d 39 02 2d e3 24 5d d6 cb 26 73 8e f2 64 b4 9a 2b d9 72 c9 9c 2c b7 2c 92 3d 6a a1 5c 14 97 f8 34 d4 1c 95 2b 7f 97 15 6a a9 54 c8 2d 99 6d 4e 59 1b dd 4e 3e c0 54 7c 84 c9 98 8e 29 48 c2 02 a4 21 1d ab b0 06 6b b1 0f bb b0 07 d9 7c 10 27 70 06 a7 e0 42 31 4e cb 31 78 19 40 cd 9a ac c5 c6 8c e6 6e fe 86 31 fc 15 5b f0 d7 fc 1d 1f 61 2f 0e e4 2b ec cf 38 7e c4 7f f2 43 4e e4 75 a3 82 ab b8 8c 2b 98 ce 95 52 c8 b5 3c c4 83 cc 61 2e 3d bc c1 b3 98 c6 87 30 89 cd 91 c8 df 62 31 7b 62 09 7b 63 29 fb 60 19 fb 62 39 5f c2 0a be 8c 4f f9 2a 56 33 16 9f 70 00 d6 71 10 d6 73 30 b6 f0 5d 6c e5 7b f8 92 e3 90 c5 78 ec 30 3b 71 3b c7 e3 20 a7 60 3f 27 61 37 27 e0 00 27 63 2f 3f 40 2e 93 70 88 c9 38 cc 19 9c 89 23 4c 41 1e 53 71 94 b3 90 cf d9 28 Data Ascii: )G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@n1[a/+8~CNu+R<a.=0b1{b{c)`b9_O*V3pqs0]l{x0;q; `?'a7''c/?@.p8#LASq(
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: f7 f6 f9 89 e4 71 db 83 75 67 2d 7d cc 72 8c 74 56 52 4e f0 70 ea 6d 79 1e cb 8b 02 6c 0c f8 a4 20 d5 b4 35 7d 94 f5 53 16 f7 2b 72 9e 1c 25 ad a4 83 5c 22 c7 d9 3f d2 f3 67 a8 52 67 3c bf e6 fb 36 df bf 91 3a d5 48 1b 2c 25 77 21 55 fc 9d c1 6f 9b ea f9 37 52 6e 65 1f e2 0f 93 c6 fd 62 28 7a ce 4e cf d7 1a 3f bb 18 e5 71 7f 7b 1d f4 2a f6 89 1f a7 2f e6 9a 53 8d b4 5c b3 e6 ff 0a 7d 7b 10 f1 f1 03 21 be 7f 20 24 26 f8 c4 e3 89 c4 88 a4 e1 fd 1e a4 df 99 e9 ba 42 3c f6 24 22 b1 68 0d c2 7e 4c 4a 1e 77 57 b0 6e 62 da ef 8c 95 fb 6c 6c 0b b2 2e 81 16 9e 0b e3 9e 1f fb 70 c5 fd 9a ec 24 17 c9 71 b6 cd a0 fc 9e 74 93 1f 58 bf 59 da 18 8f fa c5 c9 38 bf 12 f1 43 1b 6c dc 0c 22 b1 33 69 dc 0b 43 d1 73 3e b4 f1 b9 b4 0f 13 a3 af 83 5e 46 db f4 7a f1 3b 11 13 cf Data Ascii: qug-}rtVRNpmyl 5}S+r%\"?gRg<6:H,%w!Uo7Rneb(zN?q{*/S\}{! $&B<$"h~LJwWnbll.p$qtXY8Cl"3iCs>^Fz;
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: af bb 67 b5 06 4e f2 e8 ae 49 ba 33 f9 00 19 e6 22 ea 05 dc d1 da 35 e6 2f 99 a9 6a 7d 74 a8 79 c3 4c 4c 77 1e 7d ec e3 00 11 4f 2d f4 69 08 1c 5b 0d fd 66 fd 1a 25 e3 57 bb d0 a7 0b ac 53 47 bf e7 2a b6 fe c3 fb 80 f3 9e ef cc 0f df bf bf a1 32 77 a1 29 66 4d c0 5a f9 e5 58 b0 aa 32 f4 a6 bd 21 7b 3a 13 e3 96 8a ba 5b 02 87 8c fc 90 7a fd 5d c4 ec c9 26 b2 8c 8e 89 61 dd eb f6 fb 6f ff d5 7f 73 dd da 2c 3b a5 d8 95 0e 3b a9 98 93 46 4d 62 c7 ac 43 6c f3 f6 73 fc 12 fc 4f 36 60 b6 28 00 00 00 78 da 6d 59 05 58 5c 57 16 3e 72 19 02 43 02 91 ba bb a7 a3 48 7d e4 41 48 08 a4 10 4a 92 4a 3a c0 00 93 0c 33 74 24 09 a9 bb bb 6c 7d eb ba 75 77 77 df ba bb eb ee b6 dd b6 bb 6d f7 bd 77 0f cc 65 b2 7c 1f fc f7 dc 77 ee f9 8f dc 77 de 7d 3c 20 70 7f fe 3c 12 66 c0 Data Ascii: gNI3"5/j}tyLLw}O-i[f%WSG*2w)fMZX2!{:[z]&aos,;;FMbClsO6`(xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<f
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: e1 03 f8 90 27 71 15 57 b3 97 6b 78 32 4f e1 5a ae e3 a9 3c 8d a7 f3 0c 5e 8d 57 e7 35 78 4d 5e 8b d7 e6 75 78 5d 5e 8f d7 e7 0d 78 43 de 88 37 e6 4d 78 53 de 8c 37 e7 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 8b 78 4f de 8b f7 e6 7d 78 31 ef cb 09 ee e5 3e ee e7 24 0f f0 20 0f 71 8a 97 f0 52 4e f3 30 67 38 cb 23 bc 1f e7 38 cf 05 2e f2 32 5e ce 2b 78 94 57 f2 fe 7c 00 1f c8 07 f1 c1 7c 08 1f ca 87 f1 e1 7c 04 1f c9 47 f1 d1 7c 0c 1f cb c7 f1 f1 7c 02 9f c8 27 f1 c9 7c 0a 9f ca a7 f1 e9 7c 06 9f c9 67 f1 5f f8 6c 3e 87 cf e5 f3 f8 7c be 80 2f e4 bf f2 45 Data Ascii: 'qWkx2OZ<^W5xM^ux]^xC7MxS7-xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 19 cc 25 96 25 bd 0b 4b 17 3d 0b dd 29 59 2e 19 6e 16 ba e6 46 cf 22 d7 5c f5 a2 d2 cd 94 d0 db 29 21 21 24 26 dc ea 7e c1 a0 60 58 30 2e d8 20 d8 24 d8 2c 18 95 9b 49 d6 47 65 7d 54 d6 47 1b 2a 13 49 1d 58 c2 05 77 cb 7b 13 a5 3b a6 2e 51 76 7f 4c 49 8c 45 2d ba 6e 9c ee b8 46 7c 17 41 07 e0 0a d5 09 a7 10 b2 c0 ad 86 d6 91 e0 4c 21 68 0a 61 53 88 9b 42 83 29 34 99 42 b3 29 44 0d 21 6a f2 44 4d 9e a8 c9 13 d5 a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc e2 94 fb 77 89 fb 37 5d ed fe 35 e2 f1 37 7b 07 8d 78 06 cb 5b 68 50 0d 39 3d 70 68 95 1e 18 f4 a4 f4 a6 Data Ascii: %%K=)Y.nF"\)!!$&~`X0. $,IGe}TG*IXw{;.QvLIE-nF\|AL!haSB)4B)D!jDMHRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=ph
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: c3 31 a5 e7 1d f5 b1 6d 51 2b 4a 63 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 b0 51 b0 49 30 22 18 15 8c 09 c6 05 2d 41 fd 1a 13 0a 88 1f 01 b1 1f 10 3f 02 e2 47 40 fc 08 88 1f 01 e1 0f 08 7f 40 f8 03 c2 1f 10 fe 80 f0 07 84 3f 20 fc 01 e1 0f 08 bf 4f f8 7c c2 e7 13 3e 9f d8 f3 89 3d 9f d8 f1 89 5d 9f d8 f1 89 9d 26 89 c3 27 fe f9 c4 3f 9f f8 e7 13 ff 9b 84 af 49 ec 46 45 d6 ff bb f2 f9 1b c5 5e d0 57 23 38 fe 8a 6f 0b 63 28 8b 82 e2 74 50 9c 0e 0a 49 78 4c 4f 9c 09 8a 33 41 71 26 28 c1 05 c5 89 a0 04 15 94 20 83 92 ac a0 04 19 14 a7 42 12 64 48 ec 87 c4 8f 90 f8 11 12 3f 42 e2 47 48 f8 43 c2 1f 12 fe Data Ascii: 1mQ+JcruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH?BGHC
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: a1 e6 6f e2 6e a2 37 07 6f 6e 55 f1 aa c2 55 5f 6f 89 6f e9 6f f5 de ca dc 1a bb 35 05 e0 80 52 00 00 b8 40 2d 80 02 66 c0 01 78 81 10 10 07 fa 80 21 60 1c d8 05 0e 81 33 a0 70 9b 78 5b 73 3b 72 7b 85 56 46 63 d2 20 9a 92 66 a2 35 d3 5a 69 1d b4 18 ad 97 96 a1 6d d2 76 69 87 b4 33 5a 81 4e a4 57 d0 99 74 88 ae a4 b7 d3 23 f4 24 7d 90 3e 4a 9f a4 cf d2 97 e9 eb f4 6d fa 0f 7a 81 41 64 54 30 98 0c 88 d1 ca e8 60 c4 18 bd 8c 0c 63 8c 31 c5 98 bf 53 74 c7 7b 27 74 27 7e a7 ef ce 16 13 60 26 98 c7 cc 3f d5 d6 6a 57 b5 bf 3a 5c 9d a8 1e a8 de ad 3e ac 3e ab 2e b0 88 ac 0a 16 93 05 b1 b2 ac 1c 6b 89 55 60 33 d9 10 5b c9 36 b1 9b d9 ad ec 0e 76 8c dd cb ce b0 c7 d8 53 ec 23 76 9e 7d 09 92 40 0b e8 04 7d 60 27 88 81 fd e0 30 38 01 ce 80 8b e0 67 70 13 dc 05 0f c1 Data Ascii: on7onUU_ooo5R@-fx!`3px[s;r{VFc f5Zimvi3ZNWt#$}>JmzAdT0`c1St{'t'~`&?jW:\>>.kU`3[6vS#v}@}`'08gp
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: fc 88 df e3 ef f5 6f bc a0 be 60 be 08 bd 58 7c 71 de 8e b4 eb db d3 ed 9f da 4f 5e 12 5e 9a 5f 0e bc cc bd dc 7a 99 0f 50 03 8e 40 2c 90 09 4c 07 e6 02 4b 81 2f 81 ef 81 fd c0 51 e0 3c 48 08 96 06 99 41 5e 50 1c 34 06 ad 41 7f 30 14 8c 06 07 83 c3 c1 b3 8e e6 8e d1 8e 89 8e a3 57 f6 57 8b af 4e 42 cc 10 16 da 0a 15 fe e1 fd 13 fe 67 b3 13 ea b4 74 ae bc 26 bf d6 be b6 be 76 bd 5e 7d 7d 1e 56 86 d3 e1 f9 70 fe df e6 7f 97 23 94 88 3e 32 1a d9 89 ec 77 41 5d 68 97 a5 cb db 15 e9 9a ea 5a e8 5a ef fa d9 95 8f 92 a3 fa a8 25 da 1a 8d 44 df 47 97 a2 fb d1 c2 1b e0 0d fc 66 f0 cd c2 9b ad 18 3f 16 88 0d c6 72 b1 8d d8 e5 5b c6 5b d7 db 89 b7 53 6f 77 e3 a5 71 7b 3c 1e 4f c7 b3 f1 d9 f8 61 37 a1 1b ed 36 76 7b bb b3 dd 1b dd df ba f7 bb 8f bb f3 dd 05 8c 80 95 Data Ascii: o`X\|qO^^_zP@,LK/Q<HA^P4A0WWNBgt&v^}}Vp#>2wA]hZZ%DGf?r[[Sowq{<Oa76v{
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 70 d2 dc 86 6e ba 8d 36 9b 3d 82 97 26 7a f6 dc 6a ef ac 86 b5 95 de b5 8d ad de ea b9 f5 43 f5 0d 43 f5 e4 86 46 4f 71 63 47 5e 5e 7b 98 a3 2a 2e be ca d1 56 56 d2 fe c1 82 98 e8 d6 f2 d2 36 9b ad ad b4 bc 35 3a 66 41 45 c9 9c e9 d9 73 4a 49 9f c3 91 95 95 1b 1c 9c 9b 25 fe 2b 37 4e a3 89 cb 4d cd 2e 2c cc 46 7e b2 4d 7c c1 e7 f3 47 60 dc b3 11 6b 0d 1b 79 bb 11 98 67 3c d5 18 a5 a1 23 cf 68 ec 96 30 2d f4 1b 79 4e 1a 1e 2c e3 d9 9a 58 95 5b da 66 8f ef f3 54 ac ac 60 f4 87 81 19 9a 49 56 cd 68 cc aa 48 69 2d 9d de 1a 77 6f 52 92 77 79 49 74 46 89 93 51 7f ff d2 be fd 0b 66 92 43 8b ac ee c4 d2 8a ec 74 20 e7 c4 04 67 07 7a 56 00 3d 79 4e 27 22 7d e5 ef ff 2d f9 15 ff 5f 92 5f 57 00 af ec 9e 2c bf 08 93 5f 24 c1 4f 80 51 de 6a 01 a2 27 d1 f9 1b cd 81 f0 Data Ascii: pn6=&zjCCFOqcG^^{*.VV65:fAEsJI%+7NM.,F~M\|G`kyg<#h0-yN,X[fT`IVhHi-woRwyItFQfCt gzV=yN'"}-__W,_$OQj'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49722	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:47 UTC	634	OUT	GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://mailsecurityref.weebly.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:47 UTC	631	IN	HTTP/1.1 200 OK Connection: close Content-Length: 46052 Server: nginx Content-Type: font/woff Last-Modified: Tue, 24 Sep 2024 21:01:35 GMT ETag: "66f328af-b3e4" Expires: Tue, 08 Oct 2024 22:28:31 GMT Cache-Control: max-age=1209600 X-Host: blu107.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sun, 29 Sep 2024 06:14:47 GMT Age: 373575 X-Served-By: cache-sjc1000121-SJC, cache-ewr-kewr1740062-EWR X-Cache: HIT, HIT X-Cache-Hits: 240, 104 X-Timer: S1727590487.093165,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b3 e4 00 0e 00 00 00 01 57 a4 00 00 00 00 00 00 b2 78 00 00 01 6c 00 00 02 d7 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8d 3e b9 af 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b c2 c8 63 76 74 20 00 00 b1 24 00 00 00 28 00 00 00 28 08 b6 08 99 66 70 67 6d 00 00 b1 4c 00 00 00 b2 00 00 01 09 43 3e f0 88 67 61 73 70 00 00 b1 14 00 00 00 10 00 00 00 10 00 1a 00 23 67 6c 79 66 00 00 2c 94 00 00 84 7f 00 00 fb c8 be a3 8f 3c 68 65 61 64 00 00 01 64 00 00 00 36 00 00 00 36 08 84 a2 8a 68 68 65 61 00 00 08 94 00 00 00 21 00 00 00 24 07 64 07 72 68 6d 74 78 00 00 08 b8 00 00 06 5c 00 00 11 40 1b e8 b2 08 6c 6f 63 61 00 00 24 3c 00 00 08 57 00 00 08 a2 a3 9d 64 f8 6d 61 78 70 00 00 01 44 00 00 00 Data Ascii: wOFFWxlOS/2X`>cmapcvt $((fpgmLC>gasp#glyf,<headd66hhea!$drhmtx\@loca$<WdmaxpD
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 0c c3 08 19 29 47 e5 0d 39 02 2d e3 24 5d d6 cb 26 73 8e f2 64 b4 9a 2b d9 72 c9 9c 2c b7 2c 92 3d 6a a1 5c 14 97 f8 34 d4 1c 95 2b 7f 97 15 6a a9 54 c8 2d 99 6d 4e 59 1b dd 4e 3e c0 54 7c 84 c9 98 8e 29 48 c2 02 a4 21 1d ab b0 06 6b b1 0f bb b0 07 d9 7c 10 27 70 06 a7 e0 42 31 4e cb 31 78 19 40 cd 9a ac c5 c6 8c e6 6e fe 86 31 fc 15 5b f0 d7 fc 1d 1f 61 2f 0e e4 2b ec cf 38 7e c4 7f f2 43 4e e4 75 a3 82 ab b8 8c 2b 98 ce 95 52 c8 b5 3c c4 83 cc 61 2e 3d bc c1 b3 98 c6 87 30 89 cd 91 c8 df 62 31 7b 62 09 7b 63 29 fb 60 19 fb 62 39 5f c2 0a be 8c 4f f9 2a 56 33 16 9f 70 00 d6 71 10 d6 73 30 b6 f0 5d 6c e5 7b f8 92 e3 90 c5 78 ec 30 3b 71 3b c7 e3 20 a7 60 3f 27 61 37 27 e0 00 27 63 2f 3f 40 2e 93 70 88 c9 38 cc 19 9c 89 23 4c 41 1e 53 71 94 b3 90 cf d9 28 Data Ascii: )G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@n1[a/+8~CNu+R<a.=0b1{b{c)`b9_O*V3pqs0]l{x0;q; `?'a7''c/?@.p8#LASq(
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 26 fd 44 fa 38 9d c1 ba b9 9b 3e a6 0e 63 cc 7c fa 9b 3e 17 53 e4 4a fa 8a 31 66 7c 80 f9 01 9f 14 a4 82 7b 2f be c8 f5 53 1e ce e7 e4 77 12 27 3b c9 8f a4 97 1c a1 7d 94 eb cf d0 a0 f6 ba 7e cd f7 6d be 7f b3 b6 52 ee 41 0d 29 46 58 fc 9d e5 06 4f 37 cd f5 6f e4 66 4f 26 11 7f 98 36 ce f1 ab 69 67 f6 b8 be d6 fa d9 66 d4 93 46 eb 6f 07 40 df c5 36 e2 c7 e9 8b 55 3d 89 24 f9 c7 9c ff 2d f4 ed 41 c4 c7 0f 86 f8 fe c1 90 98 e0 93 88 27 e2 cb d3 c6 ee e3 a0 76 53 8b e1 42 22 f6 a4 b2 ce c6 a0 bc 44 4c 1a 98 c5 83 db 9c 83 fd ea 12 d3 be 61 ac fc c8 8b 6d 41 36 a5 f0 02 cf 85 71 cf 8f 7d e8 72 f6 92 f7 48 2f f9 89 ba 05 94 c7 c8 79 72 94 f5 4c d1 e9 cd fd e3 64 82 4e 72 8a 7d 6e f0 e2 66 10 89 9d e9 93 71 35 ed cc 27 5e 7c 9e 94 c4 c6 e8 01 90 3b 6a 7a dd f8 Data Ascii: &D8>c\|>SJ1f\|{/Sw';}~mRA)FXO7ofO&6igfFo@6U=$-A'vSB"DLamA6q}rH/yrLdNr}nfq5'^\|;jz
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 43 a2 a9 8a bb 28 31 16 92 cf e5 89 e4 ef e0 91 9d 65 ad 8d 09 19 bb cc 8b a8 cd a6 8a 33 9c 23 64 cf c6 12 83 85 ba 66 68 29 6d b2 a3 ec 64 61 9f 55 f2 4e 15 1c fd bf ce 15 95 0b 8d 25 5c 2f 55 ff 76 17 8b 11 39 73 89 22 e6 b8 9c b7 f8 56 6b 31 cb 5f fb a2 f6 9a 33 19 89 a8 c0 53 93 b2 70 41 ab ad c9 97 ef 1f 71 1e 87 28 d3 26 ca d6 4d 6e 3e eb bf ad 5a 7e b5 79 6e 99 93 0a 38 95 09 67 19 30 26 14 9b c0 89 f2 3d 1c f3 e5 ab fc 17 38 5f d7 76 ae 20 00 00 00 78 da 6d 59 05 58 5c 57 16 3e 72 19 02 43 02 91 ba bb a7 a3 48 7d e4 41 48 08 a4 10 4a 92 4a 3a c0 00 93 0c 33 74 24 09 a9 bb bb 6c 7d eb ba 75 77 77 df ba bb eb ee b6 dd b6 bb 6d f7 bd 77 0f cc 65 b2 7c 1f fc f7 dc 77 ee f9 8f dc 77 de 7d 3c 20 70 7f fe 3c 12 66 c0 ff f9 51 f3 00 90 80 80 91 51 c1 74 Data Ascii: C(1e3#dfh)mdaUN%\/Uv9s"Vk1_3SpAq(&Mn>Z~yn8g0&=8_v xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<fQQt
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 32 4f e1 5a ae e3 a9 3c 8d a7 f3 0c 5e 8d 57 e7 35 78 4d 5e 8b d7 e6 75 78 5d 5e 8f d7 e7 0d 78 43 de 88 37 e6 4d 78 53 de 8c 37 e7 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 8b 78 4f de 8b f7 e6 7d 78 31 ef cb 09 ee e5 3e ee e7 24 0f f0 20 0f 71 8a 97 f0 52 4e f3 30 67 38 cb 23 bc 1f e7 38 cf 05 2e f2 32 5e ce 2b 78 94 57 f2 fe 7c 00 1f c8 07 f1 c1 7c 08 1f ca 87 f1 e1 7c 04 1f c9 47 f1 d1 7c 0c 1f cb c7 f1 f1 7c 02 9f c8 27 f1 c9 7c 0a 9f ca a7 f1 e9 7c 06 9f c9 67 f1 5f f8 6c 3e 87 cf e5 f3 f8 7c be 80 2f e4 bf f2 45 7c 31 5f c2 97 f2 65 7c 39 5f c1 57 Data Ascii: 2OZ<^W5xM^ux]^xC7MxS7-xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E\|1_e\|9_W
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 29 59 2e 19 6e 16 ba e6 46 cf 22 d7 5c f5 a2 d2 cd 94 d0 db 29 21 21 24 26 dc ea 7e c1 a0 60 58 30 2e d8 20 d8 24 d8 2c 18 95 9b 49 d6 47 65 7d 54 d6 47 1b 2a 13 49 1d 58 c2 05 77 cb 7b 13 a5 3b a6 2e 51 76 7f 4c 49 8c 45 2d ba 6e 9c ee b8 46 7c 17 41 07 e0 0a d5 09 a7 10 b2 c0 ad 86 d6 91 e0 4c 21 68 0a 61 53 88 9b 42 83 29 34 99 42 b3 29 44 0d 21 6a f2 44 4d 9e a8 c9 13 d5 a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc e2 94 fb 77 89 fb 37 5d ed fe 35 e2 f1 37 7b 07 8d 78 06 cb 5b 68 50 0d 39 3d 70 68 95 1e 18 f4 a4 f4 a6 4d 49 58 29 09 2b 65 f6 40 09 2b 16 Data Ascii: )Y.nF"\)!!$&~`X0. $,IGe}TG*IXw{;.QvLIE-nF\|AL!haSB)4B)D!jDMHRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=phMIX)+e@+
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 b0 51 b0 49 30 22 18 15 8c 09 c6 05 2d 41 fd 1a 13 0a 88 1f 01 b1 1f 10 3f 02 e2 47 40 fc 08 88 1f 01 e1 0f 08 7f 40 f8 03 c2 1f 10 fe 80 f0 07 84 3f 20 fc 01 e1 0f 08 bf 4f f8 7c c2 e7 13 3e 9f d8 f3 89 3d 9f d8 f1 89 5d 9f d8 f1 89 9d 26 89 c3 27 fe f9 c4 3f 9f f8 e7 13 ff 9b 84 af 49 ec 46 45 d6 ff bb f2 f9 1b c5 5e d0 57 23 38 fe 8a 6f 0b 63 28 8b 82 e2 74 50 9c 0e 0a 49 78 4c 4f 9c 09 8a 33 41 71 26 28 c1 05 c5 89 a0 04 15 94 20 83 92 ac a0 04 19 14 a7 42 12 64 48 ec 87 c4 8f 90 f8 11 12 3f 42 e2 47 48 f8 43 c2 1f 12 fe 90 f0 87 84 3f 24 fc 21 e1 0f 09 7f Data Ascii: ruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH?BGHC?$!
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 04 29 69 2d 99 2d 59 2a 59 2b d9 02 a8 00 17 50 00 26 c0 0a 38 00 2f 10 04 e2 c0 28 30 0d 24 81 15 e0 2b 70 5d 8a 2e c5 97 92 4a 99 a5 ad a5 93 a5 07 a4 6a 92 81 84 90 1c 24 2f 29 48 8a 93 46 49 d3 a4 24 69 85 74 4e ba 21 63 c9 04 32 85 cc 22 4b c8 06 32 42 76 90 13 e4 29 f2 1c 79 99 bc 4e 4e 91 b7 c9 07 e4 0c f9 92 7c 47 a1 52 b8 14 05 c5 44 b1 52 86 28 e3 94 8f 94 05 ca 67 ca 26 e5 07 e5 77 19 ab 6c a4 6c b2 6c b6 6c a9 ec aa dc 50 9e ac c0 57 94 57 04 2b e2 15 a3 15 d3 15 c9 8a 95 8a 3b 6a 3e b5 98 0a 52 f9 54 15 b5 8e 6a a3 fe a4 ee 51 8f 69 4c 1a 4c 6b a1 79 68 9d b4 18 2d 41 9b a2 cd d1 96 69 eb b4 14 6d 1b 24 80 14 90 05 4a c0 10 f8 01 1c 03 67 c0 79 70 15 dc 00 d3 e0 2e 78 04 9e 81 d7 74 34 1d 4f 27 d1 99 74 11 5d 47 87 e9 2d 74 0f 7d 8e be 43 3f Data Ascii: )i--Y*Y+P&8/(0$+p].Jj$/)HFI$itN!c2"K2Bv)yNN\|GRDR(g&wllllPWW+;j>RTjQiLLkyh-Aim$Jgyp.xt4O't]G-t}C?
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: e5 e9 f0 2c 7b d6 3c 57 af 25 af 3d af 3f bc de 7c 7d eb 2d f7 1a bd 7e ef 98 37 ed 3d f5 a1 7c 24 1f e8 83 7c 2a 1f ec b3 f9 9c be 0e 5f cc 37 ec 9b f6 cd fa 16 7c eb be 6f be 3d df 91 2f e3 bb f5 63 fd 7e 7f fa 0d ee 0d f1 8d fb cd af 76 51 7b 7b fb 5c fb f5 5b e4 6d fc ed d2 db eb 0e 47 c7 66 c7 fe 3b cb bb e4 bb dd 77 47 ef ce 02 f6 c0 78 60 fb 7d f1 7b f3 fb b1 f7 a7 9d 96 ce a5 ce bd 2e a8 ab bd ab b7 2b d5 b5 d3 75 d4 75 15 cc 0e 6a 82 70 b0 35 18 0d 8e 05 17 82 fb c1 3f c1 ab ee dc 6e b0 db d2 1d ee 9e ee fe d2 9d 0e 51 43 70 c8 1f da ea c1 f6 30 7b cc 3d ed 3d 33 3d eb 3d 7f 7b 25 bd 9a de 50 ef 52 ef 69 1f be af b8 4f d6 67 ea 8b f7 25 fb 7e f7 1d f6 dd 84 15 61 6f b8 33 1c 0d 0f 87 c7 c3 33 e1 64 78 39 bc 16 fe 16 fe 11 de 0d 1f 86 33 e1 8b f0 Data Ascii: ,{<W%=?\|}-~7=\|$\|*_7\|o=/c~vQ{{\[mGf;wGx`}{.+uujp5?nQCp0{==3=={%PRiOg%~ao33dx93
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 4d fa f2 85 2d 0d 03 8d 6b ab aa d6 36 0d 34 b6 2c 6c d8 d0 d4 bc a1 9e 5c 12 ac ab ef 1f 72 bb 87 62 2a 3a 52 53 3b 2b 16 36 36 2c 7c 6f 51 82 d0 57 5b d9 6d b7 77 57 d6 f6 09 09 8b ea 7d fd 45 45 fd 3e b2 b5 a6 c6 e5 f1 44 47 7b 3c e2 3f 2b 32 34 9a 8c 8a bc f2 86 06 3a 06 65 93 5f f0 69 fc 9d f2 18 68 d8 c8 3b 84 38 18 83 2c 21 41 43 47 9e 11 b8 dc 21 a1 5a 2e 33 38 0a 0d 4e 1a 1a 2c e3 db 95 d6 ec 6c 98 e3 20 c9 6b aa 6b 57 00 f5 db ae d8 45 47 85 ac eb ef 71 b6 d9 60 1c 16 a6 5c 6e b5 05 2e 6c 16 18 f1 ab 56 d4 3c be 77 e8 d0 50 2f b9 6b 53 61 a3 b5 cd ef 2d 06 72 4e 4e 72 45 40 cf 02 a0 27 cf 69 bf 46 fa ca df ff b7 64 59 94 5a 96 c1 5f 35 53 65 59 41 a3 22 cb e6 3a 2f 6b 01 59 e6 2d 9a 2b 1e 9b 49 96 9d 0f 3f 76 4f 95 65 84 c9 32 52 74 b5 eb 14 0a Data Ascii: M-k64,l\rb*:RS;+66,\|oQW[mwW}EE>DG{<?+24:e_ih;8,!ACG!Z.38N,l kkWEGq`\n.lV<wP/kSa-rNNrE@'iFdYZ_5SeYA":/kY-+I?vOe2Rt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49723	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:47 UTC	370	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:47 UTC	620	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Fri, 27 Sep 2024 14:31:34 GMT ETag: "66f6c1c6-e9c" Expires: Fri, 27 Sep 2024 15:11:49 GMT Cache-Control: max-age=300 X-Host: grn157.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sun, 29 Sep 2024 06:14:47 GMT Age: 140878 X-Served-By: cache-sjc10042-SJC, cache-ewr-kewr1740030-EWR X-Cache: HIT, HIT X-Cache-Hits: 41, 6 X-Timer: S1727590488.711304,VS0,VE0 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+*
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 6f 8a bb 55 71 87 ba bb 2b ee ee ee ee 33 e7 3d bb 67 64 97 cf e1 ff 29 3a bf 67 ce 39 ef 3b ef ce e5 03 48 0e 1c 74 09 c4 e0 21 dd 69 1b 7a 45 2b 88 ff 0f cb 27 99 5b 56 08 a5 fc ca e6 ed e9 18 3e 62 e4 28 f8 f5 1d 3d a6 28 46 d2 2a 1a 3b ae 6d ca b8 62 7c bb 09 51 00 13 fd 71 27 4d 9e 32 75 5a 01 92 3a 77 9b 5e 7f d2 e5 33 66 42 cc aa 49 2d 34 5b 7e 3f 99 5a ad 39 b0 45 5b 84 a8 fd 6b b0 9d 7d ee 40 ba 0c 3d 36 0a 97 79 75 2c 1a d9 83 e6 07 e3 1a 43 17 44 02 71 45 c5 02 88 73 17 52 14 5d 25 69 73 a8 e9 fe 57 18 62 52 e8 6a 00 d7 d0 a8 d3 aa 61 03 fa 8c b8 d6 3c bf ae a3 4f ec e2 f2 60 5c e3 fa 0b 02 87 41 3b 0e 8e 1b 6e 64 52 0b d8 6e a2 db b1 28 ce a4 4b e3 62 dc 4c b7 5b 18 64 dd 1a 85 d2 34 c4 a0 9c 05 c1 b8 c6 80 dc 34 71 79 1b 80 db 3d 6b 73 07 70 Data Ascii: oUq+3=gd):g9;Ht!izE+'[V>b(=(F*;mb\|Qq'M2uZ:w^3fBI-4[~?Z9E[k}@=6yu,CDqEsR]%isWbRja<O`\A;ndRn(KbL[d44qy=ksp
2024-09-29 06:14:47 UTC	984	IN	Data Raw: 51 95 b6 35 30 a6 d0 d6 1a 46 a1 ff 45 e1 7e 2a cf b9 af 2b b6 df 57 17 6f aa 2d 3e 31 aa 4f 43 11 93 8e b9 32 1e dd 98 29 71 c5 65 7a f1 87 9e 01 f1 49 30 ae 94 b7 56 d2 c3 75 d2 cc 73 bc 1d 8c 25 f2 59 c9 68 47 65 0a 44 74 4d 86 0e 5b 76 bb aa d0 cf 69 7b 1a a2 d7 50 8a 8a 77 0a f4 01 30 71 51 43 2d f7 98 2c 88 47 ac 14 71 7b c2 f8 9a 66 10 70 1d b7 1e 66 f3 a3 8b 68 9b 1c 85 66 a6 e5 79 d0 2e 6a 51 b3 4f 45 9d aa 55 20 5e a5 ad 1a b4 e8 ba a9 0b 2b 9e bc eb ac 38 c4 22 89 ab ed 7c 79 fd 6e b3 7c 8b 19 8c 2b c5 a6 7d 68 86 42 cf 8f ea 21 e1 1b 2a d7 22 a1 1e b5 d7 3b 22 a5 17 f5 5b 8a d4 ea 9b b8 7e df 66 fb e2 fa 8b ad 8a 45 72 78 18 6e df d1 36 0c 09 b7 9a 6a 16 c3 98 f0 36 52 89 d4 91 45 39 17 a9 74 66 da b8 f1 73 98 32 ae 29 b6 c3 64 e0 e9 bf b6 0d Data Ascii: Q50FE~+Wo->1OC2)qezI0Vus%YhGeDtM[vi{Pw0qQC-,Gq{fpfhfy.jQOEU ^+8"\|yn\|+}hB!";"[~fErxn6j6RE9tfs2)d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49724	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:47 UTC	607	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:47 UTC	646	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1406 Server: nginx Content-Type: image/x-icon Last-Modified: Thu, 19 Sep 2024 13:36:37 GMT ETag: "66ec28e5-57e" Expires: Fri, 20 Sep 2024 08:58:07 GMT Cache-Control: max-age=300 X-Host: grn182.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 768100 Date: Sun, 29 Sep 2024 06:14:47 GMT X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740066-EWR X-Cache: HIT, HIT X-Cache-Hits: 54, 0 X-Timer: S1727590488.801341,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-29 06:14:47 UTC	1378	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(
2024-09-29 06:14:47 UTC	28	IN	Data Raw: ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49726	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:49 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 06:14:49 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=124213 Date: Sun, 29 Sep 2024 06:14:49 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49727	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:50 UTC	361	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:14:50 UTC	646	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1406 Server: nginx Content-Type: image/x-icon Last-Modified: Thu, 19 Sep 2024 13:36:37 GMT ETag: "66ec28e5-57e" Expires: Fri, 20 Sep 2024 08:58:07 GMT Cache-Control: max-age=300 X-Host: grn182.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Sun, 29 Sep 2024 06:14:50 GMT Age: 768103 X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740065-EWR X-Cache: HIT, HIT X-Cache-Hits: 54, 1 X-Timer: S1727590490.180579,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-29 06:14:50 UTC	1378	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(
2024-09-29 06:14:50 UTC	28	IN	Data Raw: ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 ff ff 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49728	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 06:14:51 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=124241 Date: Sun, 29 Sep 2024 06:14:51 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 06:14:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49730	20.7.1.246	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:14:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 67 6f 4f 4d 6e 2b 6d 2f 6b 4f 55 38 69 4e 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 35 35 64 32 33 63 65 61 34 34 61 65 37 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: agoOMn+m/kOU8iNr.1Context: 4f55d23cea44ae72
2024-09-29 06:14:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 06:14:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 61 67 6f 4f 4d 6e 2b 6d 2f 6b 4f 55 38 69 4e 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 35 35 64 32 33 63 65 61 34 34 61 65 37 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: agoOMn+m/kOU8iNr.2Context: 4f55d23cea44ae72<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-29 06:14:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 61 67 6f 4f 4d 6e 2b 6d 2f 6b 4f 55 38 69 4e 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 35 35 64 32 33 63 65 61 34 34 61 65 37 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: agoOMn+m/kOU8iNr.3Context: 4f55d23cea44ae72<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 06:14:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 06:14:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 70 42 79 76 69 74 4a 57 6b 36 36 51 4e 6e 49 39 31 4c 50 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ipByvitJWk66QNnI91LPiQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49735	20.7.1.246	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 42 76 38 46 41 41 38 69 55 61 67 48 35 57 37 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 30 62 30 39 36 34 36 61 36 65 62 30 63 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: fBv8FAA8iUagH5W7.1Context: 500b09646a6eb0cb
2024-09-29 06:15:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 06:15:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 42 76 38 46 41 41 38 69 55 61 67 48 35 57 37 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 30 62 30 39 36 34 36 61 36 65 62 30 63 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: fBv8FAA8iUagH5W7.2Context: 500b09646a6eb0cb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-29 06:15:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 42 76 38 46 41 41 38 69 55 61 67 48 35 57 37 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 30 62 30 39 36 34 36 61 36 65 62 30 63 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: fBv8FAA8iUagH5W7.3Context: 500b09646a6eb0cb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 06:15:03 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 06:15:03 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 2f 2b 57 4f 34 63 79 72 55 43 35 39 42 76 59 41 53 32 76 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Y/+WO4cyrUC59BvYAS2vhg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49737	74.115.51.8	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:06 UTC	1144	OUT	GET / HTTP/1.1 Host: mailsecurityref.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw
2024-09-29 06:15:06 UTC	438	IN	HTTP/1.1 404 Not Found Date: Sun, 29 Sep 2024 06:15:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 8ca9d639ac057d24-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Set-Cookie: language=en; expires=Sun, 13-Oct-2024 06:15:06 GMT; Max-Age=1209600; path=/ Vary: X-W-SSL,User-Agent X-Host: blu70.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Server: cloudflare
2024-09-29 06:15:06 UTC	931	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 32 37 34 34 38 36 39 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1727448693"></script><title>404
2024-09-29 06:15:06 UTC	1369	IN	Data Raw: 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d Data Ascii: ts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';src: url("//cdn2.editmysite.com
2024-09-29 06:15:06 UTC	1369	IN	Data Raw: 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 77 61 72 6e 69 6e 67 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 32 39 70 78 20 34 30 70 78 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 34 44 34 44 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 Data Ascii: 0;}.warning-container {padding: 29px 40px;padding-bottom: 0;box-sizing: border-box;text-align: center;background-color: white;border: 1px solid #D4D4D4;height: 335px;width: 484px;margin: 0 auto;margin-top: 1
2024-09-29 06:15:06 UTC	247	IN	Data Raw: 3e 0a 09 09 3c 68 72 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 73 70 61 6e 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 63 68 65 63 6b 2d 75 72 6c 22 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 2e 3c 2f 70 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 6f 74 68 65 72 77 69 73 65 22 3e 4f 74 68 65 72 77 69 73 65 2c 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 20 74 6f 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 2e 3c 2f 70 3e 0a 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ><hr><div class="bottom-content"><span><p class="check-url">Please check the URL.</p><p class="otherwise">Otherwise, <a href="/">click here</a> to be redirected to the homepage.</p></span></div></div></body></html>
2024-09-29 06:15:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49736	74.115.51.8	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:06 UTC	998	OUT	GET /gdpr/gdprscript.js?buildTime=1727448693 HTTP/1.1 Host: mailsecurityref.weebly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: is_mobile=0; language=en; cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=z0P79pm5aXhZNTsfobzDgcZd5.jkchzmgZ6Bn59FEEs-1727590485-1.0.1.1-Xe7YOLD9kRP57uOdC7BFDgeXxIdMXn9PsXyscqFauigcrycuG0jIoX1UVCZztrdL.cbasujTDTKrDNIIWlJuJw
2024-09-29 06:15:06 UTC	438	IN	HTTP/1.1 404 Not Found Date: Sun, 29 Sep 2024 06:15:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Ray: 8ca9d63b2996c34e-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Set-Cookie: language=en; expires=Sun, 13-Oct-2024 06:15:06 GMT; Max-Age=1209600; path=/ Vary: X-W-SSL,User-Agent X-Host: grn91.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Server: cloudflare
2024-09-29 06:15:06 UTC	931	IN	Data Raw: 66 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 37 32 37 34 34 38 36 39 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 Data Ascii: f45<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1727448693"></script><title>404
2024-09-29 06:15:06 UTC	1369	IN	Data Raw: 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d Data Ascii: ts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';src: url("//cdn2.editmysite.com
2024-09-29 06:15:06 UTC	1369	IN	Data Raw: 20 30 3b 0a 09 09 7d 0a 0a 09 09 2e 77 61 72 6e 69 6e 67 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 32 39 70 78 20 34 30 70 78 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 34 44 34 44 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 Data Ascii: 0;}.warning-container {padding: 29px 40px;padding-bottom: 0;box-sizing: border-box;text-align: center;background-color: white;border: 1px solid #D4D4D4;height: 335px;width: 484px;margin: 0 auto;margin-top: 1
2024-09-29 06:15:06 UTC	247	IN	Data Raw: 3e 0a 09 09 3c 68 72 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 73 70 61 6e 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 63 68 65 63 6b 2d 75 72 6c 22 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 2e 3c 2f 70 3e 0a 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 6f 74 68 65 72 77 69 73 65 22 3e 4f 74 68 65 72 77 69 73 65 2c 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 20 74 6f 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 2e 3c 2f 70 3e 0a 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ><hr><div class="bottom-content"><span><p class="check-url">Please check the URL.</p><p class="otherwise">Otherwise, <a href="/">click here</a> to be redirected to the homepage.</p></span></div></div></body></html>
2024-09-29 06:15:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49738	151.101.1.46	443	2616	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:07 UTC	697	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" If-None-Match: "66f6c1c6-e9c" If-Modified-Since: Fri, 27 Sep 2024 14:31:34 GMT sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mailsecurityref.weebly.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:07 UTC	387	IN	HTTP/1.1 304 Not Modified Connection: close Date: Sun, 29 Sep 2024 06:15:07 GMT Via: 1.1 varnish Cache-Control: max-age=300 ETag: "66f6c1c6-e9c" Expires: Fri, 27 Sep 2024 15:11:49 GMT Age: 140898 X-Served-By: cache-ewr-kewr1740046-EWR X-Cache: HIT X-Cache-Hits: 3 X-Timer: S1727590507.242905,VS0,VE0 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49739	20.7.1.246	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:17 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 75 38 5a 6c 31 76 6a 56 45 79 48 65 66 4e 36 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 36 33 30 33 61 38 36 31 33 64 30 63 37 34 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: uu8Zl1vjVEyHefN6.1Context: f6303a8613d0c746
2024-09-29 06:15:17 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 06:15:17 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 75 38 5a 6c 31 76 6a 56 45 79 48 65 66 4e 36 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 36 33 30 33 61 38 36 31 33 64 30 63 37 34 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: uu8Zl1vjVEyHefN6.2Context: f6303a8613d0c746<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-29 06:15:17 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 75 38 5a 6c 31 76 6a 56 45 79 48 65 66 4e 36 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 36 33 30 33 61 38 36 31 33 64 30 63 37 34 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: uu8Zl1vjVEyHefN6.3Context: f6303a8613d0c746<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 06:15:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 06:15:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 30 55 37 65 78 69 47 71 6b 4f 5a 6e 35 44 4d 6e 49 55 4f 68 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: T0U7exiGqkOZn5DMnIUOhA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49741	20.7.1.246	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 70 45 68 6f 79 6e 6d 7a 78 55 69 2f 6d 31 5a 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 30 35 61 30 63 63 34 32 30 39 34 62 36 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: pEhoynmzxUi/m1ZH.1Context: 9c05a0cc42094b6c
2024-09-29 06:15:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 06:15:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 70 45 68 6f 79 6e 6d 7a 78 55 69 2f 6d 31 5a 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 30 35 61 30 63 63 34 32 30 39 34 62 36 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: pEhoynmzxUi/m1ZH.2Context: 9c05a0cc42094b6c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-29 06:15:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 70 45 68 6f 79 6e 6d 7a 78 55 69 2f 6d 31 5a 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 30 35 61 30 63 63 34 32 30 39 34 62 36 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: pEhoynmzxUi/m1ZH.3Context: 9c05a0cc42094b6c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 06:15:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 06:15:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 34 41 48 41 49 4c 50 4e 45 32 52 63 69 45 4e 74 77 76 50 41 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: n4AHAILPNE2RciENtwvPAg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49744	20.7.1.246	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:16:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 41 42 69 37 38 6f 2b 78 55 61 46 74 73 2f 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 66 31 64 35 34 61 38 36 66 64 61 35 32 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: fABi78o+xUaFts/e.1Context: 2cf1d54a86fda52c
2024-09-29 06:16:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 06:16:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 41 42 69 37 38 6f 2b 78 55 61 46 74 73 2f 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 66 31 64 35 34 61 38 36 66 64 61 35 32 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: fABi78o+xUaFts/e.2Context: 2cf1d54a86fda52c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-29 06:16:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 41 42 69 37 38 6f 2b 78 55 61 46 74 73 2f 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 66 31 64 35 34 61 38 36 66 64 61 35 32 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: fABi78o+xUaFts/e.3Context: 2cf1d54a86fda52c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 06:16:03 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 06:16:03 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 44 76 6f 61 71 38 53 30 36 45 71 45 75 42 61 50 46 4f 69 75 41 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Dvoaq8S06EqEuBaPFOiuAA.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5328, Parent PID: 5876

General

Target ID:	0
Start time:	02:14:37
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2616, Parent PID: 5328

General

Target ID:	2
Start time:	02:14:41
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2220,i,10968166353073153794,4525681176389252038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5232, Parent PID: 5876

General

Target ID:	3
Start time:	02:14:44
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mailsecurityref.weebly.com/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mailsecurityref.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5328, Parent PID: 5876

General

Chronological Activities

Analysis Process: chrome.exePID: 2616, Parent PID: 5328

General

Chronological Activities

Analysis Process: chrome.exePID: 5232, Parent PID: 5876

Windows Analysis Report
https://mailsecurityref.weebly.com/