Windows
Analysis Report
http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6200 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 712 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2432 --fi eld-trial- handle=230 0,i,179790 6034103818 3232,23184 0264424264 5953,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 7164 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://t1.glo bal.clubav olta.com/r /?id=h53eb cb4b,29506 a5f,2988ba 42&e=cDE9U kVEX0dMX0x veWFsdHlMY XVuY2hTb2x 1cy1OT0NPT S1BTEwtMDE xMDIwMjQtM V9YWCZwMj1 kNzEwNWE1Z i00NjE3LWV mMTEtOWY4O S0wMDBkM2E yMmNlYTE&s =UL5lq7ppK AS2OdQyUJw pwtyFXZuFN bm2B-aphPN ByoM" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com | 34.242.239.123 | true | false | unknown | |
www.google.com | 142.250.185.132 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
t1.global.clubavolta.com | unknown | unknown | false | unknown | |
mediafiles.shopdutyfree.com | unknown | unknown | false | unknown | |
london-heathrow.worlddutyfree.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
34.242.239.123 | dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
192.168.2.6 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523726 |
Start date and time: | 2024-10-02 00:27:40 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@17/3@10/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.250.186.174, 64.233.166.84, 34.104.35.123, 2.18.64.6, 2.18.64.5, 2.18.64.8, 2.18.64.13, 13.85.23.86, 192.229.221.95, 199.232.214.172, 20.242.39.171, 93.184.221.240, 142.250.186.67, 199.232.210.172
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, e28876.dsca.akamaiedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, mag2mediafiles.edgekey.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, div6promainv2.edgekey.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, e40765.dsca.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM
Input | Output |
---|---|
URL: https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-46 Model: jbxai | { "brand":["Dufry"], "contains_trigger_text":true, "trigger_text":"Dufry implements mechanisms to maintain a high level of service on our websites, which can include blocking of old web browsers that are misused by web spiders and scanners. We suggest upgrading your web browser to the most recent version of Chrome, Firefox, Safari or similar that is appropriate for your device.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1588 |
Entropy (8bit): | 7.609533922640709 |
Encrypted: | false |
SSDEEP: | 24:7FEPWNGcAOTNQaPQ0/EbiXoUv+r59iu8JRtPTRxbTpANGF0hd2U+SV1tN9c:7FuT1cNQaPQOloU2r58bhPv3pAd+h |
MD5: | 28481AA9A3464E60A7CF696FFA7FB563 |
SHA1: | 8D4FF18D37AE45CD96237C9DF0DB1A9410805F66 |
SHA-256: | A202878E1C69E2C46CA192F3BADC234A40D15A8CF9627BCF10582786687AB7A6 |
SHA-512: | 1EACB4E3AB3AAE593259421F2CE350D59FC89BD40EF343D85441E270E9C8096DF4C551B58592BFB68D4F87CB9C4A1FAF319FD73A81AB541235C2160D2FDDFE7F |
Malicious: | false |
Reputation: | low |
URL: | https://mediafiles.shopdutyfree.com/dufry-logo.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1588 |
Entropy (8bit): | 7.609533922640709 |
Encrypted: | false |
SSDEEP: | 24:7FEPWNGcAOTNQaPQ0/EbiXoUv+r59iu8JRtPTRxbTpANGF0hd2U+SV1tN9c:7FuT1cNQaPQOloU2r58bhPv3pAd+h |
MD5: | 28481AA9A3464E60A7CF696FFA7FB563 |
SHA1: | 8D4FF18D37AE45CD96237C9DF0DB1A9410805F66 |
SHA-256: | A202878E1C69E2C46CA192F3BADC234A40D15A8CF9627BCF10582786687AB7A6 |
SHA-512: | 1EACB4E3AB3AAE593259421F2CE350D59FC89BD40EF343D85441E270E9C8096DF4C551B58592BFB68D4F87CB9C4A1FAF319FD73A81AB541235C2160D2FDDFE7F |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 00:28:32.080563068 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:32.080744982 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:32.408710957 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:38.077354908 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.077403069 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:38.077457905 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.079112053 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.079124928 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:38.900490999 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:38.900590897 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.904073954 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.904087067 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:38.905942917 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:38.930681944 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.930736065 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.930749893 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:38.930888891 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:38.975395918 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:39.117939949 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:39.118180037 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:39.118226051 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:39.118522882 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:39.118541956 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:41.703649044 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:41.703649044 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:41.743280888 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:28:41.743844032 CEST | 49717 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:28:41.748842955 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:28:41.748861074 CEST | 80 | 49717 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:28:41.748944998 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:28:41.748991966 CEST | 49717 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:28:41.749193907 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:28:41.754198074 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:28:42.016978025 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:42.681924105 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:28:42.682497025 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:28:42.682574987 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:28:43.585412979 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:43.585458994 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:43.585685015 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:43.586232901 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:43.586246967 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:44.545907021 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:44.545941114 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:44.546019077 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:44.551904917 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:44.553955078 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:44.553975105 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:44.555704117 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:44.555766106 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:44.565722942 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:44.565738916 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:44.629245996 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:44.629561901 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:44.683434010 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:44.683449984 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:44.726839066 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:44.894680977 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:44.894781113 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:45.412677050 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.412760019 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.599507093 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.599525928 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.600496054 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.643341064 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.691032887 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.735404968 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.886302948 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.886471987 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.886564016 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.886765957 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.886789083 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.886842966 CEST | 49722 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.886854887 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.930608034 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.930697918 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:45.930813074 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.931157112 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:45.931190968 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.632767916 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.632860899 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:46.636712074 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:46.636739016 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.637156963 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.638649940 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:46.679421902 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.915913105 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.915980101 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.916069031 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:46.917341948 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:46.917404890 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:46.917443037 CEST | 49724 | 443 | 192.168.2.6 | 184.28.90.27 |
Oct 2, 2024 00:28:46.917459965 CEST | 443 | 49724 | 184.28.90.27 | 192.168.2.6 |
Oct 2, 2024 00:28:49.666572094 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:49.666620016 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:49.666727066 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:49.667387962 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:49.667397976 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:50.810755014 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:50.810935020 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:50.814385891 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:50.814412117 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:50.814642906 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:50.816966057 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:50.816966057 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:50.816982031 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:50.817130089 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:50.859404087 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:51.340257883 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:51.340327978 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:51.340396881 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:51.340655088 CEST | 49728 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:28:51.340676069 CEST | 443 | 49728 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:28:52.830249071 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:52.830374002 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:52.832746029 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:52.832787991 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:52.832869053 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:52.833276987 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:52.833292007 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:52.835366964 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:52.835792065 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:53.426246881 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:53.426327944 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:54.136107922 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:54.136183977 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:28:54.136241913 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:54.720877886 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:54.720901012 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:54.721357107 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:54.721486092 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:54.725286007 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:54.725310087 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:54.725502014 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:54.767409086 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:55.029397011 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:55.029686928 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:55.029975891 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:55.030036926 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Oct 2, 2024 00:28:55.030047894 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:55.030095100 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 2, 2024 00:28:55.770936966 CEST | 49721 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:28:55.770979881 CEST | 443 | 49721 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:03.150513887 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.150568008 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:03.150717974 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.151613951 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.151628017 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:03.949673891 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:03.949757099 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.962023020 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.962045908 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:03.962321043 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:03.968494892 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.968565941 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:03.968575001 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:03.968683958 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:04.011411905 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:04.142333984 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:04.142421961 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:04.142482042 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:04.142735958 CEST | 49733 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:04.142759085 CEST | 443 | 49733 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:20.373105049 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:20.373172998 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:20.373264074 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:20.375014067 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:20.375034094 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.335552931 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.335661888 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.337969065 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.337996960 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.338263988 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.339771032 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.339833021 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.339844942 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.339937925 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.383410931 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.520046949 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.520131111 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:21.520406008 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.520798922 CEST | 49734 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:21.520818949 CEST | 443 | 49734 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:26.755052090 CEST | 49717 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:29:26.762593985 CEST | 80 | 49717 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:29:27.689121962 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:29:27.696135998 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:29:39.525561094 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:39.525618076 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:39.525715113 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:39.526463985 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:39.526475906 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.327486992 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.327606916 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.421564102 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.421602011 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.421989918 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.448805094 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.448992014 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.449003935 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.449379921 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.491410017 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.619504929 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.619610071 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:40.619683027 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.620086908 CEST | 49737 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:40.620106936 CEST | 443 | 49737 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:41.768371105 CEST | 49717 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:29:41.775264978 CEST | 80 | 49717 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:29:41.775335073 CEST | 49717 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:29:42.355423927 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:29:42.355489969 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:29:43.626787901 CEST | 49716 | 80 | 192.168.2.6 | 34.242.239.123 |
Oct 2, 2024 00:29:43.627127886 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:43.627197981 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:43.627274990 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:43.627645969 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:43.627659082 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:43.631675959 CEST | 80 | 49716 | 34.242.239.123 | 192.168.2.6 |
Oct 2, 2024 00:29:44.264724016 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:44.265320063 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:44.265355110 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:44.265687943 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:44.266980886 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:44.267045975 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:44.312927008 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:54.210438013 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:54.210516930 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:54.210572004 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:55.772813082 CEST | 49738 | 443 | 192.168.2.6 | 142.250.185.132 |
Oct 2, 2024 00:29:55.772840023 CEST | 443 | 49738 | 142.250.185.132 | 192.168.2.6 |
Oct 2, 2024 00:29:59.478108883 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:59.478203058 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:29:59.478308916 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:59.478920937 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:29:59.478955030 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.269833088 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.270231962 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.273861885 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.273895979 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.274163961 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.276185989 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.276185989 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.276230097 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.276397943 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.323393106 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.451251984 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.451340914 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.451967001 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.452538013 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Oct 2, 2024 00:30:00.452578068 CEST | 443 | 49740 | 40.115.3.253 | 192.168.2.6 |
Oct 2, 2024 00:30:00.452627897 CEST | 49740 | 443 | 192.168.2.6 | 40.115.3.253 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 00:28:39.534265041 CEST | 53 | 61121 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:39.550793886 CEST | 53 | 57054 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:40.636218071 CEST | 53 | 62622 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:41.411525965 CEST | 53322 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:41.411660910 CEST | 62802 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:41.729931116 CEST | 53 | 53322 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:41.742376089 CEST | 53 | 62802 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:43.175729036 CEST | 60450 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:43.176532030 CEST | 50750 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:43.573597908 CEST | 60417 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:43.574218988 CEST | 64410 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:43.582227945 CEST | 53 | 60417 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:43.583832979 CEST | 53 | 64410 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:28:44.742750883 CEST | 49526 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:44.745995998 CEST | 65159 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:46.109436035 CEST | 55284 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:46.109627008 CEST | 61306 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 00:28:57.697895050 CEST | 53 | 58754 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:29:16.622272015 CEST | 53 | 56420 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:29:39.051117897 CEST | 53 | 57059 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 00:29:39.319643021 CEST | 53 | 59891 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 00:28:41.411525965 CEST | 192.168.2.6 | 1.1.1.1 | 0xee2e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 00:28:41.411660910 CEST | 192.168.2.6 | 1.1.1.1 | 0xeb0a | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 00:28:43.175729036 CEST | 192.168.2.6 | 1.1.1.1 | 0xfd3c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 00:28:43.176532030 CEST | 192.168.2.6 | 1.1.1.1 | 0x3b2d | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 00:28:43.573597908 CEST | 192.168.2.6 | 1.1.1.1 | 0xc760 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 00:28:43.574218988 CEST | 192.168.2.6 | 1.1.1.1 | 0xee17 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 00:28:44.742750883 CEST | 192.168.2.6 | 1.1.1.1 | 0x4520 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 00:28:44.745995998 CEST | 192.168.2.6 | 1.1.1.1 | 0xdc9c | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 00:28:46.109436035 CEST | 192.168.2.6 | 1.1.1.1 | 0x8726 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 00:28:46.109627008 CEST | 192.168.2.6 | 1.1.1.1 | 0x62d0 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 00:28:41.729931116 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2e | No error (0) | dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:41.729931116 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2e | No error (0) | 34.242.239.123 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:41.729931116 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2e | No error (0) | 34.251.58.245 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:41.742376089 CEST | 1.1.1.1 | 192.168.2.6 | 0xeb0a | No error (0) | dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:43.202241898 CEST | 1.1.1.1 | 192.168.2.6 | 0x3b2d | No error (0) | div6promainv2.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:43.229101896 CEST | 1.1.1.1 | 192.168.2.6 | 0xfd3c | No error (0) | div6promainv2.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:43.582227945 CEST | 1.1.1.1 | 192.168.2.6 | 0xc760 | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:43.583832979 CEST | 1.1.1.1 | 192.168.2.6 | 0xee17 | No error (0) | 65 | IN (0x0001) | false | |||
Oct 2, 2024 00:28:44.757249117 CEST | 1.1.1.1 | 192.168.2.6 | 0xdc9c | No error (0) | mag2mediafiles.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:44.788187981 CEST | 1.1.1.1 | 192.168.2.6 | 0x4520 | No error (0) | mag2mediafiles.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:46.129734039 CEST | 1.1.1.1 | 192.168.2.6 | 0x62d0 | No error (0) | mag2mediafiles.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:46.161675930 CEST | 1.1.1.1 | 192.168.2.6 | 0x8726 | No error (0) | mag2mediafiles.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:53.429112911 CEST | 1.1.1.1 | 192.168.2.6 | 0x1f5c | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:53.429112911 CEST | 1.1.1.1 | 192.168.2.6 | 0x1f5c | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:54.613107920 CEST | 1.1.1.1 | 192.168.2.6 | 0xbcb | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:28:54.613107920 CEST | 1.1.1.1 | 192.168.2.6 | 0xbcb | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:29:32.629550934 CEST | 1.1.1.1 | 192.168.2.6 | 0x186 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:29:32.629550934 CEST | 1.1.1.1 | 192.168.2.6 | 0x186 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:29:54.365209103 CEST | 1.1.1.1 | 192.168.2.6 | 0xb1d1 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 00:29:54.365209103 CEST | 1.1.1.1 | 192.168.2.6 | 0xb1d1 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49716 | 34.242.239.123 | 80 | 712 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 2, 2024 00:28:41.749193907 CEST | 644 | OUT | |
Oct 2, 2024 00:28:42.681924105 CEST | 792 | IN | |
Oct 2, 2024 00:28:42.682497025 CEST | 792 | IN | |
Oct 2, 2024 00:29:27.689121962 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49717 | 34.242.239.123 | 80 | 712 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 2, 2024 00:29:26.755052090 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.6 | 49710 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:28:38 UTC | 71 | OUT | |
2024-10-01 22:28:38 UTC | 249 | OUT | |
2024-10-01 22:28:38 UTC | 1084 | OUT | |
2024-10-01 22:28:38 UTC | 218 | OUT | |
2024-10-01 22:28:39 UTC | 14 | IN | |
2024-10-01 22:28:39 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49722 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:28:45 UTC | 161 | OUT | |
2024-10-01 22:28:45 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49724 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:28:46 UTC | 239 | OUT | |
2024-10-01 22:28:46 UTC | 515 | IN | |
2024-10-01 22:28:46 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.6 | 49728 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:28:50 UTC | 71 | OUT | |
2024-10-01 22:28:50 UTC | 249 | OUT | |
2024-10-01 22:28:50 UTC | 1084 | OUT | |
2024-10-01 22:28:50 UTC | 218 | OUT | |
2024-10-01 22:28:51 UTC | 14 | IN | |
2024-10-01 22:28:51 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
4 | 192.168.2.6 | 49730 | 173.222.162.64 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:28:54 UTC | 2256 | OUT | |
2024-10-01 22:28:54 UTC | 1 | OUT | |
2024-10-01 22:28:54 UTC | 515 | OUT | |
2024-10-01 22:28:55 UTC | 480 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.2.6 | 49733 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:29:03 UTC | 71 | OUT | |
2024-10-01 22:29:03 UTC | 249 | OUT | |
2024-10-01 22:29:03 UTC | 1084 | OUT | |
2024-10-01 22:29:03 UTC | 218 | OUT | |
2024-10-01 22:29:04 UTC | 14 | IN | |
2024-10-01 22:29:04 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
6 | 192.168.2.6 | 49734 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:29:21 UTC | 71 | OUT | |
2024-10-01 22:29:21 UTC | 249 | OUT | |
2024-10-01 22:29:21 UTC | 1084 | OUT | |
2024-10-01 22:29:21 UTC | 218 | OUT | |
2024-10-01 22:29:21 UTC | 14 | IN | |
2024-10-01 22:29:21 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
7 | 192.168.2.6 | 49737 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:29:40 UTC | 71 | OUT | |
2024-10-01 22:29:40 UTC | 249 | OUT | |
2024-10-01 22:29:40 UTC | 1084 | OUT | |
2024-10-01 22:29:40 UTC | 218 | OUT | |
2024-10-01 22:29:40 UTC | 14 | IN | |
2024-10-01 22:29:40 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
8 | 192.168.2.6 | 49740 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 22:30:00 UTC | 71 | OUT | |
2024-10-01 22:30:00 UTC | 249 | OUT | |
2024-10-01 22:30:00 UTC | 1084 | OUT | |
2024-10-01 22:30:00 UTC | 218 | OUT | |
2024-10-01 22:30:00 UTC | 14 | IN | |
2024-10-01 22:30:00 UTC | 58 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:28:33 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:28:37 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:28:40 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |