Windows
Analysis Report
http://winter-bush-1004.cmosm.workers.dev/login/loginhelp
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6300 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1268 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2032 --fi eld-trial- handle=195 2,i,310538 7279275834 936,383687 9509371238 265,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6136 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://winter -bush-1004 .cmosm.wor kers.dev/l ogin/login help" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security | ||
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
winter-bush-1004.cmosm.workers.dev | 104.21.1.4 | true | false | unknown | |
www.google.com | 172.217.18.4 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | unknown | ||
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.186.113 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
104.21.1.4 | winter-bush-1004.cmosm.workers.dev | United States | 13335 | CLOUDFLARENETUS | false | |
172.217.18.4 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.6 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467872 |
Start date and time: | 2024-07-05 00:17:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://winter-bush-1004.cmosm.workers.dev/login/loginhelp |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.phis.win@17/16@8/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.185.174, 74.125.133.84, 34.104.35.123, 40.68.123.157, 93.184.221.240, 192.229.221.95, 13.85.23.206, 142.250.184.227
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: http://winter-bush-1004.cmosm.workers.dev/login/loginhelp
Input | Output |
---|---|
URL: https://winter-bush-1004.cmosm.workers.dev/login/loginhelp Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title of the webpage suggests that it is a suspected phishing site, which is a red flag.","The text on the webpage warns about potential phishing and encourages the user to ignore and proceed, which is a common tactic used in phishing attacks.","The webpage uses Cloudflare, which is a service often used by phishing sites to hide their true identity.","There is no login form or request for sensitive information on the webpage, but this does not necessarily mean that the webpage is not a phishing site. Phishers may use other methods to trick users into providing their information."]} |
Title: Suspected phishing site | Cloudflare OCR: O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Cloudflare Ray 10: 89e27d644926186d Your 'P: Click ta reveal Performance & security by Cloudfiare | |
URL: https://winter-bush-1004.cmosm.workers.dev/login/loginhelp Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title of the webpage suggests that it is a suspected phishing site, which is a potential security concern.","The text on the webpage warns the user about potential phishing and encourages them to proceed with caution.","The webpage uses Cloudflare for performance and security, which can be a positive indicator of the site's legitimacy, but it can also be used by malicious sites."]}Explanation:* The title of the webpage suggests that it is a suspected phishing site, which is a potential security concern.* The text on the webpage warns the user about potential phishing and encourages them to proceed with caution.* The webpage uses Cloudflare for performance and security, which can be a positive indicator of the site's legitimacy, but it can also be used by malicious sites.* The webpage does not contain a login form, a CAPTCHA or any text that creates a sense of urgency or interest.* It is important to note that the absence of these elements does not necessarily mean that the webpage is safe, and further investigation is recommended. |
Title: Suspected phishing site | Cloudflare OCR: O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Cloudflare Ray 'D: 89e27d644926186d Performance & security by Cloudflare Your IP: 846.123.33 |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9760510477699187 |
Encrypted: | false |
SSDEEP: | 48:8bdnmjTHyEpSfHZidAKZdA19ehwiZUklqehVy+3:89mjjZpSDWy |
MD5: | 023506F10C59A35DE1D14636DFA0B8C8 |
SHA1: | 75866D01D7F01D3D5274AF0D47113AA3CF4992B6 |
SHA-256: | 138809477458700679C6378829DA5A4856D958F703CD3B09B5A45335843C653E |
SHA-512: | 009A68F1690B9A91C0E720D367947902C574953673C290F7298DDF87B9283261F03FF1E56AE2952A6BB35B099286AF26127532223DE443E9D36C9353BA818F1E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9929907336046355 |
Encrypted: | false |
SSDEEP: | 48:82dnmjTHyEpSfHZidAKZdA1weh/iZUkAQkqehGy+2:8imjjZpSx9QLy |
MD5: | 0BD93D21BC02E39017C9786C2166660E |
SHA1: | 8D7DA42EC1D0FAEDCD2F6CC12368F17A0D6A036E |
SHA-256: | 235C73D382829EABA622949548609869751A174B7FB9CD7BDFBE10A7DF882EE6 |
SHA-512: | 87B5288760BCC92CC63A266B54866A00360064EBE6B02956932200F87968FC9A70A3713A0FFCB74219DE81C816D77BDF6A754474A82864858160C8FE88ED1C09 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.0019696045964315 |
Encrypted: | false |
SSDEEP: | 48:8xLdnmjTHyEpsHZidAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8xtmjjZpsnKy |
MD5: | E1CAC72C1588505925B43DDB5BBFDF1B |
SHA1: | 3D98D6443B28F73C5E378129E9463DCE50E83654 |
SHA-256: | 7D24F370AC0EE2B830BCD3BA99B09A30E7AA80187CAE9771F849F0BFA68254A1 |
SHA-512: | A79F0190E9378885DF267F04FEB9FDBDC57DD612B0F700F41B7D6887DCAB81944F4AD2E9A9FFB5D1B174F546FEF6358B01CE62FE4C1E75FCB17E7A9285636F6B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.990612086802015 |
Encrypted: | false |
SSDEEP: | 48:8HdnmjTHyEpSfHZidAKZdA1vehDiZUkwqehSy+R:8BmjjZpSyEy |
MD5: | C90502831D7253DE363EB8CC378C385E |
SHA1: | C30148DBABE2369F5264E8C5EFBFB5E3C28D3144 |
SHA-256: | F93D94333EA8C83DE40F0BC81349E9A0AB95D14578F23EC827A48AEA98491564 |
SHA-512: | D2839446B80132E8CD593417CCF2D93A082E2887E97409FF644C2D49CF3F50F7B5472353CEA5DEB1CFC047D39BEF29DCC65AD6BD798AE3DEC46D4AFE534D868F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.977886949516385 |
Encrypted: | false |
SSDEEP: | 48:8OdnmjTHyEpSfHZidAKZdA1hehBiZUk1W1qehQy+C:8qmjjZpSC9wy |
MD5: | E5A6C2B1014B3F52A4DEF835F309BCE0 |
SHA1: | 731E32BFAB650775264CD90F7CB488891814A6E8 |
SHA-256: | D924831748F3C034DC980ADB41DDF600B4FC72AD92B5CC88249FA3FA9A2544B1 |
SHA-512: | 5016B5252593C9376B95E608BAD8E77BABEBFF6835114E83336CA64B4C6DEEA4DBF65FC8E31BDC49FBF4C6B16E5D30D1D0C9343D4063C7E8EA76D0E60FA0F44B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.992187202264453 |
Encrypted: | false |
SSDEEP: | 48:8NdnmjTHyEpSfHZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbKy+yT+:8nmjjZpS8T/TbxWOvTbKy7T |
MD5: | 16BA7282ABFE91C7FB90D0DC88778693 |
SHA1: | 9DA6FB35C3A93F384B130145873A0604F412B8FB |
SHA-256: | 139A9958ED2BFD8AB9150984A7D1547886C377D183092A55E6CCABED7ED8F4CB |
SHA-512: | 25E64C23A59DC981E2932ECD665704A1FA25B5CAFB706E9E5535526CE79B92BE7272CF773483693056D24A928EA98D152C51EA12D6A42EAB6BAA471C8D861AFC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 38366 |
Entropy (8bit): | 4.385526316224767 |
Encrypted: | false |
SSDEEP: | 768:vPbewqLxj+e8zeGKnyc+Kq+FGgkQb8D24nqMTcgz90U2ubqTdEP:2xj18zeGiyc+KqiGgkQbj4qkcgz90U2m |
MD5: | 6664B1A1865FDC11C2CD9407FD8A7888 |
SHA1: | 47DAACC6A0C9A19AA9E64F3F33AFCC2EBA894861 |
SHA-256: | 2C0AAFFEDDB6C7BD0CAC5468E6D0D0EDAB00544086E1AC884B3A0EF21D0CE76B |
SHA-512: | EC651B35A998F620152DE50114AA22BC361613CD98437F174BF6244FA439B6B75F902E3DF18E4946D4E94D3C973D9F0758AFD7CCFE32BAAFA4871FF0B14AB29E |
Malicious: | false |
Reputation: | low |
URL: | https://winter-bush-1004.cmosm.workers.dev/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24051 |
Entropy (8bit): | 4.941039417164537 |
Encrypted: | false |
SSDEEP: | 192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk |
MD5: | 5E8C69A459A691B5D1B9BE442332C87D |
SHA1: | F24DD1AD7C9080575D92A9A9A2C42620725EF836 |
SHA-256: | 84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091 |
SHA-512: | 6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42 |
Malicious: | false |
Reputation: | low |
URL: | https://winter-bush-1004.cmosm.workers.dev/cdn-cgi/styles/cf.errors.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Reputation: | low |
URL: | https://winter-bush-1004.cmosm.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4409 |
Entropy (8bit): | 5.085648495203342 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjUDK/D5DMF+BOisE2ZbA2ZLim2BrR49PaQxJbGD:1j9jhjYjIK/Vo+tsjZOmmrO9ieJGD |
MD5: | 9FFA99FB7B0B711517CBC4DC2F8E8597 |
SHA1: | 9A6FB279CC2640C8362D8061679306587834F80D |
SHA-256: | B8C16BAA51B855607E4172BF4C8F1FB91075CDDD3D8CDF42D0DEA1694622D93E |
SHA-512: | 1D4ABE6680A8D3C2EF83B4C38611316529D56D0F211E919FBE4428CFFDA25BEBDB187302868012D862809BC25E8E39A8A2629DB7B4F265424C52C81123D003D0 |
Malicious: | false |
Reputation: | low |
URL: | https://winter-bush-1004.cmosm.workers.dev/login/loginhelp |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38366 |
Entropy (8bit): | 4.385526316224767 |
Encrypted: | false |
SSDEEP: | 768:vPbewqLxj+e8zeGKnyc+Kq+FGgkQb8D24nqMTcgz90U2ubqTdEP:2xj18zeGiyc+KqiGgkQbj4qkcgz90U2m |
MD5: | 6664B1A1865FDC11C2CD9407FD8A7888 |
SHA1: | 47DAACC6A0C9A19AA9E64F3F33AFCC2EBA894861 |
SHA-256: | 2C0AAFFEDDB6C7BD0CAC5468E6D0D0EDAB00544086E1AC884B3A0EF21D0CE76B |
SHA-512: | EC651B35A998F620152DE50114AA22BC361613CD98437F174BF6244FA439B6B75F902E3DF18E4946D4E94D3C973D9F0758AFD7CCFE32BAAFA4871FF0B14AB29E |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 00:18:05.698074102 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:05.698076010 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:05.807450056 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:11.963869095 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:11.963892937 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:11.963973999 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:11.964209080 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:11.964220047 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.444894075 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.448271990 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.448290110 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.449340105 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.449439049 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.450845003 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.450913906 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.451069117 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.492505074 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.496923923 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.496933937 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.545559883 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.581995010 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.582058907 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.582145929 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.582171917 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.582184076 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.582344055 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.582395077 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.589255095 CEST | 49709 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.589266062 CEST | 443 | 49709 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.637398958 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.637422085 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:12.637830019 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.638134003 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:12.638144970 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.115777969 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.120805979 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.120820045 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.121325016 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.122714996 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.122801065 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.123106956 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.168510914 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283207893 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283291101 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283345938 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.283354044 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283444881 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283489943 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283499002 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.283505917 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283548117 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.283554077 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283890009 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283948898 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.283953905 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.283997059 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.284046888 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.284054041 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.289480925 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.289530039 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.289560080 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.289568901 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.289616108 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.373667955 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.373740911 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.373776913 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.373794079 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.373802900 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.373846054 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.373851061 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.373898029 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.373971939 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.493279934 CEST | 49710 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.493298054 CEST | 443 | 49710 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.664154053 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.664211988 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:13.664273977 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.664738894 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:13.664757013 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.144606113 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.144844055 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.144876003 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.145240068 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.146356106 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.146420956 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.155618906 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.200500965 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.287405014 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.287487984 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.287542105 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.288760900 CEST | 49713 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.288784027 CEST | 443 | 49713 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.794008017 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.794064999 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.794131994 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.795171022 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:14.795187950 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.807780981 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:14.807811022 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:14.807959080 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:14.808554888 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:14.808568001 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.277559042 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:15.277595043 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:15.277650118 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:15.280718088 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:15.280734062 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:15.289823055 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.289861917 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.290055037 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.290445089 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.290456057 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.293884993 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.294754028 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.294775963 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.295083046 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.295962095 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.295962095 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.295979977 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.296020985 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.308526993 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:15.308531046 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:15.340363026 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.418497086 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:15.448215961 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448245049 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448275089 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448318005 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448344946 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448343039 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.448380947 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448410988 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.448426008 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.448431969 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448959112 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.448997974 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.449035883 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.449043036 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.449052095 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.449094057 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.449896097 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.449950933 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.449959040 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.480685949 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.481334925 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:15.481347084 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.482336044 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.482394934 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:15.484949112 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:15.485007048 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.496614933 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.496623039 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.527858019 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:15.527864933 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.542881966 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.542907000 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.542932987 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.542942047 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.542983055 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.542994022 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.543000937 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543020010 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.543593884 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543625116 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543637991 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.543643951 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543683052 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543688059 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.543700933 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543740034 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543740988 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.543750048 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.543792009 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.543798923 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.544527054 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.544584036 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.544590950 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.544601917 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.544641972 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.574744940 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:15.772725105 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.824742079 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.882293940 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.882313013 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.883541107 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.883557081 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.883610010 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.885644913 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.885732889 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.886850119 CEST | 49714 | 443 | 192.168.2.5 | 104.21.1.4 |
Jul 5, 2024 00:18:15.886873960 CEST | 443 | 49714 | 104.21.1.4 | 192.168.2.5 |
Jul 5, 2024 00:18:15.890311956 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.890324116 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.934111118 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.970376968 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:15.970448971 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:15.975951910 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:15.975963116 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:15.976246119 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:15.990488052 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.990557909 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:15.990607977 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.996157885 CEST | 49717 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:15.996176004 CEST | 443 | 49717 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.027858973 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.042840004 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.088499069 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.260662079 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.260727882 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.260776997 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.260999918 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.261020899 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.261029959 CEST | 49716 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.261035919 CEST | 443 | 49716 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.299671888 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.299714088 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.299770117 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.300188065 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.300198078 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.456248999 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:16.456302881 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.456362963 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:16.456667900 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:16.456681967 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.943224907 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.943712950 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:16.943742037 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.944093943 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.944756031 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:16.944756031 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:16.944839954 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:16.991281033 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.991482973 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.996395111 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.996406078 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.996613026 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:16.998110056 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:16.998111963 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.040508986 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:17.085968018 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:18:17.086409092 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:18:17.098102093 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098155022 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098205090 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098294020 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.098311901 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098426104 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.098454952 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098530054 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098565102 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.098836899 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.098844051 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.099111080 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.099216938 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.099282980 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.099318981 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.100024939 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.100116014 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.100122929 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.153234959 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.153254986 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.189560890 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.189600945 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.189635992 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.189646006 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.189666033 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.189687967 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190026999 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190130949 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190138102 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190186024 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190221071 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190252066 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190274954 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190282106 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190320969 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190721989 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190777063 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190804005 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190809011 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190819979 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190864086 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190886021 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190896034 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.190924883 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.190972090 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:17.192534924 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.192534924 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.279510021 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:17.279580116 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:17.279722929 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:17.281239033 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:17.281239033 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:18:17.281261921 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:17.281272888 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:18:17.500402927 CEST | 49719 | 443 | 192.168.2.5 | 172.67.186.113 |
Jul 5, 2024 00:18:17.500443935 CEST | 443 | 49719 | 172.67.186.113 | 192.168.2.5 |
Jul 5, 2024 00:18:25.373269081 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:25.373332024 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:18:25.373374939 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:26.685425043 CEST | 49715 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:18:26.685465097 CEST | 443 | 49715 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:14.959480047 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:14.959521055 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:14.959651947 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:14.962538958 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:14.962558031 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:15.606343985 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:15.606851101 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:15.606867075 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:15.607156992 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:15.607707977 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:15.607767105 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:15.653408051 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:25.518003941 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:25.518080950 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Jul 5, 2024 00:19:25.518152952 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:26.671329975 CEST | 49729 | 443 | 192.168.2.5 | 172.217.18.4 |
Jul 5, 2024 00:19:26.671365023 CEST | 443 | 49729 | 172.217.18.4 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 00:18:10.335967064 CEST | 53 | 65007 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:10.395880938 CEST | 53 | 49318 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:11.704372883 CEST | 53 | 58916 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:11.926501036 CEST | 52061 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:11.926687956 CEST | 61139 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:11.940500021 CEST | 53 | 52061 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:11.941612005 CEST | 53 | 61139 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:11.945117950 CEST | 49829 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:11.945242882 CEST | 65101 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:11.960405111 CEST | 53 | 49829 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:11.963258982 CEST | 53 | 65101 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:14.796293974 CEST | 61217 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:14.797646999 CEST | 56694 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:14.805169106 CEST | 53 | 61217 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:14.805773020 CEST | 53 | 56694 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:15.269958019 CEST | 58738 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:15.270243883 CEST | 58260 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:18:15.281044006 CEST | 53 | 58260 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:15.288958073 CEST | 53 | 58738 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:28.948869944 CEST | 53 | 61321 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:18:47.909152031 CEST | 53 | 49265 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:19:10.086838961 CEST | 53 | 52923 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:19:10.679403067 CEST | 53 | 49940 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 5, 2024 00:18:11.926501036 CEST | 192.168.2.5 | 1.1.1.1 | 0x48e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:18:11.926687956 CEST | 192.168.2.5 | 1.1.1.1 | 0x861c | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 00:18:11.945117950 CEST | 192.168.2.5 | 1.1.1.1 | 0xad75 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:18:11.945242882 CEST | 192.168.2.5 | 1.1.1.1 | 0x138d | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 00:18:14.796293974 CEST | 192.168.2.5 | 1.1.1.1 | 0x5190 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:18:14.797646999 CEST | 192.168.2.5 | 1.1.1.1 | 0x7bea | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 00:18:15.269958019 CEST | 192.168.2.5 | 1.1.1.1 | 0x5083 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:18:15.270243883 CEST | 192.168.2.5 | 1.1.1.1 | 0xd61b | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 5, 2024 00:18:11.940500021 CEST | 1.1.1.1 | 192.168.2.5 | 0x48e8 | No error (0) | 104.21.1.4 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:11.940500021 CEST | 1.1.1.1 | 192.168.2.5 | 0x48e8 | No error (0) | 172.67.186.113 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:11.941612005 CEST | 1.1.1.1 | 192.168.2.5 | 0x861c | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:18:11.960405111 CEST | 1.1.1.1 | 192.168.2.5 | 0xad75 | No error (0) | 104.21.1.4 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:11.960405111 CEST | 1.1.1.1 | 192.168.2.5 | 0xad75 | No error (0) | 172.67.186.113 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:11.963258982 CEST | 1.1.1.1 | 192.168.2.5 | 0x138d | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:18:14.805169106 CEST | 1.1.1.1 | 192.168.2.5 | 0x5190 | No error (0) | 172.217.18.4 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:14.805773020 CEST | 1.1.1.1 | 192.168.2.5 | 0x7bea | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:18:15.281044006 CEST | 1.1.1.1 | 192.168.2.5 | 0xd61b | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:18:15.288958073 CEST | 1.1.1.1 | 192.168.2.5 | 0x5083 | No error (0) | 172.67.186.113 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:15.288958073 CEST | 1.1.1.1 | 192.168.2.5 | 0x5083 | No error (0) | 104.21.1.4 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:27.278165102 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb9 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:27.278165102 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb9 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:41.659534931 CEST | 1.1.1.1 | 192.168.2.5 | 0x60e0 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:18:41.659534931 CEST | 1.1.1.1 | 192.168.2.5 | 0x60e0 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:19:03.163645983 CEST | 1.1.1.1 | 192.168.2.5 | 0xb86d | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:19:03.163645983 CEST | 1.1.1.1 | 192.168.2.5 | 0xb86d | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:19:23.098750114 CEST | 1.1.1.1 | 192.168.2.5 | 0xbbc4 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:19:23.098750114 CEST | 1.1.1.1 | 192.168.2.5 | 0xbbc4 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49709 | 104.21.1.4 | 443 | 1268 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:12 UTC | 692 | OUT | |
2024-07-04 22:18:12 UTC | 577 | IN | |
2024-07-04 22:18:12 UTC | 792 | IN | |
2024-07-04 22:18:12 UTC | 1369 | IN | |
2024-07-04 22:18:12 UTC | 1369 | IN | |
2024-07-04 22:18:12 UTC | 887 | IN | |
2024-07-04 22:18:12 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 104.21.1.4 | 443 | 1268 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:13 UTC | 610 | OUT | |
2024-07-04 22:18:13 UTC | 411 | IN | |
2024-07-04 22:18:13 UTC | 958 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN | |
2024-07-04 22:18:13 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49713 | 104.21.1.4 | 443 | 1268 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:14 UTC | 687 | OUT | |
2024-07-04 22:18:14 UTC | 409 | IN | |
2024-07-04 22:18:14 UTC | 452 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49714 | 104.21.1.4 | 443 | 1268 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:15 UTC | 639 | OUT | |
2024-07-04 22:18:15 UTC | 565 | IN | |
2024-07-04 22:18:15 UTC | 804 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN | |
2024-07-04 22:18:15 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49717 | 172.67.186.113 | 443 | 1268 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:15 UTC | 404 | OUT | |
2024-07-04 22:18:15 UTC | 409 | IN | |
2024-07-04 22:18:15 UTC | 452 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49716 | 23.211.4.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:16 UTC | 161 | OUT | |
2024-07-04 22:18:16 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49719 | 172.67.186.113 | 443 | 1268 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:16 UTC | 369 | OUT | |
2024-07-04 22:18:17 UTC | 569 | IN | |
2024-07-04 22:18:17 UTC | 800 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN | |
2024-07-04 22:18:17 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49718 | 23.211.4.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:18:16 UTC | 239 | OUT | |
2024-07-04 22:18:17 UTC | 535 | IN | |
2024-07-04 22:18:17 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:18:06 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 18:18:09 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:18:11 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |