Edit tour

Windows Analysis Report
https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17

Overview

General Information

Sample URL:	https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17
Analysis ID:	1431089
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2276,i,11600538606304935896,34771455915149221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17

Avira URL Cloud: Label: phishing

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /kdy9bFe5glari2Px0qak17sdy9nFe5k17 HTTP/1.1Host: www.serserijeans.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kdy9bFe5glari2Px0qak17sdy9nFe5k17 HTTP/1.1Host: serserijeans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.serserijeans.com
Source: global traffic	DNS traffic detected: DNS query: serserijeans.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: esign.joahelms.design

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@19/0@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2276,i,11600538606304935896,34771455915149221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2276,i,11600538606304935896,34771455915149221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
esign.joahelms.design	89.187.28.219	true	false	unknown
serserijeans.com	185.106.211.102	true	false	unknown
www.google.com	142.250.101.147	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
www.serserijeans.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17	false	Avira URL Cloud: phishing	unknown
https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.147	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.106.211.102	serserijeans.com	Turkey	42846	GUZELHOSTINGGNETINTERNETTELEKOMUNIKASYONASTR	false
89.187.28.219	esign.joahelms.design	Ukraine	39810	UA-WICOMWiMAXUkraineAutonomousSystemUA	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431089
Start date and time:	2024-04-24 15:02:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@19/0@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.139, 142.251.2.102, 142.251.2.113, 142.251.2.100, 142.251.2.138, 142.251.2.101, 142.251.2.84, 34.104.35.123, 40.68.123.157, 23.204.146.202, 23.204.146.169, 192.229.211.108, 13.95.31.18, 142.250.101.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 15:03:20.784250021 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 24, 2024 15:03:20.862292051 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:03:29.254292011 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.254357100 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.254467964 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.254865885 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.254950047 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.255033016 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.255095005 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.255125999 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.255321980 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.255359888 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.966049910 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.966484070 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.966512918 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.967338085 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.967519045 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.967578888 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.968022108 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.968091965 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.969093084 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.969118118 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.969197035 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.969211102 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.969742060 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.969753027 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:29.970105886 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:29.970201969 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:30.018232107 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:30.018245935 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:30.018290997 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:30.067132950 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:30.470067024 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:03:31.388890028 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:31.389091015 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:31.389158964 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:31.389619112 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:31.389647007 CEST	443	49735	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:31.389662981 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:31.389713049 CEST	49735	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:31.915977955 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:31.916032076 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:31.916219950 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:31.916641951 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:31.916661024 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:32.012768030 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:32.012868881 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:32.012949944 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:32.015937090 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:32.015969992 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:32.280833006 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.280879974 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.280956984 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.285377979 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:32.285648108 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.285686970 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.305511951 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:32.305541039 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:32.309492111 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:32.309592962 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:32.310961962 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:32.311152935 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:32.362497091 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:32.362508059 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:32.404105902 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:32.626555920 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.626807928 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.635196924 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.635215044 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.635693073 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.677006006 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.680581093 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.720010996 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:32.720283985 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:32.720331907 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:32.721807957 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:32.721889019 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:32.724138021 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.940026045 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.940268040 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.940311909 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.940371037 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.940392017 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.940392017 CEST	49741	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.940402985 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.940409899 CEST	443	49741	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.968619108 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.968723059 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:32.968808889 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.969055891 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:32.969088078 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.032319069 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:33.032840967 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:33.033787012 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:33.033834934 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:33.084234953 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:33.303105116 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.303190947 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.316802025 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.316833019 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.317269087 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.366142988 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.376554966 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.424118996 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.622014999 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.622184038 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.622262955 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.624874115 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.624921083 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:33.624950886 CEST	49742	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:03:33.624968052 CEST	443	49742	23.3.84.131	192.168.2.4
Apr 24, 2024 15:03:34.190365076 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:34.190542936 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:34.190623999 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:34.520628929 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:34.520628929 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:34.520704985 CEST	443	49740	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:34.520880938 CEST	49740	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:34.784496069 CEST	49743	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:03:34.784545898 CEST	443	49743	89.187.28.219	192.168.2.4
Apr 24, 2024 15:03:34.784678936 CEST	49743	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:03:34.784997940 CEST	49743	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:03:34.785026073 CEST	443	49743	89.187.28.219	192.168.2.4
Apr 24, 2024 15:03:40.893656015 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:40.893840075 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:40.893995047 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:41.365144014 CEST	49736	443	192.168.2.4	185.106.211.102
Apr 24, 2024 15:03:41.365211010 CEST	443	49736	185.106.211.102	192.168.2.4
Apr 24, 2024 15:03:42.304205894 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:42.304255962 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:03:42.304336071 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:43.836421013 CEST	49739	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:03:43.836487055 CEST	443	49739	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:04.787941933 CEST	49743	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:04.832130909 CEST	443	49743	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:05.861089945 CEST	49750	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:05.861129045 CEST	443	49750	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:05.861304045 CEST	49750	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:05.861545086 CEST	49751	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:05.861632109 CEST	443	49751	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:05.861721039 CEST	49751	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:05.861856937 CEST	49750	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:05.861867905 CEST	443	49750	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:05.862073898 CEST	49751	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:05.862111092 CEST	443	49751	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:31.816262007 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:31.816345930 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:31.816417933 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:31.816912889 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:31.816947937 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:32.173005104 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:32.173620939 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:32.173662901 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:32.174139977 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:32.174596071 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:32.174690008 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:32.220762014 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:35.862095118 CEST	49750	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:35.862183094 CEST	49751	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:35.908127069 CEST	443	49751	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:35.908133030 CEST	443	49750	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:39.724036932 CEST	49723	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:04:39.724145889 CEST	49724	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:04:39.883508921 CEST	80	49724	199.232.210.172	192.168.2.4
Apr 24, 2024 15:04:39.883584976 CEST	80	49724	199.232.210.172	192.168.2.4
Apr 24, 2024 15:04:39.883642912 CEST	49724	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:04:39.883745909 CEST	80	49723	199.232.210.172	192.168.2.4
Apr 24, 2024 15:04:39.883788109 CEST	80	49723	199.232.210.172	192.168.2.4
Apr 24, 2024 15:04:39.883846045 CEST	49723	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:04:41.093178034 CEST	49757	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:41.093194962 CEST	443	49757	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:41.093250990 CEST	49757	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:41.094072104 CEST	49758	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:41.094153881 CEST	443	49758	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:41.094230890 CEST	49758	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:41.094578981 CEST	49758	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:41.094613075 CEST	443	49758	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:41.094820023 CEST	49757	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:41.094829082 CEST	443	49757	89.187.28.219	192.168.2.4
Apr 24, 2024 15:04:42.181699991 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:42.181847095 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:42.181926012 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:43.723721981 CEST	49754	443	192.168.2.4	142.250.101.147
Apr 24, 2024 15:04:43.723772049 CEST	443	49754	142.250.101.147	192.168.2.4
Apr 24, 2024 15:04:49.846457005 CEST	49743	443	192.168.2.4	89.187.28.219
Apr 24, 2024 15:04:49.846467018 CEST	443	49743	89.187.28.219	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 15:03:27.487441063 CEST	53	49514	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:27.500781059 CEST	53	65197	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:28.498249054 CEST	53	63756	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:28.650602102 CEST	52334	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:28.650746107 CEST	65239	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:29.191849947 CEST	53	52334	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:29.422300100 CEST	53	65239	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:31.650949955 CEST	59924	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:31.651838064 CEST	64366	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:31.760144949 CEST	52383	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:31.760341883 CEST	59901	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:31.914062023 CEST	53	52383	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:31.914119005 CEST	53	59901	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:31.947551012 CEST	53	64366	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:32.006508112 CEST	53	59924	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:34.533307076 CEST	51369	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:34.533507109 CEST	55065	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:03:34.783549070 CEST	53	51369	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:34.783896923 CEST	53	55065	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:45.833882093 CEST	53	56169	1.1.1.1	192.168.2.4
Apr 24, 2024 15:03:51.310489893 CEST	138	138	192.168.2.4	192.168.2.255
Apr 24, 2024 15:04:04.923358917 CEST	53	55019	1.1.1.1	192.168.2.4
Apr 24, 2024 15:04:27.251667023 CEST	53	60407	1.1.1.1	192.168.2.4
Apr 24, 2024 15:04:27.736871958 CEST	53	55962	1.1.1.1	192.168.2.4
Apr 24, 2024 15:04:36.001147032 CEST	53	54421	1.1.1.1	192.168.2.4
Apr 24, 2024 15:04:40.935689926 CEST	54778	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:04:40.936211109 CEST	53813	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:04:41.091722012 CEST	53	54778	1.1.1.1	192.168.2.4
Apr 24, 2024 15:04:41.092215061 CEST	53	53813	1.1.1.1	192.168.2.4
Apr 24, 2024 15:04:55.212589979 CEST	53	49944	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 15:03:29.422394037 CEST	192.168.2.4	1.1.1.1	c241	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 15:03:28.650602102 CEST	192.168.2.4	1.1.1.1	0xa6b7	Standard query (0)	www.serserijeans.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:28.650746107 CEST	192.168.2.4	1.1.1.1	0x8a76	Standard query (0)	www.serserijeans.com	65	IN (0x0001)	false
Apr 24, 2024 15:03:31.650949955 CEST	192.168.2.4	1.1.1.1	0x4633	Standard query (0)	serserijeans.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.651838064 CEST	192.168.2.4	1.1.1.1	0x687	Standard query (0)	serserijeans.com	65	IN (0x0001)	false
Apr 24, 2024 15:03:31.760144949 CEST	192.168.2.4	1.1.1.1	0x30e8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.760341883 CEST	192.168.2.4	1.1.1.1	0x9929	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 15:03:34.533307076 CEST	192.168.2.4	1.1.1.1	0xa1ae	Standard query (0)	esign.joahelms.design	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:34.533507109 CEST	192.168.2.4	1.1.1.1	0x926	Standard query (0)	esign.joahelms.design	65	IN (0x0001)	false
Apr 24, 2024 15:04:40.935689926 CEST	192.168.2.4	1.1.1.1	0xa1a0	Standard query (0)	esign.joahelms.design	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:04:40.936211109 CEST	192.168.2.4	1.1.1.1	0xcf92	Standard query (0)	esign.joahelms.design	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 15:03:29.191849947 CEST	1.1.1.1	192.168.2.4	0xa6b7	No error (0)	www.serserijeans.com	serserijeans.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:03:29.191849947 CEST	1.1.1.1	192.168.2.4	0xa6b7	No error (0)	serserijeans.com		185.106.211.102	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:29.422300100 CEST	1.1.1.1	192.168.2.4	0x8a76	No error (0)	www.serserijeans.com	serserijeans.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914062023 CEST	1.1.1.1	192.168.2.4	0x30e8	No error (0)	www.google.com		142.250.101.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914062023 CEST	1.1.1.1	192.168.2.4	0x30e8	No error (0)	www.google.com		142.250.101.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914062023 CEST	1.1.1.1	192.168.2.4	0x30e8	No error (0)	www.google.com		142.250.101.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914062023 CEST	1.1.1.1	192.168.2.4	0x30e8	No error (0)	www.google.com		142.250.101.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914062023 CEST	1.1.1.1	192.168.2.4	0x30e8	No error (0)	www.google.com		142.250.101.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914062023 CEST	1.1.1.1	192.168.2.4	0x30e8	No error (0)	www.google.com		142.250.101.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:31.914119005 CEST	1.1.1.1	192.168.2.4	0x9929	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 15:03:32.006508112 CEST	1.1.1.1	192.168.2.4	0x4633	No error (0)	serserijeans.com		185.106.211.102	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:34.783549070 CEST	1.1.1.1	192.168.2.4	0xa1ae	No error (0)	esign.joahelms.design		89.187.28.219	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:45.253477097 CEST	1.1.1.1	192.168.2.4	0x2da6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:03:45.253477097 CEST	1.1.1.1	192.168.2.4	0x2da6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:03:59.096410036 CEST	1.1.1.1	192.168.2.4	0xc5fd	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:03:59.096410036 CEST	1.1.1.1	192.168.2.4	0xc5fd	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:04:20.158793926 CEST	1.1.1.1	192.168.2.4	0x6f34	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:04:20.158793926 CEST	1.1.1.1	192.168.2.4	0x6f34	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:04:40.637722969 CEST	1.1.1.1	192.168.2.4	0xf8f7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:04:40.637722969 CEST	1.1.1.1	192.168.2.4	0xf8f7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:04:41.091722012 CEST	1.1.1.1	192.168.2.4	0xa1a0	No error (0)	esign.joahelms.design		89.187.28.219	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.serserijeans.com

serserijeans.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.106.211.102	443	3492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:03:29 UTC	696	OUT	GET /kdy9bFe5glari2Px0qak17sdy9nFe5k17 HTTP/1.1 Host: www.serserijeans.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:03:31 UTC	584	IN	HTTP/1.1 301 Moved Permanently Connection: close x-powered-by: PHP/7.4.33 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 x-redirect-by: WordPress location: https://serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17 content-length: 3 date: Wed, 24 Apr 2024 12:53:54 GMT server: LiteSpeed vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:03:31 UTC	3	IN	Data Raw: ef bb bf Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	23.3.84.131	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:03:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 13:03:32 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=237573 Date: Wed, 24 Apr 2024 13:03:32 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	185.106.211.102	443	3492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:03:33 UTC	692	OUT	GET /kdy9bFe5glari2Px0qak17sdy9nFe5k17 HTTP/1.1 Host: serserijeans.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:03:34 UTC	754	IN	HTTP/1.1 302 Found Connection: close x-powered-by: PHP/7.4.33 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, no-store, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 link: <https://serserijeans.com/wp-json/>; rel="https://api.w.org/" location: https://esign.joahelms.design/?organisation=ats.net&dse=ay5iZWdsYXJpQGF0cy5uZXQ=#/common/authorize?document=0.55674878487212-0ff1-0.023992453247305&auth=10.5840424227454-0.024220956500723 content-length: 3 date: Wed, 24 Apr 2024 12:53:57 GMT server: LiteSpeed vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:03:34 UTC	3	IN	Data Raw: ef bb bf Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	23.3.84.131	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:03:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 13:03:33 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=237559 Date: Wed, 24 Apr 2024 13:03:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 13:03:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5816, Parent PID: 3084

General

Target ID:	0
Start time:	15:03:24
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3492, Parent PID: 5816

General

Target ID:	2
Start time:	15:03:26
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2276,i,11600538606304935896,34771455915149221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6464, Parent PID: 3084

General

Target ID:	3
Start time:	15:03:27
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5816, Parent PID: 3084

General

Chronological Activities

Analysis Process: chrome.exePID: 3492, Parent PID: 5816

General

Chronological Activities

Analysis Process: chrome.exePID: 6464, Parent PID: 3084

General

Chronological Activities

Disassembly

Windows Analysis Report
https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17