Windows
Analysis Report
http://www.nerugby.com:443
Overview
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6552 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6608 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2524 --fi eld-trial- handle=220 8,i,124809 8257405141 8881,50357 2420554296 3578,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 3964 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://www.ne rugby.com: 443" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.nerugby.com | 66.96.149.1 | true | false | unknown | |
www.google.com | 142.250.186.132 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
66.96.149.1 | www.nerugby.com | United States | 29873 | BIZLAND-SDUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.186.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465760 |
Start date and time: | 2024-07-02 01:39:33 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://www.nerugby.com:443 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@20/6@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.250.185.110, 74.125.133.84, 34.104.35.123, 93.184.221.240, 192.229.221.95, 20.166.126.56, 13.95.31.18, 142.250.185.67, 2.22.61.145, 2.19.97.171
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://www.nerugby.com:443
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.983592352370177 |
Encrypted: | false |
SSDEEP: | 48:81drTz/dH0idAKZdA19ehwiZUklqehOy+3:8z3gVy |
MD5: | 9624E611200977D6DC0A25F21C743D05 |
SHA1: | 021956B66971A7848DED411403BCD4ACFBA4622F |
SHA-256: | 5FE8E0395B54A1801AAA5A0D0379ECB98903C9B7D2B7D5B0CEB95552ADE62AF0 |
SHA-512: | DF3BDDEBE8217AD9E3D7E42C20E0DB772B46A121FF6A9CD406881BFD9F3DF413C42DC926FC9C1A2606EAB5F0FF3AE82CD56DB9193766E50455FAF53D97546923 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9955431104167114 |
Encrypted: | false |
SSDEEP: | 48:8HZdrTz/dH0idAKZdA1weh/iZUkAQkqehFy+2:8H/3a9QMy |
MD5: | 7F3007DB93E8FDBD7CCEC68E73FCAC90 |
SHA1: | 1FD3718FB11958C0B4CA0A82148D7B1848F3BAF3 |
SHA-256: | A7C3029EDE006C6B09B5DA49D149679C6763B73A78AC3CD5D8404F3A4B584188 |
SHA-512: | 694BFA4887FA47F9C3642E2F7EFEE26AD200A870CAF0D4C3D804671F2EF83E6D6D180E30EC33FFB89E0A03BC66CAFACCBBF53D254877EF9336F70B714D9F9A6B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.007987363395617 |
Encrypted: | false |
SSDEEP: | 48:8xodrTz/sH0idAKZdA14tseh7sFiZUkmgqeh7sTy+BX:8xk35nRy |
MD5: | 87898335DF7D8AD13D6690C7E65EF77B |
SHA1: | 8442F174951290FEACF065EAD1BBBFD7E6810B38 |
SHA-256: | 5355AB6FE574F4DEDDCE628B843B60A049E0E574E77B46B8620C3EDE40A1F9DC |
SHA-512: | 912FAF53E6AE51C063A4A6F7D1B7DC7DEF7B7736AF71611985194FD127CCDF786BC928041209CBC7D6EAA62C278D886A23F4C0E1A3D0225127EDAC1C9D4D5DC9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9975480576233093 |
Encrypted: | false |
SSDEEP: | 48:8GdrTz/dH0idAKZdA1vehDiZUkwqeh5y+R:8e3Bby |
MD5: | D8A5A92FBCD34CAA9774F4C33FC4AA92 |
SHA1: | 99E9EF179B0BE9DEAC056F59F42A0DB315F4088A |
SHA-256: | E9767EF06F3F57A2336AD0F3AE676971EF9AEBDF3BE77947001D24A4BFF4FAC7 |
SHA-512: | 98465A172330096C664FF4730948A148A60498966B0A5538588D8BA820017A631F50DE54500452DAF845EB937C95252E0F739CE5D3C04076130B88A8F6EA30E3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9871082846280093 |
Encrypted: | false |
SSDEEP: | 48:8UdrTz/dH0idAKZdA1hehBiZUk1W1qeh/y+C:8Y3B9fy |
MD5: | 24BE17D2B8651B00352EC4D086D0A06D |
SHA1: | BECF284F15EDC6D713BA87F43368190A8CFBFEAA |
SHA-256: | 2670D914528997D1D5C6F909547F6F5146B4055182E1AE2BFC540A2DDA93A1F1 |
SHA-512: | 8296C8FEEEBFBE7FAC59CD7BCDA1CD33B5ABDBB35BFEDD820F018B20578BE5A6D7CAE9F754D920215F201BCCBE05E1E1CB9645485EF8BF5A8A0F50E27DB61F7A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9974316505487972 |
Encrypted: | false |
SSDEEP: | 48:8g7drTz/dH0idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8M39T/TbxWOvTbRy7T |
MD5: | 5B6FDCE47A5D413B03FF9125E1FE7F4C |
SHA1: | F2CE900E137E1BD6350147FE91C45924A2F661F5 |
SHA-256: | FA05725DE52A71BBA89006A4D0AB53ABC5AA5415EDB4E353A40A776D40D0891C |
SHA-512: | 35F18C956DFEE86E1B94898EF5187A7384959F3E48EBEFB63F0ED02572217ACEA82D4B3A1AC55A544E6572207221DB1F3340DB190AD06A2FD57588D4691AC057 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 01:40:17.751415014 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:17.751420975 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:17.860780001 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:26.483593941 CEST | 49710 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:26.483630896 CEST | 443 | 49710 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:26.483692884 CEST | 49710 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:26.484083891 CEST | 49711 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:26.484127045 CEST | 443 | 49711 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:26.484184027 CEST | 49711 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:26.484325886 CEST | 49710 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:26.484339952 CEST | 443 | 49710 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:26.484396935 CEST | 443 | 49710 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.393441916 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:27.471581936 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:27.554311037 CEST | 49714 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.554347038 CEST | 443 | 49714 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.554444075 CEST | 49714 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.561764956 CEST | 49711 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.561790943 CEST | 443 | 49711 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.561851025 CEST | 443 | 49711 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.561908007 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:27.562110901 CEST | 49714 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.562122107 CEST | 443 | 49714 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.562163115 CEST | 443 | 49714 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.562520981 CEST | 49715 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.562566996 CEST | 443 | 49715 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.562624931 CEST | 49715 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.562706947 CEST | 49715 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:27.562721014 CEST | 443 | 49715 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.562747002 CEST | 443 | 49715 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.631535053 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:27.631567955 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:27.631628990 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:27.631834030 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:27.631849051 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:28.293181896 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:28.293637037 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:28.293673992 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:28.294636011 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:28.294687986 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:28.297061920 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:28.297122955 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:28.377984047 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:28.378011942 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:28.424841881 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:29.214559078 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:29.214668036 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:31.189037085 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.189074993 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:31.189146996 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.191407919 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.191420078 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:31.860666990 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:31.860749960 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.865365982 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.865377903 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:31.865658045 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:31.909621000 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.913083076 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:31.960501909 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.131560087 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.131638050 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.131746054 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.131776094 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.131788969 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.131797075 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.131804943 CEST | 49719 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.131808043 CEST | 443 | 49719 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.164362907 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.164391041 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.164457083 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.164752007 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.164764881 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.598568916 CEST | 49721 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.598635912 CEST | 443 | 49721 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.598720074 CEST | 49721 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.599035978 CEST | 49722 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.599044085 CEST | 443 | 49722 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.599128962 CEST | 49722 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.670815945 CEST | 49722 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.670840025 CEST | 443 | 49722 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.670942068 CEST | 443 | 49722 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.671472073 CEST | 49721 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.671483994 CEST | 443 | 49721 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.671546936 CEST | 443 | 49721 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.672415972 CEST | 49723 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.672446966 CEST | 443 | 49723 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.673413992 CEST | 49723 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.673902035 CEST | 49723 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:40:32.673914909 CEST | 443 | 49723 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.673938990 CEST | 443 | 49723 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:40:32.813397884 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.813467979 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.815162897 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.815172911 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.815414906 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:32.821486950 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:32.864509106 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:33.092259884 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:33.092335939 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:33.092431068 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:33.094758987 CEST | 49720 | 443 | 192.168.2.5 | 184.28.90.27 |
Jul 2, 2024 01:40:33.094774008 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.5 |
Jul 2, 2024 01:40:37.745563984 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:37.745609999 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:37.745685101 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:37.747622967 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:37.747636080 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:38.234657049 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:38.234709024 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:38.234875917 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:38.529589891 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:38.529778004 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:38.535207987 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:38.535219908 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:38.535456896 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:38.581531048 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:38.835860014 CEST | 49716 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:40:38.835896015 CEST | 443 | 49716 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:40:39.371212006 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:39.412496090 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628875971 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628900051 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628906965 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628918886 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628945112 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:39.628946066 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628964901 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.628978014 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:39.629003048 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:39.629141092 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.629194975 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:39.629199982 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.629709005 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:39.629756927 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:40.089840889 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:40.090212107 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:40.091283083 CEST | 49730 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:40.091322899 CEST | 443 | 49730 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:40.091379881 CEST | 49730 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:40.092664957 CEST | 49730 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:40.092679977 CEST | 443 | 49730 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:40.094753981 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:40.096661091 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:40.355412006 CEST | 49724 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:40:40.355443001 CEST | 443 | 49724 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:40:40.694040060 CEST | 443 | 49730 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:40.694339037 CEST | 49730 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:40:59.859463930 CEST | 443 | 49730 | 23.1.237.91 | 192.168.2.5 |
Jul 2, 2024 01:40:59.859523058 CEST | 49730 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 2, 2024 01:41:02.701889992 CEST | 49732 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.701934099 CEST | 443 | 49732 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.702002048 CEST | 49732 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.702233076 CEST | 49733 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.702290058 CEST | 443 | 49733 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.702334881 CEST | 49733 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.711046934 CEST | 49733 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.711060047 CEST | 443 | 49733 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.711100101 CEST | 443 | 49733 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.711359024 CEST | 49732 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.711369991 CEST | 443 | 49732 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.711411953 CEST | 443 | 49732 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.711755991 CEST | 49734 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.711766005 CEST | 443 | 49734 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.711862087 CEST | 49734 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.711970091 CEST | 49734 | 443 | 192.168.2.5 | 66.96.149.1 |
Jul 2, 2024 01:41:02.711982012 CEST | 443 | 49734 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:02.712003946 CEST | 443 | 49734 | 66.96.149.1 | 192.168.2.5 |
Jul 2, 2024 01:41:16.854749918 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:16.854784966 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:16.854840994 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:16.855155945 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:16.855165958 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.624972105 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.625176907 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.628567934 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.628576040 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.628772020 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.637110949 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.680495024 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.949383974 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.949398994 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.949426889 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.949469090 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.949480057 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.949506044 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.949568987 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.950460911 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.950503111 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.950558901 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.950558901 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.950562000 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.950855970 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.951248884 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.953815937 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.953815937 CEST | 49735 | 443 | 192.168.2.5 | 40.127.169.103 |
Jul 2, 2024 01:41:17.953830957 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:17.953859091 CEST | 443 | 49735 | 40.127.169.103 | 192.168.2.5 |
Jul 2, 2024 01:41:27.674536943 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:27.674561977 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:27.674783945 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:27.675307035 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:27.675318003 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:28.314270973 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:28.314579964 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:28.314595938 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:28.314866066 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:28.315180063 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:28.315233946 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:28.363215923 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:38.224371910 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:38.224431992 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Jul 2, 2024 01:41:38.224728107 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:38.820204973 CEST | 49737 | 443 | 192.168.2.5 | 142.250.186.132 |
Jul 2, 2024 01:41:38.820230961 CEST | 443 | 49737 | 142.250.186.132 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 01:40:23.775474072 CEST | 53 | 50653 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:23.782450914 CEST | 53 | 56241 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:26.308243990 CEST | 58155 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 2, 2024 01:40:26.308412075 CEST | 65352 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 2, 2024 01:40:26.477618933 CEST | 53 | 58155 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:26.483072996 CEST | 53 | 65352 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.346175909 CEST | 53 | 55385 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.623380899 CEST | 63049 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 2, 2024 01:40:27.623521090 CEST | 61725 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 2, 2024 01:40:27.630564928 CEST | 53 | 63049 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:27.630852938 CEST | 53 | 61725 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:40:49.065839052 CEST | 53 | 51711 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:41:12.571996927 CEST | 53 | 58571 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:41:23.279931068 CEST | 53 | 50930 | 1.1.1.1 | 192.168.2.5 |
Jul 2, 2024 01:41:39.876687050 CEST | 53 | 57498 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 01:40:26.308243990 CEST | 192.168.2.5 | 1.1.1.1 | 0x2322 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 2, 2024 01:40:26.308412075 CEST | 192.168.2.5 | 1.1.1.1 | 0x9e9a | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 2, 2024 01:40:27.623380899 CEST | 192.168.2.5 | 1.1.1.1 | 0x8162 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 2, 2024 01:40:27.623521090 CEST | 192.168.2.5 | 1.1.1.1 | 0x6293 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 01:40:26.477618933 CEST | 1.1.1.1 | 192.168.2.5 | 0x2322 | No error (0) | 66.96.149.1 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 01:40:27.630564928 CEST | 1.1.1.1 | 192.168.2.5 | 0x8162 | No error (0) | 142.250.186.132 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 01:40:27.630852938 CEST | 1.1.1.1 | 192.168.2.5 | 0x6293 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 2, 2024 01:40:39.356555939 CEST | 1.1.1.1 | 192.168.2.5 | 0x2b3b | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 2, 2024 01:40:39.356555939 CEST | 1.1.1.1 | 192.168.2.5 | 0x2b3b | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 01:40:52.746721983 CEST | 1.1.1.1 | 192.168.2.5 | 0x55e2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 2, 2024 01:40:52.746721983 CEST | 1.1.1.1 | 192.168.2.5 | 0x55e2 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 01:41:08.623317003 CEST | 1.1.1.1 | 192.168.2.5 | 0xb914 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 2, 2024 01:41:08.623317003 CEST | 1.1.1.1 | 192.168.2.5 | 0xb914 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 01:41:32.152759075 CEST | 1.1.1.1 | 192.168.2.5 | 0x99ae | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 2, 2024 01:41:32.152759075 CEST | 1.1.1.1 | 192.168.2.5 | 0x99ae | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49710 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:26.484325886 CEST | 434 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49711 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:27.561764956 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49714 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:27.562110901 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49715 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:27.562706947 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49722 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:32.670815945 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49721 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:32.671472073 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49723 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:40:32.673902035 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49733 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:41:02.711046934 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49732 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:41:02.711359024 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49734 | 66.96.149.1 | 443 | 6608 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 01:41:02.711970091 CEST | 460 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49719 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 23:40:31 UTC | 161 | OUT | |
2024-07-01 23:40:32 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49720 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 23:40:32 UTC | 239 | OUT | |
2024-07-01 23:40:33 UTC | 515 | IN | |
2024-07-01 23:40:33 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49724 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 23:40:39 UTC | 306 | OUT | |
2024-07-01 23:40:39 UTC | 560 | IN | |
2024-07-01 23:40:39 UTC | 15824 | IN | |
2024-07-01 23:40:39 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49735 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 23:41:17 UTC | 306 | OUT | |
2024-07-01 23:41:17 UTC | 560 | IN | |
2024-07-01 23:41:17 UTC | 15824 | IN | |
2024-07-01 23:41:17 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 19:40:18 |
Start date: | 01/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 19:40:22 |
Start date: | 01/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 19:40:25 |
Start date: | 01/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |