Windows
Analysis Report
https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 3496 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1860 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2376 --fi eld-trial- handle=233 2,i,137317 9220940726 7180,17214 2997287414 1313,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6440 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://pub-f b608504b57 048a1b1ca5 4c74dbf132 d.r2.dev/r int.html?o dwyerrealt y" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security | ||
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev | 104.18.2.35 | true | false | unknown | |
www.google.com | 142.250.74.196 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown | |
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
104.18.2.35 | pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.74.196 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467871 |
Start date and time: | 2024-07-05 00:16:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.phis.win@21/9@6/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.131, 216.58.212.174, 108.177.15.84, 34.104.35.123, 40.127.169.103, 93.184.221.240, 192.229.221.95, 20.166.126.56, 20.3.187.198, 13.95.31.18, 131.107.255.255, 142.250.186.35
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, dns.msftncsi.com, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty
Input | Output |
---|---|
URL: https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title of the webpage suggests that it is a suspected phishing site, which is a negative indicator.","The text on the webpage warns the user about potential phishing and encourages them to ignore and proceed, which may indicate an attempt to deceive the user.","There is no CAPTCHA or other anti-robot detection mechanism present on the webpage, which may suggest that the site is not taking sufficient measures to protect against automated attacks.","The text on the webpage does not appear to create a sense of urgency or interest, as it is primarily informational in nature."]} |
Title: Suspected phishing site | Cloudflare OCR: O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Cloudflare Ray 10: 89e27c05ba57727b Your IP: Click to reveal Performance & security by Cloudflare | |
URL: https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, so there is no explicit request for sensitive information.","The text of the webpage does not create a sense of urgency or interest, as it only provides a warning about potential phishing.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]} |
Title: Suspected phishing site | Cloudflare OCR: O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Claudflare Ray ID: 89e27c05ba57727b Performance & security by Claudflare Your 19:846.123.33 |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Reputation: | low |
URL: | https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4416 |
Entropy (8bit): | 5.089820487937961 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjUDK/D5DMF+BOiswhcDA2ZLimlrR49PaQxJbGD:1j9jhjYjIK/Vo+tswK9ZOmlrO9ieJGD |
MD5: | AD961E600D393812C0C71ECA76B6C71D |
SHA1: | 0A70243AC9AD2C005FF5A8D6D2752C336830BCD6 |
SHA-256: | AFD03E75106B0C24A15B8E67FD69835C5F242A5B155E641DD0B179275D9B8258 |
SHA-512: | 069D22AB2FC02175AFBC161229601B69D38745277A23A242F3C4A3DF8C528B96617D1ED570D3AE2C3516B7C9C49CD71A650CEE197079A24F26091CD8DC75AD32 |
Malicious: | false |
Reputation: | low |
URL: | https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24051 |
Entropy (8bit): | 4.941039417164537 |
Encrypted: | false |
SSDEEP: | 192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk |
MD5: | 5E8C69A459A691B5D1B9BE442332C87D |
SHA1: | F24DD1AD7C9080575D92A9A9A2C42620725EF836 |
SHA-256: | 84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091 |
SHA-512: | 6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42 |
Malicious: | false |
Reputation: | low |
URL: | https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/cdn-cgi/styles/cf.errors.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 27150 |
Entropy (8bit): | 4.357340680151037 |
Encrypted: | false |
SSDEEP: | 384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3 |
MD5: | 46DD133EE00DC1BAE5E4EEBA7B88432F |
SHA1: | 8AF86A4AC91CE48C062216FB94A6E1D57618A19B |
SHA-256: | 9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66 |
SHA-512: | CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474 |
Malicious: | false |
Reputation: | low |
URL: | https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 00:17:04.367110968 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 5, 2024 00:17:14.038208961 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 5, 2024 00:17:15.565278053 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:15.565334082 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:15.565627098 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:15.565634966 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:15.565661907 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:15.565689087 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:15.565901995 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:15.565913916 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:15.566131115 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:15.566140890 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.053299904 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.053311110 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.053705931 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.053745031 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.053908110 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.053917885 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.054754019 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.054817915 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.054900885 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.054954052 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.056938887 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.057018042 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.057137012 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.057147026 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.057233095 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.057307005 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.102978945 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.103023052 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.103151083 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.147917986 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.492336988 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.492391109 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.492420912 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.492445946 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.492497921 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.492542982 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.492559910 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.492571115 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.492610931 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.790843010 CEST | 49735 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.790899038 CEST | 443 | 49735 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:16.800614119 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:16.848503113 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115274906 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115329027 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115359068 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115379095 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.115390062 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115422964 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115436077 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.115483046 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115514994 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115521908 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.115529060 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115566969 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.115583897 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115621090 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.115660906 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.115679026 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.120699883 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.120748997 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.120762110 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.120793104 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.120827913 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.120835066 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.120876074 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.121334076 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.121462107 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.121503115 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.121509075 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.121537924 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.121589899 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.122565031 CEST | 49736 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.122580051 CEST | 443 | 49736 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.322220087 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.322272062 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.322360992 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.322757959 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.322773933 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.798672915 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.798969030 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.799005032 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.799334049 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.799689054 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.799752951 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.800349951 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.844510078 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.940068007 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.940140009 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:17.940187931 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.959536076 CEST | 49739 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:17.959563017 CEST | 443 | 49739 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.029062033 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.029094934 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.029185057 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.031203032 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.031219006 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.034513950 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.034537077 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.034584999 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.034775972 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.034785032 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.073678017 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.073705912 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.073759079 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.074317932 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.074327946 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.369661093 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:18.369719982 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:18.369791985 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:18.372148991 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:18.372175932 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:18.514406919 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.516689062 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.516720057 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.517126083 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.517877102 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.517961025 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.518394947 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.560504913 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.571918011 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.572376966 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.572402000 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.573560953 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.573643923 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.578511000 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.578654051 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.579134941 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.579150915 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.631895065 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.684397936 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.685621023 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.685636044 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.686660051 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.686716080 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.696125984 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.696208000 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.722939968 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.723010063 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.723114014 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.741267920 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.741291046 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:18.768243074 CEST | 49742 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.768265963 CEST | 443 | 49742 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.788149118 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:18.832685947 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.832811117 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.832865953 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.832885981 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.832983971 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.833022118 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.833024979 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.833038092 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.833081961 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.833452940 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.833523989 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.833564043 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.833573103 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.834253073 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.834446907 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.834454060 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.839981079 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.840015888 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.840054035 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.840063095 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.840101957 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.922286987 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.922350883 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.922399998 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.922435999 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.922441959 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.922476053 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.922492027 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.923207998 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.923255920 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.923263073 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.923301935 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:18.924335957 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.938463926 CEST | 49741 | 443 | 192.168.2.4 | 104.18.2.35 |
Jul 5, 2024 00:17:18.938483953 CEST | 443 | 49741 | 104.18.2.35 | 192.168.2.4 |
Jul 5, 2024 00:17:19.045449018 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.045547009 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.051026106 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.051043987 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.051302910 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.100640059 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.118705988 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.164503098 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.323769093 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.323847055 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.323909998 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.324071884 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.324095011 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.324120998 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.324130058 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.362067938 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.362145901 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:19.362221956 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.362530947 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:19.362557888 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.045728922 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.045804977 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:20.049967051 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:20.049981117 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.050282001 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.052401066 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:20.092499971 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.334413052 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.334486008 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:20.334574938 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:20.335782051 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 00:17:20.335804939 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 00:17:28.585108995 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:28.585182905 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:28.585293055 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:29.920357943 CEST | 49740 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:17:29.920389891 CEST | 443 | 49740 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:17:31.280051947 CEST | 49244 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:31.284871101 CEST | 53 | 49244 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:31.284933090 CEST | 49244 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:31.284976959 CEST | 49244 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:31.289691925 CEST | 53 | 49244 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:31.754947901 CEST | 53 | 49244 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:31.755578041 CEST | 49244 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:31.762336016 CEST | 53 | 49244 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:31.762424946 CEST | 49244 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:51.719337940 CEST | 49246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:51.725817919 CEST | 53 | 49246 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:51.726088047 CEST | 49246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:51.726152897 CEST | 49246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:51.726152897 CEST | 49246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:51.732423067 CEST | 53 | 49246 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:51.733587980 CEST | 53 | 49246 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:52.197544098 CEST | 53 | 49246 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:52.215925932 CEST | 49246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:52.225697994 CEST | 53 | 49246 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:52.225836039 CEST | 49246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:57.920772076 CEST | 55129 | 53 | 192.168.2.4 | 162.159.36.2 |
Jul 5, 2024 00:17:57.927666903 CEST | 53 | 55129 | 162.159.36.2 | 192.168.2.4 |
Jul 5, 2024 00:17:57.927756071 CEST | 55129 | 53 | 192.168.2.4 | 162.159.36.2 |
Jul 5, 2024 00:17:57.927820921 CEST | 55129 | 53 | 192.168.2.4 | 162.159.36.2 |
Jul 5, 2024 00:17:57.932914972 CEST | 53 | 55129 | 162.159.36.2 | 192.168.2.4 |
Jul 5, 2024 00:17:58.388304949 CEST | 53 | 55129 | 162.159.36.2 | 192.168.2.4 |
Jul 5, 2024 00:17:58.388637066 CEST | 55129 | 53 | 192.168.2.4 | 162.159.36.2 |
Jul 5, 2024 00:17:58.394854069 CEST | 53 | 55129 | 162.159.36.2 | 192.168.2.4 |
Jul 5, 2024 00:17:58.394910097 CEST | 55129 | 53 | 192.168.2.4 | 162.159.36.2 |
Jul 5, 2024 00:18:17.997320890 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:17.997355938 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:17.997519970 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:17.997934103 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:17.997951031 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:18.645416975 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:18.645718098 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:18.645740986 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:18.646033049 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:18.646405935 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:18.646470070 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:18.687028885 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:28.545753002 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:28.545809984 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Jul 5, 2024 00:18:28.545856953 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:29.887480974 CEST | 55133 | 443 | 192.168.2.4 | 142.250.74.196 |
Jul 5, 2024 00:18:29.887509108 CEST | 443 | 55133 | 142.250.74.196 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 00:17:13.674561024 CEST | 53 | 52159 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:13.686991930 CEST | 53 | 61341 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:14.795418024 CEST | 53 | 55156 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:15.552509069 CEST | 62135 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:15.552643061 CEST | 54550 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:15.563798904 CEST | 53 | 62135 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:15.564826965 CEST | 53 | 54550 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:17.954684019 CEST | 61008 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:17.954879999 CEST | 64874 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:17.962903023 CEST | 53 | 64874 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:17.962939978 CEST | 53 | 61008 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:18.058238029 CEST | 58834 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:18.058682919 CEST | 50182 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 00:17:18.072370052 CEST | 53 | 58834 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:18.072388887 CEST | 53 | 50182 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:31.279635906 CEST | 53 | 54764 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:31.861093998 CEST | 53 | 59280 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:32.129105091 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Jul 5, 2024 00:17:50.695143938 CEST | 53 | 62325 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:51.718799114 CEST | 53 | 57610 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:17:57.920248032 CEST | 53 | 52694 | 162.159.36.2 | 192.168.2.4 |
Jul 5, 2024 00:17:58.440685987 CEST | 53 | 63158 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 00:18:13.252413034 CEST | 53 | 62195 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 5, 2024 00:17:15.552509069 CEST | 192.168.2.4 | 1.1.1.1 | 0x23fe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:17:15.552643061 CEST | 192.168.2.4 | 1.1.1.1 | 0x1bb2 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 00:17:17.954684019 CEST | 192.168.2.4 | 1.1.1.1 | 0xd96d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:17:17.954879999 CEST | 192.168.2.4 | 1.1.1.1 | 0xc720 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 00:17:18.058238029 CEST | 192.168.2.4 | 1.1.1.1 | 0x2801 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:17:18.058682919 CEST | 192.168.2.4 | 1.1.1.1 | 0xfe13 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 5, 2024 00:17:15.563798904 CEST | 1.1.1.1 | 192.168.2.4 | 0x23fe | No error (0) | 104.18.2.35 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:17:15.563798904 CEST | 1.1.1.1 | 192.168.2.4 | 0x23fe | No error (0) | 104.18.3.35 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:17:17.962903023 CEST | 1.1.1.1 | 192.168.2.4 | 0xc720 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:17:17.962939978 CEST | 1.1.1.1 | 192.168.2.4 | 0xd96d | No error (0) | 142.250.74.196 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:17:18.072370052 CEST | 1.1.1.1 | 192.168.2.4 | 0x2801 | No error (0) | 104.18.2.35 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:17:18.072370052 CEST | 1.1.1.1 | 192.168.2.4 | 0x2801 | No error (0) | 104.18.3.35 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:17:30.241775036 CEST | 1.1.1.1 | 192.168.2.4 | 0x90cd | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:17:30.241775036 CEST | 1.1.1.1 | 192.168.2.4 | 0x90cd | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 104.18.2.35 | 443 | 1860 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:16 UTC | 708 | OUT | |
2024-07-04 22:17:16 UTC | 222 | IN | |
2024-07-04 22:17:16 UTC | 1147 | IN | |
2024-07-04 22:17:16 UTC | 1369 | IN | |
2024-07-04 22:17:16 UTC | 1369 | IN | |
2024-07-04 22:17:16 UTC | 539 | IN | |
2024-07-04 22:17:16 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 104.18.2.35 | 443 | 1860 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:16 UTC | 635 | OUT | |
2024-07-04 22:17:17 UTC | 411 | IN | |
2024-07-04 22:17:17 UTC | 958 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN | |
2024-07-04 22:17:17 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49739 | 104.18.2.35 | 443 | 1860 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:17 UTC | 705 | OUT | |
2024-07-04 22:17:17 UTC | 409 | IN | |
2024-07-04 22:17:17 UTC | 452 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 104.18.2.35 | 443 | 1860 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:18 UTC | 664 | OUT | |
2024-07-04 22:17:18 UTC | 180 | IN | |
2024-07-04 22:17:18 UTC | 1189 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN | |
2024-07-04 22:17:18 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49742 | 104.18.2.35 | 443 | 1860 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:18 UTC | 413 | OUT | |
2024-07-04 22:17:18 UTC | 409 | IN | |
2024-07-04 22:17:18 UTC | 452 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49743 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:19 UTC | 161 | OUT | |
2024-07-04 22:17:19 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49744 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:17:20 UTC | 239 | OUT | |
2024-07-04 22:17:20 UTC | 514 | IN | |
2024-07-04 22:17:20 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:17:06 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:17:12 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:17:15 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |