Edit tour

Windows Analysis Report
http://crewbibles.com.de

Overview

General Information

Sample URL:	http://crewbibles.com.de
Analysis ID:	1544029
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2252,i,1965608297308074209,17162175277311975374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://crewbibles.com.de" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=jqzrQtwKGplWGUQ78QkdWVDOa1dEwt244tIQfbnnsjqvbvpn66wWOtW%2BIkE9YNwR7sxrgyuPAnzLKu2N%2FiNPRqF01v7EUpudYzNiq4eTJ1By0hYpAKRouWH8xSsTGBfNbWuZVA%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 388Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Oct 2024 17:20:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jqzrQtwKGplWGUQ78QkdWVDOa1dEwt244tIQfbnnsjqvbvpn66wWOtW%2BIkE9YNwR7sxrgyuPAnzLKu2N%2FiNPRqF01v7EUpudYzNiq4eTJ1By0hYpAKRouWH8xSsTGBfNbWuZVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d9c984d9d136c08-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1271&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1238&delivery_rate=2236293&cwnd=251&unsent_bytes=0&cid=41f5ef8e4c5c05f1&ts=410&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Oct 2024 17:20:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JsWUIKbUXwyvGNyW2GvZz7%2B3DPykZOVMW4rDF6IP21uZspqqmDbRSDV3%2BotSBw8I445gsMiaq6T2alixZpVx9lCyRmioVjGLfz5I3%2BMP6NGTBZr1j5sLzwxMUst0muzd9YpnUw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d9c98563ab50b7e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1644&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1168&delivery_rate=1683720&cwnd=251&unsent_bytes=0&cid=a40ca53a9bf37b30&ts=468&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown

HTTPS traffic detected: 13.107.253.67:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: classification engine

Classification label: sus20.win@17/4@30/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2252,i,1965608297308074209,17162175277311975374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://crewbibles.com.de"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2252,i,1965608297308074209,17162175277311975374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected suspicious URL

Source: Email

JoeBoxAI: AI detected suspicious URL: URL: http://crewbibles.com.de

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
crewbibles.com.de	188.114.97.3	true	true	unknown
s-part-0039.t-0009.fb-t-msedge.net	13.107.253.67	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
http://crewbibles.com.de/	false	unknown
https://crewbibles.com.de/favicon.ico	false	unknown
https://a.nel.cloudflare.com/report/v4?s=jqzrQtwKGplWGUQ78QkdWVDOa1dEwt244tIQfbnnsjqvbvpn66wWOtW%2BIkE9YNwR7sxrgyuPAnzLKu2N%2FiNPRqF01v7EUpudYzNiq4eTJ1By0hYpAKRouWH8xSsTGBfNbWuZVA%3D%3D	false	unknown
https://crewbibles.com.de/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	crewbibles.com.de	European Union	13335	CLOUDFLARENETUS	true
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544029
Start date and time:	2024-10-28 18:18:32 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://crewbibles.com.de
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@17/4@30/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.238, 64.233.166.84, 172.217.18.3, 4.175.87.197, 131.107.255.255, 199.232.214.172, 192.229.221.95, 52.165.164.15, 34.104.35.123, 20.242.39.171, 172.217.16.195
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, www.gstatic.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://crewbibles.com.de

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:	24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	low
URL:	https://crewbibles.com.de/favicon.ico
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:	24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	low
URL:	https://crewbibles.com.de/
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 18:19:29.495677948 CET	49675	443	192.168.2.4	173.222.162.32
Oct 28, 2024 18:19:34.104454994 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:34.104923010 CET	49737	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:34.294428110 CET	49738	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:34.728244066 CET	80	49736	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:34.728420973 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:34.729195118 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:34.729902029 CET	80	49737	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:34.730496883 CET	49737	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:35.276220083 CET	80	49736	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:35.306296110 CET	49738	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:35.899530888 CET	80	49736	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:35.946304083 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:37.205810070 CET	80	49736	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:37.205960989 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:37.311778069 CET	49738	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:38.869906902 CET	80	49736	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:38.870182037 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:40.615971088 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:19:40.616003990 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:19:40.616281986 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:19:40.616580009 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:19:40.616590023 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:19:41.324803114 CET	49738	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:49.326782942 CET	49738	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:50.755140066 CET	80	49737	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:50.755520105 CET	49737	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:51.350336075 CET	49737	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:19:51.947202921 CET	80	49737	188.114.97.3	192.168.2.4
Oct 28, 2024 18:19:55.338422060 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:19:56.340212107 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:19:58.355488062 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:02.356168032 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:09.782274961 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:09.782660961 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:09.782675028 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:09.784107924 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:09.784312010 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:09.788896084 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:09.788949013 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:09.788959026 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:09.789146900 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:09.838656902 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:09.838671923 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:09.884954929 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.303014994 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:10.303160906 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:10.303477049 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.352510929 CET	49739	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.352525949 CET	443	49739	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:10.356420994 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.419657946 CET	80	49740	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:10.419888973 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.423006058 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:10.423048973 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:10.423295021 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:10.423893929 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:10.423913956 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:10.451174974 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.451212883 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:10.451325893 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.451556921 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:10.451579094 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.095236063 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.097453117 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.101541042 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.101573944 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.101732016 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.101752996 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.102094889 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.104454994 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.104654074 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.152640104 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.167927980 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.168287992 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.168762922 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.168941021 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.169043064 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.169059038 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.169076920 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.215150118 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.215148926 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.215184927 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.314116955 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.315730095 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.315865040 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.322741985 CET	49747	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.322756052 CET	443	49747	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.323698044 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.323729992 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.323813915 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.328118086 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.328133106 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.556245089 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.556397915 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.556773901 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.559643030 CET	49749	443	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:11.559665918 CET	443	49749	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:11.985073090 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.985555887 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.985568047 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.986457109 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.987210989 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.987230062 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:11.987237930 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:11.987370014 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:12.040898085 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:12.138976097 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:12.139430046 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:12.139501095 CET	443	49751	35.190.80.1	192.168.2.4
Oct 28, 2024 18:20:12.139595032 CET	49751	443	192.168.2.4	35.190.80.1
Oct 28, 2024 18:20:20.901223898 CET	49736	80	192.168.2.4	188.114.97.3
Oct 28, 2024 18:20:20.914225101 CET	80	49736	188.114.97.3	192.168.2.4
Oct 28, 2024 18:20:22.276000977 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:22.276024103 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:22.276220083 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:22.277318001 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:22.277331114 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:23.504678965 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:23.504895926 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:23.512290001 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:23.512296915 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:23.512608051 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:23.532269001 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:23.579322100 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.423197985 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.423233986 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.423249006 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.423317909 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:24.423332930 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.423405886 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:24.540287018 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.540312052 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.540410995 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:24.540422916 CET	443	49753	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:24.540482998 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:24.540565014 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:25.912098885 CET	80	49740	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:25.912178040 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:27.045274019 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:29.077696085 CET	80	49740	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:29.077760935 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:30.056448936 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:34.301743984 CET	49755	443	192.168.2.4	142.250.186.100
Oct 28, 2024 18:20:34.301783085 CET	443	49755	142.250.186.100	192.168.2.4
Oct 28, 2024 18:20:34.301877022 CET	49755	443	192.168.2.4	142.250.186.100
Oct 28, 2024 18:20:34.302275896 CET	49755	443	192.168.2.4	142.250.186.100
Oct 28, 2024 18:20:34.302292109 CET	443	49755	142.250.186.100	192.168.2.4
Oct 28, 2024 18:20:35.221749067 CET	80	49740	188.114.96.3	192.168.2.4
Oct 28, 2024 18:20:35.221970081 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:36.056973934 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:46.004014015 CET	49753	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.048274994 CET	49756	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.048382998 CET	443	49756	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.048466921 CET	49756	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.050661087 CET	49757	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.050710917 CET	443	49757	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.050940037 CET	49757	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.051367998 CET	49757	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.051387072 CET	443	49757	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.052743912 CET	49758	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.052774906 CET	443	49758	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.052874088 CET	49758	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.053113937 CET	49756	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.053153038 CET	443	49756	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.054222107 CET	49758	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.054249048 CET	443	49758	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.055572987 CET	49759	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.055583954 CET	443	49759	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.055864096 CET	49759	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.056099892 CET	49759	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.056108952 CET	443	49759	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.058674097 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.058715105 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:46.058891058 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.059185982 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:46.059205055 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:48.057991028 CET	49740	80	192.168.2.4	188.114.96.3
Oct 28, 2024 18:20:48.368561983 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:48.370100975 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:48.370126009 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:48.370789051 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:48.370798111 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106024027 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106080055 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106123924 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.106146097 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106379032 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.106400013 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106410027 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.106734037 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106816053 CET	443	49760	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.106863976 CET	49760	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.109354019 CET	49762	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.109385967 CET	443	49762	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:51.109463930 CET	49762	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.109607935 CET	49762	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:51.109626055 CET	443	49762	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:53.434691906 CET	443	49762	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:53.435408115 CET	49762	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:53.435436010 CET	443	49762	13.107.253.67	192.168.2.4
Oct 28, 2024 18:20:53.436039925 CET	49762	443	192.168.2.4	13.107.253.67
Oct 28, 2024 18:20:53.436047077 CET	443	49762	13.107.253.67	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 18:19:32.418420076 CET	52850	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:32.418557882 CET	49267	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:33.141829967 CET	64172	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:33.142189026 CET	56815	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:33.439944029 CET	62481	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:33.440161943 CET	59379	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:34.043370008 CET	53	62481	1.1.1.1	192.168.2.4
Oct 28, 2024 18:19:34.167362928 CET	56155	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:34.167715073 CET	63513	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:35.928220034 CET	49870	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:35.928487062 CET	60370	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:36.202498913 CET	56872	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:36.947204113 CET	52807	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:36.947717905 CET	56853	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:37.217202902 CET	56872	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:38.230587006 CET	56872	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:38.984181881 CET	51179	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:39.997334003 CET	51179	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:40.231602907 CET	56872	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:40.610027075 CET	53	51179	1.1.1.1	192.168.2.4
Oct 28, 2024 18:19:44.244563103 CET	56872	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:46.440347910 CET	138	138	192.168.2.4	192.168.2.255
Oct 28, 2024 18:19:54.654388905 CET	64390	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:55.668401957 CET	64390	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:56.681770086 CET	64390	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:19:58.684986115 CET	64390	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:02.809621096 CET	64390	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:10.313606024 CET	63537	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:10.314169884 CET	61225	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:10.397367001 CET	53	61225	1.1.1.1	192.168.2.4
Oct 28, 2024 18:20:10.397486925 CET	53	63537	1.1.1.1	192.168.2.4
Oct 28, 2024 18:20:22.289254904 CET	53	57186	1.1.1.1	192.168.2.4
Oct 28, 2024 18:20:28.805787086 CET	53	49641	1.1.1.1	192.168.2.4
Oct 28, 2024 18:20:33.198060989 CET	60872	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:33.198195934 CET	50524	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:34.213728905 CET	52051	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:34.213928938 CET	54373	53	192.168.2.4	1.1.1.1
Oct 28, 2024 18:20:34.300291061 CET	53	52051	1.1.1.1	192.168.2.4
Oct 28, 2024 18:20:34.300304890 CET	53	54373	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 28, 2024 18:19:32.418420076 CET	192.168.2.4	1.1.1.1	0x8c94	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:32.418557882 CET	192.168.2.4	1.1.1.1	0xa82f	Standard query (0)	crewbibles.com.de	65	IN (0x0001)	false
Oct 28, 2024 18:19:33.141829967 CET	192.168.2.4	1.1.1.1	0x35f5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:33.142189026 CET	192.168.2.4	1.1.1.1	0xc941	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 28, 2024 18:19:33.439944029 CET	192.168.2.4	1.1.1.1	0x6086	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:33.440161943 CET	192.168.2.4	1.1.1.1	0xc3ec	Standard query (0)	crewbibles.com.de	65	IN (0x0001)	false
Oct 28, 2024 18:19:34.167362928 CET	192.168.2.4	1.1.1.1	0xad71	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:34.167715073 CET	192.168.2.4	1.1.1.1	0x15e7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 28, 2024 18:19:35.928220034 CET	192.168.2.4	1.1.1.1	0x4c32	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:35.928487062 CET	192.168.2.4	1.1.1.1	0x1bac	Standard query (0)	crewbibles.com.de	65	IN (0x0001)	false
Oct 28, 2024 18:19:36.202498913 CET	192.168.2.4	1.1.1.1	0xd972	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:36.947204113 CET	192.168.2.4	1.1.1.1	0x5793	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:36.947717905 CET	192.168.2.4	1.1.1.1	0xa86d	Standard query (0)	crewbibles.com.de	65	IN (0x0001)	false
Oct 28, 2024 18:19:37.217202902 CET	192.168.2.4	1.1.1.1	0xd972	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:38.230587006 CET	192.168.2.4	1.1.1.1	0xd972	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:38.984181881 CET	192.168.2.4	1.1.1.1	0xd07c	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:39.997334003 CET	192.168.2.4	1.1.1.1	0xd07c	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:40.231602907 CET	192.168.2.4	1.1.1.1	0xd972	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:44.244563103 CET	192.168.2.4	1.1.1.1	0xd972	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:54.654388905 CET	192.168.2.4	1.1.1.1	0x682b	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:55.668401957 CET	192.168.2.4	1.1.1.1	0x682b	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:56.681770086 CET	192.168.2.4	1.1.1.1	0x682b	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:58.684986115 CET	192.168.2.4	1.1.1.1	0x682b	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:02.809621096 CET	192.168.2.4	1.1.1.1	0x682b	Standard query (0)	crewbibles.com.de	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:10.313606024 CET	192.168.2.4	1.1.1.1	0xf775	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:10.314169884 CET	192.168.2.4	1.1.1.1	0xce7	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Oct 28, 2024 18:20:33.198060989 CET	192.168.2.4	1.1.1.1	0xf90a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:33.198195934 CET	192.168.2.4	1.1.1.1	0x2473	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 28, 2024 18:20:34.213728905 CET	192.168.2.4	1.1.1.1	0x9ccc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:34.213928938 CET	192.168.2.4	1.1.1.1	0xf8ef	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 28, 2024 18:19:34.043370008 CET	1.1.1.1	192.168.2.4	0x6086	No error (0)	crewbibles.com.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:34.043370008 CET	1.1.1.1	192.168.2.4	0x6086	No error (0)	crewbibles.com.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:40.610027075 CET	1.1.1.1	192.168.2.4	0xd07c	No error (0)	crewbibles.com.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:19:40.610027075 CET	1.1.1.1	192.168.2.4	0xd07c	No error (0)	crewbibles.com.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:05.723089933 CET	1.1.1.1	192.168.2.4	0x7aed	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:05.723089933 CET	1.1.1.1	192.168.2.4	0x7aed	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:10.397486925 CET	1.1.1.1	192.168.2.4	0xf775	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:10.427071095 CET	1.1.1.1	192.168.2.4	0x284c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 18:20:10.427071095 CET	1.1.1.1	192.168.2.4	0x284c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:22.274938107 CET	1.1.1.1	192.168.2.4	0x6620	No error (0)	shed.dual-low.s-part-0039.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 18:20:22.274938107 CET	1.1.1.1	192.168.2.4	0x6620	No error (0)	dual.s-part-0039.t-0009.fb-t-msedge.net	s-part-0039.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 18:20:22.274938107 CET	1.1.1.1	192.168.2.4	0x6620	No error (0)	s-part-0039.t-0009.fb-t-msedge.net		13.107.253.67	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:34.300291061 CET	1.1.1.1	192.168.2.4	0x9ccc	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Oct 28, 2024 18:20:34.300304890 CET	1.1.1.1	192.168.2.4	0xf8ef	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 28, 2024 18:20:37.462881088 CET	1.1.1.1	192.168.2.4	0x22f4	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 18:20:37.462881088 CET	1.1.1.1	192.168.2.4	0x22f4	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

crewbibles.com.de

https:

a.nel.cloudflare.com

otelrules.azureedge.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	188.114.97.3	80	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 28, 2024 18:19:34.729195118 CET	432	OUT	GET / HTTP/1.1 Host: crewbibles.com.de Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 28, 2024 18:19:35.899530888 CET	1032	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 28 Oct 2024 17:19:35 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 28 Oct 2024 18:19:35 GMT Location: https://crewbibles.com.de/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xi0GG%2F6FPZM9tYaCOzIL4foPZdE%2BPdF5MaWh0jDCymqaLrflz8HsQFN0TV%2FKRJqF7%2BL6TvQufRx1dYaj7OrR%2BYAbudtob9Dk0UNkXxxqlhgrEYM8MHv9g5%2BRDCumTcbskYLzZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 8d9c9778db8145e3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=432&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 28, 2024 18:19:37.205810070 CET	1032	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 28 Oct 2024 17:19:35 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 28 Oct 2024 18:19:35 GMT Location: https://crewbibles.com.de/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xi0GG%2F6FPZM9tYaCOzIL4foPZdE%2BPdF5MaWh0jDCymqaLrflz8HsQFN0TV%2FKRJqF7%2BL6TvQufRx1dYaj7OrR%2BYAbudtob9Dk0UNkXxxqlhgrEYM8MHv9g5%2BRDCumTcbskYLzZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 8d9c9778db8145e3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=432&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 28, 2024 18:19:38.869906902 CET	1032	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 28 Oct 2024 17:19:35 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 28 Oct 2024 18:19:35 GMT Location: https://crewbibles.com.de/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xi0GG%2F6FPZM9tYaCOzIL4foPZdE%2BPdF5MaWh0jDCymqaLrflz8HsQFN0TV%2FKRJqF7%2BL6TvQufRx1dYaj7OrR%2BYAbudtob9Dk0UNkXxxqlhgrEYM8MHv9g5%2BRDCumTcbskYLzZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 8d9c9778db8145e3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=432&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 28, 2024 18:20:20.901223898 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	188.114.96.3	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:09 UTC	660	OUT	GET / HTTP/1.1 Host: crewbibles.com.de Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 17:20:10 UTC	845	IN	HTTP/1.1 404 Not Found Date: Mon, 28 Oct 2024 17:20:10 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jqzrQtwKGplWGUQ78QkdWVDOa1dEwt244tIQfbnnsjqvbvpn66wWOtW%2BIkE9YNwR7sxrgyuPAnzLKu2N%2FiNPRqF01v7EUpudYzNiq4eTJ1By0hYpAKRouWH8xSsTGBfNbWuZVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9c984d9d136c08-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1271&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1238&delivery_rate=2236293&cwnd=251&unsent_bytes=0&cid=41f5ef8e4c5c05f1&ts=410&x=0"
2024-10-28 17:20:10 UTC	524	IN	Data Raw: 34 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f Data Ascii: 4e1<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</
2024-10-28 17:20:10 UTC	732	IN	Data Raw: 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c Data Ascii: lute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div><
2024-10-28 17:20:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49749	188.114.96.3	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:11 UTC	590	OUT	GET /favicon.ico HTTP/1.1 Host: crewbibles.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://crewbibles.com.de/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 17:20:11 UTC	846	IN	HTTP/1.1 404 Not Found Date: Mon, 28 Oct 2024 17:20:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JsWUIKbUXwyvGNyW2GvZz7%2B3DPykZOVMW4rDF6IP21uZspqqmDbRSDV3%2BotSBw8I445gsMiaq6T2alixZpVx9lCyRmioVjGLfz5I3%2BMP6NGTBZr1j5sLzwxMUst0muzd9YpnUw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9c98563ab50b7e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1644&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1168&delivery_rate=1683720&cwnd=251&unsent_bytes=0&cid=a40ca53a9bf37b30&ts=468&x=0"
2024-10-28 17:20:11 UTC	523	IN	Data Raw: 34 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f Data Ascii: 4e1<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</
2024-10-28 17:20:11 UTC	733	IN	Data Raw: 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e Data Ascii: olute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div>
2024-10-28 17:20:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	35.190.80.1	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:11 UTC	542	OUT	OPTIONS /report/v4?s=jqzrQtwKGplWGUQ78QkdWVDOa1dEwt244tIQfbnnsjqvbvpn66wWOtW%2BIkE9YNwR7sxrgyuPAnzLKu2N%2FiNPRqF01v7EUpudYzNiq4eTJ1By0hYpAKRouWH8xSsTGBfNbWuZVA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://crewbibles.com.de Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 17:20:11 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 28 Oct 2024 17:20:11 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49751	35.190.80.1	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:11 UTC	482	OUT	POST /report/v4?s=jqzrQtwKGplWGUQ78QkdWVDOa1dEwt244tIQfbnnsjqvbvpn66wWOtW%2BIkE9YNwR7sxrgyuPAnzLKu2N%2FiNPRqF01v7EUpudYzNiq4eTJ1By0hYpAKRouWH8xSsTGBfNbWuZVA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 388 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 17:20:11 UTC	388	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 37 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 34 33 37 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 72 65 77 62 69 62 6c 65 73 2e 63 6f 6d 2e Data Ascii: [{"age":7,"body":{"elapsed_time":34376,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","url":"https://crewbibles.com.
2024-10-28 17:20:12 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 28 Oct 2024 17:20:12 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49753	13.107.253.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:23 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 17:20:24 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 17:20:24 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 27 Oct 2024 10:35:44 GMT ETag: "0x8DCF6731CF80310" x-ms-request-id: 89d6c6b8-201e-0033-2798-28b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T172024Z-r1755647c66ldhdjeavapf4fd000000005d00000000083bc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-28 17:20:24 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-28 17:20:24 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49760	13.107.253.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:48 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 17:20:51 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 17:20:50 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c4ab37c7-901e-002a-3417-267a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T172050Z-17fbfdc98bbfmg5wrf1ctcuuun00000005qg00000000bw8m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-28 17:20:51 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49762	13.107.253.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 17:20:53 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 17:20:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 17:20:54 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 63125a57-c01e-0046-4226-262db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T172054Z-r1755647c668lcmr2va34xxa5s000000041g0000000060td x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-28 17:20:54 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1732, Parent PID: 908

General

Target ID:	0
Start time:	13:19:26
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2136, Parent PID: 1732

General

Target ID:	2
Start time:	13:19:27
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2252,i,1965608297308074209,17162175277311975374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6480, Parent PID: 908

General

Target ID:	3
Start time:	13:19:31
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://crewbibles.com.de"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: crewbibles.com.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: crewbibles.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://crewbibles.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: crewbibles.com.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: crewbibles.com.de
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://crewbibles.com.de

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1732, Parent PID: 908

General

Chronological Activities

Analysis Process: chrome.exePID: 2136, Parent PID: 1732

General

Chronological Activities

Analysis Process: chrome.exePID: 6480, Parent PID: 908

General

Chronological Activities

Disassembly

Windows Analysis Report
http://crewbibles.com.de