Edit tour

Windows Analysis Report
http://theglassguru.com

Overview

General Information

Sample URL:	http://theglassguru.com
Analysis ID:	1524371
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1984,i,17754463736748942375,16654701587173049969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://theglassguru.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49785 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49782 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49785 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.theglassguru.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2020/12/vanilla-ice-project.png HTTP/1.1Host: www.theglassguru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.theglassguru.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_google_apps_login=8bd44ec6beae3a0126041d931ab98817
Source: global traffic	HTTP traffic detected: GET /pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677eef7f7c2a HTTP/1.1Host: data.adxcel-ec2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.theglassguru.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pdm/dist/svgs/quote.svg HTTP/1.1Host: www.theglassguru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_google_apps_login=8bd44ec6beae3a0126041d931ab98817
Source: global traffic	HTTP traffic detected: GET /pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677eef7f7c2a HTTP/1.1Host: data.adxcel-ec2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: theglassguru.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: theglassguru.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_43.2.dr	String found in binary or memory: <a href="https://www.youtube.com/watch?v=fPiZwSNfRbA" target="_blank"><img fetchpriority="high" decoding="async" src="https://www.theglassguru.com/wp-content/uploads/2024/06/theglassguru.com-youtube.webp" alt="" width="980" height="552" class="aligncenter size-full wp-image-16412" style="min-width:98%;" /></a> equals www.youtube.com (Youtube)
Source: chromecache_43.2.dr	String found in binary or memory: "embedUrl": "https://www.youtube.com/embed/fPiZwSNfRbA", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: theglassguru.com
Source: global traffic	DNS traffic detected: DNS query: www.theglassguru.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: majorbrdide.com
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: data.adxcel-ec2.com

Source: chromecache_43.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_43.2.dr	String found in binary or memory: http://schema.org/WatchAction
Source: chromecache_43.2.dr	String found in binary or memory: http://theglassguru.com/services/shower-bath/
Source: chromecache_43.2.dr	String found in binary or memory: http://theglassgurufranchise.com/
Source: chromecache_43.2.dr	String found in binary or memory: https://api.w.org/
Source: chromecache_43.2.dr	String found in binary or memory: https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677ee
Source: chromecache_43.2.dr	String found in binary or memory: https://kcseopro.com/wordpress-seo-structured-data-schema-plugin/
Source: chromecache_43.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_43.2.dr	String found in binary or memory: https://schema.org/
Source: chromecache_43.2.dr	String found in binary or memory: https://theglassguru.careerplug.com/account
Source: chromecache_43.2.dr	String found in binary or memory: https://wp-rocket.me
Source: chromecache_43.2.dr	String found in binary or memory: https://www.google.com/maps/search/?api=1&query=The
Source: chromecache_43.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=GT-NNM9PH9
Source: chromecache_43.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-111185122-1
Source: chromecache_43.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_43.2.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-MJJXDWG
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/#/schema/logo/image/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/#breadcrumb
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/#organization
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/#primaryimage
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/#website
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/?s=
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/about-us/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/blog/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/faqs/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/financing/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/free-estimate/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/gallery/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/locations/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/privacy-policy/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/reviews/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/commercial-2/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/commercial-2/commercial-storefront/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/doors/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/doors/door-glass-inserts/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/glass/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/glass/custom-glass/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/glass/decorative-glass/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/glass/glass-panels-partitions/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/glass/window-door-glass/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/mirrors/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/mirrors/mirror-frames/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/screens/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/screens/screen-doors/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/screens/solar-screens/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/screens/window-screens/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/shower-bath/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/windows/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/windows/window-restoration/foggy-window-repair/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/services/windows/window-restoration/glass-stain-removal/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/cache/min/1/e4e969cc8a20ff5111f6ffdbe31758aa.js
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2020/11/1-water-stain-removal_crp.jpg
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2020/12/city-bath-crashers-150x91.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2020/12/city-bath-crashers.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2020/12/vanilla-ice-project-150x96.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2020/12/vanilla-ice-project.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/01/1-guru-1.jpg
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/01/favicon.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/01/logo.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/05/3-guru.jpg
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/05/550-replacement-contractors-2020-150x124.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/05/550-replacement-contractors-2020.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2021/05/iStock_000002694005Medium-768x512.jpg
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2024/05/2024-05-09-TheGlassGuru.com-Header-2.webp
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2024/06/theglassguru.com-youtube.webp
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2024/07/theglassguru.com-footer-logo-2024-o-150x103.
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2024/07/theglassguru.com-footer-logo-2024-o.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-content/uploads/2024/07/theglassguru.com-header-logo-2024.png
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-includes/js/jquery/jquery.min.js
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-json/
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.theglassguru.com%2F
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.theglassguru.com%2F&#038
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/wp-json/wp/v2/pages/7
Source: chromecache_43.2.dr	String found in binary or memory: https://www.theglassguru.com/xmlrpc.php?rsd
Source: chromecache_43.2.dr	String found in binary or memory: https://www.youtube.com/embed/fPiZwSNfRbA
Source: chromecache_43.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=fPiZwSNfRbA
Source: chromecache_43.2.dr	String found in binary or memory: https://yoast.com/wordpress/plugins/seo/
Source: chromecache_43.2.dr	String found in binary or memory: https://youtu.be/fPiZwSNfRbA

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49782 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@19/18@18/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1984,i,17754463736748942375,16654701587173049969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://theglassguru.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1984,i,17754463736748942375,16654701587173049969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://yoast.com/wordpress/plugins/seo/	0%	URL Reputation	safe
http://schema.org	0%	URL Reputation	safe
https://api.w.org/	0%	URL Reputation	safe
https://schema.org	0%	URL Reputation	safe
https://schema.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
9162u90jurgp.wpeproxy.com	141.193.213.21	true	false	unknown
data.adxcel-ec2.com	52.87.131.204	true	false	unknown
theglassguru.com	104.26.11.145	true	false	unknown
www.google.com	172.217.18.4	true	false	unknown
majorbrdide.com	147.45.47.98	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.43	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
use.fontawesome.com	unknown	unknown	false	unknown
use.typekit.net	unknown	unknown	false	unknown
www.theglassguru.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.theglassguru.com/	false	unknown
https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677eef7f7c2a	false	unknown
https://www.theglassguru.com/wp-content/uploads/2020/12/vanilla-ice-project.png	false	unknown
https://www.theglassguru.com/wp-content/themes/pdm/dist/svgs/quote.svg	false	unknown
http://theglassguru.com/	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.theglassguru.com/wp-content/uploads/2024/07/theglassguru.com-footer-logo-2024-o.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2024/06/theglassguru.com-youtube.webp	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/privacy-policy/	chromecache_43.2.dr	false		unknown
https://youtu.be/fPiZwSNfRbA	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/screens/screen-doors/	chromecache_43.2.dr	false		unknown
https://yoast.com/wordpress/plugins/seo/	chromecache_43.2.dr	false	URL Reputation: safe	unknown
https://www.theglassguru.com/wp-content/uploads/2020/11/1-water-stain-removal_crp.jpg	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/windows/window-restoration/foggy-window-repair/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2020/12/city-bath-crashers.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.theglassguru.com%2F&#038	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/gallery/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/xmlrpc.php?rsd	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2020/12/vanilla-ice-project-150x96.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2024/07/theglassguru.com-footer-logo-2024-o-150x103.	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/doors/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/#website	chromecache_43.2.dr	false		unknown
https://theglassguru.careerplug.com/account	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/#organization	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/blog/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/?s=	chromecache_43.2.dr	false		unknown
https://wp-rocket.me	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/#primaryimage	chromecache_43.2.dr	false		unknown
http://schema.org	chromecache_43.2.dr	false	URL Reputation: safe	unknown
https://www.theglassguru.com/#breadcrumb	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2020/12/city-bath-crashers-150x91.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/locations/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/05/550-replacement-contractors-2020-150x124.png	chromecache_43.2.dr	false		unknown
https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677ee	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/01/1-guru-1.jpg	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/shower-bath/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/glass/window-door-glass/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/screens/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/screens/solar-screens/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/mirrors/	chromecache_43.2.dr	false		unknown
https://www.youtube.com/watch?v=fPiZwSNfRbA	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/05/iStock_000002694005Medium-768x512.jpg	chromecache_43.2.dr	false		unknown
http://theglassguru.com/services/shower-bath/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/#/schema/logo/image/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-includes/js/jquery/jquery.min.js	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2024/05/2024-05-09-TheGlassGuru.com-Header-2.webp	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/mirrors/mirror-frames/	chromecache_43.2.dr	false		unknown
https://www.google.com/maps/search/?api=1&query=The	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/commercial-2/commercial-storefront/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/glass/custom-glass/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/faqs/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/commercial-2/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/cache/min/1/e4e969cc8a20ff5111f6ffdbe31758aa.js	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-json/	chromecache_43.2.dr	false		unknown
https://api.w.org/	chromecache_43.2.dr	false	URL Reputation: safe	unknown
https://www.theglassguru.com/wp-content/uploads/2024/07/theglassguru.com-header-logo-2024.png	chromecache_43.2.dr	false		unknown
https://schema.org	chromecache_43.2.dr	false	URL Reputation: safe	unknown
https://www.theglassguru.com/services/windows/window-restoration/glass-stain-removal/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.theglassguru.com%2F	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/free-estimate/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/05/3-guru.jpg	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/financing/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/windows/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/glass/glass-panels-partitions/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-json/wp/v2/pages/7	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/reviews/	chromecache_43.2.dr	false		unknown
https://www.youtube.com/embed/fPiZwSNfRbA	chromecache_43.2.dr	false		unknown
https://schema.org/	chromecache_43.2.dr	false	URL Reputation: safe	unknown
https://www.theglassguru.com/services/screens/window-screens/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/01/logo.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/glass/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/01/favicon.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/wp-content/uploads/2021/05/550-replacement-contractors-2020.png	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/doors/door-glass-inserts/	chromecache_43.2.dr	false		unknown
http://schema.org/WatchAction	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com	chromecache_43.2.dr	false		unknown
http://theglassgurufranchise.com/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/about-us/	chromecache_43.2.dr	false		unknown
https://kcseopro.com/wordpress-seo-structured-data-schema-plugin/	chromecache_43.2.dr	false		unknown
https://www.theglassguru.com/services/glass/decorative-glass/	chromecache_43.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
141.193.213.21	9162u90jurgp.wpeproxy.com	United States	396845	DV-PRIMARY-ASN1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
54.152.44.233	unknown	United States	14618	AMAZON-AESUS	false
104.26.11.145	theglassguru.com	United States	13335	CLOUDFLARENETUS	false
52.87.131.204	data.adxcel-ec2.com	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524371
Start date and time:	2024-10-02 17:54:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://theglassguru.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@19/18@18/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 172.217.16.206, 64.233.167.84, 34.104.35.123, 142.250.185.232, 172.67.142.245, 104.21.27.152, 2.19.126.198, 2.19.126.206, 184.28.90.27, 142.250.184.202, 172.217.18.10, 172.217.16.138, 142.250.185.74, 142.250.185.106, 142.250.185.138, 142.250.186.106, 142.250.186.42, 142.250.181.234, 142.250.185.234, 172.217.16.202, 142.250.184.234, 142.250.185.202, 142.250.185.170, 142.250.186.170, 216.58.206.42, 13.85.23.86, 192.229.221.95, 40.69.42.241, 217.20.57.43, 13.85.23.206
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, use-stls.adobe.com.edgesuite.net, ocsp.digicert.com, www.googletagmanager.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, a1988.dscg1.akamai.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://theglassguru.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 35

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 212 x 135, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	13993
Entropy (8bit):	7.95659955782909
Encrypted:	false
SSDEEP:	192:ABHhnET7CiSU6yqljmWHS338htG//855PMJZn7LbgeAcD7hlLZ6GkslQqh1PALzo:ATEbkljzHxQs6n3vA2Z6GzQqhBGo
MD5:	5AFE1604AE08AAA32ACA91BF53F4F617
SHA1:	5C762ED0838C748D2268C8B8D957FCF81F3880AC
SHA-256:	2F7A8F5DDE4BBC471FA108D67625AF6DDBC1348307BF98F142AF203584C1435D
SHA-512:	8487EAE2C3EA2D4405CAB9273BF322016565497ECFFBA6842B1C88AC96C1DC0440A7E206255FC205073DADEFB552DEAE98058452AF6CC9B459A60B623CB70167
Malicious:	false
Reputation:	low
URL:	https://www.theglassguru.com/wp-content/uploads/2020/12/vanilla-ice-project.png
Preview:	.PNG........IHDR.............Y..s....gAMA......a.....sRGB.........PLTEGpL...............}..n..y..q..n..l\|.muwaqvdv\|^jm.........................................................WadSipJfoEclCfp@ajKlv4Xc-OZ(DM%<D'>G(@H(?E%@F%>E%<A 7=.2: 8A.#(.,2 39%9A-@F1CK2IP9SZ:Za?\eEX]M^dF^eKci..............x..DMO466ALNENQXimgy~ZkoU^_...QY[q..~..ez.g~....................................................}..w............................................................................................................\|..xzzoqrilmegg`ab\]]WXXVVVSTSQQRKMNTUVMQSQUWXZ[VXVsxyHw.Kw.P~.Oz.Kz.J{.Eu.Dq.Ju.Aly;gs8]h6`oMr}Yv.X~.[..b..c..q..p..\|.....y..........................................................[koZqxgorOejPafLY\u..t}..................... "#.................!.%(-479?@CJLFSW2?D;GJ#-0...................... "....................BFF...........tRNS.............................................................................v.w..RZ9...............................................................

Chrome Cache Entry: 36

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	166979
Entropy (8bit):	7.997267166239908
Encrypted:	true
SSDEEP:	3072:xaxzFvQqGkv10D6LtTH6hSiBAyJNwLe6uPlufCAuw:xWFvQqGXDQTadJ4+PSCAuw
MD5:	D81AA20461D883B3A7EBB2EE3C80A58B
SHA1:	6912FB55676E51ED1F138CFC56CF33B25BEC7B14
SHA-256:	AC2F87469EE556B9489627168D7238AAF25C766A934FC71342D1E326922FA0AC
SHA-512:	73BDBCA072FED9B2C5AFC611626DCBC95EA9C19903F0F7E46A2581706AD56C63B53BF5479F057A9B9D18EDF307DE093451B544DEF535AE8AF81928FB3A6E2528
Malicious:	false
Reputation:	low
URL:	https://use.fontawesome.com/releases/v6.5.2/webfonts/fa-solid-900.ttf
Preview:	....R .......pD.b...=..=.....jJB.c...PU..~._..7...........................O.]....k......b.....~..#........_...e.NE_......C.^.&....UL....%.....9..Y..&y.WP.\|...NR.T.=iV... D..H......%bz`..-...UL..".....R\TMzq...O .a...Y..M.7(..j.MNx.......s?.+N...f&.X[.....Xk..fF.d.....6....<..3....4.Oi.x....z`...\|X....T..y.\|.;.mK..E...o's._8.G...S...S.&..8...?...;V..;-.H-.!..].0......5..7(3.......\....V-gA..J.)Y.WNS.)U.D..(.g.c;u.:....ZeZ...$......iju..............1..f.%.a^f(QK.. Q..^.Q.d[.....s<[..$..l...e...?..w{)....?......S..)wJSYI#...v.j..u..k{M..iv.....!!$8!..$.I. ..&...<.....E....C^..?>.?.....+..J..f.r,;..)..N2.d.)..fh_S..(.8K......Y....>Q....x........'.........5...$k....r0..{....j2IP.....d..R#.R.&6.9....../K.$.q.........V..;.B.f.f.Gr.,f..+.q.........c...A..........')..}....q..z.-..k....n..s.q......F..F.H#...H......".F. ..LR.$K?35..$....@..L..L.I..).0L.....T.HI....z..U=.V.........{e.j..j.W.v.F.....K.........V;r_..A..p..3VKZn.D...'.7.!.Z.1..

Chrome Cache Entry: 37

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0314906788435274
Encrypted:	false
SSDEEP:	3:CUXPQE/xlHh/:1QE1/
MD5:	A5098C60B3B0C879A2C7AF6C68B7B53F
SHA1:	939F40BE7F1AAF623F62886DE4AABA3886DF9B65
SHA-256:	693D949D8C3FDC7FD4ACE7C340B5F177A9F0C5BE7BAFEE8BC93A7D88B7523D75
SHA-512:	8D1A90658546DBA33FE007A0F4F0FD706E94FEDDAB3D60C727FAACE9F8BCD1AC2BCBAF0CBB00501D7ABDB9DCB68E8E23F23CE5B59E2F3058A3A0237A30631A1E
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,...........D..;

Chrome Cache Entry: 38

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	277
Entropy (8bit):	4.927146746382255
Encrypted:	false
SSDEEP:	6:tI9mc4sllr9/vJBWOCRDHGkMreBRX5JGQZQN3fHA8:t4/rhJBWOCRDmtreBrJGQZQNvHA8
MD5:	E66C022FFE771C91833301ABB9A1C575
SHA1:	853B183D280DB5D1B93D05AD983D22A2E978E6F1
SHA-256:	9C6D21CA52AA21F3C8FBAC26E5BF9201D1FD99329391071ECD360C42934F6E9E
SHA-512:	FC19469B83DF0F4793C1144F3D864B5BFD7F4F674E2CB7DD4EE2C63F4F00E837847C28842D6CF53B8AD6974C6CE5F34B4B497F850762917A5AB3DB3DCA762C62
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" aria-role="presentation" width="36" height="32" viewBox="0 0 36 32"><path d="M35.4 6.3V0c-10 0-15 5.7-15 17v15h15V17H28v-1.1c0-5.7 2.4-9 7.3-9.6zm-26 3c1.2-1.6 3.1-2.5 5.7-3V0C5 0 0 5.7 0 17v15h15V17H7.9v-1.1c0-3 .5-5.1 1.7-6.6z"/></svg>

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.351409765557392
Encrypted:	false
SSDEEP:	3:HHQethxRIK2YY:z3ul1
MD5:	E978F0B306FCD93F9FD2B9DDF539DD86
SHA1:	E895F04120F1140F93F04EBAB4DD89BB78842680
SHA-256:	8CD706E146D1F05A0DAA9F124030E0F6620D7ADC8DAC7B5EAF9E18094B4BA9BC
SHA-512:	AD490F93824FE3C8A709F0C56A44BC5B845517DEC7CCA86801945830DC3E87681691945DF540D5636E0495E2645A3319ABBFED0D29B024984BEE82ED8E6593BD
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAlQ-xqB1snAbhIFDaS7fdUSEAm_KIlAqSj6FhIFDbtXVmo=?alt=proto
Preview:	CgkKBw2ku33VGgAKCQoHDbtXVmoaAA==

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0314906788435274
Encrypted:	false
SSDEEP:	3:CUXPQE/xlHh/:1QE1/
MD5:	A5098C60B3B0C879A2C7AF6C68B7B53F
SHA1:	939F40BE7F1AAF623F62886DE4AABA3886DF9B65
SHA-256:	693D949D8C3FDC7FD4ACE7C340B5F177A9F0C5BE7BAFEE8BC93A7D88B7523D75
SHA-512:	8D1A90658546DBA33FE007A0F4F0FD706E94FEDDAB3D60C727FAACE9F8BCD1AC2BCBAF0CBB00501D7ABDB9DCB68E8E23F23CE5B59E2F3058A3A0237A30631A1E
Malicious:	false
Reputation:	low
URL:	https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677eef7f7c2a
Preview:	GIF89a.............!.......,...........D..;

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	266
Entropy (8bit):	7.0493774042291655
Encrypted:	false
SSDEEP:	6:yk5ZEl5G5avzaYki7/yylgbO7FJmSICZjOo3hl:3O6O+YkYqyib0CShOoRl
MD5:	ACB5A7B7377339CA06622E7E64380D1D
SHA1:	CA895C974BEB34403E8402698D128A30467CAFE3
SHA-256:	EE11B626F7B3DC252BE594C7AF4D9F00198F91E2FE62C42AA37E80D0FB001566
SHA-512:	EABA8E3E90E4BF497F6910149A702B692E32B2C4A506519049A3D34F4407E234569E4BE8733B78782AFE2D0A76EB1C02C0C9813DA0137E665216D5C1B71D3926
Malicious:	false
Reputation:	low
URL:	https://www.theglassguru.com/wp-content/uploads/2021/01/favicon.png
Preview:	RIFF....WEBPVP8L..../........$...{f...$e...I+......6R.._.....I..........y....k.d.<....UNjaD.....c....Hr..D"....-)..7......[.. ..H)..^.....v.!.f.R..................<.~b".......y.............NV....\|...:....Z......f..<.../YcX5.....q....;..+Y...]......p.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	194
Entropy (8bit):	6.8908980224879715
Encrypted:	false
SSDEEP:	6:C4h4M48tEnWxVaZf+R3TeabGpUDpIU0GfhwrHk9jXTZVD:C4CAEs0ejLi6dIUP+rgXD
MD5:	15A411EA0C918CF0E4B3B13732C3C120
SHA1:	6B273813186E8AB9AF0671EFFE2E3113A9A026AB
SHA-256:	FBC32A909E1A225E8DB7F1118671F1FDFF074B98583548943B9CECA90B207214
SHA-512:	F7BBDEC0DF26164C10C39C3CA122C4E7F43CC0CB784162B2A244BAF76F1CB53B6A7E76F9D8D71585BBDD3BDAE632771E1C12D9F74324C25D36A90D95FAA3E12C
Malicious:	false
Reputation:	low
URL:	https://www.theglassguru.com/wp-content/themes/pdm/dist/svgs/quote.svg
Preview:	.....lfV......>:..z......Os.M.u.K........P.?Z.....E.c.....CL....C@.~..x.[.]\....S@...{...Px.......}..:\zaF.Oz#.P...&V`.[y.2Y;I..F.Q)lH.2G..u.&..o.I..N...&>.~.BQ...g.8.p.H....nB.Z...e..

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (65465)
Category:	downloaded
Size (bytes):	162670
Entropy (8bit):	5.2672038509484045
Encrypted:	false
SSDEEP:	1536:hRNR032CjykdaCjgVCMCjWWnqCjAfUWCjwoBjqwJH3MBi3MBLhnx0J8EJwHMHT8P:h/hxxRPrrfGBrVMRwqvj
MD5:	3E286AF61FF48F15772F14AC44AB04A3
SHA1:	C884DD3C875B0455BE0C643BC184A8D8E6D2E87F
SHA-256:	331D50451B5612A12832317C2FEB225A0BB29C83AA27432A4EF0450CFFD7175D
SHA-512:	8333D0E4776537CEDDC0E8C04B5AF7AD0BD79BF33ED14E7578326684718D3D814146A613AE95911E7771E088875D192003B58D6E0AF9084B3E8784B3CA55E186
Malicious:	false
Reputation:	low
URL:	https://www.theglassguru.com/
Preview:	.<!doctype html>.<html class="no-js" lang="en-US">..<head>. <title>Glass Repair, Replacement & Install Services \| The Glass Guru</title><link rel="preload" data-rocket-preload as="font" href="https://use.typekit.net/af/62681e/00000000000000003b9b406a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3" crossorigin><link rel="preload" data-rocket-preload as="font" href="https://use.fontawesome.com/releases/v6.5.2/webfonts/fa-solid-900.woff2" crossorigin><style id="wpr-usedcss">.fluid-width-video-wrapper{width:100%;position:relative;padding:0}.fluid-width-video-wrapper embed,.fluid-width-video-wrapper iframe,.fluid-width-video-wrapper object{position:absolute;top:0;left:0;width:100%;height:100%}:root{--wp--preset--aspect-ratio--square:1;--wp--preset--aspect-ratio--4-3:4/3;--wp--preset--aspect-ratio--3-4:3/4;--wp--preset--aspect-ratio--3-2:3/2;--wp--preset--aspect-ratio--2-3:2/3;--wp--preset--aspect-ratio--16-9:16/9;--wp--preset--aspect

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 29384, version 1.0
Category:	downloaded
Size (bytes):	29384
Entropy (8bit):	7.992449822282958
Encrypted:	true
SSDEEP:	768:7jIdL1/P/HCLGKVeKuyG0E5U4ojA2v5Wl5DlwWyJSOxg:70d5AGKjRzE5UfjBG5DlwW8e
MD5:	CC0149F2F8347DB51E5A887803490C50
SHA1:	F014ACF01232CFA93F6E9268FDFB9089886B8E30
SHA-256:	D489B866F669F2F15392D5CDCE4B6E23F9E66FD7E0F38155510282F5E68C8EC2
SHA-512:	911BBBC7E26FBA4ADAF268899D782E8EF9C73D90431D89CFAF5271F3728C45B1E22BDF00A3345F88C1BF86F3A07C6EA6CD0B49DD12F9CE6FD93548E5CD7B09B9
Malicious:	false
Reputation:	low
URL:	https://use.typekit.net/af/62681e/00000000000000003b9b406a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Preview:	wOF2......r.......$\..rW........................?DYNA.0.F?GDYN.A........`..\|.. ..W........&..d..6.$..`. .....5..?[..q.......>4"I.......UU.$.....?...o.............b...m..Y.u...+g.../C.t.I.;`..<..0..O...}M..(.I.-h.....A.a.$....L.p@......-h....].>@..{w....7..Rb.A..). .....j)<....}.2.......C.G.a.'l.Y...8....NO%>..=...............`M.8c..^Hz:xf.qv.>{.f.jD....mt'...U....m3..!."!.G."(....)Q..Q.t.c..f..t..g......<......Z.j%...K.J..6.JQ..].....XGq.M........................7.sodI....W3lL...&...Z:.L..?.Y.O'..3.D9...34...I..8.f..s..dg...p. .2N...n))`R@..)...rm].....g.5{4Xc....A.... ..3.....^...5.2v..A........a..2......1..r.;..?M3.......".VW..0.....:.x.+].....zV..Rx:..mj% .$.QJe..`..%.{S.v?.Kf..H]...S...RS....._@..~A.....$..J:..n.B..TX.z.:Q..KrH./.,.AIcC...K.\T....R.c.B[...m.)...h...u.?....R@.._...8N..c.>.k..TJ.D...yv...h...p&.Y;.g4...n1.zjB#.<<C..C....G.%.K...x..o.GX.D...A....>.3.w0.....:p.K........w....~8@{.N..ga7...%...au...._\|..R..!.Z.SF.,\..CYI...

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 17:55:35.858982086 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:35.858982086 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:36.077796936 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:41.994507074 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:41.994534016 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:41.994672060 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:41.995815039 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:41.995830059 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.698477983 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.698580027 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.701819897 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.701827049 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.702069998 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.716712952 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.716775894 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.716782093 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.716922045 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.763398886 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.913120985 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.913289070 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:43.913382053 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.916167974 CEST	49710	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:43.916187048 CEST	443	49710	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:45.233234882 CEST	49721	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.233567953 CEST	49722	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.238013029 CEST	80	49721	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:45.238095999 CEST	49721	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.238250971 CEST	49721	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.238281012 CEST	80	49722	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:45.238342047 CEST	49722	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.243238926 CEST	80	49721	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:45.243248940 CEST	80	49721	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:45.243697882 CEST	80	49722	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:45.243758917 CEST	49722	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.468693972 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:45.468693972 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:45.575496912 CEST	49722	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:45.580298901 CEST	80	49722	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:45.681865931 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:47.008945942 CEST	49724	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.009433031 CEST	49725	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.014342070 CEST	80	49724	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:47.014405966 CEST	49724	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.014445066 CEST	80	49725	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:47.014503002 CEST	49725	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.019706964 CEST	80	49725	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:47.019752026 CEST	49725	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.040329933 CEST	49725	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.040529966 CEST	49724	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:47.045133114 CEST	80	49725	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:47.045367956 CEST	80	49724	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:47.344501019 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 17:55:47.344609976 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:47.649761915 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:47.649801016 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:47.649898052 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:47.650522947 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:47.650532961 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:47.794662952 CEST	80	49724	104.26.11.145	192.168.2.6
Oct 2, 2024 17:55:47.849390030 CEST	49724	80	192.168.2.6	104.26.11.145
Oct 2, 2024 17:55:48.233222961 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.233258009 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.233365059 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.233900070 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.233920097 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.323409081 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:48.323448896 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:48.323522091 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:48.324306965 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:48.324323893 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:48.454699993 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.454773903 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.459176064 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.459198952 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.459623098 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.464426041 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.464669943 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.464682102 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.465142012 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.511405945 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.639460087 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.639580965 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.639815092 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.662565947 CEST	49727	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:48.662602901 CEST	443	49727	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:48.695457935 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.695907116 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.695919991 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.697436094 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.697488070 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.699321032 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.699404001 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.699634075 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.699644089 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:48.748652935 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:48.980474949 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:49.024333000 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:49.134522915 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:49.134535074 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:49.135970116 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:49.136034012 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:49.570677996 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.570732117 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.570770025 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.570777893 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.570791006 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.570832014 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.570883989 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.570894003 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.570934057 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.571192026 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.571409941 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.571460009 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.571465969 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.575479984 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.575527906 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.575537920 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.575546026 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.575675964 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.575683117 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.627603054 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.657582045 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657676935 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657711983 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657730103 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.657741070 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657788038 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.657864094 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657917023 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657942057 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.657979965 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.657989025 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658039093 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.658550978 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658683062 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658718109 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.658725023 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658772945 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658806086 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658813000 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.658819914 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.658884048 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.659404993 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.659490108 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.659615993 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.659622908 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.659656048 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.659687996 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.659703016 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.659727097 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.659766912 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.660274982 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.660361052 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.660398960 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.660406113 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.707895994 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.707906961 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749180079 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749216080 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749243021 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.749254942 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749289036 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749293089 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.749301910 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749349117 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.749440908 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749447107 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749501944 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.749629021 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749639034 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749677896 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.749747992 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749783993 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749833107 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.749840975 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.749959946 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.750000954 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.750009060 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.750649929 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.750709057 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.750718117 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.750757933 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.750860929 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.750917912 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.751496077 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.751552105 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.751681089 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.751740932 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.751815081 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.751847029 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.751859903 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.751867056 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.751883984 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.752633095 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.752660036 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.752671957 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.752677917 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.752717018 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.753612995 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.753686905 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.835978985 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.836040020 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.836107969 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.836158037 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.836252928 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.836298943 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.836476088 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.836520910 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.836565971 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.836608887 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.836723089 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.836766958 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.837088108 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837120056 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837141991 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.837151051 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837163925 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.837196112 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.837256908 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837310076 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.837763071 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837799072 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837809086 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.837815046 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.837838888 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838023901 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.838069916 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838078022 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.838130951 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838165998 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.838212967 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838221073 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.838291883 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.838356018 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838454962 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838464975 CEST	443	49729	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:49.838496923 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.838512897 CEST	49729	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:49.869704962 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:49.869846106 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:49.912579060 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:49.912589073 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:49.956068993 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:50.304529905 CEST	49732	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.304585934 CEST	443	49732	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.304653883 CEST	49732	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.305403948 CEST	49733	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.305428028 CEST	443	49733	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.305596113 CEST	49733	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.309600115 CEST	49734	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.309614897 CEST	443	49734	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.310730934 CEST	49734	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.423985004 CEST	49735	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.424010992 CEST	443	49735	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:50.424154043 CEST	49735	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.426091909 CEST	49734	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.426129103 CEST	443	49734	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.426484108 CEST	49733	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.426500082 CEST	443	49733	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.426712990 CEST	49732	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.426729918 CEST	443	49732	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.440603018 CEST	443	49732	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.449312925 CEST	443	49734	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.449371099 CEST	49734	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.449835062 CEST	49735	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.449848890 CEST	443	49735	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:50.450685024 CEST	443	49733	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.450752974 CEST	49733	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.454400063 CEST	49733	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.454416037 CEST	443	49733	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.455588102 CEST	49737	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.455606937 CEST	443	49737	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.455894947 CEST	49737	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.456020117 CEST	49734	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.456039906 CEST	443	49734	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.456357002 CEST	49738	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.456365108 CEST	443	49738	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.456459045 CEST	49738	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.457724094 CEST	49739	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.457743883 CEST	443	49739	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.457844019 CEST	49739	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.471132040 CEST	443	49735	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:50.471235037 CEST	49735	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.472316027 CEST	49739	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.472332001 CEST	443	49739	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.472664118 CEST	49738	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.472677946 CEST	443	49738	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.475927114 CEST	49737	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.475943089 CEST	443	49737	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.476931095 CEST	49735	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.476941109 CEST	443	49735	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:50.477540970 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.477560997 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:50.477790117 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.478849888 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:50.478863001 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:50.483134985 CEST	443	49739	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.494009972 CEST	443	49738	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.494091988 CEST	49738	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.496802092 CEST	443	49737	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.496958017 CEST	49737	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.501677990 CEST	49737	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.501688957 CEST	443	49737	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.501987934 CEST	49738	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.501992941 CEST	443	49738	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.538475037 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.538511992 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.538593054 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.538904905 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.538919926 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.539931059 CEST	49744	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.539983034 CEST	443	49744	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.540045023 CEST	49744	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.540306091 CEST	49744	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.540323973 CEST	443	49744	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.562730074 CEST	443	49744	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.562794924 CEST	49744	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.564042091 CEST	49744	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.564054012 CEST	443	49744	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.564378977 CEST	49747	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.564395905 CEST	443	49747	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.564521074 CEST	49747	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.564985991 CEST	49747	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:50.565001965 CEST	443	49747	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:50.575974941 CEST	443	49747	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.022773027 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.027278900 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.027290106 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.028307915 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.028455019 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.031994104 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.032059908 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.032613993 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.032622099 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.085815907 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.154259920 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.154555082 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.154572964 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.156027079 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.156095028 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.158231974 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158265114 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158354044 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158377886 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158381939 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.158404112 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158437014 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158447981 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.158459902 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158508062 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.158514023 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158729076 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.158740997 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.158890009 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.159185886 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.159255028 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.159554958 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.160531998 CEST	49753	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.160566092 CEST	443	49753	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.160794020 CEST	49753	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.161693096 CEST	49756	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.161700010 CEST	443	49756	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.161891937 CEST	49756	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.162003994 CEST	49757	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.162012100 CEST	443	49757	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.162167072 CEST	49757	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.162873983 CEST	49759	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.162882090 CEST	443	49759	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.162938118 CEST	49759	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.163095951 CEST	49743	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.163110018 CEST	443	49743	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.163589954 CEST	49753	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.163606882 CEST	443	49753	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.164201975 CEST	49756	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.164211988 CEST	443	49756	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.164412022 CEST	49757	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.164423943 CEST	443	49757	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.164695024 CEST	49759	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.164706945 CEST	443	49759	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.176414013 CEST	443	49759	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.176673889 CEST	49761	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.176688910 CEST	443	49761	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.176784992 CEST	49761	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.176961899 CEST	49761	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.176975012 CEST	443	49761	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.185439110 CEST	443	49753	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.185611010 CEST	49753	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.185693979 CEST	49753	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.185703993 CEST	443	49753	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.185883045 CEST	443	49756	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.185986996 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186001062 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.186048985 CEST	49756	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186053991 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186268091 CEST	49756	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186288118 CEST	443	49756	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.186497927 CEST	49764	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186506033 CEST	443	49764	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.186513901 CEST	443	49757	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.186563015 CEST	49764	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186563969 CEST	49757	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186674118 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186686993 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.186920881 CEST	49757	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.186925888 CEST	443	49757	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.187109947 CEST	49765	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.187130928 CEST	443	49765	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.187254906 CEST	49765	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.187351942 CEST	49764	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.187361956 CEST	443	49764	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.187813997 CEST	49765	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.187829971 CEST	443	49765	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.200016975 CEST	443	49761	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.200069904 CEST	49761	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.200310946 CEST	49761	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.200321913 CEST	443	49761	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.205487967 CEST	443	49764	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.206140041 CEST	443	49765	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.484880924 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.485097885 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.485105991 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.485193968 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.532191038 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.532205105 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.576349020 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.587933064 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.637140036 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.658447027 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.676253080 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.676358938 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:51.678910017 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:51.701190948 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:51.701206923 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:51.748344898 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.190006971 CEST	49771	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.190037966 CEST	443	49771	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.190097094 CEST	49771	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.191416979 CEST	49772	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.191441059 CEST	443	49772	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.191675901 CEST	49772	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.191886902 CEST	49771	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.191901922 CEST	443	49771	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.192903042 CEST	49772	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.192920923 CEST	443	49772	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.212965012 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.212980032 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.213701963 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.213706970 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.213785887 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.213790894 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.214849949 CEST	443	49771	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.214857101 CEST	443	49772	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.214905977 CEST	49771	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.214982033 CEST	49772	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.215430975 CEST	49772	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.215441942 CEST	443	49772	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.215734005 CEST	49773	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.215764046 CEST	443	49773	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.215818882 CEST	49773	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.215862989 CEST	49771	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.215876102 CEST	443	49771	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.216239929 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.216248035 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.216295958 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.216541052 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.216553926 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.217021942 CEST	49773	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.217031956 CEST	443	49773	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.228049994 CEST	443	49773	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.308041096 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.336301088 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.336323023 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.378631115 CEST	49741	443	192.168.2.6	52.87.131.204
Oct 2, 2024 17:55:52.378654957 CEST	443	49741	52.87.131.204	192.168.2.6
Oct 2, 2024 17:55:52.429343939 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.481010914 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.562927008 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.562942028 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.645498037 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.645539045 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.645591021 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.645806074 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.645824909 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.657121897 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:52.657157898 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:52.657222033 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:52.657361984 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:52.657371998 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:52.683213949 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.683448076 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.683456898 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.684509993 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.684570074 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.684974909 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.685044050 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.685115099 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.685120106 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.689485073 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.732862949 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.732863903 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.776252985 CEST	443	49762	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.820493937 CEST	49762	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.825251102 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.825336933 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.825373888 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.827869892 CEST	49774	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.827886105 CEST	443	49774	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.838610888 CEST	49778	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.838634014 CEST	443	49778	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.838706017 CEST	49778	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.838979959 CEST	49778	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.838988066 CEST	443	49778	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.859421968 CEST	443	49778	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.859476089 CEST	49778	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.861077070 CEST	49778	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.861087084 CEST	443	49778	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.862153053 CEST	49779	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.862179995 CEST	443	49779	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.862241030 CEST	49779	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.862910986 CEST	49779	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:52.862925053 CEST	443	49779	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:52.873790979 CEST	443	49779	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:53.111929893 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:53.119278908 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:53.119293928 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:53.120404959 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:53.120465994 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:53.135648966 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:53.135742903 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:53.183214903 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:53.183243036 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:55:53.231960058 CEST	49776	443	192.168.2.6	141.193.213.21
Oct 2, 2024 17:55:53.459696054 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.460031986 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.460047960 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.463634014 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.463701010 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.464066029 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.464230061 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.464433908 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.464441061 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.513214111 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.566576958 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.606959105 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.702502966 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.702608109 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:53.702667952 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.703784943 CEST	49777	443	192.168.2.6	54.152.44.233
Oct 2, 2024 17:55:53.703807116 CEST	443	49777	54.152.44.233	192.168.2.6
Oct 2, 2024 17:55:57.064268112 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.064330101 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:57.064415932 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.064963102 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.064980030 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:57.852853060 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:57.852937937 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.862539053 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.862549067 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:57.862797976 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:57.871690989 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.871906042 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.871911049 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:57.872107029 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:57.915435076 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:58.048480034 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:58.049027920 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:58.049088001 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:58.051148891 CEST	49782	443	192.168.2.6	40.113.103.199
Oct 2, 2024 17:55:58.051166058 CEST	443	49782	40.113.103.199	192.168.2.6
Oct 2, 2024 17:55:58.921041012 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:58.921108961 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:58.921186924 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:58.942423105 CEST	49730	443	192.168.2.6	172.217.18.4
Oct 2, 2024 17:55:58.942444086 CEST	443	49730	172.217.18.4	192.168.2.6
Oct 2, 2024 17:55:59.326577902 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:59.326704025 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:59.327979088 CEST	49785	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:59.328017950 CEST	443	49785	173.222.162.64	192.168.2.6
Oct 2, 2024 17:55:59.328196049 CEST	49785	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:59.328651905 CEST	49785	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:55:59.328670025 CEST	443	49785	173.222.162.64	192.168.2.6
Oct 2, 2024 17:55:59.331702948 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 17:55:59.331713915 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 17:56:00.124527931 CEST	443	49785	173.222.162.64	192.168.2.6
Oct 2, 2024 17:56:00.124639988 CEST	49785	443	192.168.2.6	173.222.162.64
Oct 2, 2024 17:56:08.017952919 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:56:08.018028021 CEST	443	49776	141.193.213.21	192.168.2.6
Oct 2, 2024 17:56:08.018223047 CEST	49776	443	192.168.2.6	141.193.213.21

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 17:55:43.736955881 CEST	53	50693	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:43.768634081 CEST	53	51168	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:44.990004063 CEST	53	64130	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:45.200503111 CEST	60442	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:45.200666904 CEST	62215	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:45.220330000 CEST	53	60442	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:45.374509096 CEST	53	62215	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:48.047235012 CEST	52432	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:48.047755003 CEST	52946	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:48.060551882 CEST	53	52946	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:48.232151985 CEST	53	52432	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:48.312628031 CEST	53670	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:48.314532042 CEST	56065	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:48.319452047 CEST	53	53670	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:48.321528912 CEST	53	56065	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:49.977071047 CEST	53340	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:49.977232933 CEST	64112	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:49.984821081 CEST	53	53340	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:50.007698059 CEST	51540	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:50.008403063 CEST	54130	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:50.014899969 CEST	53	50208	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:50.138394117 CEST	53	64112	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:50.214267969 CEST	61927	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:50.223406076 CEST	63637	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:50.305403948 CEST	51558	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:50.305596113 CEST	64849	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:50.312859058 CEST	53	64849	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:50.312911987 CEST	53	51558	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:51.502623081 CEST	53	53480	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:51.515917063 CEST	61480	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:51.515917063 CEST	54146	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:51.533893108 CEST	53	54146	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:51.688697100 CEST	53	61480	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:52.642072916 CEST	55814	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:52.642345905 CEST	57256	53	192.168.2.6	1.1.1.1
Oct 2, 2024 17:55:52.649673939 CEST	53	55814	1.1.1.1	192.168.2.6
Oct 2, 2024 17:55:52.661118031 CEST	53	57256	1.1.1.1	192.168.2.6
Oct 2, 2024 17:56:02.428369045 CEST	53	64087	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 2, 2024 17:55:45.374962091 CEST	192.168.2.6	1.1.1.1	c245	(Port unreachable)	Destination Unreachable
Oct 2, 2024 17:55:50.138536930 CEST	192.168.2.6	1.1.1.1	c22a	(Port unreachable)	Destination Unreachable
Oct 2, 2024 17:55:52.661273956 CEST	192.168.2.6	1.1.1.1	c23c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 17:55:45.200503111 CEST	192.168.2.6	1.1.1.1	0x6acf	Standard query (0)	theglassguru.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:45.200666904 CEST	192.168.2.6	1.1.1.1	0xfdbb	Standard query (0)	theglassguru.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:48.047235012 CEST	192.168.2.6	1.1.1.1	0xd023	Standard query (0)	www.theglassguru.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:48.047755003 CEST	192.168.2.6	1.1.1.1	0xe151	Standard query (0)	www.theglassguru.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:48.312628031 CEST	192.168.2.6	1.1.1.1	0xb1cb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:48.314532042 CEST	192.168.2.6	1.1.1.1	0xd4e8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:49.977071047 CEST	192.168.2.6	1.1.1.1	0x6e6e	Standard query (0)	majorbrdide.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:49.977232933 CEST	192.168.2.6	1.1.1.1	0x186d	Standard query (0)	majorbrdide.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:50.007698059 CEST	192.168.2.6	1.1.1.1	0xebc6	Standard query (0)	use.fontawesome.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:50.008403063 CEST	192.168.2.6	1.1.1.1	0x5826	Standard query (0)	use.fontawesome.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:50.214267969 CEST	192.168.2.6	1.1.1.1	0xd7f5	Standard query (0)	use.typekit.net	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:50.223406076 CEST	192.168.2.6	1.1.1.1	0x588f	Standard query (0)	use.typekit.net	65	IN (0x0001)	false
Oct 2, 2024 17:55:50.305403948 CEST	192.168.2.6	1.1.1.1	0xff8f	Standard query (0)	data.adxcel-ec2.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:50.305596113 CEST	192.168.2.6	1.1.1.1	0x55ef	Standard query (0)	data.adxcel-ec2.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:51.515917063 CEST	192.168.2.6	1.1.1.1	0xac19	Standard query (0)	www.theglassguru.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:51.515917063 CEST	192.168.2.6	1.1.1.1	0x81c6	Standard query (0)	www.theglassguru.com	65	IN (0x0001)	false
Oct 2, 2024 17:55:52.642072916 CEST	192.168.2.6	1.1.1.1	0xb8f6	Standard query (0)	data.adxcel-ec2.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:52.642345905 CEST	192.168.2.6	1.1.1.1	0xa6e4	Standard query (0)	data.adxcel-ec2.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 17:55:45.220330000 CEST	1.1.1.1	192.168.2.6	0x6acf	No error (0)	theglassguru.com		104.26.11.145	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:45.220330000 CEST	1.1.1.1	192.168.2.6	0x6acf	No error (0)	theglassguru.com		104.26.10.145	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:45.220330000 CEST	1.1.1.1	192.168.2.6	0x6acf	No error (0)	theglassguru.com		172.67.74.1	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:45.374509096 CEST	1.1.1.1	192.168.2.6	0xfdbb	No error (0)	theglassguru.com			65	IN (0x0001)	false
Oct 2, 2024 17:55:48.060551882 CEST	1.1.1.1	192.168.2.6	0xe151	No error (0)	www.theglassguru.com	9162u90jurgp.wpeproxy.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:48.232151985 CEST	1.1.1.1	192.168.2.6	0xd023	No error (0)	www.theglassguru.com	9162u90jurgp.wpeproxy.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:48.232151985 CEST	1.1.1.1	192.168.2.6	0xd023	No error (0)	9162u90jurgp.wpeproxy.com		141.193.213.21	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:48.232151985 CEST	1.1.1.1	192.168.2.6	0xd023	No error (0)	9162u90jurgp.wpeproxy.com		141.193.213.20	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:48.319452047 CEST	1.1.1.1	192.168.2.6	0xb1cb	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:48.321528912 CEST	1.1.1.1	192.168.2.6	0xd4e8	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 17:55:49.984821081 CEST	1.1.1.1	192.168.2.6	0x6e6e	No error (0)	majorbrdide.com		147.45.47.98	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:50.014981985 CEST	1.1.1.1	192.168.2.6	0xebc6	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:50.016539097 CEST	1.1.1.1	192.168.2.6	0x5826	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:50.221525908 CEST	1.1.1.1	192.168.2.6	0xd7f5	No error (0)	use.typekit.net	use-stls.adobe.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:50.230158091 CEST	1.1.1.1	192.168.2.6	0x588f	No error (0)	use.typekit.net	use-stls.adobe.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:50.312911987 CEST	1.1.1.1	192.168.2.6	0xff8f	No error (0)	data.adxcel-ec2.com		52.87.131.204	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:50.312911987 CEST	1.1.1.1	192.168.2.6	0xff8f	No error (0)	data.adxcel-ec2.com		54.152.44.233	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:51.533893108 CEST	1.1.1.1	192.168.2.6	0x81c6	No error (0)	www.theglassguru.com	9162u90jurgp.wpeproxy.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:51.688697100 CEST	1.1.1.1	192.168.2.6	0xac19	No error (0)	www.theglassguru.com	9162u90jurgp.wpeproxy.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:51.688697100 CEST	1.1.1.1	192.168.2.6	0xac19	No error (0)	9162u90jurgp.wpeproxy.com		141.193.213.21	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:51.688697100 CEST	1.1.1.1	192.168.2.6	0xac19	No error (0)	9162u90jurgp.wpeproxy.com		141.193.213.20	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:52.649673939 CEST	1.1.1.1	192.168.2.6	0xb8f6	No error (0)	data.adxcel-ec2.com		54.152.44.233	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:52.649673939 CEST	1.1.1.1	192.168.2.6	0xb8f6	No error (0)	data.adxcel-ec2.com		52.87.131.204	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:56.645088911 CEST	1.1.1.1	192.168.2.6	0x84e6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:56.645088911 CEST	1.1.1.1	192.168.2.6	0x84e6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.43	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.39	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.35	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.37	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.20	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.25	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.19	A (IP address)	IN (0x0001)	false
Oct 2, 2024 17:55:58.291863918 CEST	1.1.1.1	192.168.2.6	0xacb7	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.36	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.theglassguru.com

https:

data.adxcel-ec2.com

theglassguru.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49721	104.26.11.145	80	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 17:55:45.238250971 CEST	431	OUT	GET / HTTP/1.1 Host: theglassguru.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49724	104.26.11.145	80	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 17:55:47.040529966 CEST	457	OUT	GET / HTTP/1.1 Host: theglassguru.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 2, 2024 17:55:47.794662952 CEST	600	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 02 Oct 2024 15:55:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive x-powered-by: WP user Set-Cookie: wordpress_google_apps_login=a2b7ae9f60d3895a8626ba040cba21c7; path=/; secure; HttpOnly Expires: Wed, 02 Oct 2024 16:55:47 GMT X-Redirect-By: WordPress Location: https://www.theglassguru.com/ X-Cacheable: NO:Set Known Cookie Cache-Control: max-age=0, must-revalidate, private X-Cache: MISS X-Cache-Group: normal CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc5e0f58b1242d7-EWR Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49710	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:43 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 4f 38 31 58 7a 51 43 2b 55 4b 33 74 71 2f 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 61 35 37 63 63 65 66 39 31 64 38 37 33 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 9O81XzQC+UK3tq/V.1Context: cda57ccef91d8736
2024-10-02 15:55:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 15:55:43 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 4f 38 31 58 7a 51 43 2b 55 4b 33 74 71 2f 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 61 35 37 63 63 65 66 39 31 64 38 37 33 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 30 33 7a 79 36 65 36 4e 79 4f 77 62 72 52 39 74 78 58 75 6d 32 2f 37 4d 48 39 54 69 74 45 7a 73 56 31 69 39 6c 6f 41 77 65 75 4c 70 34 56 54 7a 33 70 38 50 2f 70 55 42 64 64 71 59 4d 2b 36 62 65 67 77 71 70 65 6f 71 35 66 70 74 69 68 65 77 4f 4e 76 49 31 78 39 6e 44 4c 2b 5a 49 7a 50 5a 6b 42 57 38 30 6f 42 4e 49 6e 79 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9O81XzQC+UK3tq/V.2Context: cda57ccef91d8736<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe03zy6e6NyOwbrR9txXum2/7MH9TitEzsV1i9loAweuLp4VTz3p8P/pUBddqYM+6begwqpeoq5fptihewONvI1x9nDL+ZIzPZkBW80oBNInyA
2024-10-02 15:55:43 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 4f 38 31 58 7a 51 43 2b 55 4b 33 74 71 2f 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 61 35 37 63 63 65 66 39 31 64 38 37 33 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9O81XzQC+UK3tq/V.3Context: cda57ccef91d8736<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 15:55:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 15:55:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 58 4f 6e 35 67 33 51 68 30 43 52 6e 54 30 68 62 43 61 6d 65 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: CXOn5g3Qh0CRnT0hbCamew.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49727	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:48 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 62 74 69 68 39 66 52 4c 55 32 70 55 75 65 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 32 39 31 32 32 39 61 36 61 35 33 39 61 39 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: fbtih9fRLU2pUueO.1Context: e291229a6a539a92
2024-10-02 15:55:48 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 15:55:48 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 62 74 69 68 39 66 52 4c 55 32 70 55 75 65 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 32 39 31 32 32 39 61 36 61 35 33 39 61 39 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 30 33 7a 79 36 65 36 4e 79 4f 77 62 72 52 39 74 78 58 75 6d 32 2f 37 4d 48 39 54 69 74 45 7a 73 56 31 69 39 6c 6f 41 77 65 75 4c 70 34 56 54 7a 33 70 38 50 2f 70 55 42 64 64 71 59 4d 2b 36 62 65 67 77 71 70 65 6f 71 35 66 70 74 69 68 65 77 4f 4e 76 49 31 78 39 6e 44 4c 2b 5a 49 7a 50 5a 6b 42 57 38 30 6f 42 4e 49 6e 79 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: fbtih9fRLU2pUueO.2Context: e291229a6a539a92<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe03zy6e6NyOwbrR9txXum2/7MH9TitEzsV1i9loAweuLp4VTz3p8P/pUBddqYM+6begwqpeoq5fptihewONvI1x9nDL+ZIzPZkBW80oBNInyA
2024-10-02 15:55:48 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 62 74 69 68 39 66 52 4c 55 32 70 55 75 65 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 32 39 31 32 32 39 61 36 61 35 33 39 61 39 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: fbtih9fRLU2pUueO.3Context: e291229a6a539a92<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 15:55:48 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 15:55:48 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 4c 2b 2b 34 6d 6a 76 45 30 65 71 2f 35 35 4e 30 51 32 78 30 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6L++4mjvE0eq/55N0Q2x0g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49729	141.193.213.21	443	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:48 UTC	689	OUT	GET / HTTP/1.1 Host: www.theglassguru.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 15:55:49 UTC	780	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 15:55:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding x-powered-by: WP user Set-Cookie: wordpress_google_apps_login=8bd44ec6beae3a0126041d931ab98817; path=/; secure; HttpOnly Link: <https://www.theglassguru.com/wp-json/>; rel="https://api.w.org/" Link: <https://www.theglassguru.com/wp-json/wp/v2/pages/7>; rel="alternate"; title="JSON"; type="application/json" Link: <https://www.theglassguru.com/>; rel=shortlink X-Cacheable: NO:Set Known Cookie Cache-Control: max-age=0, must-revalidate, private X-Cache: MISS X-Cache-Group: normal CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc5e0fdeb0141db-EWR
2024-10-02 15:55:49 UTC	589	IN	Data Raw: 37 63 39 34 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 47 6c 61 73 73 20 52 65 70 61 69 72 2c 20 52 65 70 6c 61 63 65 6d 65 6e 74 20 26 61 6d 70 3b 20 49 6e 73 74 61 6c 6c 20 53 65 72 76 69 63 65 73 20 7c 20 54 68 65 20 47 6c 61 73 73 20 47 75 72 75 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 64 61 74 61 2d 72 6f 63 6b 65 74 2d 70 72 65 6c 6f 61 64 20 61 73 3d 22 66 6f 6e 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 61 66 2f 36 32 36 38 31 65 2f 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 Data Ascii: 7c94<!doctype html><html class="no-js" lang="en-US"><head> <title>Glass Repair, Replacement & Install Services \| The Glass Guru</title><link rel="preload" data-rocket-preload as="font" href="https://use.typekit.net/af/62681e/0000000000000000
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 6c 61 74 69 76 65 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 6c 75 69 64 2d 77 69 64 74 68 2d 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 65 6d 62 65 64 2c 2e 66 6c 75 69 64 2d 77 69 64 74 68 2d 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 69 66 72 61 6d 65 2c 2e 66 6c 75 69 64 2d 77 69 64 74 68 2d 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 6f 62 6a 65 63 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 3a 72 6f 6f 74 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 73 71 75 61 72 65 3a 31 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 34 2d 33 3a 34 2f 33 3b 2d 2d 77 70 Data Ascii: lative;padding:0}.fluid-width-video-wrapper embed,.fluid-width-video-wrapper iframe,.fluid-width-video-wrapper object{position:absolute;top:0;left:0;width:100%;height:100%}:root{--wp--preset--aspect-ratio--square:1;--wp--preset--aspect-ratio--4-3:4/3;--wp
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 61 64 69 65 6e 74 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 20 31 30 35 2c 20 30 2c 20 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 20 34 36 2c 20 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 33 38 2c 20 32 33 38 2c 20 32 33 38 29 20 30 25 2c 72 67 62 28 31 36 39 2c 20 31 38 34 2c 20 31 39 35 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 Data Ascii: adient--luminous-vivid-orange-to-vivid-red:linear-gradient(135deg,rgba(255, 105, 0, 1) 0%,rgb(207, 46, 46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray:linear-gradient(135deg,rgb(238, 238, 238) 0%,rgb(169, 184, 195) 100%);--wp--preset
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 34 30 3a 31 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 35 30 3a 31 2e 35 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 36 30 3a 32 2e 32 35 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 37 30 3a 33 2e 33 38 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 38 30 3a 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 64 65 65 70 3a 31 32 70 78 20 31 32 70 Data Ascii: preset--spacing--40:1rem;--wp--preset--spacing--50:1.5rem;--wp--preset--spacing--60:2.25rem;--wp--preset--spacing--70:3.38rem;--wp--preset--spacing--80:5.06rem;--wp--preset--shadow--natural:6px 6px 9px rgba(0, 0, 0, .2);--wp--preset--shadow--deep:12px 12p
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 6e 2d 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 78 2d 68 65 69 67 68 74 3a 6e 6f 6e 65 3b 6d 69 6e 2d 77 69 64 74 68 3a 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 6f 75 74 6c 69 6e 65 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 3b 70 61 64 64 69 6e 67 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 61 75 74 6f 3b 72 69 67 68 74 3a 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 69 6e 64 65 6e 74 3a 30 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 74 6f 70 3a 61 75 74 6f 3b 76 65 72 74 Data Ascii: n-height:auto;max-height:none;min-width:auto;max-width:none;opacity:1;outline:0;overflow:visible;padding:0;position:relative;pointer-events:auto;right:auto;text-align:left;text-decoration:none;text-indent:0;text-transform:none;transform:none;top:auto;vert
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 6b 65 79 62 6f 61 72 64 2d 6e 61 76 69 67 61 74 69 6f 6e 20 2e 6d 65 67 61 2d 6d 65 6e 75 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 2c 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 2e 6d 65 67 61 2d 6b 65 79 62 6f 61 72 64 2d 6e 61 76 69 67 61 74 69 6f 6e 20 2e 6d 65 67 61 2d 74 6f 67 67 6c 65 2d 62 6c 6f 63 6b 20 2e 6d 65 67 61 2d 73 65 61 72 63 68 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 3a 66 6f 63 75 73 2c 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 2e 6d 65 67 61 2d 6b 65 79 62 6f 61 72 64 2d 6e 61 76 69 67 61 74 69 6f 6e 20 2e 6d 65 67 61 2d 74 6f 67 67 6c 65 2d 62 6c 6f 63 6b 20 61 3a 66 6f 63 75 73 2c 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 2e 6d 65 67 61 2d 6b 65 79 62 6f 61 72 64 2d 6e 61 Data Ascii: keyboard-navigation .mega-menu-toggle:focus,#mega-menu-wrap-main.mega-keyboard-navigation .mega-toggle-block .mega-search input[type=text]:focus,#mega-menu-wrap-main.mega-keyboard-navigation .mega-toggle-block a:focus,#mega-menu-wrap-main.mega-keyboard-na
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 2e 6d 65 67 61 2d 6b 65 79 62 6f 61 72 64 2d 6e 61 76 69 67 61 74 69 6f 6e 3e 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 3e 61 2e 6d 65 67 61 2d 6d 65 6e 75 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 63 37 63 39 64 34 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 65 64 65 65 66 33 2c 23 63 37 63 39 64 34 29 7d 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 20 23 6d 65 67 61 2d 6d 65 6e 75 2d 6d 61 69 6e 20 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 3e Data Ascii: creen and (max-width:1024px){#mega-menu-wrap-main.mega-keyboard-navigation>li.mega-menu-item>a.mega-menu-link:focus{color:#000;background:#c7c9d4;background:linear-gradient(to bottom,#edeef3,#c7c9d4)}#mega-menu-wrap-main #mega-menu-main li.mega-menu-item>
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 6d 61 69 6e 20 23 6d 65 67 61 2d 6d 65 6e 75 2d 6d 61 69 6e 20 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 2e 6d 65 67 61 2d 6d 65 6e 75 2d 6d 65 67 61 6d 65 6e 75 20 75 6c 2e 6d 65 67 61 2d 73 75 62 2d 6d 65 6e 75 20 75 6c 2e 6d 65 67 61 2d 73 75 62 2d 6d 65 6e 75 7b 76 69 73 69 62 69 6c 69 74 79 3a 69 6e 68 65 72 69 74 3b 6f 70 61 63 69 74 79 3a 31 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 20 23 6d 65 67 61 2d 6d 65 6e 75 2d 6d 61 69 6e 20 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 20 61 5b 63 6c 61 73 73 5e 3d 64 61 73 68 69 63 6f 6e 73 5d 3a 62 65 66 6f 72 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 64 61 73 68 69 63 6f 6e 73 7d 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d Data Ascii: main #mega-menu-main li.mega-menu-item.mega-menu-megamenu ul.mega-sub-menu ul.mega-sub-menu{visibility:inherit;opacity:1;display:block}#mega-menu-wrap-main #mega-menu-main li.mega-menu-item a[class^=dashicons]:before{font-family:dashicons}#mega-menu-wrap-
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 2d 65 66 66 65 63 74 3d 66 61 64 65 5f 75 70 5d 20 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 2e 6d 65 67 61 2d 74 6f 67 67 6c 65 2d 6f 6e 3e 75 6c 2e 6d 65 67 61 2d 73 75 62 2d 6d 65 6e 75 2c 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 20 23 6d 65 67 61 2d 6d 65 6e 75 2d 6d 61 69 6e 5b 64 61 74 61 2d 65 66 66 65 63 74 3d 66 61 64 65 5f 75 70 5d 2e 6d 65 67 61 2d 6e 6f 2d 6a 73 20 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 3a 66 6f 63 75 73 3e 75 6c 2e 6d 65 67 61 2d 73 75 62 2d 6d 65 6e 75 2c 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 20 23 6d 65 67 61 2d 6d 65 6e 75 2d 6d 61 69 6e 5b 64 61 74 61 2d 65 66 66 65 63 74 3d 66 61 64 65 5f 75 70 5d 2e 6d 65 67 61 2d 6e 6f 2d 6a 73 20 6c 69 2e 6d 65 67 61 2d 6d Data Ascii: -effect=fade_up] li.mega-menu-item.mega-toggle-on>ul.mega-sub-menu,#mega-menu-wrap-main #mega-menu-main[data-effect=fade_up].mega-no-js li.mega-menu-item:focus>ul.mega-sub-menu,#mega-menu-wrap-main #mega-menu-main[data-effect=fade_up].mega-no-js li.mega-m
2024-10-02 15:55:49 UTC	1369	IN	Data Raw: 61 2d 6d 65 6e 75 2d 6d 61 69 6e 3e 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 2e 6d 65 67 61 2d 74 6f 67 67 6c 65 2d 6f 6e 3e 61 2e 6d 65 67 61 2d 6d 65 6e 75 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 63 37 63 39 64 34 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 65 64 65 65 66 33 2c 23 63 37 63 39 64 34 29 7d 23 6d 65 67 61 2d 6d 65 6e 75 2d 77 72 61 70 2d 6d 61 69 6e 20 23 6d 65 67 61 2d 6d 65 6e 75 2d 6d 61 69 6e 3e 6c 69 2e 6d 65 67 61 2d 6d 65 6e 75 2d 69 74 65 6d 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 62 6f 72 64 65 72 3a 30 7d 23 6d 65 67 61 2d 6d Data Ascii: a-menu-main>li.mega-menu-item.mega-toggle-on>a.mega-menu-link{color:#000;background:#c7c9d4;background:linear-gradient(to bottom,#edeef3,#c7c9d4)}#mega-menu-wrap-main #mega-menu-main>li.mega-menu-item{display:list-item;margin:0;clear:both;border:0}#mega-m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49743	141.193.213.21	443	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:51 UTC	705	OUT	GET /wp-content/uploads/2020/12/vanilla-ice-project.png HTTP/1.1 Host: www.theglassguru.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.theglassguru.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: wordpress_google_apps_login=8bd44ec6beae3a0126041d931ab98817
2024-10-02 15:55:51 UTC	468	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 15:55:51 GMT Content-Type: image/png Content-Length: 13993 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000 Cf-Bgj: imgq:100,h2pri Cf-Polished: origSize=15283, status=webp_bigger ETag: "64424c3a-3bb3" Last-Modified: Fri, 21 Apr 2023 08:41:30 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Age: 812387 Accept-Ranges: bytes Server: cloudflare CF-RAY: 8cc5e10c58ae0c94-EWR
2024-10-02 15:55:51 UTC	901	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d4 00 00 00 87 08 03 00 00 00 59 1a 87 73 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 03 00 50 4c 54 45 47 70 4c 97 9b 9d a7 b2 b5 8c 99 9e 85 98 9e 84 94 98 7d 90 94 6e 8a 94 79 88 8e 71 84 8a 6e 7f 85 6c 7c 80 6d 75 77 61 71 76 64 76 7c 5e 6a 6d c9 d2 d5 c5 d1 d4 f4 f7 f9 fd fd fe fd ff ff f9 ff ff f5 fe fe f9 fc fd f5 fa fb f0 f9 fb e9 f6 f9 e6 f1 f5 eb f2 f4 e6 ec ee e3 ec ee dd e4 e6 e3 e7 e9 dd e7 ea de eb ee 57 61 64 53 69 70 4a 66 6f 45 63 6c 43 66 70 40 61 6a 4b 6c 76 34 58 63 2d 4f 5a 28 44 4d 25 3c 44 27 3e 47 28 40 48 28 3f 45 25 40 46 25 3e 45 25 3c 41 20 37 3d 1a 32 3a 20 38 41 15 23 28 17 2c 32 20 33 39 25 39 41 2d 40 46 31 43 4b 32 49 Data Ascii: PNGIHDRYsgAMAasRGBPLTEGpL}nyqnl\|muwaqvdv\|^jmWadSipJfoEclCfp@ajKlv4Xc-OZ(DM%<D'>G(@H(?E%@F%>E%<A 7=2: 8A#(,2 39%9A-@F1CK2I
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fc ff ff ff fe f8 ef ef f3 d7 cc c4 ec ee 76 a0 77 9a a8 52 5a 39 b5 a1 bf e3 9e b2 ce ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe ff ff ff ff ff ff ff ff 9b 9b d2 e3 d3 21 e9 c1 d6 79 39 24 3c 3e 51 5a 53 44 35 40 e7 ff ff ff ff ff ff ff ff ff ff ff ff 59 f2 77 a1 c6 d9 21 14 8b b1 9f bd 79 75 89 0d 06 e8 3e b7 99 00 00 32 3b 49 44 41 54 78 da dc d7 4d 6f 1b 45 1c c7 f1 ef 2c 75 ed 2a ac 43 d2 f8 1c 21 01 2d 07 ae dc e1 9e 96 18 3b ee 9d b7 c1 c3 85 Data Ascii: vwRZ9!y9$<>QZSD5@Yw!yu>2;IDATxMoE,u*C!-;
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: 79 db b6 6e 3d 38 7c cf f6 82 6d b9 85 85 f6 31 47 66 0c 48 4e 62 94 e3 98 d8 6e 77 26 16 0b 00 5a 03 2e 76 bb 45 79 dd 89 a7 a2 22 23 22 4e 9c c5 1f c2 57 af 1c aa 57 ef e5 c2 9c 9c 9c fc cd 05 4d 0b a7 85 15 45 3d 1c 95 bb 61 43 7e e1 98 da a3 53 92 09 b7 e9 8b 71 71 17 51 81 89 80 73 0c 10 ce f7 3a 0f e0 ec e9 b6 11 8d c3 db 9c ba 88 3f 04 61 bc 3c 36 6c 56 5e d3 96 8d 37 6f 8d 0c aa 91 71 60 56 c6 9c f0 c6 99 a3 f7 6f dd b2 b7 e1 91 fe af 9e c3 1d ee d3 f1 15 1f cf 14 77 72 a1 db 69 0d 50 62 a3 56 a7 e9 c5 e8 c8 c8 88 e8 56 a7 34 ee c1 2c 2e 74 2e 8c 68 14 52 a5 87 fa 52 33 fe 2d 4e 1a 47 a7 86 f5 2f cc 6b 5a 38 64 74 66 f1 91 f4 a2 e2 59 61 19 1f d5 6d b8 37 7f cb a6 8c fb 86 27 f7 c3 6f e8 6e 71 09 2e 00 9a 12 54 c2 17 3b 2e 9c 07 e2 06 39 23 42 22 Data Ascii: yn=8\|m1GfHNbnw&Z.vEy"#"NWWME=aC~SqqQs:?a<6lV^7oq`VowriPbVV4,.t.hRR3-NG/kZ8dtfYam7'onq.T;.9#B"
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: 69 9a 3d 17 e3 82 28 05 20 d0 ee 6e c3 5a 27 a4 4d 63 02 c0 c4 c4 20 9a 3e e3 97 02 9b 26 e2 f2 56 0d 05 4d bb e5 2f a0 24 a5 0c c5 84 a4 b0 1f 4b ce 07 d5 27 01 a6 2f c7 f0 8c 47 c0 a7 42 d2 fe 41 c0 ac 71 02 b4 a5 29 22 1f df 24 2e d6 a7 3b 4d f5 7f d1 1d 4a 4c 96 b6 01 5a 32 b3 74 e7 d9 b2 eb 2f 34 87 d0 fb 83 be 1e 5c ec 6e 1b a7 70 cb 30 bd b4 70 87 7d cd 2b bc b6 3f 00 30 79 83 3d eb 79 80 d7 71 eb d2 7c df 68 ae dc 14 b1 14 9d c7 77 f5 61 75 58 9e a6 a0 a6 92 d9 e3 68 e7 58 e0 c4 13 e1 00 6b 18 5a db 98 a4 35 31 c8 18 37 4d 2a 26 65 68 c3 5f d5 c3 6c 03 92 97 0f c1 0a f2 69 6c 3e bc 7f 79 1f d1 18 e5 4e 34 3a 39 65 52 37 c4 39 26 7f 26 88 d5 38 d2 7f 5a 44 92 0f a4 9d 4d fc c5 83 3b d6 6c fe e0 3f 34 bc 07 a9 33 b8 34 b4 24 14 f4 e9 de ea 07 dc f6 Data Ascii: i=( nZ'Mc >&VM/$K'/GBAq)"$.;MJLZ2t/4\np0p}+?0y=yq\|hwauXhXkZ517M*&eh_lil>yN4:9eR79&&8ZDM;l?434$
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: d3 b3 21 b5 6e a9 6d 0a a5 72 1f a5 56 af 7a 7d ae c3 2b 30 26 33 be b6 67 e4 42 ca 1f eb 86 28 ea 5c f0 83 9f 9e 67 16 b8 83 0e 17 af 9f e6 1a 61 fa 40 e4 94 04 78 15 b7 f2 af eb 90 68 fb 66 ad 61 d4 51 10 9a 00 db a7 1e 57 db 73 ac bc a6 34 84 e9 fb d9 c4 15 43 43 83 7c 8c 7c 6d b3 fb 89 61 18 5a 80 59 eb f8 78 9f 5b 59 ac 35 0c 9b 1e 00 2f 09 0f 58 c8 2c 10 04 ca c5 6b 0d e2 6f 94 ff 46 db 6b 60 66 22 26 02 43 5f 5b 2b b5 5b c0 aa e1 8c d5 8e 15 af e6 d2 27 55 5c ec 9b ee 6b d1 72 0d 33 ef 6a b1 3b 55 eb d9 34 a9 b9 ab 5a bb 9d a9 04 67 f5 90 6e ee 04 ef 1e 00 95 d7 d4 0b 2d 49 e0 31 6d 09 26 b0 88 cb 31 05 b7 36 0b b2 96 2d 0d 40 a7 28 ed 57 21 00 b3 47 0d 10 29 9b 37 9a 6c 8d 87 b6 d7 b2 e2 60 31 40 b0 0b c0 02 6c 6d da 8d b6 6c 56 58 c3 fa 7f da d7 Data Ascii: !nmrVz}+0&3gB(\ga@xhfaQWs4CC\|\|maZYx[Y5/X,koFk`f"&C_[+['U\kr3j;U4Zgn-I1m&16-@(W!G)7l`1@lmlVX
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: fc dc 82 b1 96 5f f2 dc 10 ff 65 62 6f 6e 45 db 77 b1 98 9c 59 8d 9c 82 c0 5e 4d 82 5b d8 47 02 9e 84 2a a4 bd aa d0 20 df fe 35 4e 5e 09 42 2d 49 10 54 87 84 bc 2a 89 49 90 bc 9f ea 08 43 4a 02 c2 ee 6f 3e 62 d9 0b 9f 5d 2f 3d d5 6a 69 ff fe 60 54 18 5a 85 19 c4 d0 17 41 d9 e4 c5 10 f0 90 e5 f4 16 23 9b b3 b3 a1 71 0b df 24 6e 0f 89 85 56 d2 81 e7 e5 16 94 a3 f3 0f a2 1c 69 c0 00 99 60 35 73 f8 43 79 9b f6 ef dd db 78 1b 3b 5f 24 10 01 30 70 97 3f 33 45 67 64 f8 3a ef b6 88 49 07 79 37 66 ad ea 8a e3 ba 45 b3 ad 09 56 07 92 68 d1 67 cd ce 06 ab 06 70 06 08 60 7a 6d 21 83 30 2e 93 98 98 80 91 ef e9 81 a5 5d 1c c5 89 43 06 bf 13 e2 e3 2a 8b 93 7d b5 2c 54 30 57 0d 5c 0e bf 64 48 a8 a1 ed 96 57 0b d9 71 70 40 07 e4 33 01 f9 4f 3e db 3e 01 e5 d3 0f 82 7f 6d Data Ascii: _ebonEwY^M[G* 5N^B-ITICJo>b]/=ji`TZA#q$nVi`5sCyx;_$0p?3Egd:Iy7fEVhgp`zm!0.]C},T0W\dHWqp@3O>>m
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: 45 f2 f2 f7 84 48 88 ed d0 0a 5b 82 ab eb a6 bb c4 9d db 88 2a fe 75 dd cb 30 8d f6 5a 72 65 c0 a2 3c 31 a1 c2 68 93 77 34 90 54 17 5e 03 01 8b 9d f2 89 a6 b9 a3 52 62 6b 02 53 97 5a db 42 d9 76 81 c6 70 4b 92 01 e7 8c 34 b1 12 10 0a 19 a3 c9 2b 17 4c b8 f9 2d 1b 66 0f fe d6 74 a0 7f ee 05 64 83 71 c9 a2 fe d8 d8 e9 67 7c ef cc 7f fa fa d7 64 76 17 ea a0 cb 73 5d 7e 49 ed a9 d3 3d d6 8f 5b db 2f 5a 38 59 33 10 33 27 7e 65 a2 6e ba cb 89 6c 63 4b 06 51 9f 64 68 d7 28 a3 9d a1 58 da d7 4c 92 21 b3 53 f8 bc 30 02 12 f0 f6 89 46 08 a6 38 0e 06 49 35 1e 40 5d db 61 47 e7 d9 23 50 43 ae fb fa 7b f0 49 a7 bd f9 55 6f 7e e2 e1 69 bf ad 52 5f 9c 51 42 88 b1 96 e5 ad cb be 34 ef dd ef 9a 71 f8 1b df ee c3 e7 7d 09 76 5b a9 9a 29 cb 8e 9b 3b 83 9c 43 29 4f 3b e7 aa Data Ascii: EH[*u0Zre<1hw4T^RbkSZBvpK4+L-ftdqg\|dvs]~I=[/Z8Y33'~enlcKQdh(XL!S0F8I5@]aG#PC{IUo~iR_QB4q}v[);C)O;
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: 7b f9 59 af cd 13 ce 9c d0 a0 1a 50 35 72 be 0d cd aa 3e 2f b6 14 8f b8 e0 b6 43 e6 5f 2f 76 e3 9e c5 e7 4e 6d 8e de c7 6c 05 31 ea 90 45 86 89 23 ba 7c a6 4f ef fd 4b 37 0f 8e 46 42 55 37 da 5b 51 31 f4 d1 37 f4 6b 2c f2 bd 7b 3f 79 50 eb a9 52 69 e2 21 9f 3c a8 9b 43 8e 21 7e ff 43 77 8f f4 21 a6 18 3f f7 4f c3 bd 81 9c 35 36 81 37 0f 5c 37 25 8e 92 dd a4 13 14 a2 8a 79 17 be ef e0 a7 8a 32 a5 94 83 9c 43 d1 fe 56 37 2c 7b f7 db 52 b7 2e aa 12 64 48 c0 a4 7b 2e 4d 67 fe 7e 27 71 5e 41 db 3d f5 e3 c7 ba b9 8c 54 4d 5d 3a b6 f6 91 e9 ab ae 39 f5 cf c5 6e e4 e3 8a bd 96 3f f1 07 59 c5 c8 a4 51 cc 38 99 89 7f ba e2 a6 45 d7 1f 7a 60 df a2 d5 0a a3 bd 1c e4 c1 69 1f fd 83 ad 2d 77 65 3e 75 cc e6 d7 75 4a 17 f5 c4 c3 3e 7e 60 42 c6 ed ef 2d 39 f9 d0 3e 11 5c Data Ascii: {YP5r>/C_/vNml1E#\|OK7FBU7[Q17k,{?yPRi!<C!~Cw!?O567\7%y2CV7,{R.dH{.Mg~'q^A=TM]:9n?YQ8Ez`i-we>uuJ>~`B-9>\
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: ef c3 ef fe 93 92 67 a1 2f 1c d6 3d 80 5d fc d7 46 dd f1 77 7b 4d c8 8d d0 6b 16 a3 98 20 ca cf cc 3a b2 67 cf 3a 77 b5 0c e1 ce 98 aa c2 a1 4a 21 ec a8 cd 8e 17 d3 ee 3c fd a0 ab f1 54 26 64 24 ab f1 8e a4 3b 13 db 98 66 57 26 b8 39 9a 94 a3 2a 8c 71 68 8a c1 cd e9 e1 b8 6f f1 f3 66 e7 25 8d 36 bd d1 cd 09 01 c8 40 f5 1a 72 e2 d5 cf 15 aa 98 79 f4 2d ec 42 fd cf 9c 35 56 3e f4 86 31 81 6b 08 39 a4 50 dc a6 2c e3 d5 20 f0 61 eb a7 ad 53 15 52 4a 8a 01 c0 b4 3a 21 63 d1 55 2f f4 ac 66 b7 67 27 87 d6 96 3d 9f 8a 6d f5 d6 4f cb 53 ef 1c 2f 5b c9 a9 7f fb 8b 65 eb 7e d0 ea f6 1e e3 9a 73 f4 d8 b5 c7 65 c9 fd 57 b5 c7 b6 fc bc 51 06 03 8d c7 f7 70 43 b2 d8 b9 be 22 91 15 ac f5 5f df 9b 67 53 f4 3f c1 ae bc 3f 57 2e 5c f1 d5 f7 b5 f3 d8 a4 d1 10 21 38 84 75 6f Data Ascii: g/=]Fw{Mk :g:wJ!<T&d$;fW&9*qhof%6@ry-B5V>1k9P, aSRJ:!cU/fg'=mOS/[e~seWQpC"_gS??W.\!8uo
2024-10-02 15:55:51 UTC	1369	IN	Data Raw: 70 ed 01 d3 2e b9 6e be 70 67 e4 d1 9f fc 62 01 b1 f7 af 7e e7 c5 64 09 5c 80 8c d9 83 0c 5d 63 52 02 ac 1d 05 03 5f 7f c3 f8 a8 a5 36 6c af 8b 42 70 6a 24 10 0e 48 90 85 a5 36 26 f7 f5 9c a1 08 ab 6f 19 f4 86 b1 9f ce 1e 1a 5a f4 e3 2d 87 6f 3c 2d d6 bf f7 dd af 4f b8 65 ed 6f 89 5f 71 cf 4f 3f bf bc 21 3c 0b 89 a9 c9 ba 46 8d 9f fc f0 83 77 d7 c7 e5 33 de dd 1f 08 ab ac 66 7e 62 73 29 42 ef 00 60 32 80 21 15 08 bb 7a f2 50 73 a7 4d 26 62 24 31 30 28 84 b4 ff 59 67 ed bb ef cb 1a c0 18 b6 77 c4 92 b7 a6 c0 33 1f 95 65 6c ba c1 84 96 79 ee bd c8 1c f2 da e1 ce 03 ef 90 e7 c4 a1 fc 62 2d 7b 8d c4 af f1 77 cf b9 c6 e9 d2 df d5 c4 35 ea 35 7b 2e 56 d2 3f ef 50 5f bb 30 56 a1 3e 6f 91 a6 fd 8d c7 e7 24 9b ea 15 73 0c 5b 2c 63 20 8d bf 64 7c e7 cb 9f 70 d1 0c Data Ascii: p.npgb~d\]cR_6lBpj$H6&oZ-o<-Oeo_qO?!<Fw3f~bs)B`2!zPsM&b$10(Ygw3elyb-{w55{.V?P_0V>o$s[,c d\|p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49741	52.87.131.204	443	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:51 UTC	662	OUT	GET /pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677eef7f7c2a HTTP/1.1 Host: data.adxcel-ec2.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.theglassguru.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 15:55:51 UTC	83	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: Close
2024-10-02 15:55:51 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49774	141.193.213.21	443	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:52 UTC	455	OUT	GET /wp-content/themes/pdm/dist/svgs/quote.svg HTTP/1.1 Host: www.theglassguru.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: wordpress_google_apps_login=8bd44ec6beae3a0126041d931ab98817
2024-10-02 15:55:52 UTC	452	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 15:55:52 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 23 May 2023 20:34:31 GMT ETag: W/"646d2357-115" Cache-Control: public, max-age=31536000 Access-Control-Allow-Origin: * CF-Cache-Status: HIT Age: 815557 Server: cloudflare CF-RAY: 8cc5e116cd2e42a9-EWR
2024-10-02 15:55:52 UTC	284	IN	Data Raw: 31 31 35 0d 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 61 72 69 61 2d 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 20 77 69 64 74 68 3d 22 33 36 22 20 68 65 69 67 68 74 3d 22 33 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 33 36 20 33 32 22 3e 3c 70 61 74 68 20 64 3d 22 4d 33 35 2e 34 20 36 2e 33 56 30 63 2d 31 30 20 30 2d 31 35 20 35 2e 37 2d 31 35 20 31 37 76 31 35 68 31 35 56 31 37 48 32 38 76 2d 31 2e 31 63 30 2d 35 2e 37 20 32 2e 34 2d 39 20 37 2e 33 2d 39 2e 36 7a 6d 2d 32 36 20 33 63 31 2e 32 2d 31 2e 36 20 33 2e 31 2d 32 2e 35 20 35 2e 37 2d 33 56 30 43 35 20 30 20 30 20 35 2e 37 20 30 20 31 37 76 31 35 68 31 35 56 31 37 48 37 2e 39 76 2d 31 2e 31 63 30 Data Ascii: 115<svg xmlns="http://www.w3.org/2000/svg" aria-role="presentation" width="36" height="32" viewBox="0 0 36 32"><path d="M35.4 6.3V0c-10 0-15 5.7-15 17v15h15V17H28v-1.1c0-5.7 2.4-9 7.3-9.6zm-26 3c1.2-1.6 3.1-2.5 5.7-3V0C5 0 0 5.7 0 17v15h15V17H7.9v-1.1c0
2024-10-02 15:55:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49777	54.152.44.233	443	5100	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:53 UTC	422	OUT	GET /pixel/?ad_log=referer&action=content&pixid=d28093f3-b445-48d7-8d09-677eef7f7c2a HTTP/1.1 Host: data.adxcel-ec2.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 15:55:53 UTC	83	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: Close
2024-10-02 15:55:53 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49782	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 15:55:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 46 71 6a 52 79 61 71 45 55 47 63 50 77 63 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 38 33 62 32 65 36 62 37 30 38 39 37 63 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: CFqjRyaqEUGcPwc1.1Context: 2583b2e6b70897c3
2024-10-02 15:55:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 15:55:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 46 71 6a 52 79 61 71 45 55 47 63 50 77 63 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 38 33 62 32 65 36 62 37 30 38 39 37 63 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 30 33 7a 79 36 65 36 4e 79 4f 77 62 72 52 39 74 78 58 75 6d 32 2f 37 4d 48 39 54 69 74 45 7a 73 56 31 69 39 6c 6f 41 77 65 75 4c 70 34 56 54 7a 33 70 38 50 2f 70 55 42 64 64 71 59 4d 2b 36 62 65 67 77 71 70 65 6f 71 35 66 70 74 69 68 65 77 4f 4e 76 49 31 78 39 6e 44 4c 2b 5a 49 7a 50 5a 6b 42 57 38 30 6f 42 4e 49 6e 79 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: CFqjRyaqEUGcPwc1.2Context: 2583b2e6b70897c3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe03zy6e6NyOwbrR9txXum2/7MH9TitEzsV1i9loAweuLp4VTz3p8P/pUBddqYM+6begwqpeoq5fptihewONvI1x9nDL+ZIzPZkBW80oBNInyA
2024-10-02 15:55:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 46 71 6a 52 79 61 71 45 55 47 63 50 77 63 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 38 33 62 32 65 36 62 37 30 38 39 37 63 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: CFqjRyaqEUGcPwc1.3Context: 2583b2e6b70897c3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 15:55:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 15:55:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 77 44 46 73 56 6c 43 4d 30 71 58 38 32 42 51 62 45 53 47 36 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2wDFsVlCM0qX82BQbESG6A.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2184, Parent PID: 5840

General

Target ID:	0
Start time:	11:55:38
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5100, Parent PID: 2184

General

Target ID:	2
Start time:	11:55:42
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1984,i,17754463736748942375,16654701587173049969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3004, Parent PID: 5840

General

Target ID:	3
Start time:	11:55:44
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://theglassguru.com"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://theglassguru.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 35

Chrome Cache Entry: 36

Chrome Cache Entry: 37

Chrome Cache Entry: 38

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2184, Parent PID: 5840

General

Chronological Activities

Windows Analysis Report
http://theglassguru.com