Edit tour

Windows Analysis Report
https://belasting.online-factuur.com

Overview

General Information

Sample URL:	https://belasting.online-factuur.com
Analysis ID:	1581759
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious Javascript

AI detected suspicious URL

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64native

chrome.exe (PID: 2748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: BB7C48CDDDE076E7EB44022520F40F77)

chrome.exe (PID: 2868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11073809685410328450,13977048154993170284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2204 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)

chrome.exe (PID: 4712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://belasting.online-factuur.com" MD5: BB7C48CDDDE076E7EB44022520F40F77)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.2.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://belasting.online-factuur.com/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of malicious intent.

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://belasting.online-factuur.com

Source: https://belasting.online-factuur.com/

HTTP Parser: Base64 decoded: 1735421088.000000

Source: https://belasting.online-factuur.com/

HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir2748_1285052954			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2748_377767228			Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.201.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.40.147
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.21
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.21
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.3
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.21
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.21
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.3
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: belasting.online-factuur.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=84WOhuCZeF70ZDozQU2xqv7HitcDpiA%2BbxYxYrYE5Eo4TgI54JEaVcSXtk%2BuPkKPUq2nr88QYc5ZP5gdBPitYG2XguFMADcDXLVDAgTz9wTsaqcAnc4q4iIai%2BrfMWL6u99IySju9%2FEzHOczdxcy HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 392Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	TCP traffic: 192.168.11.20:53331 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53331 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53331 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53331 -> 239.255.255.250:1900

Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: classification engine

Classification label: mal48.win@16/15@10/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\scoped_dir2748_1285052954

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11073809685410328450,13977048154993170284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2204 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://belasting.online-factuur.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11073809685410328450,13977048154993170284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2204 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir2748_1285052954			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2748_377767228			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	2 Masquerading	OS Credential Dumping	1 Network Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://belasting.online-factuur.com	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
belasting.online-factuur.com	104.21.63.179	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
www.google.com	142.251.40.132	true	false	high

Contacted URLs

Name	Malicious	Reputation
https://belasting.online-factuur.com/	true	unknown
https://a.nel.cloudflare.com/report/v4?s=aL9JO39GfHrwbe2z9VqwKaI1sfooELu0hz%2FfSuKSgNIn41pUwyTrJ5g5WAJK2Bp%2Ffaol%2Bpuo%2FVvxhW15RM5fd9URtYRnc8jwAuGvj6grsEU04BmwvalnwC%2B%2FnTelkLiFu6SzEsOe7VBYl%2FtdMVjL	false	high
https://a.nel.cloudflare.com/report/v4?s=CQs5dvdRm4qbTB0CTrYWqoZpFh2GoJ%2Fhj6znbq%2Fbxj3LPdpF5d8ujZL9mGOcnVJS6B9xqjZSQTYLmTflrS6s%2FucqJ%2F%2BJHAGyn7MH1xkkfYPNq4XStOfXw2t7uKKQNwTDaPSACQ5Cul2uNPMu6E%2F2	false	high
https://a.nel.cloudflare.com/report/v4?s=84WOhuCZeF70ZDozQU2xqv7HitcDpiA%2BbxYxYrYE5Eo4TgI54JEaVcSXtk%2BuPkKPUq2nr88QYc5ZP5gdBPitYG2XguFMADcDXLVDAgTz9wTsaqcAnc4q4iIai%2BrfMWL6u99IySju9%2FEzHOczdxcy	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.40.132	www.google.com	United States	15169	GOOGLEUS	false
104.21.63.179	belasting.online-factuur.com	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.171.151	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.11.20

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581759
Start date and time:	2024-12-28 22:22:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://belasting.online-factuur.com
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/15@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.80.99, 142.251.40.174, 172.253.122.84, 142.251.35.174, 142.250.65.238, 142.250.80.14, 142.251.32.110, 142.251.40.238, 142.250.72.110, 142.250.65.202, 142.250.65.234, 142.251.40.138, 142.250.64.74, 142.250.80.106, 142.250.80.42, 142.251.40.170, 142.250.64.106, 172.217.165.138, 142.250.80.74, 142.251.40.234, 142.251.41.10, 142.250.72.106, 142.250.176.202, 142.251.40.202, 142.250.65.170, 142.250.80.110, 142.251.40.206, 142.250.65.163
Excluded domains from analysis (whitelisted): clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, www.googleapis.com, dns.msftncsi.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://belasting.online-factuur.com

Input	Output
URL: https://belasting.online-factuur.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://belasting.online-factuur.com
URL: https://belasting.online-factuur.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script checks if cookies are enabled in the user's browser and displays a cookie alert if they are not. This is a common practice to inform users about cookie usage and does not demonstrate any high-risk behaviors." }
if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) }
URL: https://belasting.online-factuur.com/... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of malicious intent." }
(function(){function c(){var b=a.contentDocument\|\|a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8f949e8ac9edc45e',t:'MTczNTQyMTA4OC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange\|\|function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
URL: https://belasting.online-factuur.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://belasting.online-factuur.com/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	4214
Entropy (8bit):	7.933386470284068
Encrypted:	false
SSDEEP:	96:Pde6zxnfC9csVpsB6jYoYy063y+cPHCv4NDrdicmNN9L:x96/fjZYy063Pv4Nr6d
MD5:	23D1060D172C886ED94A903026EB2C49
SHA1:	395BCC518E1A1D31C28E9A2688DBDDFF61AB3B8C
SHA-256:	66416D0F22756D65ADF9A4F045825CCC6AF49A414170779602F0542630D076DF
SHA-512:	635D14D6192256BEC4FCAB3E665CE962F55F4578741BDC3B2D498B758813B2B456936F7C52DC8DFB106C072D7C201E4FD10C4F42AB4FD5D306F5F91DD08378EE
Malicious:	false
Reputation:	low
Preview:	(./..X4..:..//.dm..L.m..3...U.i......h.p.....G...x.^.............0...{...w...4.\.'...@..P....}...\|.....}.;.0._....q._...8...z.c.r.../zy._..\....x.._.1n.3......~..0,.D2./.Uh...Q<.....r....;T...'U.Y.(...~ao.-./.8..eu.......q`]U.....T7.m.2...7...7.l.n...n8.".Y..eu.;...j)..<1..(.q.+x..`....r90.v}(4.e.}(.bNa?`@.kX.A.1B.....\|..a.H..1...,.[.......C/.v...A...5,....g..`..1}...k).n3.b...~!..7........._.N.....e..D3x......w..T..;..0.x/<.....Z.nk.R.\.`a.~........{<..k......~.).k<...-.o......it...~!.C..... ...;.q...3.q.~q..Ou.-.6.....f......n.x....RU..x..+.J.V..~.N5...<..s..P........o_.R..~...3.....DR!..4......w.nz~!h:2.........s9...=..{tk.b.n...{tg...b%.....;rY....>.....a...=..H.......`.......3.,..?..(....r...../@K.C......^.j._.....#...x...R..@.>.....$@.;....G..aD....UK!.........kR.l...2,{.....r}VO.J-.n_.J.f...J-..@....,..4.)A^0.'F.c@...x.#.R.).YywGo_...AC-..(.).B}....R.9..bT[..g.%H{.B..W..s..#s7...C....c.......]...S..PJw%@..Lj9....f...-..m..

Chrome Cache Entry: 37

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 178 x 175, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3213
Entropy (8bit):	7.553565995366911
Encrypted:	false
SSDEEP:	96:35QRRzQqgtYCWBzmuvuLf33Pf309TxeL+vD+7SrQ9o6Br2eJk:GRRsqgOBzvcnM9TxVk9JCeJk
MD5:	0D768CBC261841D3AFFC933B9AC3130E
SHA1:	AFF136A4C761E1DF1ADA7E5D9A6ED0EBEA74A4B7
SHA-256:	1C53772285052E52BB7C12AD46A85A55747ED7BF66963FE1993FCEF91FF5B0D0
SHA-512:	CE5B1BBB8CF6B0C3D1FA146D1700DB2300ABD6F2BDBE43ECAAC6AEBC911BE6E1BCD2F8C6704A2CFA67BBB45598793DDEC017E05C2C37CE387293AAE08E7C342F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............n.t.....PLTE..........UU.@@.33..$I.@@.99.33.....''.$7.33.00.--..((.&&.$1....,,..)).''.&/.$..,,..)).((.''..)).((.''.&&.%,.$..)).((.''.&&.%.$.)).((.&&.&.%.$).((.''.&&.&.%).$(.$(.''.''.&&.%).$(.''.&&.%).%(.$(.$'.''.&&.&).%(.$'.$'.''.&&.&).%(.%(.$'.$'.&&.&&.&(.%(.%'.&&.&&.%(.%(.$'.$&.&&.&(.%(.%'.%'.$'.$&.&&.&(.%'.%'.$'.$&.&&.&(.%'.%'.$&.$&.&(.%'.%'.$&.$&.$(.%'.%'.%'.$&.$&.$(.%'.%'.%'.%&.$&.$&.$'.%'.%'.%'.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%&.%&.%&.$'.$'.$'.%'.%&.%&.%&.$'.$'.$'.$'.%&.%&.%&.$'.$'.$'.$&.%&.%&.%&.$'.$'.$'.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$&.$&.$&.$&........tRNS................................ !$%&'()*+,-./01235678:;<=>?@ABCEFHIKLMNOPQRTUVWXYZ[\]^_`adefgijklmnopqrsuvwxyz\|}..................................................................................................................

Chrome Cache Entry: 38

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 24051
Category:	downloaded
Size (bytes):	4515
Entropy (8bit):	7.956467386800229
Encrypted:	false
SSDEEP:	96:4p4l0h92B45gLm/Ie0f5G7dTj4URSht8vOcrIu9JL:I4l0hoW5gLNA7dH4Ucht8vOKX9JL
MD5:	99A8B213866426D482DB5C874E91CFC1
SHA1:	49BFFD206943C4A850376205EE720A87D08CE8CC
SHA-256:	D117A3A72EDA86BB4E103C5DAD01F6828F9454E9232CDD763806D57FF6D3DEBE
SHA-512:	CACDEA20F37A4FD5A551FAA04A2916D467E197CCF971E7104E18A2213CF1F1EA3C84B7389C3841C5249053A1854C28C92A86A5E0986244A8F26BFC35792F15C1
Malicious:	false
Reputation:	low
URL:	https://belasting.online-factuur.com/cdn-cgi/styles/cf.errors.css
Preview:	...........<..r.......F[:Z,..F. H.....O...%.6.H...n......I\%.3....R...bUI........6..,k.Gy....rK&?...\..._..+.p.!5.~.......r..{(S.#.v....B~.....T.....@o.....a.<fP&.`Yt.W..&.O.<.2C'.U).p+#.D.c,?&..V~L....A.`..[<4rS_.2B.......d.)A..T...%Y.`+.~..`=H.5.W.g..\^.,c.C......FY.Y.:P..;.k..U...v.P..-...&\.B.Ly..~(m2A=.].k........[..#...Yezy..HCy.@{F.!<6.(P}>.....l........lQO...}..(.?.{x.....D.......)...Jt....`.j.].....8.2K.u..&S.C..m...Q.f...5%.8PK-...'?..P....T..........h-..^.d..2y.5N.!hO.j.:..&..I...a..~.~9...N.-.gI.v.%.7:...".&......!...%...d..m.....;...r.\|T..zx...9.q{........m.j.WO.B....MSB...zXm..D.............1............gXo...u?l...o.lj...7.."Pn:Pw~.[tR.2..6W........... .zLFD.....~.....m........{...t.....D.3.%..6Q.I.M.<M..}....@.u.@.@..M......2..%.......MK.g..qu.a5...!...QS.0...0.x..R.......g..+.V........8.Z7....$H}.zN....^..`..M4....p........Tb.M.Y..a.6Wq#e.J.....C~........^........K.jN..5.a.t......X .P..?....R?'O6....6q.2q..................m\

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 960 x 53, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	715
Entropy (8bit):	7.3533249502413565
Encrypted:	false
SSDEEP:	12:6v/7et+/37c7jvBjLg+UnhdeNdLI4dACGHJovQpMZP5ajgj7xbKwkRR/:Lu490+NdcCqJlpMZxajnwCR/
MD5:	226DCB8F6144BDAAFDFBD8F2F354BE64
SHA1:	3785CC5B3BF52F8E398177B0FF1020B24AA86B8C
SHA-256:	8C873472F4925D5D47521DB4D52532D2983E9CB1BDE8B43143A6CC6DB56C35DB
SHA-512:	ED898B12C4895F7ACEAAB443C1071E6376DB71B4DFDBD769F5F3BE71D562438A18B5E5DC36DD7CC610926E380603A894B2E81DF4302680C736A412BFD3360D3A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......5.......r....]PLTE........................................................................................9W)....tRNS...u... ........IDATx....n.0....#.......?.f....I.B..g........O...hW...Y^.<..v..E..."....@D;u.#.h....WD.u...nq..vL...J?T.(D..&JtZ`&.....e..!.'m..5..$p.$..k`....+wCk.N=..(<....[.I.O4&.56..kR..O0.H`...%.b.Q........D..X...L.D..(.bT..... ..b+5I.+....W^. .....Y.....L.Ob.&26..IR.$0.y.^6*/..D..X.0_`..s.}..+S.. ..../D......I...ew..Qh.Nn......u.t0k.fX..b.&.!.\..I.cf..RgKC+2.M....6.)o. ..`c..M....../a.&....".Q.....uU.]@....j.......O.'......."....t....d...?z..p.q.Y.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a/..Y.x.I....IEND.B`.

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	1838
Entropy (8bit):	7.870601334580426
Encrypted:	false
SSDEEP:	48:eyE9NyzLqP40NHIRTQ9AdFWiJuuKfm9ByMyiA0L:eyE7yPqAIoRHAisuKfm9BdyEL
MD5:	9996FFA61F20C987ABE621C3FC7B1FF6
SHA1:	A48941F2E6F52F1CC7F87A46FFC2B87907A4C745
SHA-256:	1CF434E584E5124908C5B70636F457E707209BB764501EE3D709D6FAB9F6FADA
SHA-512:	EC491F20BD0D3AD026C78C12D84BC6D76C363CEEAED5D138EB5A73CACF3A26D518F3667B663B8F74270C57BF1CFA4B60AA676A8B1C2658345122E6B1C34CF061
Malicious:	false
Reputation:	low
URL:	https://belasting.online-factuur.com/favicon.ico
Preview:	(./..X.9.:g,.,...:.../p.D..z!Q.u...D.A/.,.].>....!.(h... ......_`.[Z...H.....DB...Qy.z.F....G....tR.L..J....6..Ng....96y....M".kH.#...j...J(..A.....^Mgu1.\3..My..~.NY{B...S+Yz.............E.zjz..M..W...%.....-...9.h.(T`..Jwr.f.Y.....Y3x.?<......'l.......Y..<....h..*...i........&Th..D.....8O...6%...=R=9.4....;>..Z{p.'R=.......,xp...$...S....$.'.N-r\..5.yk....8.t...v.5.0..GnU....{kbxX...f..V..J.....%3t..tkV.Q.tNx.K............."wV#...".\|...\.#....f..U...E..{..Zz5.\|.<.7..Y..Y:......f.">yecU.c.[@".r...x...-..x.,1-...\|.<....8iE..x.v6p.`A...AK.\...5..../..<......s:..^.RV><...y...Ug....mm.^.6..J%..'".R..H...(..sF..<5.'.......p...3..,mu..uI..z..\|.)_...x.7..>ey.s...bkb...w..u.eJ..i.8.....\...."L.^...:..t^.p....d.K.>+:._...t..5.e.W.r......$A..L..Q....pkV.<Q8S5.v.I.G.k..r.B...Z......z......N..V9....d.2]....._%e..vr].{..........q......3"..T......<.....a1..t@ ..f..:..C.i8..s...S&.a....t.YW.A@@...$ ;.N...y.s@.........6i......1...$.

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 178 x 175, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3213
Entropy (8bit):	7.553565995366911
Encrypted:	false
SSDEEP:	96:35QRRzQqgtYCWBzmuvuLf33Pf309TxeL+vD+7SrQ9o6Br2eJk:GRRsqgOBzvcnM9TxVk9JCeJk
MD5:	0D768CBC261841D3AFFC933B9AC3130E
SHA1:	AFF136A4C761E1DF1ADA7E5D9A6ED0EBEA74A4B7
SHA-256:	1C53772285052E52BB7C12AD46A85A55747ED7BF66963FE1993FCEF91FF5B0D0
SHA-512:	CE5B1BBB8CF6B0C3D1FA146D1700DB2300ABD6F2BDBE43ECAAC6AEBC911BE6E1BCD2F8C6704A2CFA67BBB45598793DDEC017E05C2C37CE387293AAE08E7C342F
Malicious:	false
Reputation:	low
URL:	https://belasting.online-factuur.com/cdn-cgi/images/cf-no-screenshot-error.png
Preview:	.PNG........IHDR.............n.t.....PLTE..........UU.@@.33..$I.@@.99.33.....''.$7.33.00.--..((.&&.$1....,,..)).''.&/.$..,,..)).((.''..)).((.''.&&.%,.$..)).((.''.&&.%.$.)).((.&&.&.%.$).((.''.&&.&.%).$(.$(.''.''.&&.%).$(.''.&&.%).%(.$(.$'.''.&&.&).%(.$'.$'.''.&&.&).%(.%(.$'.$'.&&.&&.&(.%(.%'.&&.&&.%(.%(.$'.$&.&&.&(.%(.%'.%'.$'.$&.&&.&(.%'.%'.$'.$&.&&.&(.%'.%'.$&.$&.&(.%'.%'.$&.$&.$(.%'.%'.%'.$&.$&.$(.%'.%'.%'.%&.$&.$&.$'.%'.%'.%'.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%&.%&.%&.$'.$'.$'.%'.%&.%&.%&.$'.$'.$'.$'.%&.%&.%&.$'.$'.$'.$&.%&.%&.%&.$'.$'.$'.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$&.$&.$&.$&........tRNS................................ !$%&'()*+,-./01235678:;<=>?@ABCEFHIKLMNOPQRTUVWXYZ[\]^_`adefgijklmnopqrsuvwxyz\|}..................................................................................................................

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	2218
Entropy (8bit):	7.895850367838391
Encrypted:	false
SSDEEP:	48:Ugd165r7atHCWIA0p7Mzn9USocbSwMxnDNAItilvUcaLE:t6Efj0pA79BobxJAIolsccE
MD5:	B696342DADB87CA1C146AB6FCEA00E8C
SHA1:	657B9329623B4EBA29C93C3966D50CC3A4EC8C79
SHA-256:	E25686A0D184174CA35146A4E4DB8D679BF0E17184E9AE416C79FFB053A2CA05
SHA-512:	399215A709206951764165BCC348A4D9581181C169CFEA1693AB3058C6229643919B12C00DE6939406144BFE26354E7CD7D1EE23B64FB130BE259C1FE30107F3
Malicious:	false
Reputation:	low
URL:	https://belasting.online-factuur.com/
Preview:	(./..X.D.z{..+.....D.[.c..R.@...X...D)..<.Y:...^.3.L.pW.@.H...A...L.....d@..pFmw...l9.........U..\|.,.w!.c...A"$6Cc.+.D.....26.....\|}l.'.#S.s..)....)m.z....&\|..QM.]j}..zK....m...%.M.cF)...W...qF...).#.a.:.u.h..S>W..pF..}r.D}...fD..r........ga"....._..Kc...?.b.(1......]....K.])[o... ..%.3...a.`.mh.;=....R..A$.m9...$e..**..:...p6..h.e..7{...r..P...U..D..\|+....2....}.T.........f@..q............~a..H.a_.)..~.4l..o[.......Sj).....w..H.]w.H..uy..k.5n..Sk[..!-..9..Y.6K..].~.2...?iY....Rf...{....UEiU.r.....s.u.........,.......&c.....)o.....~.9...X...NHX..{g..Mak3.V.Q....g.........w..r......Q.......-!HK..%.gY'.w..wq.[......Ts...]..A....y He..T...rb6.%V#t..4.........e.w...+{.7Z..)..73j%...s4M{....[.)m...=.s..m....b.M. ELL8..$.......iy .M.xQ^H...InJS.-Qc....l....4....E7.2. .e6...g.X..........m...U!-P.....S.t..Z.i.p.eq...^.........ncZ}......O.TK......{.........A.6...!.6l5.Jn....rK.^.....9........X.}.........-m{...i>;.j..[....o.............o..".6.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 960 x 53, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	715
Entropy (8bit):	7.3533249502413565
Encrypted:	false
SSDEEP:	12:6v/7et+/37c7jvBjLg+UnhdeNdLI4dACGHJovQpMZP5ajgj7xbKwkRR/:Lu490+NdcCqJlpMZxajnwCR/
MD5:	226DCB8F6144BDAAFDFBD8F2F354BE64
SHA1:	3785CC5B3BF52F8E398177B0FF1020B24AA86B8C
SHA-256:	8C873472F4925D5D47521DB4D52532D2983E9CB1BDE8B43143A6CC6DB56C35DB
SHA-512:	ED898B12C4895F7ACEAAB443C1071E6376DB71B4DFDBD769F5F3BE71D562438A18B5E5DC36DD7CC610926E380603A894B2E81DF4302680C736A412BFD3360D3A
Malicious:	false
Reputation:	low
URL:	https://belasting.online-factuur.com/cdn-cgi/images/browser-bar.png?1376755637
Preview:	.PNG........IHDR.......5.......r....]PLTE........................................................................................9W)....tRNS...u... ........IDATx....n.0....#.......?.f....I.B..g........O...hW...Y^.<..v..E..."....@D;u.#.h....WD.u...nq..vL...J?T.(D..&JtZ`&.....e..!.'m..5..$p.$..k`....+wCk.N=..(<....[.I.O4&.56..kR..O0.H`...%.b.Q........D..X...L.D..(.bT..... ..b+5I.+....W^. .....Y.....L.Ob.&26..IR.$0.y.^6*/..D..X.0_`..s.}..+S.. ..../D......I...ew..Qh.Nn......u.t0k.fX..b.&.!.\..I.cf..RgKC+2.M....6.)o. ..`c..M....../a.&....".Q.....uU.]@....j.......O.'......."....t....d...?z..p.q.Y.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a/..Y.x.I....IEND.B`.

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	4155
Entropy (8bit):	7.940987590244948
Encrypted:	false
SSDEEP:	96:CFgZlRWaS5V1QCNz283wCELQVM2lT5KU3FC90Vt:Celc1iCkQVM2lT5H3FC90Vt
MD5:	F12C1AAE0A2B9E67AD4AF38AF99F553B
SHA1:	3F125EB11A84C577007EF43A3A72DB6D3FA5E1B1
SHA-256:	E26C11FBBD9208013356DF909F4F33F3D9078BF2D972A305DAFE855F0BF0CDE6
SHA-512:	02336A072BFD98200F71B83A91E2ED11756C3B592FC577C6C29F5EBA3D07B8D4C1D6E6D12A904D42D55BA3EF2BE92A381D17827A43123CF584000B822FA20C92
Malicious:	false
Reputation:	low
URL:	https://belasting.online-factuur.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
Preview:	(./..X\....\//.dm..L.m9.7...-z]...?3Z%.....0$....^...ux..............m........gR.......(..5.......W.3h(..W,x.e....\|..P.......{.w.0....[....p..3.n.w.{._..}Q.+..>..s<..g...}.3....!J8...%.'..&..%....+.x..,.UU..Q<.....K$...TW..]..e.R........"..VQS...2...FU./Lu3..N.....@.c#.......4...6.\|f1{....x..'.\|.m4...w8..}`...]......c.....;..l.9.....P........-3`.]....ee.@.........#.~=....1../(.l...v}./z[.p.h...../D5<.....\|....eu.2p.ZQ.....#Y....n_g.!F....@.......vR..9K..v.._...?~.W........^U....7.B....UU{._...Q...g.........Op.o\...c...S....m.J#.kmRi...#8........RU...Q<..J.V..~;.,.0G...dx.E...X..\z.....E.T...'f......Ao...%sLS..P.;q......#S.<..y.M1o.8......0H7...Hw...R.$...D.tK".@.+.A.'W[H...TH.U... .Z..=GM6Kl..~!..<{....5.>...hI~..<..{...E.>..n:.....dxv..+`KU.."!.\:.&..v....c...p"...T..T...gY\...3...N.Z.Y:..p..F5.G8S...k>....P..`<?0~....y...~....Z+nG..xU..-T#.:....X....`....0G....j.R...I...........v.U.b....<7.......t....%..Z-.....1..].P...ZY3.....S..P..L*.....e..9p

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 22:24:37.763066053 CET	49756	443	192.168.11.20	23.44.201.28
Dec 28, 2024 22:24:46.447077990 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.447103977 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.447244883 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.447561979 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.447575092 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.856965065 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.857327938 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.857342005 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.858288050 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.858563900 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.859441996 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.859555006 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.912615061 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:46.912625074 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:46.959460974 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:47.700493097 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:47.700536013 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:47.700738907 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:47.700808048 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:47.700864077 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:47.701023102 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:47.701040030 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:47.701065063 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:47.701374054 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:47.701406002 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.293036938 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.293227911 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.293433905 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.293466091 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.295305967 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.295342922 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.295455933 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.295475006 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.295538902 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.295550108 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.297010899 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.297106981 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.297303915 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.297326088 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.297764063 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.297800064 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.391402960 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.391763926 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.391803980 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.393049002 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.448662996 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.486274958 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.493916035 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.494149923 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.494215965 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.494434118 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.501276970 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.501317024 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.593682051 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:48.593717098 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:48.593986988 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:48.594263077 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:48.594283104 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:48.723160982 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.723814964 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.724041939 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.724054098 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.733256102 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.733256102 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.733270884 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.733274937 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.774494886 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.774504900 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.830383062 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.830884933 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.830897093 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.831218958 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.831231117 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.831378937 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.932635069 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:48.934634924 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:48.934667110 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.007509947 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.007971048 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.007988930 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.009430885 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.009660006 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.010340929 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.010457993 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.010500908 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.038604021 CET	49779	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.038636923 CET	443	49779	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.038675070 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.038700104 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.038840055 CET	49779	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.038865089 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.039216995 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.039237022 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.039450884 CET	49779	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.039469004 CET	443	49779	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.042144060 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.042679071 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.042866945 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.042885065 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.043277025 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.044684887 CET	49781	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.044711113 CET	443	49781	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.044867992 CET	49781	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.045198917 CET	49781	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.045217037 CET	443	49781	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.054254055 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.064693928 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.064711094 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.106834888 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.106852055 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.106945038 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.106950998 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.106996059 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.107001066 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.107080936 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.107100010 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.107254028 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.109822035 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.109843969 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.221752882 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.221797943 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.221906900 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.222131968 CET	49776	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.222142935 CET	443	49776	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.222419977 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.222438097 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.222672939 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.223006010 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.223018885 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.308248997 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.308464050 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.308720112 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.308732033 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.350356102 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.350373030 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:24:49.354373932 CET	49783	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.354403019 CET	443	49783	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.354618073 CET	49783	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.355056047 CET	49783	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.355073929 CET	443	49783	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.400516987 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:24:49.618244886 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.618601084 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.618618011 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.619122028 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.619580030 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.619628906 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.619705915 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.635845900 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.635868073 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.636197090 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.636214972 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.636754036 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.636765957 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.636869907 CET	49779	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.636894941 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.636903048 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.636905909 CET	49781	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.636933088 CET	49783	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.636967897 CET	443	49779	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.636982918 CET	443	49781	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.637065887 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.637078047 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.637115955 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.637115955 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.637120008 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.637125015 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.637161016 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.637165070 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.637181997 CET	49779	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.637181997 CET	49781	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.659645081 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.682209969 CET	443	49783	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.732964039 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.733367920 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.733376026 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.839409113 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.846931934 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.847254992 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.847254992 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.847264051 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.853426933 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.853523016 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.853625059 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.853663921 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.853744984 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.853744984 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.853753090 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.853763103 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.854039907 CET	49782	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:24:49.854053020 CET	443	49782	35.190.80.1	192.168.11.20
Dec 28, 2024 22:24:49.878792048 CET	443	49783	172.67.171.151	192.168.11.20
Dec 28, 2024 22:24:49.879065990 CET	49783	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:49.903748989 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:24:56.863761902 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:56.863830090 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:24:56.863972902 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:57.958822012 CET	49773	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:24:57.958836079 CET	443	49773	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:20.164325953 CET	49763	443	192.168.11.20	23.33.40.147
Dec 28, 2024 22:25:20.966403961 CET	80	49765	208.89.73.21	192.168.11.20
Dec 28, 2024 22:25:20.966639042 CET	49765	80	192.168.11.20	208.89.73.21
Dec 28, 2024 22:25:20.966639042 CET	49765	80	192.168.11.20	208.89.73.21
Dec 28, 2024 22:25:21.089737892 CET	80	49765	208.89.73.21	192.168.11.20
Dec 28, 2024 22:25:21.474540949 CET	49764	80	192.168.11.20	142.250.80.3
Dec 28, 2024 22:25:21.474540949 CET	49766	80	192.168.11.20	208.89.73.21
Dec 28, 2024 22:25:21.477663994 CET	80	49766	208.89.73.21	192.168.11.20
Dec 28, 2024 22:25:21.477926970 CET	49766	80	192.168.11.20	208.89.73.21
Dec 28, 2024 22:25:21.570075989 CET	80	49764	142.250.80.3	192.168.11.20
Dec 28, 2024 22:25:21.570214987 CET	49764	80	192.168.11.20	142.250.80.3
Dec 28, 2024 22:25:21.597543001 CET	80	49766	208.89.73.21	192.168.11.20
Dec 28, 2024 22:25:33.396342993 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:25:33.396352053 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:25:34.364384890 CET	49775	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:25:34.364432096 CET	443	49775	104.21.63.179	192.168.11.20
Dec 28, 2024 22:25:34.860353947 CET	49780	443	192.168.11.20	172.67.171.151
Dec 28, 2024 22:25:34.860402107 CET	443	49780	172.67.171.151	192.168.11.20
Dec 28, 2024 22:25:46.409576893 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:46.409600019 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:46.409827948 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:46.410172939 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:46.410182953 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:46.816850901 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:46.817307949 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:46.817322016 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:46.818031073 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:46.818466902 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:46.818578959 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:46.862062931 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:48.498212099 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:25:48.498496056 CET	443	49774	104.21.63.179	192.168.11.20
Dec 28, 2024 22:25:48.498675108 CET	49774	443	192.168.11.20	104.21.63.179
Dec 28, 2024 22:25:48.498861074 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.498935938 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.499134064 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.499489069 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.499538898 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.595834970 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.595906973 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.596107960 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.596513987 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.596566916 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.893420935 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.893910885 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.893923998 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.894275904 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.894704103 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.894807100 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.894824982 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.935302973 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.935312986 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.993736982 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.994163036 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.994175911 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.995131016 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.995368004 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.995683908 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:48.995769978 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:48.995843887 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.042244911 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.044486046 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.044500113 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.091412067 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.120604038 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.120646000 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.120820045 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.120918036 CET	49793	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.120929956 CET	443	49793	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.121319056 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.121334076 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.121633053 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.121943951 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.121953011 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.121963024 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.121965885 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.227926970 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.228030920 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.228209972 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.228291988 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.228291988 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.228305101 CET	443	49794	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.228470087 CET	49794	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.228612900 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.228622913 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.228753090 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.229192972 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.229204893 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.516576052 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.517025948 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.517057896 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.517971992 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.518491030 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.518562078 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.518740892 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.560046911 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.631124020 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.631658077 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.631689072 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.632601023 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.633074999 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.633115053 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.633305073 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.684962034 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.741911888 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.741962910 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.742204905 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.742369890 CET	49795	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.742378950 CET	443	49795	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.864902020 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.864948988 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:49.865036964 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.865200043 CET	49796	443	192.168.11.20	35.190.80.1
Dec 28, 2024 22:25:49.865211964 CET	443	49796	35.190.80.1	192.168.11.20
Dec 28, 2024 22:25:56.826658010 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:56.826781034 CET	443	49792	142.251.40.132	192.168.11.20
Dec 28, 2024 22:25:56.827003002 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:57.954278946 CET	49792	443	192.168.11.20	142.251.40.132
Dec 28, 2024 22:25:57.954317093 CET	443	49792	142.251.40.132	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 22:24:34.073604107 CET	137	137	192.168.11.20	192.168.11.255
Dec 28, 2024 22:24:34.826204062 CET	137	137	192.168.11.20	192.168.11.255
Dec 28, 2024 22:24:35.591751099 CET	137	137	192.168.11.20	192.168.11.255
Dec 28, 2024 22:24:41.845426083 CET	53331	1900	192.168.11.20	239.255.255.250
Dec 28, 2024 22:24:41.879908085 CET	53	56764	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:41.924695969 CET	53	53330	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:42.666616917 CET	53	51991	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:42.846662045 CET	53331	1900	192.168.11.20	239.255.255.250
Dec 28, 2024 22:24:43.862093925 CET	53331	1900	192.168.11.20	239.255.255.250
Dec 28, 2024 22:24:44.216947079 CET	53	53572	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:44.877612114 CET	53331	1900	192.168.11.20	239.255.255.250
Dec 28, 2024 22:24:45.070873976 CET	137	137	192.168.11.20	192.168.11.255
Dec 28, 2024 22:24:45.830394030 CET	137	137	192.168.11.20	192.168.11.255
Dec 28, 2024 22:24:46.350811005 CET	50810	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:46.350900888 CET	50615	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:46.445388079 CET	53	50810	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:46.446428061 CET	53	50615	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:46.584605932 CET	137	137	192.168.11.20	192.168.11.255
Dec 28, 2024 22:24:47.522181034 CET	56714	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:47.522289038 CET	64235	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:47.660449028 CET	53	56714	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:47.714056969 CET	53	64235	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:48.495898008 CET	55798	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:48.496015072 CET	59824	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:48.592183113 CET	53	59824	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:48.593080044 CET	53	55798	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:48.835261106 CET	56224	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:48.835391998 CET	59067	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:24:49.029288054 CET	53	59067	1.1.1.1	192.168.11.20
Dec 28, 2024 22:24:49.038101912 CET	53	56224	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:04.356698036 CET	53	64651	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:11.402246952 CET	53	60912	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:26.127769947 CET	53	55316	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:41.906888008 CET	53	64540	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:48.498430967 CET	49724	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:25:48.498621941 CET	63106	53	192.168.11.20	1.1.1.1
Dec 28, 2024 22:25:48.594084024 CET	53	49724	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:48.595199108 CET	53	63106	1.1.1.1	192.168.11.20
Dec 28, 2024 22:25:51.573743105 CET	53	50037	1.1.1.1	192.168.11.20

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 28, 2024 22:24:47.714293957 CET	192.168.11.20	1.1.1.1	cb96	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 28, 2024 22:24:46.350811005 CET	192.168.11.20	1.1.1.1	0x270c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:46.350900888 CET	192.168.11.20	1.1.1.1	0xeedc	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 28, 2024 22:24:47.522181034 CET	192.168.11.20	1.1.1.1	0x163a	Standard query (0)	belasting.online-factuur.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:47.522289038 CET	192.168.11.20	1.1.1.1	0x73ed	Standard query (0)	belasting.online-factuur.com	65	IN (0x0001)	false
Dec 28, 2024 22:24:48.495898008 CET	192.168.11.20	1.1.1.1	0xa955	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:48.496015072 CET	192.168.11.20	1.1.1.1	0x4bcc	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Dec 28, 2024 22:24:48.835261106 CET	192.168.11.20	1.1.1.1	0x5343	Standard query (0)	belasting.online-factuur.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:48.835391998 CET	192.168.11.20	1.1.1.1	0xf148	Standard query (0)	belasting.online-factuur.com	65	IN (0x0001)	false
Dec 28, 2024 22:25:48.498430967 CET	192.168.11.20	1.1.1.1	0x3378	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:25:48.498621941 CET	192.168.11.20	1.1.1.1	0x6107	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 28, 2024 22:24:46.445388079 CET	1.1.1.1	192.168.11.20	0x270c	No error (0)	www.google.com	142.251.40.132	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:46.446428061 CET	1.1.1.1	192.168.11.20	0xeedc	No error (0)	www.google.com		65	IN (0x0001)	false
Dec 28, 2024 22:24:47.660449028 CET	1.1.1.1	192.168.11.20	0x163a	No error (0)	belasting.online-factuur.com	104.21.63.179	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:47.660449028 CET	1.1.1.1	192.168.11.20	0x163a	No error (0)	belasting.online-factuur.com	172.67.171.151	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:47.714056969 CET	1.1.1.1	192.168.11.20	0x73ed	No error (0)	belasting.online-factuur.com		65	IN (0x0001)	false
Dec 28, 2024 22:24:48.593080044 CET	1.1.1.1	192.168.11.20	0xa955	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:49.029288054 CET	1.1.1.1	192.168.11.20	0xf148	No error (0)	belasting.online-factuur.com		65	IN (0x0001)	false
Dec 28, 2024 22:24:49.038101912 CET	1.1.1.1	192.168.11.20	0x5343	No error (0)	belasting.online-factuur.com	172.67.171.151	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:24:49.038101912 CET	1.1.1.1	192.168.11.20	0x5343	No error (0)	belasting.online-factuur.com	104.21.63.179	A (IP address)	IN (0x0001)	false
Dec 28, 2024 22:25:48.594084024 CET	1.1.1.1	192.168.11.20	0x3378	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49776	35.190.80.1	443	2868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 21:24:49 UTC	571	OUT	OPTIONS /report/v4?s=84WOhuCZeF70ZDozQU2xqv7HitcDpiA%2BbxYxYrYE5Eo4TgI54JEaVcSXtk%2BuPkKPUq2nr88QYc5ZP5gdBPitYG2XguFMADcDXLVDAgTz9wTsaqcAnc4q4iIai%2BrfMWL6u99IySju9%2FEzHOczdxcy HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://belasting.online-factuur.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-28 21:24:49 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Sat, 28 Dec 2024 21:24:48 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49782	35.190.80.1	443	2868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 21:24:49 UTC	500	OUT	POST /report/v4?s=84WOhuCZeF70ZDozQU2xqv7HitcDpiA%2BbxYxYrYE5Eo4TgI54JEaVcSXtk%2BuPkKPUq2nr88QYc5ZP5gdBPitYG2XguFMADcDXLVDAgTz9wTsaqcAnc4q4iIai%2BrfMWL6u99IySju9%2FEzHOczdxcy HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 392 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-28 21:24:49 UTC	392	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 39 37 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 32 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 36 33 2e 31 37 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 65 6c 61 73 74 69 6e 67 2e 6f 6e 6c 69 6e 65 2d 66 61 63 74 75 Data Ascii: [{"age":1,"body":{"elapsed_time":972,"method":"GET","phase":"application","protocol":"h2","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.63.179","status_code":403,"type":"http.error"},"type":"network-error","url":"https://belasting.online-factu
2024-12-28 21:24:49 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 28 Dec 2024 21:24:49 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49793	35.190.80.1	443	2868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 21:25:48 UTC	577	OUT	OPTIONS /report/v4?s=aL9JO39GfHrwbe2z9VqwKaI1sfooELu0hz%2FfSuKSgNIn41pUwyTrJ5g5WAJK2Bp%2Ffaol%2Bpuo%2FVvxhW15RM5fd9URtYRnc8jwAuGvj6grsEU04BmwvalnwC%2B%2FnTelkLiFu6SzEsOe7VBYl%2FtdMVjL HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://belasting.online-factuur.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-28 21:25:49 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Sat, 28 Dec 2024 21:25:48 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49794	35.190.80.1	443	2868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 21:25:48 UTC	575	OUT	OPTIONS /report/v4?s=CQs5dvdRm4qbTB0CTrYWqoZpFh2GoJ%2Fhj6znbq%2Fbxj3LPdpF5d8ujZL9mGOcnVJS6B9xqjZSQTYLmTflrS6s%2FucqJ%2F%2BJHAGyn7MH1xkkfYPNq4XStOfXw2t7uKKQNwTDaPSACQ5Cul2uNPMu6E%2F2 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://belasting.online-factuur.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-28 21:25:49 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Sat, 28 Dec 2024 21:25:48 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49795	35.190.80.1	443	2868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 21:25:49 UTC	506	OUT	POST /report/v4?s=aL9JO39GfHrwbe2z9VqwKaI1sfooELu0hz%2FfSuKSgNIn41pUwyTrJ5g5WAJK2Bp%2Ffaol%2Bpuo%2FVvxhW15RM5fd9URtYRnc8jwAuGvj6grsEU04BmwvalnwC%2B%2FnTelkLiFu6SzEsOe7VBYl%2FtdMVjL HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 444 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-28 21:25:49 UTC	444	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 39 31 38 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 39 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 32 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 62 65 6c 61 73 74 69 6e 67 2e 6f 6e 6c 69 6e 65 2d 66 61 63 74 75 75 72 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 36 33 2e 31 37 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 Data Ascii: [{"age":59188,"body":{"elapsed_time":199,"method":"GET","phase":"application","protocol":"h2","referrer":"https://belasting.online-factuur.com/","sampling_fraction":1.0,"server_ip":"104.21.63.179","status_code":403,"type":"http.error"},"type":"network-err
2024-12-28 21:25:49 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 28 Dec 2024 21:25:49 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49796	35.190.80.1	443	2868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 21:25:49 UTC	504	OUT	POST /report/v4?s=CQs5dvdRm4qbTB0CTrYWqoZpFh2GoJ%2Fhj6znbq%2Fbxj3LPdpF5d8ujZL9mGOcnVJS6B9xqjZSQTYLmTflrS6s%2FucqJ%2F%2BJHAGyn7MH1xkkfYPNq4XStOfXw2t7uKKQNwTDaPSACQ5Cul2uNPMu6E%2F2 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 450 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-28 21:25:49 UTC	450	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 38 36 34 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 39 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 32 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 37 31 2e 31 35 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 35 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 65 6c 61 73 74 69 6e 67 2e 6f 6e 6c 69 6e 65 2d Data Ascii: [{"age":58643,"body":{"elapsed_time":499,"method":"GET","phase":"application","protocol":"h2","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.171.151","status_code":405,"type":"http.error"},"type":"network-error","url":"https://belasting.online-
2024-12-28 21:25:49 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 28 Dec 2024 21:25:49 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	16:24:39
Start date:	28/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7d29f0000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	16:24:40
Start date:	28/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11073809685410328450,13977048154993170284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2204 /prefetch:3
Imagebase:	0x7ff7d29f0000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	16:24:46
Start date:	28/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://belasting.online-factuur.com"
Imagebase:	0x7ff7d29f0000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. Common methods to acquire this information include port and/or vulnerability scans using tools that are brought onto a system.
Tactics:	Discovery
Data Sources:	Cloud Service: Cloud Service Enumeration, Command: Command Execution, Network Traffic: Network Traffic Flow
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://belasting.online-factuur.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 36

Chrome Cache Entry: 37

Chrome Cache Entry: 38

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2748, Parent PID: 7908

General

Chronological Activities

Analysis Process: chrome.exePID: 2868, Parent PID: 2748

General

Windows Analysis Report
https://belasting.online-factuur.com