Windows
Analysis Report
https://beulad435-8316maraes.pages.dev/669486131595365
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 7152 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 2748 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2096 --fi eld-trial- handle=198 8,i,131707 0639624356 5679,81404 2144753702 4525,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 5868 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://beula d435-8316m araes.page s.dev/6694 8613159536 5" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | SlashNext | Credential Stealing type: Phishing & Social usering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
beulad435-8316maraes.pages.dev | 172.66.46.224 | true | false | unknown | |
www.google.com | 172.217.23.100 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
true | unknown | ||
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.66.46.224 | beulad435-8316maraes.pages.dev | United States | 13335 | CLOUDFLARENETUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.23.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.164 | unknown | United States | 15169 | GOOGLEUS | false | |
172.66.45.32 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.4 |
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502500 |
Start date and time: | 2024-09-02 00:12:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://beulad435-8316maraes.pages.dev/669486131595365 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.phis.win@16/10@8/7 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.110, 173.194.76.84, 34.104.35.123, 40.68.123.157, 93.184.221.240, 192.229.221.95, 52.165.164.15, 13.85.23.206, 142.250.185.195
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: https://beulad435-8316maraes.pages.dev/669486131595365
Input | Output |
---|---|
URL: https://beulad435-8316maraes.pages.dev/669486131595365 Model: jbxai | { "brand":["cloudflare"], "contains_trigger_text":true, "prominent_button_name":"Learn More", "text_input_field_labels":["Your IP: Click to reveal"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Reputation: | low |
URL: | https://beulad435-8316maraes.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24051 |
Entropy (8bit): | 4.941039417164537 |
Encrypted: | false |
SSDEEP: | 192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk |
MD5: | 5E8C69A459A691B5D1B9BE442332C87D |
SHA1: | F24DD1AD7C9080575D92A9A9A2C42620725EF836 |
SHA-256: | 84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091 |
SHA-512: | 6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42 |
Malicious: | false |
Reputation: | low |
URL: | https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4409 |
Entropy (8bit): | 5.102273617184804 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjUDK/D5DMF+BOisN9A2ZLimerR49PaQxJbGD:1j9jhjYjIK/Vo+tsZZOmerO9ieJGD |
MD5: | DBFFDC1A8333B7C7E8A2BB18455A8677 |
SHA1: | 6F4E9B06A9E3AA96935C49EA19B4D7EB19A4FE48 |
SHA-256: | 62860934350E3722452DBE7C8C7DC8CF41526708A8A5DD2B0F1C34841BA8FF13 |
SHA-512: | 453E189FC0EED241AE1789236989E9E63AF260090D25B7A27F7FA7FB2CE48006E3AEB222E2D62D3D9EB1412978C88551760A5C43CCB02867374E7D7ECD049345 |
Malicious: | false |
Reputation: | low |
URL: | https://beulad435-8316maraes.pages.dev/669486131595365 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1154 |
Entropy (8bit): | 5.059011792187525 |
Encrypted: | false |
SSDEEP: | 24:0p0JvdYt3DA9iQCCtoJPWnAV2/7E95mSCNeMkSCcO0MkY4Nu:0hA9i2msR/7GhCAMJC+MyNu |
MD5: | E179FDE746884835CE31CA76A397E58A |
SHA1: | 4740957E475DDC012D116C8594B105C9AF3790DE |
SHA-256: | 64D48900D354D98F416EF5ACFF13DBC1D6E80B0D82D67876D8C2E70A9E8BE8F8 |
SHA-512: | 0F6E5B5001676A95E4A369BABF1F08B478C761F5BCF645C96E0147AA6510F03A2B17D4191E09E8B7AE5E707C43F63DA7A4306EA555DE8AE123A54DCDCB081B43 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1154 |
Entropy (8bit): | 5.059011792187525 |
Encrypted: | false |
SSDEEP: | 24:0p0JvdYt3DA9iQCCtoJPWnAV2/7E95mSCNeMkSCcO0MkY4Nu:0hA9i2msR/7GhCAMJC+MyNu |
MD5: | E179FDE746884835CE31CA76A397E58A |
SHA1: | 4740957E475DDC012D116C8594B105C9AF3790DE |
SHA-256: | 64D48900D354D98F416EF5ACFF13DBC1D6E80B0D82D67876D8C2E70A9E8BE8F8 |
SHA-512: | 0F6E5B5001676A95E4A369BABF1F08B478C761F5BCF645C96E0147AA6510F03A2B17D4191E09E8B7AE5E707C43F63DA7A4306EA555DE8AE123A54DCDCB081B43 |
Malicious: | false |
Reputation: | low |
URL: | https://beulad435-8316maraes.pages.dev/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 2, 2024 00:12:57.806967974 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:12:57.806967974 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:12:58.088202953 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:13:06.898071051 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:06.898118019 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:06.898188114 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:06.898488998 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:06.898540020 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:06.898602962 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:06.898679018 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:06.898705959 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:06.899066925 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:06.899089098 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.372575998 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.372826099 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.372854948 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.373832941 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.373894930 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.374835014 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.374906063 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.375118971 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.375125885 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.392625093 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.393335104 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.393359900 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.394330978 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.394398928 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.394906998 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.394965887 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.416117907 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:13:07.416117907 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:13:07.416218042 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.447774887 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.447797060 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.495563984 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.505528927 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.505573034 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.505599022 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.505621910 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.505652905 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.505676985 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.505703926 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.505738020 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.505780935 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.520963907 CEST | 49704 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.520987034 CEST | 443 | 49704 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.560198069 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.604494095 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664706945 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664746046 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664772987 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664789915 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.664791107 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664800882 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664839029 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.664845943 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.664880037 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.664885044 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.665589094 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.665615082 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.665633917 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.665635109 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.665641069 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.665676117 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.666619062 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.666656971 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.696023941 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:13:07.757874012 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.757932901 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.757977962 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.758002996 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.758121967 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.758167028 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.758177042 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.758964062 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.759005070 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.759008884 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.759042025 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.759080887 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.787482977 CEST | 49705 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.787498951 CEST | 443 | 49705 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.896338940 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.896365881 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:07.896426916 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.896972895 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:07.896984100 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.341376066 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.341622114 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.341641903 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.341984987 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.342386961 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.342446089 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.342874050 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.388501883 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.483464956 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.483545065 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.483824968 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.484339952 CEST | 49708 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.484358072 CEST | 443 | 49708 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.567641973 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.567698002 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.567754984 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.568423986 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:08.568439007 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:08.591924906 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:08.591944933 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:08.592098951 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:08.592508078 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:08.592520952 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.029721975 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.042467117 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:09.042484045 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.042885065 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.057075024 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:09.057198048 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.061633110 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:09.076365948 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.084218979 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.084239006 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.085328102 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.085402012 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.086087942 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.086154938 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.086348057 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.086364985 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.104504108 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.137934923 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.216363907 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.216434002 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.217134953 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.220274925 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.220387936 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.221132994 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:09.225222111 CEST | 49710 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.225239992 CEST | 443 | 49710 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.234846115 CEST | 49709 | 443 | 192.168.2.6 | 172.66.46.224 |
Sep 2, 2024 00:13:09.234874010 CEST | 443 | 49709 | 172.66.46.224 | 192.168.2.6 |
Sep 2, 2024 00:13:09.399631977 CEST | 443 | 49698 | 173.222.162.64 | 192.168.2.6 |
Sep 2, 2024 00:13:09.399713993 CEST | 49698 | 443 | 192.168.2.6 | 173.222.162.64 |
Sep 2, 2024 00:13:09.419363022 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:09.419384956 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:09.419461012 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:09.419642925 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:09.419656992 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:09.566524982 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.566567898 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.566644907 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.567411900 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:09.567426920 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:09.595767975 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:09.595804930 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:09.595876932 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:09.599519014 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:09.599529982 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.010860920 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.011363029 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:10.011392117 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.011722088 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.012331963 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:10.012396097 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.012840033 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:10.060501099 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.060837030 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:10.061090946 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:10.061105013 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:10.062089920 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:10.062144041 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:10.063157082 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:10.063226938 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:10.117945910 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:10.117953062 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:10.164824963 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:10.193191051 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.193449974 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.193506002 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:10.195890903 CEST | 49712 | 443 | 192.168.2.6 | 172.66.45.32 |
Sep 2, 2024 00:13:10.195908070 CEST | 443 | 49712 | 172.66.45.32 | 192.168.2.6 |
Sep 2, 2024 00:13:10.216018915 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.216106892 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.239387035 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.239413977 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.239734888 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.289838076 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.401571035 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.444502115 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.577054024 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.577114105 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.578222990 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.578383923 CEST | 49713 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.578402996 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.607585907 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.607616901 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:10.607687950 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.607973099 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:10.607984066 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.226855993 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.226964951 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:11.251198053 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:11.251230001 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.251519918 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.254580021 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:11.296502113 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.485477924 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.485536098 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.485768080 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:11.487585068 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:11.487601995 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:11.487611055 CEST | 49714 | 443 | 192.168.2.6 | 184.28.90.27 |
Sep 2, 2024 00:13:11.487617970 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.6 |
Sep 2, 2024 00:13:19.969947100 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:19.970005035 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:13:19.970078945 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:21.225173950 CEST | 49711 | 443 | 192.168.2.6 | 172.217.23.100 |
Sep 2, 2024 00:13:21.225203037 CEST | 443 | 49711 | 172.217.23.100 | 192.168.2.6 |
Sep 2, 2024 00:14:09.471580982 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:09.471626043 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:09.471709967 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:09.471932888 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:09.471945047 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:10.136435032 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:10.136769056 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:10.136779070 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:10.137103081 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:10.137518883 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:10.137584925 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:10.181397915 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:19.997473955 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:19.997534990 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Sep 2, 2024 00:14:19.997796059 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:21.200018883 CEST | 49724 | 443 | 192.168.2.6 | 142.250.186.164 |
Sep 2, 2024 00:14:21.200036049 CEST | 443 | 49724 | 142.250.186.164 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 2, 2024 00:13:04.663495064 CEST | 53 | 49861 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:04.687036991 CEST | 53 | 50946 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:05.884872913 CEST | 53 | 54219 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:06.874284983 CEST | 60918 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:13:06.877479076 CEST | 54909 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:13:06.887861967 CEST | 53 | 60918 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:06.897505999 CEST | 53 | 54909 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:08.572309017 CEST | 59310 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:13:08.572653055 CEST | 64349 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:13:08.584687948 CEST | 53 | 64349 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:08.586860895 CEST | 53 | 59310 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:09.409790039 CEST | 64027 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:13:09.410350084 CEST | 49352 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:13:09.416845083 CEST | 53 | 64027 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:09.417407036 CEST | 53 | 49352 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:22.815946102 CEST | 53 | 58870 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:13:41.715367079 CEST | 53 | 62452 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:14:04.387187004 CEST | 53 | 61731 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:14:04.492352962 CEST | 53 | 62115 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:14:09.463715076 CEST | 64882 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:14:09.464075089 CEST | 50775 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 2, 2024 00:14:09.470454931 CEST | 53 | 64882 | 1.1.1.1 | 192.168.2.6 |
Sep 2, 2024 00:14:09.470793009 CEST | 53 | 50775 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 2, 2024 00:13:06.874284983 CEST | 192.168.2.6 | 1.1.1.1 | 0x1248 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 2, 2024 00:13:06.877479076 CEST | 192.168.2.6 | 1.1.1.1 | 0x47f9 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 2, 2024 00:13:08.572309017 CEST | 192.168.2.6 | 1.1.1.1 | 0x3383 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 2, 2024 00:13:08.572653055 CEST | 192.168.2.6 | 1.1.1.1 | 0xaeef | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 2, 2024 00:13:09.409790039 CEST | 192.168.2.6 | 1.1.1.1 | 0x7f85 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 2, 2024 00:13:09.410350084 CEST | 192.168.2.6 | 1.1.1.1 | 0x6b4b | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 2, 2024 00:14:09.463715076 CEST | 192.168.2.6 | 1.1.1.1 | 0x570e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 2, 2024 00:14:09.464075089 CEST | 192.168.2.6 | 1.1.1.1 | 0x8c18 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 2, 2024 00:13:06.887861967 CEST | 1.1.1.1 | 192.168.2.6 | 0x1248 | No error (0) | 172.66.46.224 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:06.887861967 CEST | 1.1.1.1 | 192.168.2.6 | 0x1248 | No error (0) | 172.66.45.32 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:06.897505999 CEST | 1.1.1.1 | 192.168.2.6 | 0x47f9 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 2, 2024 00:13:08.584687948 CEST | 1.1.1.1 | 192.168.2.6 | 0xaeef | No error (0) | 65 | IN (0x0001) | false | |||
Sep 2, 2024 00:13:08.586860895 CEST | 1.1.1.1 | 192.168.2.6 | 0x3383 | No error (0) | 172.66.45.32 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:08.586860895 CEST | 1.1.1.1 | 192.168.2.6 | 0x3383 | No error (0) | 172.66.46.224 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:09.416845083 CEST | 1.1.1.1 | 192.168.2.6 | 0x7f85 | No error (0) | 172.217.23.100 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:09.417407036 CEST | 1.1.1.1 | 192.168.2.6 | 0x6b4b | No error (0) | 65 | IN (0x0001) | false | |||
Sep 2, 2024 00:13:19.852730989 CEST | 1.1.1.1 | 192.168.2.6 | 0xbac2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:19.852730989 CEST | 1.1.1.1 | 192.168.2.6 | 0xbac2 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:33.238193989 CEST | 1.1.1.1 | 192.168.2.6 | 0x610f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:33.238193989 CEST | 1.1.1.1 | 192.168.2.6 | 0x610f | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:56.814244986 CEST | 1.1.1.1 | 192.168.2.6 | 0xcfde | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 2, 2024 00:13:56.814244986 CEST | 1.1.1.1 | 192.168.2.6 | 0xcfde | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:14:09.470454931 CEST | 1.1.1.1 | 192.168.2.6 | 0x570e | No error (0) | 142.250.186.164 | A (IP address) | IN (0x0001) | false | ||
Sep 2, 2024 00:14:09.470793009 CEST | 1.1.1.1 | 192.168.2.6 | 0x8c18 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 2, 2024 00:14:17.579863071 CEST | 1.1.1.1 | 192.168.2.6 | 0xcb2b | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 2, 2024 00:14:17.579863071 CEST | 1.1.1.1 | 192.168.2.6 | 0xcb2b | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49704 | 172.66.46.224 | 443 | 2748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:07 UTC | 688 | OUT | |
2024-09-01 22:13:07 UTC | 567 | IN | |
2024-09-01 22:13:07 UTC | 802 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 877 | IN | |
2024-09-01 22:13:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49705 | 172.66.46.224 | 443 | 2748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:07 UTC | 602 | OUT | |
2024-09-01 22:13:07 UTC | 411 | IN | |
2024-09-01 22:13:07 UTC | 958 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN | |
2024-09-01 22:13:07 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49708 | 172.66.46.224 | 443 | 2748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:08 UTC | 679 | OUT | |
2024-09-01 22:13:08 UTC | 409 | IN | |
2024-09-01 22:13:08 UTC | 452 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49709 | 172.66.46.224 | 443 | 2748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:09 UTC | 631 | OUT | |
2024-09-01 22:13:09 UTC | 734 | IN | |
2024-09-01 22:13:09 UTC | 635 | IN | |
2024-09-01 22:13:09 UTC | 526 | IN | |
2024-09-01 22:13:09 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49710 | 172.66.45.32 | 443 | 2748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:09 UTC | 400 | OUT | |
2024-09-01 22:13:09 UTC | 409 | IN | |
2024-09-01 22:13:09 UTC | 452 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49712 | 172.66.45.32 | 443 | 2748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:10 UTC | 365 | OUT | |
2024-09-01 22:13:10 UTC | 734 | IN | |
2024-09-01 22:13:10 UTC | 1161 | IN | |
2024-09-01 22:13:10 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49713 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:10 UTC | 161 | OUT | |
2024-09-01 22:13:10 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49714 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 22:13:11 UTC | 239 | OUT | |
2024-09-01 22:13:11 UTC | 515 | IN | |
2024-09-01 22:13:11 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:12:59 |
Start date: | 01/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:13:03 |
Start date: | 01/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:13:06 |
Start date: | 01/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |