Edit tour
Windows
Analysis Report
http://fiveradio-newbam.com
Overview
General Information
| Sample URL: | http://fiveradio-newbam.com |
| Analysis ID: | 1442472 |
| Infos: | |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
chrome.exe (PID: 3628 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4464 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2240 --fi eld-trial- handle=220 8,i,708294 5577606897 378,201962 8484602091 693,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 4768 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://fivera dio-newbam .com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Window detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | phishing | ||
| 13% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
| a.nel.cloudflare.com | 35.190.80.1 | true | false | unknown | |
| fiveradio-newbam.com | 104.21.84.200 | true | false | unknown | |
| www.google.com | 192.178.50.68 | true | false | unknown | |
| fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.67.196.150 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
| 192.178.50.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.5 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1442472 |
| Start date and time: | 2024-05-16 09:42:45 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 7s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | browseurl.jbs |
| Sample URL: | http://fiveradio-newbam.com |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal56.win@17/8@8/5 |
| EGA Information: | Failed |
| HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.165.195, 142.250.189.142, 173.194.217.84, 34.104.35.123, 40.127.169.103, 199.232.210.172, 72.21.81.240, 192.229.211.108, 20.242.39.171, 52.165.164.15, 142.250.189.131
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
⊘No simulations
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9694083520293564 |
| Encrypted: | false |
| SSDEEP: | 48:8Fd3TvbZwHsidAKZdA19ehwiZUklqeh2y+3:8vPZXBy |
| MD5: | 73EEF6F192B76477FE5C8180995CAC56 |
| SHA1: | E6F3612A2B19032D4F49E30BA3387A4E25700970 |
| SHA-256: | 4B3B717053ADD05E772AC6F1AC7DBF68B188BF179BBB350EA826158C8E8A0068 |
| SHA-512: | 833685EF0817824AF9C57F6E27992C4CD15B4FD7EE5BC0CC7BD5E2D4D09DD4147D6B00103A5619FB8847FC841CB0E06AB68EA0EFA75383CEB094B2425B1E0B1B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 3.9869407323439146 |
| Encrypted: | false |
| SSDEEP: | 48:8HQd3TvbZwHsidAKZdA1weh/iZUkAQkqehxy+2:8HgPZd9QEy |
| MD5: | 5E0F9841170E393E9956EFB31DA84513 |
| SHA1: | 7BD2BBDEFC4D7933E3D6334B2A0538292822B640 |
| SHA-256: | 7A5D6E2A8C50A4DDC2363B5FB3BA9479E0224820984B609D816D5DD96DCA8403 |
| SHA-512: | B33E1826112954D813823D0C56F582BDEFC2CBB132882C001FF2452C7830896CEF3D069A122F30F86841E64DA060D7B9610D0671ADDC39CEBB66FFA7129BB48E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2693 |
| Entropy (8bit): | 3.9998184722588803 |
| Encrypted: | false |
| SSDEEP: | 48:8xcd3TvbsHsidAKZdA14tseh7sFiZUkmgqeh7sny+BX:8x8PRndy |
| MD5: | 096439EE3EEDD63C4DC67B64824D9275 |
| SHA1: | 782949CB4BBB111A05FA6F85F75A5F37C79FADC9 |
| SHA-256: | 3BE71ABDD036402E09AC3130B5B9BF2A8EE2A4DB4D58BD7071886B1DB5399601 |
| SHA-512: | 9AB75D9958D190384E2B84E33EB7DA76CB36B586B0DA70C7BE3F670CE926354B14ACD8C94FBA9C21814525B1CDF0E632926548E1353DAB17F1572589AFFA3D58 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2681 |
| Entropy (8bit): | 3.9844443661225633 |
| Encrypted: | false |
| SSDEEP: | 48:8Md3TvbZwHsidAKZdA1vehDiZUkwqehFy+R:8MPZevy |
| MD5: | 9EA9EB270479444A0122BBB4E0FE2EF9 |
| SHA1: | A602E638038730FBD96594D12A5D8D2E3025110F |
| SHA-256: | 512F0D03FE3B096C087BDE00FE6B64B2B8F262EEFBA6A0F4A16FB32C52C7831D |
| SHA-512: | 1956218F6A47D3DDB7A7FF8DFA3F38E678E797A398D31C7BAEF34EA6DF5160B95B97A80C5D132BC3AF423E3A2236E112F25F87D82C980DC06B00BE86CDE104BC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2681 |
| Entropy (8bit): | 3.973840979483613 |
| Encrypted: | false |
| SSDEEP: | 48:8fd3TvbZwHsidAKZdA1hehBiZUk1W1qehTy+C:8VPZu9zy |
| MD5: | B1CA0193219BE5B0CC7AFC1F1BE14BF1 |
| SHA1: | 420AB41301D2674A4FD78DFA36C1DE9F3470F286 |
| SHA-256: | B68009681BBBDF2F0674ACC0059D4A1A299CF158A462EFC93443AA5FA5CA388B |
| SHA-512: | DCCADDA8C8BE8AB5AAD73574576A77901EBD378F3B2DE3A1110AF0D5FF27AF87F4B5C7E685C4F395610BDA755A00A12CC794CCA1CAFC6A48C8B1C4DD08EF9D63 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2683 |
| Entropy (8bit): | 3.9848233411744705 |
| Encrypted: | false |
| SSDEEP: | 48:8id3TvbZwHsidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdy+yT+:8ePZQT/TbxWOvTbdy7T |
| MD5: | 37A1C92D171AD1A7F382CFB8F1868A28 |
| SHA1: | 2067D91C3E2A3DAB4EBD18770D020FF0CD4A59E3 |
| SHA-256: | 456C2826C52FB603BA38F56F2E521533B09F1C6DB989685664F38B9E38B59708 |
| SHA-512: | FF893AD288033B4F21943BAAC47976610105598C669CF5E8A06AFA514D53CA450527759017544773A954A20D32555146D2700E2A74FD2D018276CD3CA44B2C7A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 139 |
| Entropy (8bit): | 4.717826995152233 |
| Encrypted: | false |
| SSDEEP: | 3:PouV7uJzhquHbtt6vYk2ZRMRJfHKERSAEtvxLrXZiLKY8K09AbBK6c4NGL:hxuJzhqIzyYk+qRU4zEdxXZiqsbBK34A |
| MD5: | DA7DA7D630292E7A2A7DDA8CA87B3D39 |
| SHA1: | A4CB76424DC44433A2DF01FE8B0BBD836D15E970 |
| SHA-256: | 52C1E7A2C36BE28C42455FE1572D7D7918C3180CAD99A2B82DAA2A38A7E7BB23 |
| SHA-512: | 9E717F9C6699B280436CA9BE7107BA6301430D4DEF8311B963A266A5B3B91B2719687B04860509B6142FA24D629A3217BD450696559FE6D9DC8C60BCCFD740AD |
| Malicious: | false |
| Reputation: | low |
| URL: | https://fiveradio-newbam.com/ |
| Preview: |
⊘No static file info
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 16, 2024 09:43:27.987204075 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:27.987210035 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:28.096486092 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:34.665687084 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.665731907 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.665807962 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.666013956 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.666027069 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.901734114 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.903896093 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.903917074 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.904978037 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.905168056 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.906126022 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.906199932 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.906325102 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:34.906337023 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:34.963779926 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:35.264015913 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:35.264156103 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:35.264210939 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:35.337507010 CEST | 49709 | 443 | 192.168.2.5 | 172.67.196.150 |
| May 16, 2024 09:43:35.337546110 CEST | 443 | 49709 | 172.67.196.150 | 192.168.2.5 |
| May 16, 2024 09:43:35.390614033 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.390657902 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.390743017 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.391114950 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.391127110 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.626328945 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.626645088 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.626676083 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.627702951 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.627772093 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.628861904 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.628927946 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.629014015 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.629025936 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.676640034 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.896219015 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.896310091 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.896384954 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.976677895 CEST | 49710 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.976720095 CEST | 443 | 49710 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.977359056 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.977386951 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.977453947 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.977686882 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:35.977699041 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.207556009 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.220817089 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:36.220856905 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.221427917 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.224744081 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:36.224847078 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.225605011 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:36.272115946 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.481712103 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.481813908 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.481861115 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:36.493185043 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
| May 16, 2024 09:43:36.493216991 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
| May 16, 2024 09:43:37.015976906 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.016015053 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.016084909 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.016652107 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.016669989 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.262833118 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.263504028 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.263526917 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.264842033 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.264916897 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.277863026 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.277950048 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.323146105 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.323167086 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:37.370044947 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:37.698179007 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:37.887751102 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:37.887785912 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:37.892128944 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:37.914608955 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:37.914624929 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.150789976 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.150942087 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.154898882 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.154918909 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.155230999 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.198154926 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.227751970 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.268121958 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.379856110 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.379920959 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.380065918 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.380326986 CEST | 49715 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.380342960 CEST | 443 | 49715 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.447098017 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.447144985 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.447560072 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.447747946 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.447758913 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.678631067 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.678718090 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.685916901 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.685930014 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.686228037 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.689562082 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.732130051 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.908698082 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.908768892 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.908826113 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.909626961 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.909646988 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:38.909660101 CEST | 49716 | 443 | 192.168.2.5 | 23.213.224.106 |
| May 16, 2024 09:43:38.909666061 CEST | 443 | 49716 | 23.213.224.106 | 192.168.2.5 |
| May 16, 2024 09:43:39.112917900 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:39.113020897 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:47.243422031 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:47.243491888 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:47.243741989 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:47.452275038 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:43:47.452306032 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:43:49.535181999 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.535434008 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.557246923 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.557286024 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.557418108 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.561917067 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.561937094 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.708672047 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.708846092 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.919445038 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.919532061 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.979536057 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.979553938 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.980087042 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.980138063 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.981591940 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.981630087 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:49.982043982 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:49.982048988 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:50.370994091 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:50.371058941 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:50.371496916 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:50.371541977 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:50.371553898 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:43:50.371592045 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:50.415376902 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
| May 16, 2024 09:43:50.415396929 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
| May 16, 2024 09:44:36.952306986 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:36.952347994 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:36.952425003 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:36.953847885 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:36.953857899 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:37.194650888 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:37.207668066 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:37.207691908 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:37.208117008 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:37.209609985 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:37.209676027 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:37.260868073 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:47.183537960 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:47.183612108 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| May 16, 2024 09:44:47.183680058 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:47.818403006 CEST | 49727 | 443 | 192.168.2.5 | 192.178.50.68 |
| May 16, 2024 09:44:47.818442106 CEST | 443 | 49727 | 192.178.50.68 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 16, 2024 09:43:33.084367990 CEST | 53 | 58701 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:33.211919069 CEST | 53 | 55224 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:33.862843990 CEST | 53 | 56347 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:34.432528019 CEST | 53749 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:34.432687998 CEST | 60921 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:34.546977043 CEST | 53 | 53749 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:34.547251940 CEST | 53 | 60921 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:34.549833059 CEST | 58971 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:34.549973011 CEST | 51412 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:34.664192915 CEST | 53 | 58971 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:34.665035009 CEST | 53 | 51412 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.267138958 CEST | 54292 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:35.267349958 CEST | 53075 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:35.381431103 CEST | 53 | 54292 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:35.381855011 CEST | 53 | 53075 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:36.900510073 CEST | 59861 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:36.900911093 CEST | 62728 | 53 | 192.168.2.5 | 1.1.1.1 |
| May 16, 2024 09:43:37.013609886 CEST | 53 | 59861 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:37.013978004 CEST | 53 | 62728 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:43:51.159066916 CEST | 53 | 59980 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:44:10.438487053 CEST | 53 | 50078 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:44:32.737087965 CEST | 53 | 62798 | 1.1.1.1 | 192.168.2.5 |
| May 16, 2024 09:44:33.344934940 CEST | 53 | 51026 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| May 16, 2024 09:43:34.432528019 CEST | 192.168.2.5 | 1.1.1.1 | 0xe69d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| May 16, 2024 09:43:34.432687998 CEST | 192.168.2.5 | 1.1.1.1 | 0xf2f2 | Standard query (0) | 65 | IN (0x0001) | false | |
| May 16, 2024 09:43:34.549833059 CEST | 192.168.2.5 | 1.1.1.1 | 0x35af | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| May 16, 2024 09:43:34.549973011 CEST | 192.168.2.5 | 1.1.1.1 | 0x1563 | Standard query (0) | 65 | IN (0x0001) | false | |
| May 16, 2024 09:43:35.267138958 CEST | 192.168.2.5 | 1.1.1.1 | 0x6cb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| May 16, 2024 09:43:35.267349958 CEST | 192.168.2.5 | 1.1.1.1 | 0x4c8f | Standard query (0) | 65 | IN (0x0001) | false | |
| May 16, 2024 09:43:36.900510073 CEST | 192.168.2.5 | 1.1.1.1 | 0x99b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| May 16, 2024 09:43:36.900911093 CEST | 192.168.2.5 | 1.1.1.1 | 0xa8ef | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| May 16, 2024 09:43:34.546977043 CEST | 1.1.1.1 | 192.168.2.5 | 0xe69d | No error (0) | 104.21.84.200 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:43:34.546977043 CEST | 1.1.1.1 | 192.168.2.5 | 0xe69d | No error (0) | 172.67.196.150 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:43:34.547251940 CEST | 1.1.1.1 | 192.168.2.5 | 0xf2f2 | No error (0) | 65 | IN (0x0001) | false | |||
| May 16, 2024 09:43:34.664192915 CEST | 1.1.1.1 | 192.168.2.5 | 0x35af | No error (0) | 172.67.196.150 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:43:34.664192915 CEST | 1.1.1.1 | 192.168.2.5 | 0x35af | No error (0) | 104.21.84.200 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:43:34.665035009 CEST | 1.1.1.1 | 192.168.2.5 | 0x1563 | No error (0) | 65 | IN (0x0001) | false | |||
| May 16, 2024 09:43:35.381431103 CEST | 1.1.1.1 | 192.168.2.5 | 0x6cb2 | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:43:37.013609886 CEST | 1.1.1.1 | 192.168.2.5 | 0x99b2 | No error (0) | 192.178.50.68 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:43:37.013978004 CEST | 1.1.1.1 | 192.168.2.5 | 0xa8ef | No error (0) | 65 | IN (0x0001) | false | |||
| May 16, 2024 09:43:49.261014938 CEST | 1.1.1.1 | 192.168.2.5 | 0x67e2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| May 16, 2024 09:43:49.261014938 CEST | 1.1.1.1 | 192.168.2.5 | 0x67e2 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:44:02.831412077 CEST | 1.1.1.1 | 192.168.2.5 | 0x45ec | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:44:02.831412077 CEST | 1.1.1.1 | 192.168.2.5 | 0x45ec | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:44:25.515676975 CEST | 1.1.1.1 | 192.168.2.5 | 0x77e4 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:44:25.515676975 CEST | 1.1.1.1 | 192.168.2.5 | 0x77e4 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:44:45.612292051 CEST | 1.1.1.1 | 192.168.2.5 | 0x207e | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| May 16, 2024 09:44:45.612292051 CEST | 1.1.1.1 | 192.168.2.5 | 0x207e | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49709 | 172.67.196.150 | 443 | 4464 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-16 07:43:34 UTC | 663 | OUT | |
| 2024-05-16 07:43:35 UTC | 724 | IN | |
| 2024-05-16 07:43:35 UTC | 145 | IN | |
| 2024-05-16 07:43:35 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49710 | 35.190.80.1 | 443 | 4464 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-16 07:43:35 UTC | 551 | OUT | |
| 2024-05-16 07:43:35 UTC | 336 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49713 | 35.190.80.1 | 443 | 4464 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-16 07:43:36 UTC | 488 | OUT | |
| 2024-05-16 07:43:36 UTC | 391 | OUT | |
| 2024-05-16 07:43:36 UTC | 168 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49715 | 23.213.224.106 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-16 07:43:38 UTC | 161 | OUT | |
| 2024-05-16 07:43:38 UTC | 468 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49716 | 23.213.224.106 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-16 07:43:38 UTC | 239 | OUT | |
| 2024-05-16 07:43:38 UTC | 531 | IN | |
| 2024-05-16 07:43:38 UTC | 55 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 5 | 192.168.2.5 | 49721 | 23.1.237.91 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-16 07:43:49 UTC | 2148 | OUT | |
| 2024-05-16 07:43:49 UTC | 1 | OUT | |
| 2024-05-16 07:43:49 UTC | 2483 | OUT | |
| 2024-05-16 07:43:50 UTC | 479 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:43:28 |
| Start date: | 16/05/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff715980000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 03:43:31 |
| Start date: | 16/05/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff715980000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 03:43:33 |
| Start date: | 16/05/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff715980000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
⊘No disassembly