Windows
Analysis Report
https://kbl8wfhm2.xn--90a1ajj.xn--p1ai/lm.php?tk=U2VjdXJpdHkJCQlzZWN1cml0eUB2ZWN0cmEuYWkJNzIxMjk1NDI1CTQ4NTE4MTgyMjA5NTU2OQlQeXRob25fTmV3CTE4OTkyODA2NDIJb3Blbglubwlubw==&url=https%3A%2F%2FS8p8QERcQ.xn--90a1ajj.xn--p1ai%2Flm%2Fpictures%2Fcti.png
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 2888 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// kbl8wfhm2. ????.??/lm .php?tk=U2 VjdXJpdHkJ CQlzZWN1cm l0eUB2ZWN0 cmEuYWkJNz IxMjk1NDI1 CTQ4NTE4MT gyMjA5NTU2 OQlQeXRob2 5fTmV3CTE4 OTkyODA2ND IJb3Blbglu bwlubw==&u rl=https%3 A%2F%2FS8p 8QERcQ.xn- -90a1ajj.x n--p1ai%2F lm%2Fpictu res%2Fcti. png MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2708 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=194 8,i,125752 5708726840 5274,18063 8101182607 40557,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a.nel.cloudflare.com | 35.190.80.1 | true | false | high | |
www.google.com | 142.251.15.104 | true | false | high | |
kbl8wfhm2.xn--90a1ajj.xn--p1ai | 172.67.169.56 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high | ||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false | |
172.67.169.56 | kbl8wfhm2.xn--90a1ajj.xn--p1ai | United States | 13335 | CLOUDFLARENETUS | false | |
142.251.15.104 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430593 |
Start date and time: | 2024-04-23 23:05:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://kbl8wfhm2.xn--90a1ajj.xn--p1ai/lm.php?tk=U2VjdXJpdHkJCQlzZWN1cml0eUB2ZWN0cmEuYWkJNzIxMjk1NDI1CTQ4NTE4MTgyMjA5NTU2OQlQeXRob25fTmV3CTE4OTkyODA2NDIJb3Blbglubwlubw==&url=https%3A%2F%2FS8p8QERcQ.xn--90a1ajj.xn--p1ai%2Flm%2Fpictures%2Fcti.png |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@14/8@6/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.215.94, 142.250.9.84, 142.250.105.138, 142.250.105.102, 142.250.105.100, 142.250.105.139, 142.250.105.101, 142.250.105.113, 34.104.35.123, 72.21.81.240, 64.233.176.94, 172.217.215.100, 172.217.215.139, 172.217.215.138, 172.217.215.102, 172.217.215.113, 172.217.215.101
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://kbl8wfhm2.xn--90a1ajj.xn--p1ai/lm.php?tk=U2VjdXJpdHkJCQlzZWN1cml0eUB2ZWN0cmEuYWkJNzIxMjk1NDI1CTQ4NTE4MTgyMjA5NTU2OQlQeXRob25fTmV3CTE4OTkyODA2NDIJb3Blbglubwlubw==&url=https%3A%2F%2FS8p8QERcQ.xn--90a1ajj.xn--p1ai%2Flm%2Fpictures%2Fcti.png
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9865821846678178 |
Encrypted: | false |
SSDEEP: | 48:85d5ThpWHQidAKZdA1FehwiZUklqehhy+3:8tPNiy |
MD5: | 85DE593391BB024C8C1C210EDD493007 |
SHA1: | 407E212DB241FFCB42E7412468D5A664EF324A5E |
SHA-256: | FDE5E2C2A38AF854F07D44E65B7F0428C27933D1EDF76E83BC9A725B07A1784D |
SHA-512: | 6B0D9F48A97FB97DBEA863493F517DC3BBCDBE8AADE46E03330A0C3997DEB55A59F0C7E082646EF251E7FD1753791508AC7B1D913EC17939B0B95CB265099B81 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.005452304226934 |
Encrypted: | false |
SSDEEP: | 48:8ed5ThpWHQidAKZdA1seh/iZUkAQkqehSy+2:84Pj9Q/y |
MD5: | 45DA94D9FC62AE74956DDE3D8C85BA1C |
SHA1: | DB88C8BCBE1DA9DB3D8306B9782478C1F0AA3D07 |
SHA-256: | 913B279CE11FF89CF2AC3DF4EBF9C82029D319EDA566524DD44F1B17AAFA52CB |
SHA-512: | 7A00F5D7416F950A47076A38C3DF85CA3CB5796E3DC85B0F55241DB677774511107CE4E296384652891445E115340213F39DD8B0A045F34A54037D70BF6B66A4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.010454342659941 |
Encrypted: | false |
SSDEEP: | 48:8Od5ThpAHQidAKZdA14meh7sFiZUkmgqeh7sgy+BX:8IPxnmy |
MD5: | D0BCB0FF260134281B326ACEE4CDD242 |
SHA1: | 4483D06E8712C51B85845384E14FDD9BB1ACD78D |
SHA-256: | 0EF7420C217244E0214A297DEE0D17C9A059C8D0D161DF7892BB17EBA4AFFA9E |
SHA-512: | 283000CEF0A2A20A9F0891A41B85F6E93DCA49096070EA25A24820DED72D44D51B786BF1105C05ABA237834AED22F14AAC1A13F607EE380992D5237AF95A0CCC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.002029201439545 |
Encrypted: | false |
SSDEEP: | 48:8td5ThpWHQidAKZdA1TehDiZUkwqehuy+R:8ZPQoy |
MD5: | 118B46DC37B7D9B842AA980AA08145ED |
SHA1: | 395D2AA6CE9E40FDAE559B59210477C7A69E443A |
SHA-256: | E370B74C9E7946A2C7EAD02149D2130221EA45A8A8B9095385D05E0C1B6BCB24 |
SHA-512: | 6576FF46BFC7D6E035AD1A87D20AD75486F3230924913E3DC165744C1B3E621B4E42FACF12AD2D9B34554B79D89E06B20EE688210DF70DE573802A1926907C0D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9894528081568525 |
Encrypted: | false |
SSDEEP: | 48:8Xid5ThpWHQidAKZdA1dehBiZUk1W1qehEy+C:8kPw9ky |
MD5: | 592E1D4DD675468FF08F5549D7CAA69E |
SHA1: | 3DF81D753B84DF2F15778715D01C5001976F8E65 |
SHA-256: | 532E43D13F638972AB1735C0948F406B7266A8F5E0E378B2E36DD05BBF7230BF |
SHA-512: | B6BFCF150C9D2C32EBA8C56D965F539974D2E64078294387BACFF108C1BDDF2657DDB803E120090972C8B0FD7C1275B4DF3C7FE34AF04EDEFD975CC7493BE2A5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.0005555993495205 |
Encrypted: | false |
SSDEEP: | 48:85d5ThpWHQidAKZdA1duTeehOuTbbiZUk5OjqehOuTbmy+yT+:8tPiTfTbxWOvTbmy7T |
MD5: | 05815269CFD99E5BD9CA2653B8BAA322 |
SHA1: | 67685C3BFF3D7DC31DC5878D2359208327952968 |
SHA-256: | 36993861F247D599E2845EDDD862E84E22C1BBA682BC49B2F45F127167150896 |
SHA-512: | 556518090E36127593ABBEEA1CBC443B1056FBE3EAB02E0A41FD65CCDCF69FEC7B14FF42BD936334DC1CAD4E5A0892C7267B18E117CDF245249206D329BE38FD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 209 |
Entropy (8bit): | 5.143049113812332 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3ezJLM4KCezocKqD:J0+oxBeRmR9etdzRxy17ez1T |
MD5: | 18FFB59B61525F781CF9251045BE575D |
SHA1: | BD7318B00B15B7A1C8A48524419FA2E5C27A5B6D |
SHA-256: | B6682CAB65D3243B5B75EFB7279DBF49491957484780F2BA0A87632CC0E25642 |
SHA-512: | A032F853ABD9492232E1183D1CB1D14110B623F2E9DEC56B7B64DD576A0317DDA8D51125763E11D6642433C5364B2BD10A994EE4F1514629A4950BBAB3ABA499 |
Malicious: | false |
Reputation: | low |
URL: | https://kbl8wfhm2.xn--90a1ajj.xn--p1ai/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 23:05:33.727893114 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.727916002 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.727993965 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.728419065 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.728432894 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.728847027 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.728880882 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.728939056 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.729142904 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.729157925 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.956974983 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.957189083 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.957205057 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.957921982 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.958134890 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.958148003 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.959247112 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.959310055 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.959428072 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.959506989 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.960237026 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.960306883 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.960407972 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.960500956 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:33.960510015 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:33.960566044 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.012151957 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.012168884 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.012195110 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.060153008 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.554248095 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.554466009 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.554601908 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.555183887 CEST | 49699 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.555202961 CEST | 443 | 49699 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.585381031 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.632165909 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.953670979 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.953830957 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:34.953917027 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.955537081 CEST | 49700 | 443 | 192.168.2.16 | 172.67.169.56 |
Apr 23, 2024 23:05:34.955579996 CEST | 443 | 49700 | 172.67.169.56 | 192.168.2.16 |
Apr 23, 2024 23:05:35.062932968 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.062992096 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.063100100 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.063313007 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.063338041 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.292279005 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.292733908 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.292757988 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.294235945 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.294327974 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.295474052 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.295564890 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.295623064 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.337178946 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.337194920 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.385207891 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.525063038 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.525181055 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.525248051 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.525482893 CEST | 49702 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.525502920 CEST | 443 | 49702 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.526026964 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.526084900 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.526170015 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.526444912 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.526459932 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.748636961 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.749033928 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.749047995 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.750207901 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.750602961 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.750778913 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.750818014 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.792149067 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.799276114 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.986789942 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.987019062 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.987102985 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.987231970 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.987256050 CEST | 443 | 49703 | 35.190.80.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.987267017 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:35.987309933 CEST | 49703 | 443 | 192.168.2.16 | 35.190.80.1 |
Apr 23, 2024 23:05:38.096601963 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:05:38.400227070 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:05:38.525652885 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.525715113 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.525804996 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.526071072 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.526088953 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.752857924 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.753241062 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.753294945 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.754952908 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.755059004 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.756419897 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.756525993 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.799206018 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:38.799227953 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:38.847214937 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:39.007188082 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:05:40.076776981 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:05:40.215153933 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:05:42.628159046 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:05:44.422735929 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.422820091 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.422939062 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.425018072 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.425056934 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.649868965 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.649986982 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.654207945 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.654231071 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.654568911 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.691960096 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.736121893 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.853311062 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.853404999 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.853581905 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.853631973 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.853632927 CEST | 49710 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.853669882 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.853696108 CEST | 443 | 49710 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.897840023 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.897896051 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:44.898010969 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.898251057 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:44.898263931 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.120570898 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.120677948 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:45.122042894 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:45.122061968 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.122824907 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.123989105 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:45.168131113 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.329119921 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.329278946 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.329358101 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:45.329988956 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:45.330020905 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:45.330034018 CEST | 49711 | 443 | 192.168.2.16 | 184.31.62.93 |
Apr 23, 2024 23:05:45.330041885 CEST | 443 | 49711 | 184.31.62.93 | 192.168.2.16 |
Apr 23, 2024 23:05:46.266601086 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:05:46.567198992 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:05:47.170188904 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:05:47.441236973 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:05:47.904742002 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:47.904787064 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:47.904999018 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:47.906002045 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:47.906028032 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:48.379194021 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:05:48.523283005 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:48.523382902 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:48.527652979 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:48.527688980 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:48.528137922 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:48.568187952 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:48.590529919 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:48.632138968 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:48.762392044 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:48.762464046 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:48.762558937 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:49.098872900 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.098906994 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.098917007 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.098928928 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.098958015 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.098994017 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:49.099042892 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.099081993 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:49.099124908 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:49.099127054 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.099219084 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:49.110466957 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:49.110500097 CEST | 49712 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:05:49.110500097 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.110507965 CEST | 443 | 49712 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:05:49.829904079 CEST | 49704 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:05:49.829962015 CEST | 443 | 49704 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:05:50.738356113 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:05:50.786206007 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:05:51.041203022 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:05:51.648221970 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:05:52.863328934 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:05:55.275222063 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:05:55.594225883 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:05:57.049245119 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 23, 2024 23:06:00.083257914 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:06:05.207226992 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 23, 2024 23:06:09.695275068 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 23, 2024 23:06:25.453262091 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:25.453303099 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:25.453421116 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:25.453783035 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:25.453792095 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.058532953 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.058619022 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.060344934 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.060354948 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.060657024 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.062222004 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.108120918 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.646822929 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.646886110 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.646928072 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.647165060 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.647191048 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.647212982 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.647378922 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.649945974 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.649966955 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:26.649979115 CEST | 49713 | 443 | 192.168.2.16 | 40.127.169.103 |
Apr 23, 2024 23:06:26.649985075 CEST | 443 | 49713 | 40.127.169.103 | 192.168.2.16 |
Apr 23, 2024 23:06:38.483586073 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:38.483622074 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:38.483750105 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:38.483990908 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:38.484004974 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:38.702748060 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:38.703109980 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:38.703130007 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:38.703824997 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:38.704214096 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:38.704298019 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:38.753415108 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:40.159337044 CEST | 49688 | 443 | 192.168.2.16 | 204.79.197.200 |
Apr 23, 2024 23:06:48.716645002 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:48.716706038 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Apr 23, 2024 23:06:48.716814041 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:49.825911999 CEST | 49715 | 443 | 192.168.2.16 | 142.251.15.104 |
Apr 23, 2024 23:06:49.825943947 CEST | 443 | 49715 | 142.251.15.104 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 23:05:33.593314886 CEST | 55161 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 23, 2024 23:05:33.593457937 CEST | 56970 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 23, 2024 23:05:33.681731939 CEST | 53 | 52277 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:33.700665951 CEST | 53 | 58162 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:33.703366041 CEST | 53 | 55161 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:33.879743099 CEST | 53 | 56970 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:34.306057930 CEST | 53 | 65356 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:34.955204964 CEST | 63344 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 23, 2024 23:05:34.955394030 CEST | 65267 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 23, 2024 23:05:35.061753988 CEST | 53 | 65267 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:35.062236071 CEST | 53 | 63344 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:38.417387962 CEST | 60716 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 23, 2024 23:05:38.417594910 CEST | 65409 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 23, 2024 23:05:38.524199009 CEST | 53 | 60716 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:38.524302959 CEST | 53 | 65409 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:05:51.244976044 CEST | 53 | 61663 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:06:10.203921080 CEST | 53 | 62664 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:06:32.795056105 CEST | 53 | 55093 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:06:33.674376965 CEST | 53 | 54671 | 1.1.1.1 | 192.168.2.16 |
Apr 23, 2024 23:06:42.440502882 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Apr 23, 2024 23:07:02.376108885 CEST | 53 | 50270 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 23, 2024 23:05:33.879828930 CEST | 192.168.2.16 | 1.1.1.1 | c249 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 23, 2024 23:05:33.593314886 CEST | 192.168.2.16 | 1.1.1.1 | 0x6e39 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 23:05:33.593457937 CEST | 192.168.2.16 | 1.1.1.1 | 0x8a98 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 23:05:34.955204964 CEST | 192.168.2.16 | 1.1.1.1 | 0x54cd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 23:05:34.955394030 CEST | 192.168.2.16 | 1.1.1.1 | 0xa3c | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 23:05:38.417387962 CEST | 192.168.2.16 | 1.1.1.1 | 0x61f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 23:05:38.417594910 CEST | 192.168.2.16 | 1.1.1.1 | 0xb9ac | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 23, 2024 23:05:33.703366041 CEST | 1.1.1.1 | 192.168.2.16 | 0x6e39 | No error (0) | 172.67.169.56 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:33.703366041 CEST | 1.1.1.1 | 192.168.2.16 | 0x6e39 | No error (0) | 104.21.79.72 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:33.879743099 CEST | 1.1.1.1 | 192.168.2.16 | 0x8a98 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 23:05:35.062236071 CEST | 1.1.1.1 | 192.168.2.16 | 0x54cd | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524199009 CEST | 1.1.1.1 | 192.168.2.16 | 0x61f4 | No error (0) | 142.251.15.104 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524199009 CEST | 1.1.1.1 | 192.168.2.16 | 0x61f4 | No error (0) | 142.251.15.103 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524199009 CEST | 1.1.1.1 | 192.168.2.16 | 0x61f4 | No error (0) | 142.251.15.147 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524199009 CEST | 1.1.1.1 | 192.168.2.16 | 0x61f4 | No error (0) | 142.251.15.106 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524199009 CEST | 1.1.1.1 | 192.168.2.16 | 0x61f4 | No error (0) | 142.251.15.105 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524199009 CEST | 1.1.1.1 | 192.168.2.16 | 0x61f4 | No error (0) | 142.251.15.99 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 23:05:38.524302959 CEST | 1.1.1.1 | 192.168.2.16 | 0xb9ac | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49699 | 172.67.169.56 | 443 | 2708 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:33 UTC | 878 | OUT | |
2024-04-23 21:05:34 UTC | 628 | IN | |
2024-04-23 21:05:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49700 | 172.67.169.56 | 443 | 2708 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:34 UTC | 821 | OUT | |
2024-04-23 21:05:34 UTC | 637 | IN | |
2024-04-23 21:05:34 UTC | 215 | IN | |
2024-04-23 21:05:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49702 | 35.190.80.1 | 443 | 2708 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:35 UTC | 575 | OUT | |
2024-04-23 21:05:35 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49703 | 35.190.80.1 | 443 | 2708 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:35 UTC | 502 | OUT | |
2024-04-23 21:05:35 UTC | 655 | OUT | |
2024-04-23 21:05:35 UTC | 168 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49710 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:44 UTC | 161 | OUT | |
2024-04-23 21:05:44 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.16 | 49711 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:45 UTC | 239 | OUT | |
2024-04-23 21:05:45 UTC | 804 | IN | |
2024-04-23 21:05:45 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.16 | 49712 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:05:48 UTC | 306 | OUT | |
2024-04-23 21:05:49 UTC | 560 | IN | |
2024-04-23 21:05:49 UTC | 15824 | IN | |
2024-04-23 21:05:49 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.16 | 49713 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 21:06:26 UTC | 306 | OUT | |
2024-04-23 21:06:26 UTC | 560 | IN | |
2024-04-23 21:06:26 UTC | 15824 | IN | |
2024-04-23 21:06:26 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 23:05:32 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 23:05:32 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |