Edit tour

Windows Analysis Report
http://atttttt00000011.weebly.com/

Overview

General Information

Sample URL:	http://atttttt00000011.weebly.com/
Analysis ID:	1637067
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1988,i,3565000205782551320,295746777365023404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1964 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://atttttt00000011.weebly.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://atttttt00000011.weebly.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: http://atttttt00000011.weebly.com/gdpr/gdprscript.js?buildTime=1741821105

Avira URL Cloud: Label: phishing

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKConnection: keep-aliveContent-Length: 65Server: nginxContent-Type: image/x-iconLast-Modified: Wed, 05 Mar 2025 16:29:05 GMTETag: "67c87bd1-57e"Expires: Wed, 05 Mar 2025 21:00:30 GMTCache-Control: max-age=300X-Host: blu24.sf2p.intern.weebly.netAccess-Control-Allow-Origin: *Content-Encoding: gzipVia: 1.1 varnish, 1.1 varnishAccept-Ranges: bytesAge: 650706Date: Thu, 13 Mar 2025 09:40:36 GMTX-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740044-EWRX-Cache: HIT, HITX-Cache-Hits: 966, 0X-Timer: S1741858837.784245,VS0,VE1Vary: Accept-Encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400Data Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 06 30 c8 60 65 60 10 03 d2 1a 40 0c 12 52 00 62 46 06 0e 88 24 23 03 02 20 b3 47 c1 28 18 05 a3 60 04 82 ff ff 29 c3 00 a7 d4 66 85 7e 05 00 00 Data Ascii: c``B0`e`@RbF$# G(`)f~
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKConnection: keep-aliveContent-Length: 65Server: nginxContent-Type: image/x-iconLast-Modified: Wed, 05 Mar 2025 16:29:05 GMTETag: "67c87bd1-57e"Expires: Wed, 05 Mar 2025 21:00:30 GMTCache-Control: max-age=300X-Host: blu24.sf2p.intern.weebly.netAccess-Control-Allow-Origin: *Content-Encoding: gzipVia: 1.1 varnish, 1.1 varnishAccept-Ranges: bytesDate: Thu, 13 Mar 2025 09:40:36 GMTAge: 650706X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740071-EWRX-Cache: HIT, HITX-Cache-Hits: 966, 9X-Timer: S1741858837.912103,VS0,VE0Vary: Accept-Encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400Data Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 06 30 c8 60 65 60 10 03 d2 1a 40 0c 12 52 00 62 46 06 0e 88 24 23 03 02 20 b3 47 c1 28 18 05 a3 60 04 82 ff ff 29 c3 00 a7 d4 66 85 7e 05 00 00 Data Ascii: c``B0`e`@RbF$# G(`)f~

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIk6HLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCPrXzgEIydzOAQjg4M4BCOXjzgEIr+TOAQjI5M4BCN/kzgEIi+XOAQiO5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: atttttt00000011.weebly.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gdpr/gdprscript.js?buildTime=1741821105 HTTP/1.1Host: atttttt00000011.weebly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Referer: http://atttttt00000011.weebly.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=f6unyoabpv2UhEwdHRoTW68SXg7TsLNhnI.G1T_8B.Y-1741858835-1.0.1.1-_27pzFLA1LuBpBM0yZsErKcgIeYFWDVemIecizcUApDSlMiPZYwuQurJ3yCxXdNHpWIBvF.RD2_z0rMPEp6L27kGEcMFJqUYupxlMvlFNfw
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://atttttt00000011.weebly.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Origin: http://atttttt00000011.weebly.comAccept: /Referer: http://atttttt00000011.weebly.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Origin: http://atttttt00000011.weebly.comAccept: /Referer: http://atttttt00000011.weebly.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/weebly-logo-blue.png HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://atttttt00000011.weebly.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /developer/none.ico HTTP/1.1Host: cdn1.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: atttttt00000011.weebly.com
Source: global traffic	DNS traffic detected: DNS query: cdn1.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: cdn2.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 13 Mar 2025 09:40:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 91fa921879e842cc-EWRCF-Cache-Status: BYPASSCache-Control: privateSet-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Sun, 11-Mar-2035 09:40:35 GMT; Max-Age=315360000; path=/Vary: User-Agent, Accept-EncodingX-Host: grn155.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Set-Cookie: __cf_bm=f6unyoabpv2UhEwdHRoTW68SXg7TsLNhnI.G1T_8B.Y-1741858835-1.0.1.1-_27pzFLA1LuBpBM0yZsErKcgIeYFWDVemIecizcUApDSlMiPZYwuQurJ3yCxXdNHpWIBvF.RD2_z0rMPEp6L27kGEcMFJqUYupxlMvlFNfw; path=/; expires=Thu, 13-Mar-25 10:10:35 GMT; domain=.weebly.com; HttpOnlyServer: cloudflareContent-Encoding: gzipData Raw: 33 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 56 6b 6f db 36 14 fd 6c ff 0a 4e c5 d0 04 08 2d c9 72 1c 5b b6 dc e5 89 0d e8 b2 60 73 b1 ed 53 41 91 d7 12 67 8a 54 49 da b2 33 ec bf 0f 7a a5 6e e2 ae 43 10 07 84 1f bc bc f7 9c 7b c9 c3 c7 f4 bb ab 5f 2e e7 7f de 5d a3 d4 66 02 dd 7d b8 78 ff d3 25 72 b0 eb fe 1e 5c ba ee d5 fc 0a fd f1 e3 fc e7 f7 c8 ef 79 e8 37 ab 39 b5 ae 7b 7d eb 20 27 b5 36 0f 5d b7 28 8a 5e 11 f4 94 4e dc f9 af ee a6 44 f1 cb b0 e6 2f 36 55 4c 8f 59 e6 cc ba d3 8a 64 93 09 69 a2 3d 00 fe 78 3c ae e3 9c d2 29 14 44 26 91 03 b2 8a 04 c2 66 53 43 35 cf 2d 32 9a 46 8e 9b b0 5c 57 5f b5 b5 f7 97 79 17 af b8 60 73 9e 41 e4 9f 0d fc 51 df f7 bd 53 67 36 75 6b 8f 59 b7 33 b5 dc 0a 98 0d bc 01 c2 e8 8e 24 80 6e 95 45 37 6a 25 d9 d4 ad c7 ba 9d 69 06 96 a0 32 3f 0c 9f 56 7c 1d 39 54 49 0b d2 62 bb cd Data Ascii: 3ebVko6lN-r[`sSAgTI3znC{_.]f}x%r\y79{} '6](^ND/6ULYdi=x<)D&fSC5-2F\W_y`sAQSg6ukY3$nE7j%i2?V\|9TIb
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 13 Mar 2025 09:40:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 91fa921b4bc342cc-EWRCF-Cache-Status: DYNAMICCache-Control: privateVary: User-Agent, Accept-EncodingX-Host: blu22.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Server: cloudflareContent-Encoding: gzipData Raw: 34 37 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 57 6b 6f db 36 14 fd 6c ff 0a 4e c5 d0 04 08 4d c9 76 1e 96 65 77 69 92 62 03 ba 2e d8 52 6c fb 54 50 e4 b5 c4 85 22 35 92 b6 e4 0e fd ef 03 f5 48 dc c4 5d 87 a2 29 04 3f 48 de 7b ce bd e4 21 79 95 7c 77 f9 cb c5 cd 9f d7 57 28 77 85 44 d7 6f 5f be fe e9 02 05 98 90 df 27 17 84 5c de 5c a2 3f 7e bc f9 f9 35 8a 46 21 fa cd 19 c1 1c 21 57 6f 02 14 e4 ce 95 31 21 55 55 8d aa c9 48 9b 8c dc fc 4a 6a 8f 12 79 b7 ee 2f b6 8d cf 88 3b 1e 2c 87 49 43 52 17 52 d9 c5 1e 80 68 36 9b b5 7e 81 37 8a 25 55 d9 22 00 d5 78 02 e5 cb c4 32 23 4a 87 ac 61 8b 80 64 bc 34 cd 57 db 3b fa cb be 48 d7 42 f2 1b 51 c0 22 3a 9d 46 67 e3 28 0a 8f 83 65 42 5a 8b e5 70 90 38 e1 24 2c a7 e1 14 61 74 4d 33 40 6f b4 43 af f4 5a f1 84 b4 63 c3 41 52 80 a3 c8 c7 87 e1 ef b5 d8 2c 02 a6 95 03 e5 b0 db 96 10 a0 ae b5 08 1c d4 8e f8 78 e7 88 e5 d4 58 70 8b b7 37 af f0 59 80 c8 1d 8c a2 05 2c 82 8d 80 aa d4 c6 ed 38 57 82 bb 7c c1 61 23 18 e0 a6 71 84 84 12 4e 50 89 2d a3 12 16 51 f0 00 c5 e8 54 3b bb 83 a1 34 35 2c 17 1b e8 18 a5 50 b7 c8 80 5c 04 36 d7 c6 b1 b5 43 82 69 15 a0 dc c0 6a 11 10 c2 b8 8a 46 c0 85 2b b6 56 38 18 31 5d 10 0e 1b 90 ba 04 43 94 56 30 12 4c 37 68 c3 41 62 dd 56 02 f2 49 77 b9 32 6b 7d 4c 83 1f 56 5a 39 bc a2 0c d0 3f c3 c1 60 d0 35 0b 21 b7 31 7a 7e 6d 74 2d 0a 8a de e8 0d 7d 3e bf 1b af 40 64 b9 8b d1 24 0c 9b 4e 6b 58 8c d6 46 1e b4 71 8d 1f c6 c5 74 51 6a 05 ca 59 b2 16 78 65 68 01 95 36 b7 c4 83 59 52 b6 24 58 e9 0d c5 d2 23 93 49 74 7e 31 3b 79 17 be 0b 47 a0 5d 70 f8 2d 58 5e 3c 13 b0 12 75 70 88 56 da 14 d4 1d 04 50 a4 c0 39 70 ac 4b 50 8d 60 0e 8f 9e 2a 80 4a af 56 3b d4 6d f3 c9 d8 9c db 25 73 66 0d 6d 7a 7e 9e 3f 0c bf 40 16 5f 71 6d 0c 64 6b 49 4d 1f 6e f4 54 1a 78 cc f3 ad 45 b0 27 d3 27 95 c1 1e be af 2e 84 8f ce 87 e3 af 7f 3e 58 28 44 aa 25 ef 93 18 3f 95 3c 3e 41 f4 4d 05 b2 2f 86 27 55 c8 3e c2 cf 4a 24 d5 7c db 8a 23 a5 ec 36 33 fe 0a c6 4c 4b 6d 62 f4 ec d5 99 7f e6 ff 43 3a 0d 56 6e 3a 24 6d 38 98 18 45 65 8d ac 96 82 a3 67 57 a7 fe 99 df 8f 62 a7 cb 18 85 77 be a3 8a 1a 25 54 86 fd a5 4a 85 82 0e ab a4 9c 0b 95 c5 68 3c 2b 6b 34 0d cb 7a be d3 8d 53 ed 9c 2e 3a a0 41 aa 6b 6c c5 fb c6 be a3 49 75 eb e0 ef 4d 4c a5 c8 54 8c 18 28 07 66 be 3f e9 2a 17 0e e6 9f 48 e3 72 ea 9f 66 34 ef af d1 c9 71 17 53 53 3c c4 68 7a 36 ed 3a 0a 6a 32 a1 62 14 22 ba 76 7a a7 ab 4d 3e 0a bf 6f fa 70 05 e9 ad 70 b8 89 3e a7 5c 57 31 0a cb ba f9 4c 3d 39 3e 2b 6b 64 b2 94 1e 8c 27 a7 47 e3 c9 f4 c8 ff 46 ed ae c1 85 7e ff 85 ae 5f e4 d5 ae 96 af 03 fb 25 ea d3 1c 9f 78 Data Ascii: 472Wko6lNMvewib.

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1988_2005866273

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1988_2005866273

Jump to behavior

Source: classification engine

Classification label: mal56.win@21/14@21/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1988,i,3565000205782551320,295746777365023404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1964 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://atttttt00000011.weebly.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1988,i,3565000205782551320,295746777365023404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1964 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://atttttt00000011.weebly.com/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://atttttt00000011.weebly.com/gdpr/gdprscript.js?buildTime=1741821105	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
beacons-handoff.gcp.gvt2.com	142.251.143.35	true	false	high
weebly.map.fastly.net	151.101.1.46	true	false	high
www.google.com	172.217.18.4	true	false	high
atttttt00000011.weebly.com	74.115.51.8	true	false	unknown
cdn2.editmysite.com	unknown	unknown	false	high
cdn1.editmysite.com	unknown	unknown	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://atttttt00000011.weebly.com/gdpr/gdprscript.js?buildTime=1741821105	true	Avira URL Cloud: phishing	unknown
http://cdn1.editmysite.com/images/weebly-logo-blue.png	false		high
http://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff	false		high
http://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff	false		high
http://atttttt00000011.weebly.com/	true		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
http://cdn1.editmysite.com/developer/none.ico	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.115.51.8	atttttt00000011.weebly.com	United States	27647	WEEBLYUS	false
74.115.51.9	unknown	United States	27647	WEEBLYUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false

Private

IP
192.168.2.4
192.168.2.6
192.168.2.10

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637067
Start date and time:	2025-03-13 10:39:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://atttttt00000011.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@21/14@21/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, Sgrmuserer.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.185.206, 142.250.185.142, 74.125.133.84, 172.217.18.14, 142.250.186.110, 216.58.212.174, 199.232.210.172, 216.58.206.78, 142.250.185.110, 142.250.186.78, 142.250.184.206, 142.250.185.174, 142.250.186.131, 216.58.212.142, 142.250.186.46, 172.217.18.3, 172.217.18.110, 52.149.20.212, 23.60.203.209
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://atttttt00000011.weebly.com/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 1406
Category:	dropped
Size (bytes):	65
Entropy (8bit):	5.105693829559629
Encrypted:	false
SSDEEP:	3:FttzlbFaHvPdc7/n:XtzlUvPdcz
MD5:	C88C3B0A67BE1AA816661DBD567E7163
SHA1:	E0C36A8570EE2ED2BFCB6A9B3EC3389F98CB1D9C
SHA-256:	2F506D63F617CB33B2E42F8779A67CB23B191A51CDC86903FD378BFA9B878576
SHA-512:	65EE63F410BC06FA61BC32E0233C3E9445BECA6E0610AFE3AFE355171921EA7C88165EA6B2E45737495FA64923AE02FCB983D87353549DE4D61C45D8D8BB47E7
Malicious:	false
Reputation:	low
Preview:	..........c``.B...0.`e`....@..R.bF...$#.. .G.(...`....)....f.~...

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 45516, version 0.0
Category:	downloaded
Size (bytes):	45516
Entropy (8bit):	7.988068052263367
Encrypted:	false
SSDEEP:	768:lJ7LJDvQuQslnT3dv/fVA+J/8fIAhZtG1JvBqqKhlXheg7wvtrM19EmMhVyK7d:lTvQizdn6+JUxtGD4jfogwtrM8mMDd
MD5:	861DFBEE66A135B4421BA3F0F3BC297F
SHA1:	1B379173B64E92893538FF39DA0B16410DD5F653
SHA-256:	ABBC659E9C167B41E012D7B7D7F8CF22D4EDD74A7FFB85704E213B1418C8B177
SHA-512:	3397ABA8B2BE2B5269899ACCEA9106F6895CDA10A17D8E9D92F86F914386F1903087CF87878504DB9BC8BFE1FD461B165197966AA7186FD1BA5570FB2C31D84B
Malicious:	false
Reputation:	low
URL:	http://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff
Preview:	wOFF..............V........`...l............OS/2.......X...`.u..cmap................cvt .......(...(....fpgm...4........C>..gasp...............#glyf..,....\........head...d...6...6....hhea.......!...$....hmtx.......[...@I.Eloca..$H...W.......Bmaxp...D... ... ....name...........A .&2post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........A...._.<..................\|..<..................x.c`f.d..................D......X.A....S;P....rs......~.0....P.<.....\|...c..@J.......Lx..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 3909
Category:	downloaded
Size (bytes):	1306
Entropy (8bit):	7.839052387758741
Encrypted:	false
SSDEEP:	24:XAHMV9CbeZLxkmfDaOi47b+9ctXE+z+mG4auZtZ3A9B65/QlOTJfWMhhu3/Pn:XAHsC49kMWn4u9czrGOXwe5/RNfWMhha
MD5:	C4DC5E87400BB0117FEA7889B51B1B9B
SHA1:	1F48972A35AC7DE9F0DA164AC154A9BD935F2894
SHA-256:	DDA47B6B475836AB7493EC211623FFD9475F1B5C62EF692CF586A8E1D348FE6F
SHA-512:	7B4E6FF18C574D8A717BAC2536EC3A0E41E6C318F51A1FE9CC91E72695F7479F606DE8DFE409F26D69B3AAA8ACDE5A928DBC75BE0E2C1B50207C3B1FA7368BFB
Malicious:	false
Reputation:	low
URL:	http://atttttt00000011.weebly.com/
Preview:	...........Vko.6..l..N....-.r.[.....`s..SA...g.TI.3..z.n.C........{......_....]..f..}.x..%r....\.............y.7.9..{}. '.6.].(.^...N....D.../6UL.Y...d..i.=..x<...).D&......fSC5.-2.F...\W_....y...`s.A...Q...Sg6uk.Y.3.........$.n.E7j%....i...2?..V\|.9TI..b...AM/r,l.[.;A4%..>.o..A...$.D.C.+mw...l.1Xs... ...D`C...w..h.+kv0."..\|....r.4..1...,.TI......I....lk...U..`.B.].$.8U.Z.35v+..E7.Rc.:?,..xA(....N..f\lC..N.....Uk.v.0^.OR......4D+-.......i...x.I...K..3n^.`.................k..{.a.7.1Z(..{.@..c...AV.9>9T..Z,v......%.z.uy.<..}.,^pm4$+At...(.<.ym....2....B..\|8}...@.c%X[D.P.....d_..U.>.oJ$Vl[.#&t.....T..C..fT....N....Ii.:D~.AF....M>.b...y....h.e..K.p..VN..2.Q..o...7..3...k.:..`..+..&Vu@yob"x"CDAZ..E.).0.J.W..U.i{...MN..!D..1dD'\..Cde.......l..x.-..O.SE..\|S}.%9...........~08)..z..L.?3.YQ.j...v..2....l.z+.`.\..Ed.=.h...3.....#.o.....;.vg..E.25.M...J...S6.]p..-.p8.<....f....H.....K.D...xF...Bp....7. ..q)....E._(...rxb.=C&'.[.k.S"..q..<..#....

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 1406
Category:	downloaded
Size (bytes):	65
Entropy (8bit):	5.105693829559629
Encrypted:	false
SSDEEP:	3:FttzlbFaHvPdc7/n:XtzlUvPdcz
MD5:	C88C3B0A67BE1AA816661DBD567E7163
SHA1:	E0C36A8570EE2ED2BFCB6A9B3EC3389F98CB1D9C
SHA-256:	2F506D63F617CB33B2E42F8779A67CB23B191A51CDC86903FD378BFA9B878576
SHA-512:	65EE63F410BC06FA61BC32E0233C3E9445BECA6E0610AFE3AFE355171921EA7C88165EA6B2E45737495FA64923AE02FCB983D87353549DE4D61C45D8D8BB47E7
Malicious:	false
Reputation:	low
URL:	http://cdn1.editmysite.com/developer/none.ico
Preview:	..........c``.B...0.`e`....@..R.bF...$#.. .G.(...`....)....f.~...

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 46052, version 0.0
Category:	downloaded
Size (bytes):	46052
Entropy (8bit):	7.9887889934165575
Encrypted:	false
SSDEEP:	768:7JzF4duQslnWgRpPD+dfFhPaHQBFmMvhEhc28OeNHxa++JdI4qUEkXqfjkHT:7dF4diWIJSpTawBFt+wOoRa3r0UEk6b6
MD5:	61F3BC4FC6146CC65961A8C8E917855A
SHA1:	02E25E22CF1C0A26D838A477B1F21BF33B71CA38
SHA-256:	AABC1A485E0941F1E2927B6A4BEED2B368431466977483068BBE367DE253A05C
SHA-512:	77CDA181F023FF6597D3B7A0FD269CEE76306EA650E2CC6FDDCBEF675C245B3D9F95178FE8A9D5EF65A5D8CA3DC0D3F675DBFB49DB05DAFC1FE822D79506C7B4
Malicious:	false
Reputation:	low
URL:	http://cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff
Preview:	wOFF..............W........x...l............OS/2.......X...`.>..cmap................cvt ...$...(...(....fpgm...L........C>..gasp...............#glyf..,...........<head...d...6...6....hhea.......!...$.d.rhmtx.......\...@...loca..$<...W......d.maxp...D... ... ....name........... ..l.post.......\|..)D..D.prep.......v....zQ.......P.`...`.............d.F...........AB..t_.<..................\|..E...p..............x.c`f.c..................D......X.A....S;P....rs......~.0.....<.....\|...c..@J.......)x..ytU......d . ...r..mm)H..H....\.b.. Z)....EdJ.$.2.y0B..Ae...C....=...0F...g..j.._..k...a..Z.\|{.P..X.........[H@M.1Y.Z.1...0..#..9.3.....&...2T..V...U$../.e.L.dI.%.F2$Kr4um]W...~N?....:E.....K.`...e...X#...E.m;...-.i..-..v.........=.l'.K...j;..jos4p4t...#.......HqgMg]g}g....r>...s.vnt..N.......S#.^...ZD..Q.lgYQYIYi..[.......6Z.qt.@..H.......>..?y..\|.L2.I2Cf.2Y+.d.!W.......nk._.:Y....RV.eYN...g....y.!o`G...a.....\|.=.N....2{.....'..O...eGr.y=C..>. g..V..*..e...r.r.n

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 174 x 62, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3740
Entropy (8bit):	7.667019795291803
Encrypted:	false
SSDEEP:	96:n/vYP8+xpcOARUGDc8tYwolxPIw+Dyh056Jx+O:y8h3Cc2h05Wxn
MD5:	6907726EDE4FC851BEEAFB7B9FF6EEB9
SHA1:	86B1E9AF4A07E02A426EC9475E37A13DFCEDCB3C
SHA-256:	2B37CA56C61B7F2F892D75655CC37699EF847DD9139C94171414E5F92FFD97ED
SHA-512:	11A22B8DBE694646895F16D38738C3A481DB168C7CA0D92A247BD35078FA1AC13153B5ADE7EFFDE36FA5DA10AB9EDE1ADE5698EF477483D6EDB21EDA6B1F25DE
Malicious:	false
Reputation:	low
URL:	http://cdn1.editmysite.com/images/weebly-logo-blue.png
Preview:	.PNG........IHDR.......>............PLTE...-........)..)....+..I..+........)..)..)..3....)..).....,........)....-..)....+..+....7..+......)..)..)....)..........)..+..+....+..9..)..)..+..,..+.......)..+..)....+........+........6....@..,.......+.................,..)..0..U..0..,..3.....1....,....)....)......3..+....+..+..)..).......)......,..)..)..)..+..)..,..)..)..)....+..)......@..3....-..)..+../..+......+..+..)........+..)....+....+..+..+..+..,....)..+..)......)....)....)..)..1..)............./..........)......;..)....+..+..)..)..)..)....)..-..3..,..)..)....)..+....,.......+..)....,....+..+....-..)..)..+..)..+..+..)..,..+..)..)........+..)..)........)....)..+....+..+.....+..+........-..+..,..+..+.....z......tRNS.".....M.d.....{....!E..t..-].....6s..............0....@q.C..1A.....[....#.2...+....... ..,....D....x.w....\...)o..`.F....c.b...?.G&_..TB.7..<.f.p*kL.............'gh....\|..J

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 3909
Category:	downloaded
Size (bytes):	1296
Entropy (8bit):	7.823649663779764
Encrypted:	false
SSDEEP:	24:XhjKDAhTNYNeM3DXT46+hQ3HuGeve6+iEIr0kEZ52qCbfEG0IHCjMRuHWn:X0MpNwzX4hze6+5i0+DpPiwjn
MD5:	8940FAD8C088B06955B62EF8625585A6
SHA1:	C712DF9FE2C509C416C1B6FF49BE88F85C8C69A3
SHA-256:	ECA34DC7B2BAF5D1D30457BFB8EA2B345C7579854CA68CF28556A1F4C5941F69
SHA-512:	1493506BFFB8E538A9D707D79BF2DA6D6DD315C61651F5941C1789F8A2D12396B45CC85A7BF586EDD9558DED829F5FA38BEBD7B2002A40B64FB887A35681AF9D
Malicious:	false
Reputation:	low
URL:	http://atttttt00000011.weebly.com/gdpr/gdprscript.js?buildTime=1741821105
Preview:	...........Wko.6..l..N....M.v..ewi.b....Rl.TP.."5........H..]..).?H.{..!y.\|w.....W(w.D.o_........'..\.\.?~...5.F!.....!Wo....1!UU...H....Jj..y../...;.,.ICR.R....h6..~.7.%U."..x....2#J..a..d.4.W.;..H.B..Q.":.Fg.(...eBZ..p.8.$,...atM3@o.C..Z.c.AR.......,..............x...Xp..7..Y......,.......8W..\|.a#..q...NP.-...Q....T;...45,.....P..\.6...C.i....j....F..+.V8.1]......C.V0.L7h.Ab.V..Iw.2k}L..VZ9....?..`.5.!.1z~mt-.....}>...@d...$..NkX..F..q....tQj..Y..xeh..6..YR.$X....#.It~1;y...G.]p.-X^<...up.V.....P..9p.KP.`....J.V;.m....%sf.mz~.?..@._qm.dkIM.n.T.x..E.'.'...........>X(D.%..?.<>A.M../.'U.>..J$.\|.#..63...LKmb......C:.Vn:$m8..Ee.....gW....b....w....%T...J.........h<+k4..z..S..:.A.kl....Iu...ML..T..(.f.?....H.r.f4...q.SS<.hz6.:.j2.b.".vz..M>..o.p..p..>.\W1...L=9>+kd....'.G.....F...~..._......%....x..4.&'....{.Y..b4.gm..r.1..E.....<<...n/.~eZ8....k#..H..L%lw..P'''......(v....?`x..ZI......x7.6....!...t.#..P.S...G.....i..u..^"[R.9...'...N*....s)...;

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 10:40:24.064182997 CET	49677	443	192.168.2.10	2.23.227.208
Mar 13, 2025 10:40:24.068733931 CET	49676	443	192.168.2.10	2.23.227.208
Mar 13, 2025 10:40:24.068733931 CET	49675	443	192.168.2.10	2.23.227.208
Mar 13, 2025 10:40:30.835423946 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:30.835454941 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:30.835530996 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:30.835891008 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:30.835906029 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:32.228319883 CET	49693	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:32.228580952 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:32.233026981 CET	80	49693	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:32.233117104 CET	49693	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:32.233283043 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:32.233335018 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:32.249737978 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:40:32.249769926 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:40:32.249835014 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:40:32.250344038 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:40:32.250358105 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:40:32.804281950 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:32.806636095 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:32.806654930 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:32.807816029 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:32.807889938 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:32.808918953 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:32.808993101 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:32.862138987 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:32.862160921 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:32.909115076 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:33.668982983 CET	49677	443	192.168.2.10	2.23.227.208
Mar 13, 2025 10:40:33.668984890 CET	49676	443	192.168.2.10	2.23.227.208
Mar 13, 2025 10:40:33.671036959 CET	49675	443	192.168.2.10	2.23.227.208
Mar 13, 2025 10:40:35.225261927 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:35.230065107 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:35.441560984 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:35.484328032 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:35.516925097 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:40:35.516993046 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:40:35.520340919 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:40:35.520365953 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:40:35.636981010 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:35.637006044 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:35.637067080 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:35.651717901 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:35.651848078 CET	443	49692	172.217.18.4	192.168.2.10
Mar 13, 2025 10:40:35.651902914 CET	49692	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:40:35.676567078 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:35.681307077 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:35.686707973 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:35.691427946 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:35.691493988 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:35.691721916 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:35.696470976 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:35.850404024 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:40:35.893498898 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:40:35.910196066 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:35.910216093 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:35.910316944 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:36.042711020 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.042809010 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.047418118 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.047514915 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.047538042 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.047563076 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.047791958 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.047857046 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.052504063 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.052584887 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.165436029 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.165453911 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.165466070 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.165478945 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.165491104 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.165505886 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.165551901 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.193875074 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.198612928 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.198710918 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.198882103 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.203552961 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511637926 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511723995 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511737108 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511749983 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511760950 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511771917 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511784077 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511826992 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.511847019 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511859894 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511871099 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.511883020 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.511904001 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.516551971 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.516588926 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.516601086 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.516657114 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.530694008 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530803919 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530822992 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530833960 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530853987 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530864954 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530879974 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530889988 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530895948 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530903101 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.530905962 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.530951023 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.531003952 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.535676003 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.535689116 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.535701036 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.535712004 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.535725117 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.535762072 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.535779953 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.598506927 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598525047 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598550081 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598563910 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598571062 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.598598003 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598608971 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598622084 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598623991 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.598633051 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.598640919 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.598731995 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.599476099 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.599555969 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.599567890 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.599580050 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.599591970 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.599602938 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.599603891 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.599638939 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.600497007 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.600516081 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.600528955 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.600538969 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.600550890 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.600552082 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.600562096 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.600565910 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.600594044 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.601541996 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.601553917 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.601567030 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.601582050 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.603276014 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.603327990 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.630583048 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.630606890 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.630618095 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.630629063 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.630641937 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.630652905 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.630692959 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.630728960 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.631118059 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631131887 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631141901 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631148100 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631162882 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631175041 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631206989 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.631239891 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.631894112 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631906033 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631916046 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631930113 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631939888 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.631946087 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.631947041 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.632029057 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.632833958 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.632854939 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.632864952 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.632879019 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.632889986 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.632899046 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.632916927 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.641087055 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.641100883 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.641110897 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.641123056 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.641217947 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.641218901 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.668807983 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.668823957 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.668955088 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.685694933 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.685709000 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.685729027 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.685748100 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.685760021 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.685760975 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.685785055 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.713035107 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.713051081 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.713089943 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.730016947 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.733541965 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.735753059 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.765386105 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.826288939 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.858855963 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.863684893 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.874933004 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:36.951855898 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:40:36.997324944 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:40:39.843533039 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:40:40.152978897 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:40:40.764954090 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:40:41.968024015 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:40:44.373806000 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:40:45.520528078 CET	49707	80	192.168.2.10	142.250.185.131
Mar 13, 2025 10:40:45.525284052 CET	80	49707	142.250.185.131	192.168.2.10
Mar 13, 2025 10:40:45.525420904 CET	49707	80	192.168.2.10	142.250.185.131
Mar 13, 2025 10:40:45.525537968 CET	49707	80	192.168.2.10	142.250.185.131
Mar 13, 2025 10:40:45.530599117 CET	80	49707	142.250.185.131	192.168.2.10
Mar 13, 2025 10:40:46.198571920 CET	80	49707	142.250.185.131	192.168.2.10
Mar 13, 2025 10:40:46.209000111 CET	49707	80	192.168.2.10	142.250.185.131
Mar 13, 2025 10:40:46.215217113 CET	80	49707	142.250.185.131	192.168.2.10
Mar 13, 2025 10:40:46.396950960 CET	80	49707	142.250.185.131	192.168.2.10
Mar 13, 2025 10:40:46.453088045 CET	49707	80	192.168.2.10	142.250.185.131
Mar 13, 2025 10:40:47.590369940 CET	80	49693	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:47.590574026 CET	49693	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:48.476475954 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:40:48.691899061 CET	49693	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:40:48.696607113 CET	80	49693	74.115.51.8	192.168.2.10
Mar 13, 2025 10:40:48.780158997 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:40:49.186151028 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:40:49.389291048 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:40:50.592673063 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:40:52.998887062 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:40:57.811355114 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:40:58.797676086 CET	49672	443	192.168.2.10	204.79.197.203
Mar 13, 2025 10:41:07.421957970 CET	49678	443	192.168.2.10	20.189.173.26
Mar 13, 2025 10:41:20.859441042 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:41:20.859474897 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:41:20.921483994 CET	49694	80	192.168.2.10	74.115.51.8
Mar 13, 2025 10:41:20.926316023 CET	80	49694	74.115.51.8	192.168.2.10
Mar 13, 2025 10:41:21.687150002 CET	49699	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:41:21.691986084 CET	80	49699	151.101.1.46	192.168.2.10
Mar 13, 2025 10:41:21.718431950 CET	49698	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:41:21.723170996 CET	80	49698	151.101.1.46	192.168.2.10
Mar 13, 2025 10:41:21.827855110 CET	49696	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:41:21.832722902 CET	80	49696	151.101.1.46	192.168.2.10
Mar 13, 2025 10:41:21.952739954 CET	49700	80	192.168.2.10	151.101.1.46
Mar 13, 2025 10:41:21.957515001 CET	80	49700	151.101.1.46	192.168.2.10
Mar 13, 2025 10:41:30.890763998 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:30.890826941 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:30.890904903 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:30.891268969 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:30.891280890 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:32.817688942 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:32.818121910 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:32.818150997 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:32.819267988 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:32.819338083 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:32.820492029 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:32.820780039 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:32.874017000 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:32.874059916 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:32.920892954 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:36.688880920 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:41:36.689014912 CET	443	49695	74.115.51.9	192.168.2.10
Mar 13, 2025 10:41:36.692886114 CET	49695	443	192.168.2.10	74.115.51.9
Mar 13, 2025 10:41:42.637116909 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:42.637190104 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:42.637279987 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:42.689131021 CET	49715	443	192.168.2.10	172.217.18.4
Mar 13, 2025 10:41:42.689173937 CET	443	49715	172.217.18.4	192.168.2.10
Mar 13, 2025 10:41:46.858369112 CET	49707	80	192.168.2.10	142.250.185.131
Mar 13, 2025 10:41:46.863543034 CET	80	49707	142.250.185.131	192.168.2.10
Mar 13, 2025 10:41:46.863739014 CET	49707	80	192.168.2.10	142.250.185.131

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 10:40:26.315927029 CET	53	60443	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:26.365017891 CET	53	49176	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:29.917994976 CET	53	61437	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:29.923037052 CET	53	49216	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:30.827728033 CET	56455	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:30.827966928 CET	56218	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:30.834276915 CET	53	56455	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:30.834527016 CET	53	56218	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:32.207243919 CET	57209	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:32.208262920 CET	56541	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:32.222543001 CET	53	57209	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:32.224040985 CET	53	56541	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:32.230460882 CET	51499	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:32.230753899 CET	59092	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:32.245616913 CET	53	51499	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:32.249337912 CET	53	59092	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:35.677165031 CET	55511	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:35.677815914 CET	50334	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:35.685923100 CET	53	50334	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:35.686028957 CET	53	55511	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:36.009973049 CET	51465	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:36.010114908 CET	64517	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:36.020088911 CET	53	64517	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:36.040934086 CET	53	51465	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:36.176717043 CET	51706	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:36.177025080 CET	58190	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:40:36.193180084 CET	53	58190	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:36.193253994 CET	53	51706	1.1.1.1	192.168.2.10
Mar 13, 2025 10:40:47.057450056 CET	53	53205	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:06.054765940 CET	53	63280	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:26.119735003 CET	53	57453	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:28.570153952 CET	53	60197	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:31.462970972 CET	53	53122	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:36.695046902 CET	56210	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:36.695295095 CET	59933	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:36.702038050 CET	53	56210	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:36.702142954 CET	53	59933	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:37.718813896 CET	58984	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:37.718990088 CET	61373	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:37.725718975 CET	53	58984	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:37.726265907 CET	53	61373	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:39.749891996 CET	55117	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:39.756428003 CET	53	55117	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:40.764929056 CET	55117	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:40.772708893 CET	53	55117	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:41.780436039 CET	55117	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:41.786957026 CET	53	55117	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:43.795977116 CET	55117	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:43.803695917 CET	53	55117	1.1.1.1	192.168.2.10
Mar 13, 2025 10:41:47.004622936 CET	138	138	192.168.2.10	192.168.2.255
Mar 13, 2025 10:41:47.811465025 CET	55117	53	192.168.2.10	1.1.1.1
Mar 13, 2025 10:41:47.818027020 CET	53	55117	1.1.1.1	192.168.2.10

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 13, 2025 10:40:29.918060064 CET	192.168.2.10	1.1.1.1	c1ff	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 10:40:30.827728033 CET	192.168.2.10	1.1.1.1	0x2261	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:30.827966928 CET	192.168.2.10	1.1.1.1	0x4a61	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 13, 2025 10:40:32.207243919 CET	192.168.2.10	1.1.1.1	0xef0	Standard query (0)	atttttt00000011.weebly.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:32.208262920 CET	192.168.2.10	1.1.1.1	0x2c37	Standard query (0)	atttttt00000011.weebly.com	65	IN (0x0001)	false
Mar 13, 2025 10:40:32.230460882 CET	192.168.2.10	1.1.1.1	0x86b	Standard query (0)	atttttt00000011.weebly.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:32.230753899 CET	192.168.2.10	1.1.1.1	0xa90f	Standard query (0)	atttttt00000011.weebly.com	65	IN (0x0001)	false
Mar 13, 2025 10:40:35.677165031 CET	192.168.2.10	1.1.1.1	0x59b5	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:35.677815914 CET	192.168.2.10	1.1.1.1	0x1d6e	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
Mar 13, 2025 10:40:36.009973049 CET	192.168.2.10	1.1.1.1	0x4825	Standard query (0)	cdn2.editmysite.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.010114908 CET	192.168.2.10	1.1.1.1	0xb150	Standard query (0)	cdn2.editmysite.com	65	IN (0x0001)	false
Mar 13, 2025 10:40:36.176717043 CET	192.168.2.10	1.1.1.1	0x1aae	Standard query (0)	cdn1.editmysite.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.177025080 CET	192.168.2.10	1.1.1.1	0x9b2c	Standard query (0)	cdn1.editmysite.com	65	IN (0x0001)	false
Mar 13, 2025 10:41:36.695046902 CET	192.168.2.10	1.1.1.1	0xe781	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:36.695295095 CET	192.168.2.10	1.1.1.1	0x3467	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 13, 2025 10:41:37.718813896 CET	192.168.2.10	1.1.1.1	0x5dac	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:37.718990088 CET	192.168.2.10	1.1.1.1	0xe3ae	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 13, 2025 10:41:39.749891996 CET	192.168.2.10	1.1.1.1	0xc130	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:40.764929056 CET	192.168.2.10	1.1.1.1	0xc130	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:41.780436039 CET	192.168.2.10	1.1.1.1	0xc130	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:43.795977116 CET	192.168.2.10	1.1.1.1	0xc130	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:47.811465025 CET	192.168.2.10	1.1.1.1	0xc130	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 10:40:30.834276915 CET	1.1.1.1	192.168.2.10	0x2261	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:30.834527016 CET	1.1.1.1	192.168.2.10	0x4a61	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 13, 2025 10:40:32.222543001 CET	1.1.1.1	192.168.2.10	0xef0	No error (0)	atttttt00000011.weebly.com		74.115.51.8	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:32.222543001 CET	1.1.1.1	192.168.2.10	0xef0	No error (0)	atttttt00000011.weebly.com		74.115.51.9	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:32.245616913 CET	1.1.1.1	192.168.2.10	0x86b	No error (0)	atttttt00000011.weebly.com		74.115.51.9	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:32.245616913 CET	1.1.1.1	192.168.2.10	0x86b	No error (0)	atttttt00000011.weebly.com		74.115.51.8	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:35.685923100 CET	1.1.1.1	192.168.2.10	0x1d6e	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:40:35.686028957 CET	1.1.1.1	192.168.2.10	0x59b5	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:40:35.686028957 CET	1.1.1.1	192.168.2.10	0x59b5	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:35.686028957 CET	1.1.1.1	192.168.2.10	0x59b5	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:35.686028957 CET	1.1.1.1	192.168.2.10	0x59b5	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:35.686028957 CET	1.1.1.1	192.168.2.10	0x59b5	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.020088911 CET	1.1.1.1	192.168.2.10	0xb150	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:40:36.040934086 CET	1.1.1.1	192.168.2.10	0x4825	No error (0)	cdn2.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:40:36.040934086 CET	1.1.1.1	192.168.2.10	0x4825	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.040934086 CET	1.1.1.1	192.168.2.10	0x4825	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.040934086 CET	1.1.1.1	192.168.2.10	0x4825	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.040934086 CET	1.1.1.1	192.168.2.10	0x4825	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.193180084 CET	1.1.1.1	192.168.2.10	0x9b2c	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:40:36.193253994 CET	1.1.1.1	192.168.2.10	0x1aae	No error (0)	cdn1.editmysite.com	weebly.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:40:36.193253994 CET	1.1.1.1	192.168.2.10	0x1aae	No error (0)	weebly.map.fastly.net		151.101.1.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.193253994 CET	1.1.1.1	192.168.2.10	0x1aae	No error (0)	weebly.map.fastly.net		151.101.65.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.193253994 CET	1.1.1.1	192.168.2.10	0x1aae	No error (0)	weebly.map.fastly.net		151.101.129.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:40:36.193253994 CET	1.1.1.1	192.168.2.10	0x1aae	No error (0)	weebly.map.fastly.net		151.101.193.46	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:36.702038050 CET	1.1.1.1	192.168.2.10	0xe781	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:36.702038050 CET	1.1.1.1	192.168.2.10	0xe781	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:36.702142954 CET	1.1.1.1	192.168.2.10	0x3467	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:37.725718975 CET	1.1.1.1	192.168.2.10	0x5dac	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:37.725718975 CET	1.1.1.1	192.168.2.10	0x5dac	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.67	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:37.726265907 CET	1.1.1.1	192.168.2.10	0xe3ae	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:37.726265907 CET	1.1.1.1	192.168.2.10	0xe3ae	No error (0)	beacons-handoff.gcp.gvt2.com	gce-beacons.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:39.756428003 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:39.756428003 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:40.772708893 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:40.772708893 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:41.786957026 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:41.786957026 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:43.803695917 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:43.803695917 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:41:47.818027020 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 10:41:47.818027020 CET	1.1.1.1	192.168.2.10	0xc130	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

atttttt00000011.weebly.com

cdn1.editmysite.com

cdn2.editmysite.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49694	74.115.51.8	80	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:40:35.225261927 CET	441	OUT	GET / HTTP/1.1 Host: atttttt00000011.weebly.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:35.636981010 CET	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 13 Mar 2025 09:40:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive CF-Ray: 91fa921879e842cc-EWR CF-Cache-Status: BYPASS Cache-Control: private Set-Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; expires=Sun, 11-Mar-2035 09:40:35 GMT; Max-Age=315360000; path=/ Vary: User-Agent, Accept-Encoding X-Host: grn155.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Set-Cookie: __cf_bm=f6unyoabpv2UhEwdHRoTW68SXg7TsLNhnI.G1T_8B.Y-1741858835-1.0.1.1-_27pzFLA1LuBpBM0yZsErKcgIeYFWDVemIecizcUApDSlMiPZYwuQurJ3yCxXdNHpWIBvF.RD2_z0rMPEp6L27kGEcMFJqUYupxlMvlFNfw; path=/; expires=Thu, 13-Mar-25 10:10:35 GMT; domain=.weebly.com; HttpOnly Server: cloudflare Content-Encoding: gzip Data Raw: 33 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 56 6b 6f db 36 14 fd 6c ff 0a 4e c5 d0 04 08 2d c9 72 1c 5b b6 dc e5 89 0d e8 b2 60 73 b1 ed 53 41 91 d7 12 67 8a 54 49 da b2 33 ec bf 0f 7a a5 6e e2 ae 43 10 07 84 1f bc bc f7 9c 7b c9 c3 c7 f4 bb ab 5f 2e e7 7f de 5d a3 d4 66 02 dd 7d b8 78 ff d3 25 72 b0 eb fe 1e 5c ba ee d5 fc 0a fd f1 e3 fc e7 f7 c8 ef 79 e8 37 ab 39 b5 ae 7b 7d eb 20 27 b5 36 0f 5d b7 28 8a 5e 11 f4 94 4e dc f9 af ee a6 44 f1 cb b0 e6 2f 36 55 4c 8f 59 e6 cc ba d3 8a 64 93 09 69 a2 3d 00 fe 78 3c ae e3 9c d2 29 14 44 26 91 03 b2 8a 04 c2 66 53 43 35 cf 2d 32 9a 46 8e 9b b0 5c 57 5f b5 b5 f7 97 79 17 af b8 60 73 9e 41 e4 9f 0d fc 51 df f7 bd 53 67 36 75 6b 8f 59 b7 33 b5 dc 0a 98 0d bc 01 c2 e8 8e 24 80 6e 95 45 37 6a 25 d9 d4 ad c7 ba 9d 69 06 96 a0 32 3f 0c 9f 56 7c 1d 39 54 49 0b d2 62 bb cd Data Ascii: 3ebVko6lN-r[`sSAgTI3znC{_.]f}x%r\y79{} '6](^ND/6ULYdi=x<)D&fSC5-2F\W_y`sAQSg6ukY3$nE7j%i2?V\|9TIb
Mar 13, 2025 10:40:35.637006044 CET	1050	IN	Data Raw: c1 41 4d 2f 72 2c 6c ac 5b e6 3b 41 34 25 da 80 8d 3e cc 6f f0 c8 41 ee 03 8c 24 19 44 ce 9a 43 91 2b 6d 77 82 0b ce 6c 1a 31 58 73 0a b8 ea 9c 20 2e b9 e5 44 60 43 89 80 c8 77 1e a1 68 15 2b 6b 76 30 a4 22 9a a6 7c 0d 0d a3 e0 72 89 34 88 c8 31 Data Ascii: AM/r,l[;A4%>oA$DC+mwl1Xs .D`Cwh+kv0"\|r41,TIIlkU`B]$8UZ35v+E7Rc:?,xA(Nf\lCNUkv0^OR4D+-ixIK3n^`k{a7
Mar 13, 2025 10:40:35.676567078 CET	780	OUT	GET /gdpr/gdprscript.js?buildTime=1741821105 HTTP/1.1 Host: atttttt00000011.weebly.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Referer: http://atttttt00000011.weebly.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: cookie-consent=%7B%22allowStrictlyNecessaryCookies%22%3Atrue%2C%22allowFunctionalityCookies%22%3Atrue%2C%22allowPerformanceCookies%22%3Atrue%2C%22allowTargetingCookies%22%3Atrue%2C%22allowInternalPerformanceCookies%22%3Atrue%7D; __cf_bm=f6unyoabpv2UhEwdHRoTW68SXg7TsLNhnI.G1T_8B.Y-1741858835-1.0.1.1-_27pzFLA1LuBpBM0yZsErKcgIeYFWDVemIecizcUApDSlMiPZYwuQurJ3yCxXdNHpWIBvF.RD2_z0rMPEp6L27kGEcMFJqUYupxlMvlFNfw
Mar 13, 2025 10:40:35.910196066 CET	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 13 Mar 2025 09:40:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive CF-Ray: 91fa921b4bc342cc-EWR CF-Cache-Status: DYNAMIC Cache-Control: private Vary: User-Agent, Accept-Encoding X-Host: blu22.sf2p.intern.weebly.net X-UA-Compatible: IE=edge,chrome=1 Server: cloudflare Content-Encoding: gzip Data Raw: 34 37 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 57 6b 6f db 36 14 fd 6c ff 0a 4e c5 d0 04 08 4d c9 76 1e 96 65 77 69 92 62 03 ba 2e d8 52 6c fb 54 50 e4 b5 c4 85 22 35 92 b6 e4 0e fd ef 03 f5 48 dc c4 5d 87 a2 29 04 3f 48 de 7b ce bd e4 21 79 95 7c 77 f9 cb c5 cd 9f d7 57 28 77 85 44 d7 6f 5f be fe e9 02 05 98 90 df 27 17 84 5c de 5c a2 3f 7e bc f9 f9 35 8a 46 21 fa cd 19 c1 1c 21 57 6f 02 14 e4 ce 95 31 21 55 55 8d aa c9 48 9b 8c dc fc 4a 6a 8f 12 79 b7 ee 2f b6 8d cf 88 3b 1e 2c 87 49 43 52 17 52 d9 c5 1e 80 68 36 9b b5 7e 81 37 8a 25 55 d9 22 00 d5 78 02 e5 cb c4 32 23 4a 87 ac 61 8b 80 64 bc 34 cd 57 db 3b fa cb be 48 d7 42 f2 1b 51 c0 22 3a 9d 46 67 e3 28 0a 8f 83 65 42 5a 8b e5 70 90 38 e1 24 2c a7 e1 14 61 74 4d 33 40 6f b4 43 af f4 5a f1 84 b4 63 c3 41 52 80 a3 c8 c7 87 e1 ef b5 d8 2c 02 a6 95 03 e5 b0 db 96 10 a0 ae b5 08 1c d4 8e f8 78 e7 88 e5 d4 58 70 8b b7 37 af f0 59 80 c8 1d 8c a2 05 2c 82 8d 80 aa d4 c6 ed 38 57 82 bb 7c c1 61 23 18 e0 a6 71 84 84 12 4e 50 89 2d a3 12 16 51 f0 00 c5 [TRUNCATED] Data Ascii: 472Wko6lNMvewib.RlTP"5H])?H{!y\|wW(wDo_'\\?~5F!!Wo1!UUHJjy/;,ICRRh6~7%U"x2#Jad4W;HBQ":Fg(eBZp8$,atM3@oCZcAR,xXp7Y,8W\|a#qNP-QT;45,P\6CijF+V81]CV0L7hAbVIw2k}LVZ9?`5!1z~mt-}>@d$NkXFqtQjYxeh6YR$X#It~1;yG]p-X^<upVP9pKP`JV;m%sfmz~?@_qmdkIMnTxE''.>X(D%?<>AM/'U>J$\|#63LKmbC:Vn:$m8EegWbw%TJh<+k4zS.:AklIuMLT(f?Hrf4qSS<hz6:j2b"vzM>opp>\W1L=9>+kd'GF~_%x
Mar 13, 2025 10:40:35.910216093 CET	465	IN	Data Raw: 0c ff 34 e8 bd 88 26 27 93 97 93 ab 7b 11 59 f1 1e 62 34 ed 67 6d df 99 d3 72 80 31 fa 01 45 b8 07 7f f6 f2 3c 3c 9f ec ce 6e 2f 8a 7e 65 5a 38 96 03 bb c5 6b 23 8f d0 48 bb 1c 4c 25 6c 77 2e f6 50 27 27 27 17 a7 e1 1e 97 dd 28 76 94 fb 1f c1 3f Data Ascii: 4&'{Yb4gmr1E<<n/~eZ8k#HL%lw.P'''(v?`xZIx76!t#PSG.iu^"[R9'N*s);24g~[r`P'958,S\|v{C^bZa6vBi
Mar 13, 2025 10:41:20.921483994 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49696	151.101.1.46	80	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:40:35.691721916 CET	405	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://atttttt00000011.weebly.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:36.165436029 CET	1236	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Tue, 11 Mar 2025 23:16:10 GMT ETag: "67d0c43a-e9c" Expires: Wed, 12 Mar 2025 12:19:46 GMT Cache-Control: max-age=300 X-Host: blu113.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 13 Mar 2025 09:40:36 GMT Age: 77149 X-Served-By: cache-sjc10042-SJC, cache-ewr-kewr1740044-EWR X-Cache: HIT, HIT X-Cache-Hits: 178, 18 X-Timer: S1741858836.122826,VS0,VE0 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a 91 eb 36 94 f2 2a 90 ea 40 bf ff 2c 92 f0 2a 90 eb 2e 94 eb 2b 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 2a 94 ed 2a 91 ea 2a 90 eb 2e 92 ed 2c 90 ee 29 94 ef 30 9f ef 55 aa ff 30 97 ef 2c 90 f4 33 99 ff 2e 91 ee 31 93 eb 2a 91 eb 2c 95 ed 2a 92 ea 29 92 ec [TRUNCATED] Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+6@,.+****.,)0U0,3.1,))*3+++)).),)))+),)))+)*@3-)+/+++)+)+++++,)+)*))))1)./*);)*++))
Mar 13, 2025 10:40:36.165453911 CET	224	IN	Data Raw: ea 29 91 ea 29 92 eb 2a 91 eb 29 91 eb 2d 93 ec 33 99 ff 2c 93 eb 29 91 ec 29 91 eb 2a 91 eb 29 91 ea 2b 90 ec 2a 90 ea 2c 92 eb 2e 97 f3 2a 91 ea 2b 93 eb 29 90 eb 2a 91 eb 2c 91 ec 2a 91 ec 2b 92 eb 2b 91 eb 2a 91 ea 2d 96 f0 29 92 ec 29 91 eb Data Ascii: )))-3,)))+,.+),++-))+)++),+))+))))+++.++*-+,++ztRNS"Md{
Mar 13, 2025 10:40:36.165466070 CET	1236	IN	Data Raw: ff c5 21 45 e0 f4 74 ad e9 2d 5d fb 9c 83 db 0e 36 73 fa fe d9 c7 f5 82 c9 ee c3 e1 f6 18 90 da 30 09 9b f0 06 40 71 01 43 e6 84 fd 31 41 8c 86 d0 0c c1 5b be 13 cf 04 23 98 32 89 d5 e7 a3 2b 92 d6 1c 2e 1f 10 03 20 17 05 2c 1a 99 1d 93 44 af f2 Data Ascii: !Et-]6s0@qC1A[#2+. ,Dxw\)o`Fcb?G&_TB7<fp*kL'gh\|JXH%u(4v5KNQeZViYl$RPn=rWmUy~I}S8/^Oz9:j;aS
Mar 13, 2025 10:40:36.165478945 CET	1236	IN	Data Raw: b4 3d 03 f1 94 34 a9 30 b4 99 52 46 65 10 f7 91 0b 20 c2 b7 6e 27 39 e0 59 88 4e 74 54 c4 21 9e cb 23 69 2d d9 09 e5 a2 90 37 ee f9 57 34 6f f7 7c 09 b4 5b bd 71 43 2f 40 e9 40 f1 22 c4 4b b4 bd 8c f2 10 c9 fc b0 6b 78 e6 5d 48 6a 44 f9 2b a5 20 Data Ascii: =40RFe n'9YNtT!#i-7W4o\|[qC/@@"Kkx]HjD+ KtW(&L!ho\x]Zn$l'9#7,$5ne[P&&,s}7!zvhHi{L']?$H6PcTR'K`8M3 tM
Mar 13, 2025 10:40:36.165491104 CET	434	IN	Data Raw: f3 d3 41 3f d7 ce a4 58 34 91 8e cf 87 9d 1d 52 cb 74 3d 1d 27 99 a2 4f 5d a6 6f d3 ad 4f bc 60 12 85 a7 23 74 9d c2 54 ac 32 d5 28 1f 1b c0 54 8a f6 32 ad e3 b3 6e 88 d1 e5 04 b5 1f b1 f3 a1 14 64 92 b4 5e 43 50 f8 43 1a 39 75 ed 64 df d3 f8 34 Data Ascii: A?X4Rt='O]oO`#tT2(T2nd^CPC9ud4Q5?vsrgG'Tj?TN%R?57_aR6zu?b@&zJl;2J8LzA`F~v&XA\|pAS*IxzB:ion
Mar 13, 2025 10:40:36.730016947 CET	396	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://atttttt00000011.weebly.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:36.826288939 CET	738	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 65 Server: nginx Content-Type: image/x-icon Last-Modified: Wed, 05 Mar 2025 16:29:05 GMT ETag: "67c87bd1-57e" Expires: Wed, 05 Mar 2025 21:00:30 GMT Cache-Control: max-age=300 X-Host: blu24.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Content-Encoding: gzip Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 650706 Date: Thu, 13 Mar 2025 09:40:36 GMT X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740044-EWR X-Cache: HIT, HIT X-Cache-Hits: 966, 0 X-Timer: S1741858837.784245,VS0,VE1 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 06 30 c8 60 65 60 10 03 d2 1a 40 0c 12 52 00 62 46 06 0e 88 24 23 03 02 20 b3 47 c1 28 18 05 a3 60 04 82 ff ff 29 c3 00 a7 d4 66 85 7e 05 00 00 Data Ascii: c``B0`e`@RbF$# G(`)f~
Mar 13, 2025 10:41:21.827855110 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49698	151.101.1.46	80	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:40:36.047791958 CET	427	OUT	GET /components/ui-framework/fonts/proxima-nova-semibold/31AC96_2_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Origin: http://atttttt00000011.weebly.com Accept: / Referer: http://atttttt00000011.weebly.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:36.530694008 CET	634	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 45516 Server: nginx Content-Type: font/woff Last-Modified: Fri, 07 Mar 2025 00:38:29 GMT ETag: "67ca4005-b1cc" Expires: Sun, 23 Mar 2025 14:21:53 GMT Cache-Control: max-age=1209600 X-Host: blu11.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 13 Mar 2025 09:40:36 GMT Age: 328723 X-Served-By: cache-sjc1000141-SJC, cache-ewr-kewr1740050-EWR X-Cache: HIT, HIT X-Cache-Hits: 27, 191 X-Timer: S1741858836.486751,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Mar 13, 2025 10:40:36.530803919 CET	1236	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b1 cc 00 0e 00 00 00 01 56 88 00 00 00 00 00 00 b0 60 00 00 01 6c 00 00 02 d8 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8e 75 b9 9a 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b Data Ascii: wOFFV`lOS/2X`ucmapcvt ((fpgm4C>gasp#glyf,\headd66hhea!$hmtx[@IEloca$HW
Mar 13, 2025 10:40:36.530822992 CET	1236	IN	Data Raw: 54 c5 b9 3f 2f 4e cf fc 65 fc e5 d0 09 3f da ff 1e 66 e7 c5 55 5d a3 74 bc 9e a0 27 54 2e 50 de 93 a9 12 6b 76 eb 00 e9 67 76 ef 60 19 22 6f 49 be bc 23 0b e5 6d c9 31 2a 10 80 40 04 21 18 b5 cd 89 a8 83 ba 08 95 31 32 56 4e c8 29 39 29 ef 4b 1c Data Ascii: T?/Ne?fU]t'T.Pkvgv`"oI#m1*@!12VN)9)KAG<NO'ftSxYta+a1?F]5)G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@
Mar 13, 2025 10:40:36.530833960 CET	448	IN	Data Raw: 74 33 e7 98 8b 62 9d c3 f5 37 70 ce 06 c4 54 97 91 51 3d 11 51 55 81 91 02 d7 18 d5 53 10 43 17 aa d0 e5 1e d3 a3 4c 39 a6 f2 10 73 ea 10 d3 55 a4 96 3a 31 4a ea aa c5 ec 3b 8e 5b d4 74 a4 4a 9f ea 76 7b f5 1f 18 a6 3a 89 94 ab 30 4d 9d 40 89 9e Data Ascii: t3b7pTQ=QUSCL9sU:1J;[tJv{:0M@7&JW(WyXWqwRbYsN#d\'!Yq)`4vWS"rniW?~\|ri5li]~dqCn<jwxuc5}
Mar 13, 2025 10:40:36.530853987 CET	1236	IN	Data Raw: 7e 4c 4a 1e 77 57 b0 6e 62 da ef 8c 95 fb 6c 6c 0b b2 2e 81 16 9e 0b e3 9e 1f fb 70 c5 fd 9a ec 24 17 c9 71 b6 cd a0 fc 9e 74 93 1f 58 bf 59 da 18 8f fa c5 c9 38 bf 12 f1 43 1b 6c dc 0c 22 b1 33 69 dc 0b 43 d1 73 3e b4 f1 b9 b4 0f 13 a3 af 83 5e Data Ascii: ~LJwWnbll.p$qtXY8Cl"3iCs>^Fz;o1y@H#@'m(iy<a)_G:.!XieM<+r1vGjqn%JMl)Kc,\|b-}\7I=kt=;S:JV
Mar 13, 2025 10:40:36.530864954 CET	1236	IN	Data Raw: 35 e6 2f 99 a9 6a 7d 74 a8 79 c3 4c 4c 77 1e 7d ec e3 00 11 4f 2d f4 69 08 1c 5b 0d fd 66 fd 1a 25 e3 57 bb d0 a7 0b ac 53 47 bf e7 2a b6 fe c3 fb 80 f3 9e ef cc 0f df bf bf a1 32 77 a1 29 66 4d c0 5a f9 e5 58 b0 aa 32 f4 a6 bd 21 7b 3a 13 e3 96 Data Ascii: 5/j}tyLLw}O-i[f%WSG*2w)fMZX2!{:[z]&aos,;;FMbClsO6`(xmYX\W>rCH}AHJJ:3t$l}uwwmwe\|ww}< p<fQQ
Mar 13, 2025 10:40:36.530879974 CET	176	IN	Data Raw: cf d2 73 f4 3c bd 40 2f d2 4b f4 77 7a 99 5e a1 57 e9 35 7a 9d de a0 37 e9 2d 7a 9b de a1 77 e9 3d 7a 9f 3e a0 0f e9 23 fa 98 3e a1 4f e9 33 fa 9c be a0 2f e9 2b fa 9a be a1 6f e9 3b fa 9e 7e a0 7f d0 3f e9 5f f4 23 fd 44 3f d3 bf e9 17 fa 95 7e Data Ascii: s<@/Kwz^W5z7-zw=z>#>O3/+o;~?_#D?~wd93+$7-x'qWkx2OZ<^W5xM^ux]^xC7MxS7
Mar 13, 2025 10:40:36.530889988 CET	1236	IN	Data Raw: 2d 78 4b de 8a b7 e6 6d 78 5b de 8e 67 f2 f6 ec 63 3f 07 38 c8 21 38 8f c3 5c cf 0d dc c8 4d bc 03 ef c8 3b f1 ce bc 0b ef ca bb 71 84 a3 1c e3 38 5b dc cc 2d 3c 8b 5b 79 36 cf e1 36 9e cb ed dc c1 f3 78 77 ee e4 2e 9e cf dd bc 07 f7 f0 02 5e c8 Data Ascii: -xKmx[gc?8!8\M;q8[-<[y66xw.^xO}x1>$ qRN0g8#8.2^+xW\|\|\|G\|\|'\|\|g_l>\|/E\|1_e\|9_WU\|5_:o&o[6;.
Mar 13, 2025 10:40:36.530895948 CET	224	IN	Data Raw: b0 6b c8 17 f0 4b 8e ea c5 60 93 a5 e6 db 29 f7 cc 37 cc d4 07 44 57 9c a9 8f 78 ba 75 0e ba 27 e4 a0 5b 6a d1 ad 6b 51 d1 9d 4b d9 e9 ea 36 2a 62 85 2a ba 4b c1 59 12 b2 25 3e 58 62 df 92 60 2d 09 b6 d9 e7 e9 d1 61 f4 94 c2 a8 ea e9 4f 25 73 c9 Data Ascii: kK`)7DWxu'[jkQK6bKY%>Xb`-aO%s\|%%K=)Y.nF"\)!!$&~`X0. $,IGe}TGIXw{;.QvLIE-nF\|AL!haSB)4B)D!jDM
Mar 13, 2025 10:40:36.530903101 CET	1236	IN	Data Raw: a6 ed c4 48 1c c9 52 66 a4 c7 05 bd 7d 46 cb e9 2b d5 b0 df 68 6c be a8 27 a9 3b 61 b2 d4 93 92 52 dd a4 34 8b a4 d9 09 a5 78 d1 b1 a2 49 71 a3 52 cc 98 d0 c7 a4 88 31 29 62 ac 81 07 16 f7 da bf 03 f6 ef 90 fd bb c4 fe 5d 5a 39 a0 9f 85 15 f6 fc Data Ascii: HRf}F+hl';aR4xIqR1)b]Z9w7]57{x[hP9=phMIX)+e@+f}KKV5KSB&<nf_ynT6M35]ZW92vHId\vd(vflp4\)\L<pq)
Mar 13, 2025 10:40:36.535676003 CET	1236	IN	Data Raw: 6e 43 b9 ba c3 31 a5 e7 1d f5 b1 6d 51 2b 4a 63 72 75 a2 44 96 34 c9 92 63 64 a9 71 b2 94 61 67 aa 29 e8 cb 45 63 79 6d 71 22 cd 8c 32 59 af c8 1a de 57 67 c7 1d ae 70 ff 4e 9e a0 eb 26 30 e4 f7 09 fa 05 03 82 41 c1 90 60 58 a3 6f 4c af 5e b0 41 Data Ascii: nC1mQ+JcruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE^W#8oc(tPIxLO3Aq&( BdH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49699	151.101.1.46	80	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:40:36.047857046 CET	426	OUT	GET /components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.woff HTTP/1.1 Host: cdn2.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Origin: http://atttttt00000011.weebly.com Accept: / Referer: http://atttttt00000011.weebly.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:36.511637926 CET	634	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 46052 Server: nginx Content-Type: font/woff Last-Modified: Fri, 07 Mar 2025 00:38:29 GMT ETag: "67ca4005-b3e4" Expires: Sun, 23 Mar 2025 10:25:39 GMT Cache-Control: max-age=1209600 X-Host: grn31.sf2p.intern.weebly.net Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 13 Mar 2025 09:40:36 GMT Age: 342897 X-Served-By: cache-sjc1000121-SJC, cache-nyc-kteb1890039-NYC X-Cache: HIT, HIT X-Cache-Hits: 52, 223 X-Timer: S1741858836.471564,VS0,VE0 Access-Control-Allow-Origin: * alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Mar 13, 2025 10:40:36.511723995 CET	1236	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 b3 e4 00 0e 00 00 00 01 57 a4 00 00 00 00 00 00 b2 78 00 00 01 6c 00 00 02 d7 00 00 00 00 00 00 00 00 4f 53 2f 32 00 00 01 9c 00 00 00 58 00 00 00 60 8d 3e b9 af 63 6d 61 70 00 00 01 f4 00 00 06 9d 00 00 11 08 ba 8b Data Ascii: wOFFWxlOS/2X`>cmapcvt $((fpgmLC>gasp#glyf,<headd66hhea!$drhmtx\@loca$<Wd
Mar 13, 2025 10:40:36.511737108 CET	1236	IN	Data Raw: 54 c5 b9 3f 2f 4e cf fc 65 fc e5 d0 09 3f da ff 1e 66 e7 c5 55 5d a3 74 bc 9e a0 27 54 2e 50 de 93 a9 12 6b 76 eb 00 e9 67 76 ef 60 19 22 6f 49 be bc 23 0b e5 6d c9 31 2a 10 80 40 04 21 18 b5 cd 89 a8 83 ba 08 95 31 32 56 4e c8 29 39 29 ef 4b 1c Data Ascii: T?/Ne?fU]t'T.Pkvgv`"oI#m1*@!12VN)9)KAG<NO'ftSxYta+a1?F]5)G9-$]&sd+r,,=j\4+jT-mNYN>T\|)H!k\|'pB1N1x@
Mar 13, 2025 10:40:36.511749983 CET	1236	IN	Data Raw: c8 d4 5b 30 5a b7 72 8c c5 b8 51 67 91 46 54 91 98 3a 67 65 95 ae 41 95 2a c0 18 41 37 b0 5e 8e 18 4e a1 01 a7 9c ef b4 b6 e5 98 1a 8d 98 a1 5e 97 91 28 db 34 50 b2 ad 6a a6 ed 5b 4c 52 11 84 c5 a6 ba 61 f4 49 8c 56 67 88 94 cb d0 a4 3a b9 ce 28 Data Ascii: [0ZrQgFT:geAA7^N^(4Pj[LRaIVg:(2ti&tQF\hl /$.}v./}Wrev?gPvBR<K_? =)9?p iS"'erg_R>yw+R x Mwy/
Mar 13, 2025 10:40:36.511760950 CET	1236	IN	Data Raw: bb 96 3c 8e a9 96 57 d8 ef ab 28 57 5b 2d 51 01 6f f2 ce f0 dc f5 1c b7 ae 5e a2 8d a0 97 e5 66 ce f1 30 ef 6c 1b ef 67 0f 7d 46 1b aa 49 05 29 23 95 24 a2 1e 60 0e d4 c6 be 59 66 5f f9 24 8f 79 5b 21 9e e3 3c 5b 31 1e ed c8 c1 56 db e6 ff eb 63 Data Ascii: <W(W[-Qo^f0lg}FI)#$`Yf_$y[!<[1VcLR6PRi5dXbiL}ck#<xRKNA}3\|@q`C(Q&LNg<x1B"+#~U]u5g"uIl
Mar 13, 2025 10:40:36.511771917 CET	1236	IN	Data Raw: 01 59 fc 02 bf 44 c0 af 10 f1 6b 18 c1 6f 20 07 79 fc 16 f6 c3 ef f0 7b fc 01 ff 81 ff c4 7f e1 8f f8 13 fe 8c ff c6 5f f0 57 fc 0d ff 03 0f e2 7f f1 77 78 08 ff c0 3f ed ad 8e 44 c4 a4 e0 57 aa 20 0f 55 d2 24 aa 82 d7 a1 40 d5 b0 0c 96 43 91 bc Data Ascii: YDko y{_Wwx?DW U$@CTCiRMi4fj:AkZ1MOm+hMa8Vf9\L[%mE[6-mG3i{Daj&vi']hW"Dq8fjYJi\jGS'u\|ohzh-E'E
Mar 13, 2025 10:40:36.511784077 CET	1236	IN	Data Raw: f0 b3 b2 54 b3 6a 51 b3 54 ab 9a ad e6 a8 36 35 57 b5 ab 0e 35 4f ed ae 3a 55 97 9a af ba d5 1e aa 47 2d 50 0b d5 22 b5 a7 da 4b b5 77 b7 b5 55 16 33 29 9f 2f e2 73 30 e0 f3 35 55 af 4c e6 b2 33 47 9c bf 55 ee b0 90 29 0e eb c9 82 f3 77 52 36 93 Data Ascii: TjQT65W5O:UG-P"KwU3)/s05UL3GU)wR6tjr,zj [(LMVh\|rY2PA+fRbTpJiz:RK5K;jWYs.3<>ppf--yZfY{45jxb,Z\
Mar 13, 2025 10:40:36.511847019 CET	776	IN	Data Raw: 75 37 5f 39 be bd bd 11 4d e8 9e 2a f5 21 ce 1d d7 45 0c 72 67 62 4a 64 9c 5c eb 6a 72 67 5c 23 a7 3e 11 a4 9d 3a 42 75 c4 6d a7 7a 81 6e a7 ae 8e 1c 0b 4d 21 60 0a 21 53 88 99 42 bd 29 34 9a 82 65 0a 11 43 88 9a 3c 51 93 27 6a f2 44 b5 e9 ca 31 Data Ascii: u7_9M*!ErgbJd\jrg\#>:BumznM!`!SB)4eC<Q'jD1Cr44\|z7f,o\g<9OXYkKQ4^Z'SKG5Zx:TRZeQ:,eNb8:!fYfcfcfcfcf)@@J0-9l)seburwwzr2k;;lm\|V9ok[
Mar 13, 2025 10:40:36.511859894 CET	1236	IN	Data Raw: d2 8a 94 7d 48 77 5d e2 dc 50 56 6b c4 02 15 79 d7 af 82 ed 57 51 fc 1a b1 7d ea b3 7f 6d b1 22 3b 9c 1c 4c 54 bb d9 29 64 33 d9 7c 8d e4 c1 15 ec 8c eb d9 2a 27 0d fa ba 44 ad 85 6e 43 b9 ba c3 31 a5 e7 1d f5 b1 6d 51 2b 4a 63 72 75 a2 44 96 34 Data Ascii: }Hw]PVkyWQ}m";LT)d3\|*'DnC1mQ+JcruD4cdqag)Ecymq"2YWgpN&0A`XoL^AQI0"-A?G@@? O\|>=]&'?IFE
Mar 13, 2025 10:40:36.511871099 CET	1236	IN	Data Raw: c5 2e 61 bf 61 2f b0 37 59 60 16 94 25 ca 52 65 19 b3 e0 ac 50 d6 d7 ac bf d9 a4 6c 5d b6 2b 7b 36 7b 3f fb 2e 87 90 23 ca 69 c9 09 e4 4c e5 7c c9 39 cf 25 e5 7a 72 e7 72 4f f3 b0 79 50 9e 29 2f 90 37 95 f7 39 6f 2f 1f cc 77 e7 cf e5 ef dc c7 df Data Ascii: .aa/7Y`%RePl]+{6{?.#iL\|9%zrrOyP)/79o/wC8.[mPF(<Q#:B/aF,.xF6"nhsb1$bFtbhYx)i--YY+P&8/
Mar 13, 2025 10:40:36.516551971 CET	1236	IN	Data Raw: f8 a6 0e aa b3 d7 4d d5 7d a9 db a8 cb d4 53 eb 9d f5 d1 fa 54 fd cf fa 0b 33 df ec 37 2f 98 77 cc b7 0d ba 06 4f c3 74 c3 51 c3 59 c3 35 8c 86 f1 30 09 66 c2 22 58 07 c3 70 0b ec 81 3b e1 18 9c 80 a7 e0 39 78 19 5e 87 53 f0 36 7c d4 48 68 04 1a Data Ascii: M}ST37/wOtQY50f"Xp;9x^S6\|Hh--X'AidY@V5d\"0X>,1K)+jX'?;CIhZknevfnf6SS\|{ouvc_=c<>zYl$[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49700	151.101.1.46	80	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:40:36.198882103 CET	299	OUT	GET /images/weebly-logo-blue.png HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:36.641087055 CET	1236	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 3740 Server: nginx Content-Type: image/png Last-Modified: Tue, 11 Mar 2025 23:16:10 GMT ETag: "67d0c43a-e9c" Expires: Wed, 12 Mar 2025 12:19:46 GMT Cache-Control: max-age=300 X-Host: blu113.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 13 Mar 2025 09:40:36 GMT Age: 77150 X-Served-By: cache-sjc10042-SJC, cache-ewr-kewr1740071-EWR X-Cache: HIT, HIT X-Cache-Hits: 178, 8 X-Timer: S1741858837.601250,VS0,VE0 alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ae 00 00 00 3e 08 03 00 00 00 85 b4 d0 9f 00 00 02 fa 50 4c 54 45 00 00 00 2d 96 f0 2a 92 ec 2a 91 eb 2a 90 eb 29 91 ea 29 91 ea 2a 91 eb 2b 92 eb 49 92 ff 2b 91 eb 2a 91 eb 2a 91 eb 2a 90 eb 29 91 ea 29 90 ea 29 91 ea 33 99 eb 80 ff ff 29 90 ea 29 91 ea 2e 93 f0 2c 90 ed 2a 91 eb 2a 90 ea 2a 91 eb 29 90 ea 2a 90 ea 2d 93 ee 29 91 ec 2a 90 eb 2b 91 eb 2b 90 ec 2a 90 ea 37 92 ed 2b 92 ec 2a 90 eb 2a 91 eb 29 91 eb 29 91 eb 29 91 ea 2a 91 ea 29 91 eb 2a 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 29 90 ea 2b 95 f4 2b 91 ec 2a 91 eb 2b 95 ef 39 aa ff 29 91 eb 29 91 eb 2b aa ff 2c 93 eb 2b 90 eb ff ff ff 2a 91 ec 29 90 eb 2b 91 ec 29 90 eb 2a 92 ea 2b 91 eb 2a 92 eb 2a 91 ea 2a 91 ea 2b 95 ff 2a 90 eb 2a 92 eb 2a 91 eb 36 94 f2 2a 90 ea 40 bf ff 2c 92 f0 2a 90 eb 2e 94 eb 2b 91 eb 2a 91 eb 2a 91 ea 2a 91 eb 2a 94 ed 2a 91 ea 2a 90 eb 2e 92 ed 2c 90 ee 29 94 ef 30 9f ef 55 aa ff 30 97 ef 2c 90 f4 33 99 ff 2e 91 ee 31 93 eb 2a 91 eb 2c 95 ed 2a 92 ea 29 92 ec [TRUNCATED] Data Ascii: PNGIHDR>PLTE-**))+I+*)))3)).,)-)++7+*))))***)+++9))+,+)+)+*+6@,.+****.,)0U0,3.1,))*3+++)).),)))+),)))+)*@3-)+/+++)+)+++++,)+)*))))1)./*);)*++))
Mar 13, 2025 10:40:36.641100883 CET	1236	IN	Data Raw: 29 91 ea 29 92 eb 2a 91 eb 29 91 eb 2d 93 ec 33 99 ff 2c 93 eb 29 91 ec 29 91 eb 2a 91 eb 29 91 ea 2b 90 ec 2a 90 ea 2c 92 eb 2e 97 f3 2a 91 ea 2b 93 eb 29 90 eb 2a 91 eb 2c 91 ec 2a 91 ec 2b 92 eb 2b 91 eb 2a 91 ea 2d 96 f0 29 92 ec 29 91 eb 2b Data Ascii: )))-3,)))+,.+),++-))+)++),+))+))))+++.++*-+,++ztRNS"Md{!Et-]6s
Mar 13, 2025 10:40:36.641110897 CET	1236	IN	Data Raw: 30 ee 72 38 76 c5 9c c5 2c bf dc cc 13 2a f9 39 c8 70 ce 3b 94 e8 44 6a 57 eb 06 47 ed 98 28 94 49 b4 95 c5 e1 d1 b5 a5 9c 9a 90 da c1 ab e1 b5 db 1b 37 0a 8f 71 96 3f ee 85 70 c8 a6 6f 6d 46 32 7f 2d 14 67 1b f3 31 99 e4 3d 66 d0 53 56 44 a0 44 Data Ascii: 0r8v,*9p;DjWG(I7q?pomF2-g1=fSVDD2)@&70a~Mn]f2@RHZs=H"$nf_yPJ{P;Y`8 x>)j5,ICfhzYGW7="z ;bQ=40RFe
Mar 13, 2025 10:40:36.641123056 CET	657	IN	Data Raw: fb e4 15 81 d2 fa 23 b8 94 e8 7c d6 19 a6 43 69 cb 21 3e a6 6d 3a 0c 73 38 87 5f 22 17 39 93 da fd 52 7d 7d 87 cb d1 ee 9a 29 1b f5 03 dc 8a 7f cc a7 63 13 1d cd ba 65 c1 ed bd 03 14 47 e0 d8 1c 7b 16 49 4d 3e a7 d0 23 f5 c9 b1 c0 74 89 4f 68 fb Data Ascii: #\|Ci!>m:s8_"9R}})ceG{IM>#tOh~U/<@XQ+KeGuY7mCer&HU0a33REvvY}hE% Y$3wDcatl+k7lfR[}S{=\wPG,"A?X4Rt=
Mar 13, 2025 10:40:36.858855963 CET	290	OUT	GET /developer/none.ico HTTP/1.1 Host: cdn1.editmysite.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 13, 2025 10:40:36.951855898 CET	738	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 65 Server: nginx Content-Type: image/x-icon Last-Modified: Wed, 05 Mar 2025 16:29:05 GMT ETag: "67c87bd1-57e" Expires: Wed, 05 Mar 2025 21:00:30 GMT Cache-Control: max-age=300 X-Host: blu24.sf2p.intern.weebly.net Access-Control-Allow-Origin: * Content-Encoding: gzip Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 13 Mar 2025 09:40:36 GMT Age: 650706 X-Served-By: cache-sjc10061-SJC, cache-ewr-kewr1740071-EWR X-Cache: HIT, HIT X-Cache-Hits: 966, 9 X-Timer: S1741858837.912103,VS0,VE0 Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 06 30 c8 60 65 60 10 03 d2 1a 40 0c 12 52 00 62 46 06 0e 88 24 23 03 02 20 b3 47 c1 28 18 05 a3 60 04 82 ff ff 29 c3 00 a7 d4 66 85 7e 05 00 00 Data Ascii: c``B0`e`@RbF$# G(`)f~
Mar 13, 2025 10:41:21.952739954 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.10	49707	142.250.185.131	80

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:40:45.525537968 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 13, 2025 10:40:46.198571920 CET	223	IN	HTTP/1.1 304 Not Modified Date: Thu, 13 Mar 2025 09:22:23 GMT Expires: Thu, 13 Mar 2025 10:12:23 GMT Age: 1103 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 13, 2025 10:40:46.209000111 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 13, 2025 10:40:46.396950960 CET	223	IN	HTTP/1.1 304 Not Modified Date: Thu, 13 Mar 2025 09:22:26 GMT Expires: Thu, 13 Mar 2025 10:12:26 GMT Age: 1100 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49692	172.217.18.4	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:40:35 UTC	599	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIk6HLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCPrXzgEIydzOAQjg4M4BCOXjzgEIr+TOAQjI5M4BCN/kzgEIi+XOAQiO5c4B Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1988, Parent PID: 5656

General

Target ID:	0
Start time:	05:40:23
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7ea9f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3948, Parent PID: 1988

General

Target ID:	1
Start time:	05:40:24
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1988,i,3565000205782551320,295746777365023404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1964 /prefetch:3
Imagebase:	0x7ff7ea9f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6280, Parent PID: 5656

General

Target ID:	4
Start time:	05:40:30
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://atttttt00000011.weebly.com/"
Imagebase:	0x7ff7ea9f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://atttttt00000011.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1988, Parent PID: 5656

General

Chronological Activities

Analysis Process: chrome.exePID: 3948, Parent PID: 1988

General

Chronological Activities

Analysis Process: chrome.exePID: 6280, Parent PID: 5656

Windows Analysis Report
http://atttttt00000011.weebly.com/