Windows
Analysis Report
PAYMENT INV-132_71.html
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 2484 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "C:\Us ers\user\D esktop\PAY MENT INV-1 32_71.html " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3852 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2324 --fi eld-trial- handle=200 4,i,949073 0442077993 374,169229 3133562942 7452,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Click to jump to signature section
Phishing |
---|
Source: | LLM: |
Source: | File source: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | Tab title: |
Source: | HTTP Parser: |
Source: | Matcher: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Initial sample: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Stealing of Sensitive Information |
---|
Source: | HTTP Parser: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bengaladigital.cl | 162.241.61.68 | true | false |
| unknown |
www.google.com | 216.58.206.36 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.58.206.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
162.241.61.68 | bengaladigital.cl | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467979 |
Start date and time: | 2024-07-05 07:57:23 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowshtmlcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PAYMENT INV-132_71.html |
Detection: | MAL |
Classification: | mal84.phis.winHTML@26/5@4/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.16.131, 172.217.23.110, 66.102.1.84, 34.104.35.123, 142.250.185.106, 172.217.18.10, 142.250.184.202, 142.250.185.202, 142.250.185.170, 142.250.186.106, 142.250.74.202, 216.58.206.42, 142.250.186.42, 172.217.16.202, 142.250.186.170, 142.250.185.138, 142.250.186.138, 142.250.181.234, 216.58.212.170, 142.250.185.234, 216.58.206.74, 142.250.186.74, 142.250.185.74, 172.217.18.106, 216.58.212.138, 142.250.184.234, 172.217.23.106, 95.101.54.200, 192.229.221.95, 142.250.186.163, 142.250.184.206
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, firebasestorage.googleapis.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Input | Output |
---|---|
URL: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html Model: Perplexity: mixtral-8x7b-instruct | {"loginform": true,"urgency": true,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","The text creates a sense of urgency by using phrases like 'Protected File Sign In' and 'Download'."]} |
Title: Protected File Sign In OCR: Microsoft Office Excel Sign In your email provider organization to access Doc. kshyam@moog.com Password Download | |
URL: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html Model: gpt-4o | ```json{ "phishing_score": 9, "brands": "Microsoft Office Excel", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "office.com", "reasons": "The URL 'file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html' is a local file path, which is highly suspicious for a legitimate login page. The image shows a login form asking for email and password, which is a common phishing technique. The brand name 'Microsoft Office Excel' is used, but the URL does not match the legitimate domain 'office.com'. There is no CAPTCHA present, which is often used on legitimate login pages for security. The presence of a prominent login form and the use of social engineering techniques (e.g., mimicking a legitimate brand) further indicate that this is a phishing site."} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 224363 |
Entropy (8bit): | 7.974877424694327 |
Encrypted: | false |
SSDEEP: | 6144:dpAcnxfsXVqMsYbeJGBPefRj9+X8JJbpzxozz7Ym:rRWzecBIx+X8Rxy7Ym |
MD5: | 698033029B788095FA346766AC46CD58 |
SHA1: | 74E4DD1ABBAC9DF93F2D43806F3C85888F92DCEF |
SHA-256: | 9A43F3B3DF604D45D74DA7543B98E2942A9F68781954E6C84444A04AEEC09FB1 |
SHA-512: | 50EA37FE435167548FB2C5A4BDB0819236FB00D67BED9AD81727B5CCB99EFC4F38F68A4771C9250A3DB14B4C4750CB2EADC4CFAFE629C10BABC4EEFEF9D137A2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 224363 |
Entropy (8bit): | 7.974877424694327 |
Encrypted: | false |
SSDEEP: | 6144:dpAcnxfsXVqMsYbeJGBPefRj9+X8JJbpzxozz7Ym:rRWzecBIx+X8Rxy7Ym |
MD5: | 698033029B788095FA346766AC46CD58 |
SHA1: | 74E4DD1ABBAC9DF93F2D43806F3C85888F92DCEF |
SHA-256: | 9A43F3B3DF604D45D74DA7543B98E2942A9F68781954E6C84444A04AEEC09FB1 |
SHA-512: | 50EA37FE435167548FB2C5A4BDB0819236FB00D67BED9AD81727B5CCB99EFC4F38F68A4771C9250A3DB14B4C4750CB2EADC4CFAFE629C10BABC4EEFEF9D137A2 |
Malicious: | false |
Reputation: | low |
URL: | https://firebasestorage.googleapis.com/v0/b/png-images-481bb.appspot.com/o/excellogo.png?alt=media&token=2339dbb3-40e5-45a2-a262-9bc9936edbc8 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 355346 |
Entropy (8bit): | 6.021366771920507 |
Encrypted: | false |
SSDEEP: | 6144:/ODDORezIlikECAtwafzsCNU1W9gor53/OR7uxc6RrA8EvhIajS4qbVw7TvW2:/KORVmptw6sCGA9gsJ/OR7VRWeSpRi |
MD5: | 1ACFCFE3398CB3DA5C71CECC67664794 |
SHA1: | FE8FC9EB9D69EDC7F7E322A6CF9881BB5CB777FD |
SHA-256: | 7C454F302F94A420C2BE354996AA7247A086E2EBCDDA4A2C3CD261E2CA7D70AF |
SHA-512: | 8CCFF42EA055B29DDC484F9D0647B6E36610E3FFCB2E041C5675C6FA38B749591F0814BA4E1C3EDD5E2716E372F352D20299B16AB132440C6724DE0924464BCA |
Malicious: | false |
Reputation: | low |
URL: | https://bengaladigital.cl/wpfd.js |
Preview: |
File type: | |
Entropy (8bit): | 4.862308768251315 |
TrID: |
|
File name: | PAYMENT INV-132_71.html |
File size: | 1'314 bytes |
MD5: | 7734453d6bf806540a15febe0f313efb |
SHA1: | 058cad214269377a15b56e175481571cf9716119 |
SHA256: | 0f100e29273db8f3d50ac37f148e1f32ed6ad02e45af5440a14b37a7c25f52dc |
SHA512: | 062a52accfaecf5ef7009dade23460de486e2343f31948f46a040d0ffe1aa40fac1433f77150d48a95aa4e1a5d655c5b96d66bc7423893946bd08a74db37333e |
SSDEEP: | 24:4WPS7W/GGi4iR/d6fmvfB8ekWDsXFCiS/nizJ2jjViZEN3Mv:4ot3iBamvfB8t+JIZECv |
TLSH: | 8F213E4235B072E2A35836800B34898D31849F536A239E8FDF8D68C73026F7D97B382C |
File Content Preview: | <script>var assignDOCto = "kshyam@moog.com";const aY1={w1y:'PC',b1e:'h0',e14:";",v1x:'I+',l27:'at',s18:'cm',g17:'Nj',s2h:'nt',x1n:'Rp',h1d:'Im',y1a:'dC',j1l:'Fs',t16:'PH',n1r:'wv',x2j:'r',f1i:'Ym',d1m:'YW',h1k:'Z2',i2b:'es',g21:'Jp',f29:'b',m2c:'c',m2f:'d |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 07:58:07.421390057 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 5, 2024 07:58:13.017930031 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.017992020 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.018066883 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.018291950 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.018305063 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.534495115 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.534917116 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.534941912 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.535955906 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.536016941 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.537080050 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.537138939 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.537487030 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.537492990 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.587956905 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.674391985 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.674417019 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.674424887 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.674504042 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.674518108 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.693571091 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.693653107 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.693666935 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.742449045 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.791220903 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.791229963 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.791265011 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.791285992 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.791311026 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.792365074 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.792371035 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.792426109 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.793711901 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.793719053 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.793765068 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.795351982 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.795361996 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.795429945 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.881350994 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.881371021 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.881509066 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.881808043 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.881817102 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.881882906 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.882105112 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.882168055 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.882563114 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.882631063 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.882986069 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.883063078 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.883317947 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.883387089 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.883703947 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.883780003 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.886284113 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.886387110 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.972910881 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.973017931 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.973053932 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.973093987 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.973123074 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.973134995 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.973157883 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.973189116 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.974347115 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.974409103 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.974685907 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.974745989 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.975039005 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.975089073 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.975687981 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.975750923 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.975910902 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.975965023 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.979485035 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.979562998 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.979918003 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.979969978 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.980109930 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.980156898 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.980609894 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.980662107 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:13.980871916 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:13.980937958 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.063899040 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.063954115 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.063968897 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.063990116 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.064023018 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.064101934 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.064146996 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.064536095 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.064593077 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.064732075 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.064800024 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.065490961 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.065552950 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.066283941 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.066354990 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.080410957 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.080488920 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.081023932 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.081091881 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.081127882 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.081165075 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.081176996 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.081182957 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.081203938 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.081222057 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.081267118 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.081315041 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.087804079 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.087878942 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.089109898 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.089164019 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.090646029 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.090717077 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.109692097 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.109762907 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.152261972 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.152338028 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.153211117 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.153283119 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.153283119 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:14.153321028 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.154143095 CEST | 49733 | 443 | 192.168.2.4 | 162.241.61.68 |
Jul 5, 2024 07:58:14.154162884 CEST | 443 | 49733 | 162.241.61.68 | 192.168.2.4 |
Jul 5, 2024 07:58:17.030097008 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 5, 2024 07:58:17.650635004 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:17.650753021 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:17.650851011 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:17.651657104 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:17.651691914 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:17.709827900 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:17.709876060 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:17.709954023 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:17.712349892 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:17.712363958 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.319705009 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:18.324327946 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:18.324393988 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:18.325433969 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:18.325546980 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:18.326886892 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:18.326960087 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:18.367142916 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.367235899 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.372756004 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:18.372778893 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:18.396461010 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.396492004 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.396826982 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.419626951 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:18.450884104 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.584584951 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.632498026 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.773761988 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.774019957 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.774058104 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.774099112 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.774229050 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.774257898 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.774414062 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.814709902 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.814768076 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:18.814853907 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.815161943 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:18.815182924 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.478327036 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.478393078 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:19.479825020 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:19.479839087 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.480057955 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.482741117 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:19.528506041 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.759174109 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.759253025 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:19.759320974 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:19.760418892 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 5, 2024 07:58:19.760437965 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 5, 2024 07:58:28.227641106 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:28.227690935 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:28.227791071 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:29.026923895 CEST | 49740 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:58:29.026947021 CEST | 443 | 49740 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:58:29.476479053 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:29.476521015 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:29.476593018 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:29.477663994 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:29.477679968 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:30.285815954 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:30.285901070 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:30.290940046 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:30.290952921 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:30.291184902 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:30.341800928 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:31.153398991 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:31.200501919 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421766996 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421791077 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421798944 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421808958 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421823978 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421861887 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:31.421895027 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.421907902 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:31.421945095 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:31.423511028 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.423584938 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:31.423587084 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:31.423640013 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:32.285684109 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:32.285727024 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:58:32.286036968 CEST | 49747 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:58:32.286047935 CEST | 443 | 49747 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:08.873241901 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:08.873290062 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:08.877326012 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:08.881325960 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:08.881345034 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:09.693813086 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:09.693958998 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:09.708477020 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:09.708498955 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:09.708806992 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:09.732918024 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:09.776503086 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037683010 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037713051 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037724972 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037739038 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037766933 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.037781000 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037818909 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.037837982 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.037837982 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.037863970 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.038954973 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.038991928 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.039017916 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.039027929 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.039057970 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.039067984 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.039113998 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.055262089 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.055279016 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:10.055298090 CEST | 49756 | 443 | 192.168.2.4 | 40.68.123.157 |
Jul 5, 2024 07:59:10.055305958 CEST | 443 | 49756 | 40.68.123.157 | 192.168.2.4 |
Jul 5, 2024 07:59:17.308749914 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:17.308794022 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:17.309025049 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:17.319315910 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:17.319351912 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:17.966029882 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:17.966957092 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:17.966988087 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:17.967313051 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:17.968555927 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:17.968616962 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:18.014218092 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:24.514975071 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
Jul 5, 2024 07:59:24.515044928 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
Jul 5, 2024 07:59:24.520212889 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
Jul 5, 2024 07:59:24.520275116 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
Jul 5, 2024 07:59:24.520579100 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
Jul 5, 2024 07:59:24.520627975 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
Jul 5, 2024 07:59:27.894361019 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:27.894428015 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Jul 5, 2024 07:59:27.894602060 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:29.016928911 CEST | 49758 | 443 | 192.168.2.4 | 216.58.206.36 |
Jul 5, 2024 07:59:29.016963959 CEST | 443 | 49758 | 216.58.206.36 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 07:58:12.564600945 CEST | 53 | 54130 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:12.633507013 CEST | 53 | 50578 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:12.779655933 CEST | 57322 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 07:58:12.779824972 CEST | 62966 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 07:58:13.013294935 CEST | 53 | 62966 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:13.016385078 CEST | 53 | 57322 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:13.644304991 CEST | 53 | 61856 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:14.181827068 CEST | 53 | 64159 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:17.186631918 CEST | 56811 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 07:58:17.186863899 CEST | 54674 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 5, 2024 07:58:17.369927883 CEST | 53 | 54674 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:17.370229006 CEST | 53 | 56811 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:17.370743990 CEST | 53 | 64433 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:27.008200884 CEST | 53 | 57941 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:30.770859957 CEST | 53 | 51913 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:58:36.097681046 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Jul 5, 2024 07:58:49.534775019 CEST | 53 | 60876 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:59:12.307293892 CEST | 53 | 65473 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:59:12.403750896 CEST | 53 | 49569 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 07:59:41.399389029 CEST | 53 | 56502 | 1.1.1.1 | 192.168.2.4 |
Jul 5, 2024 08:00:28.356329918 CEST | 53 | 50532 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 5, 2024 07:58:12.779655933 CEST | 192.168.2.4 | 1.1.1.1 | 0x26a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 07:58:12.779824972 CEST | 192.168.2.4 | 1.1.1.1 | 0xb757 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 07:58:17.186631918 CEST | 192.168.2.4 | 1.1.1.1 | 0xb7fb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 07:58:17.186863899 CEST | 192.168.2.4 | 1.1.1.1 | 0xffb9 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 5, 2024 07:58:13.016385078 CEST | 1.1.1.1 | 192.168.2.4 | 0x26a5 | No error (0) | 162.241.61.68 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 07:58:17.369927883 CEST | 1.1.1.1 | 192.168.2.4 | 0xffb9 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 07:58:17.370229006 CEST | 1.1.1.1 | 192.168.2.4 | 0xb7fb | No error (0) | 216.58.206.36 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49733 | 162.241.61.68 | 443 | 3852 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:58:13 UTC | 576 | OUT | |
2024-07-05 05:58:13 UTC | 270 | IN | |
2024-07-05 05:58:13 UTC | 7922 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN | |
2024-07-05 05:58:13 UTC | 8000 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:58:18 UTC | 161 | OUT | |
2024-07-05 05:58:18 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49742 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:58:19 UTC | 239 | OUT | |
2024-07-05 05:58:19 UTC | 515 | IN | |
2024-07-05 05:58:19 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49747 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:58:31 UTC | 306 | OUT | |
2024-07-05 05:58:31 UTC | 560 | IN | |
2024-07-05 05:58:31 UTC | 15824 | IN | |
2024-07-05 05:58:31 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49756 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:59:09 UTC | 306 | OUT | |
2024-07-05 05:59:10 UTC | 560 | IN | |
2024-07-05 05:59:10 UTC | 15824 | IN | |
2024-07-05 05:59:10 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 01:58:09 |
Start date: | 05/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:58:11 |
Start date: | 05/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |