Windows
Analysis Report
https://ns43q4.csb.app/
Overview
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 6392 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 2364 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2556 --fi eld-trial- handle=252 4,i,586423 9888223602 617,151822 5115646197 078,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 4372 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://ns43q 4.csb.app/ " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
ns43q4.csb.app | 104.18.39.169 | true | false | unknown | |
www.google.com | 216.58.212.164 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.58.212.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
104.18.39.169 | ns43q4.csb.app | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.6 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467886 |
Start date and time: | 2024-07-05 00:30:28 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://ns43q4.csb.app/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@16/14@4/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.131, 216.58.206.46, 74.125.133.84, 34.104.35.123, 142.250.185.170, 142.250.181.227, 20.114.59.183, 199.232.210.172, 192.229.221.95, 20.3.187.198, 20.166.126.56, 20.12.23.50, 142.250.186.163, 142.250.184.227, 40.68.123.157, 2.19.126.137, 2.19.126.163
- Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://ns43q4.csb.app/
Input | Output |
---|---|
URL: https://ns43q4.csb.app/ Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form.","The text does not create a sense of urgency or interest.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]} |
Title: CodeSandbox Projects OCR: Failed to load preview Something went wrong while loading preview. |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.984330607074544 |
Encrypted: | false |
SSDEEP: | 48:8fdhTJRUHuZidAKZdA19ehwiZUklqehXy+3:87bloy |
MD5: | 1ACDCE4FFAECAC8DBF3EA0DD723A203E |
SHA1: | BE1B37FD6D7B8D44DB575443DDF511866C8538C1 |
SHA-256: | A3FB5716934CB3082493F8B7901EC9B8B97FF2A7049D8161E15A2CA3B0CADBCF |
SHA-512: | 24269843181A35F2736460D4A179F341654F782EBD00B4D24954149F7214C304276C616FA117D64F1669BB632581648E070156AB4523EBC90393001EBFE7D2CC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.99690151550885 |
Encrypted: | false |
SSDEEP: | 48:8kdhTJRUHuZidAKZdA1weh/iZUkAQkqehYy+2:8Cb/9QNy |
MD5: | 859FC737F848FA6C341113296BD24760 |
SHA1: | 97C5707A2A1F55941B391B1FDA8FD518EC641197 |
SHA-256: | F1CDB2562A5F0722F25692D7454447CC0A819A0FC3F5F7282B406451087BAAE4 |
SHA-512: | 4A2CED4C087476A96BF62140785E2C0301B6CB498EB03B9B9DE64265D331ADC5C7FB84113018CBBBCD33DB414BC2DFAF81D1C99C75A7B4649B6635CEBF2471E6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.008773258408391 |
Encrypted: | false |
SSDEEP: | 48:8xKdhTJRsHuZidAKZdA14tseh7sFiZUkmgqeh7sWy+BX:8xAbHn8y |
MD5: | 9EA13751A8F4ED0C7F30F0BCD4737345 |
SHA1: | C2398C35BBE4A458B44A85EA6899980E73287A38 |
SHA-256: | 81B5E517FA2098CF9908D4A93FDAACF73191198F5250CCBE167FCA2066C27314 |
SHA-512: | 49793390D332D9250BDCCC3B52C31EBB93DF2D2919532CE2BF9F89F46B039B8966F7F1547646E5B7A018C4490474A7ADB9BC5289CA65FD8A5A60FB1CE80AE931 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9981102750044095 |
Encrypted: | false |
SSDEEP: | 48:8ABdhTJRUHuZidAKZdA1vehDiZUkwqehky+R:8A1b8ey |
MD5: | CE59336E26005A002FD17D6A27B39FE9 |
SHA1: | D59EAA2632AE76490756B8682536351A2BE5E891 |
SHA-256: | F6ED3788932154216F5AF486C0A51F31C5E7290DC423FAED498213DB4DC1C6FE |
SHA-512: | 6D66057C3A6B95149C9F49AD068E92A587A43925CBE326CAA29E4B8D19B5479CC248F38D4CB37A108A8B2672E19009BA4EDE3AD2439EA4C6D117E2E9F8F43246 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.986549261615455 |
Encrypted: | false |
SSDEEP: | 48:8FdhTJRUHuZidAKZdA1hehBiZUk1W1qeh6y+C:85bM9ay |
MD5: | 0B4C775ECCC89B426F3F539321506094 |
SHA1: | A584E4B755A2E8A178714934A12DF11B65C15982 |
SHA-256: | F2BD200CA8F117FF1500A966DCD2EEA2C3A5EE128D4450395CF0C6C3D4C9B1E0 |
SHA-512: | CEFDF340BDECA297856464CF3725B566E7CE6191E71B6FDA3B808FE1E390697D6679A1067C87642E42670203D0A1F2C863415B7AF015247F226DD8E6A0EB97AB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.997006375511256 |
Encrypted: | false |
SSDEEP: | 48:8XdhTJRUHuZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb8y+yT+:8zbiT/TbxWOvTb8y7T |
MD5: | 677B343A340803A734D8DB7A3E1FC9F8 |
SHA1: | 58F73D7F7C87E147B0773FE138C0CE23DC88CFA1 |
SHA-256: | FB068BB6E118043E02EEC797816D35292E6E9287239CEDB414EDFC72A9A71340 |
SHA-512: | 446CAB7FB995C073BFFCD8669F1F1A1D550F9AEB23B564DF63B2C8FD00DCE57938D4F2850B7190639F1BD23A7DA03D6BE76A8E992BDA1B6070A6788ED1A7ED8A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2746 |
Entropy (8bit): | 4.857992580736942 |
Encrypted: | false |
SSDEEP: | 48:4ANXNkrE88SBAbFil/xsOxp35JXVyn8/FrE/I:IE84Yg835JXh/xE/I |
MD5: | DE88136B5033DE220430CF1B8B0E71F0 |
SHA1: | 48436D3AACB84A6F138839B3FC86858D11A18CDB |
SHA-256: | 1F9A8E880114AB9AECD24E7E071B31B4309C7968FAB5FB6FE515D8A72CF793ED |
SHA-512: | D3DF80CD529CDA27D8DBBEDA2DE84206FB769ACD579F76C8FAD4C3B0FB71A5AD380F25B3C386E17D896FE23F5D026E7F9CE10A529288E214CC8B24B579B70660 |
Malicious: | false |
Reputation: | low |
URL: | https://ns43q4.csb.app/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2746 |
Entropy (8bit): | 4.857992580736942 |
Encrypted: | false |
SSDEEP: | 48:4ANXNkrE88SBAbFil/xsOxp35JXVyn8/FrE/I:IE84Yg835JXh/xE/I |
MD5: | DE88136B5033DE220430CF1B8B0E71F0 |
SHA1: | 48436D3AACB84A6F138839B3FC86858D11A18CDB |
SHA-256: | 1F9A8E880114AB9AECD24E7E071B31B4309C7968FAB5FB6FE515D8A72CF793ED |
SHA-512: | D3DF80CD529CDA27D8DBBEDA2DE84206FB769ACD579F76C8FAD4C3B0FB71A5AD380F25B3C386E17D896FE23F5D026E7F9CE10A529288E214CC8B24B579B70660 |
Malicious: | false |
Reputation: | low |
URL: | https://ns43q4.csb.app/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2534 |
Entropy (8bit): | 5.52598184742234 |
Encrypted: | false |
SSDEEP: | 48:ejOEathAAUujOEathAb8FZjjOEathAljOEathAv43rjOEathAONjOEathAdRVc+c:aOEathAdqOEathAb8FZHOEathA1OEatb |
MD5: | DDF434E8B80140CB2311A70B41F4D9C5 |
SHA1: | CF592F46714B9FBEF8D496C6CA06B4E927A338A8 |
SHA-256: | 134D30ED9C825909DD32AF40D469AAAFEDFE1B17447ABEE0ED6C43C7254D2A48 |
SHA-512: | 7BC12A2A78D7A9662CD9E620B91F37A96BAC1C3D137DDB52527FAB0EA511C63D96BA0EB8BB89E87C956424D9B6EE1F8F6E9ED33B8769D09C049C8FF7D69BE2B6 |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.googleapis.com/css2?family=Inter&display=swap |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 21564 |
Entropy (8bit): | 7.988689032238559 |
Encrypted: | false |
SSDEEP: | 384:pgDlU89jza9uLqHuvsA+8CTPBBAx+ARBoxlBmZtsoP0uq8A82ALgnCfkhon:pu5RaeqOvJ+FyBgBToqtvygnWkho |
MD5: | 73AAA95EAB3115EA5A1E5C1CF16EA645 |
SHA1: | 2F00C608A688CD2B2E6AD37637726B0E081DA1C7 |
SHA-256: | 2301BB030A2BCAA9C763CC4771BD717AAC16709C29EABA00673FCBE7CDF99A59 |
SHA-512: | 687974F4B96BAEA3F1C7AA31BF779E631165D0C928A0D006576034477F6DE591B446D2683296FF3A52BED9450C43D6284F1C660E860DB23465FE499B9FC3A42F |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2 |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 00:31:11.862467051 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:11.864459991 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:11.956227064 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:16.895412922 CEST | 49705 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:31:16.905072927 CEST | 53 | 49705 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:16.905145884 CEST | 49705 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:31:18.563724041 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:18.563747883 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:18.563828945 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:18.564073086 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:18.564107895 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:18.564173937 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:18.564306974 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:18.564321041 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:18.564537048 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:18.564552069 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.194227934 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.194520950 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.194535971 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.195547104 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.195632935 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.196666956 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.196737051 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.196868896 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.196880102 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.197211981 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.197428942 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.197451115 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.198915958 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.198977947 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.200015068 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.200094938 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.252058983 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.255451918 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.255469084 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.298046112 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.596275091 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.596323967 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.596405983 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.596424103 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.596440077 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:19.596502066 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.624356985 CEST | 49711 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:19.624372959 CEST | 443 | 49711 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:21.312700033 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:21.322443008 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:21.322482109 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:21.322607994 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:21.323667049 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:21.323683023 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:21.356508017 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:21.469788074 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:21.469791889 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:21.504504919 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:21.504530907 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:21.504724979 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:21.507719994 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:21.507731915 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:21.552108049 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:21.552167892 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:21.552273989 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:21.552428961 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:21.553767920 CEST | 49710 | 443 | 192.168.2.5 | 104.18.39.169 |
Jul 5, 2024 00:31:21.553792000 CEST | 443 | 49710 | 104.18.39.169 | 192.168.2.5 |
Jul 5, 2024 00:31:21.569356918 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:21.976495028 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:21.976891041 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:21.976916075 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:21.977976084 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:21.978327990 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:21.981236935 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:21.981309891 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:22.020773888 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:22.020782948 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:22.067667007 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:22.179032087 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.179092884 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.218575001 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.218600988 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.218848944 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.270770073 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.279557943 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.320508003 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.477854967 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.477921963 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.477982044 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.481543064 CEST | 49717 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.481558084 CEST | 443 | 49717 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.555650949 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.555677891 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:22.555768967 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.556895971 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:22.556910992 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.225318909 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.225428104 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:23.233268976 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:23.233283997 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.233661890 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.235388994 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:23.243994951 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:23.244384050 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:23.276509047 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.509156942 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.509242058 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.509473085 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:23.703879118 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:23.703905106 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:23.703918934 CEST | 49718 | 443 | 192.168.2.5 | 23.211.4.90 |
Jul 5, 2024 00:31:23.703924894 CEST | 443 | 49718 | 23.211.4.90 | 192.168.2.5 |
Jul 5, 2024 00:31:31.892874956 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:31.892940998 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:31.892997980 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:33.063067913 CEST | 49716 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:31:33.063091993 CEST | 443 | 49716 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:31:33.834871054 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:33.834973097 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:33.835580111 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:33.835622072 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:33.835711956 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:33.841394901 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:33.841897011 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:33.845108032 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:33.845118999 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:34.463541985 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:34.463656902 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:31:53.697144985 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 00:31:53.697206974 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 00:32:21.335992098 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:21.336040020 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:21.336107969 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:21.336550951 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:21.336568117 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:21.988023996 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:21.988311052 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:21.988347054 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:21.989527941 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:21.989974022 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:21.990171909 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:22.037295103 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:31.919312954 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:31.919382095 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Jul 5, 2024 00:32:31.919442892 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:33.057384014 CEST | 49730 | 443 | 192.168.2.5 | 216.58.212.164 |
Jul 5, 2024 00:32:33.057418108 CEST | 443 | 49730 | 216.58.212.164 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 00:31:16.842735052 CEST | 53 | 60461 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:16.895024061 CEST | 53 | 64660 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:16.898360014 CEST | 53 | 65074 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:18.035768986 CEST | 53 | 64193 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:18.543557882 CEST | 57624 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:31:18.543868065 CEST | 59531 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:31:18.561629057 CEST | 53 | 57624 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:18.563028097 CEST | 53 | 59531 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:19.633213043 CEST | 53 | 55256 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:19.635380030 CEST | 53 | 55122 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:21.289021969 CEST | 56854 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:31:21.289021969 CEST | 63961 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 00:31:21.300520897 CEST | 53 | 63961 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:21.300858974 CEST | 53 | 56854 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:35.155709028 CEST | 53 | 63020 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:31:54.056444883 CEST | 53 | 56272 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:32:16.484431982 CEST | 53 | 64066 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:32:17.554991007 CEST | 53 | 50002 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 00:32:17.555016041 CEST | 53 | 57268 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 5, 2024 00:31:18.543557882 CEST | 192.168.2.5 | 1.1.1.1 | 0xdc87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:31:18.543868065 CEST | 192.168.2.5 | 1.1.1.1 | 0x85a6 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 5, 2024 00:31:21.289021969 CEST | 192.168.2.5 | 1.1.1.1 | 0x5e84 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 00:31:21.289021969 CEST | 192.168.2.5 | 1.1.1.1 | 0x1ed9 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 5, 2024 00:31:18.561629057 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc87 | No error (0) | 104.18.39.169 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:18.561629057 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc87 | No error (0) | 172.64.148.87 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:18.563028097 CEST | 1.1.1.1 | 192.168.2.5 | 0x85a6 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:31:21.300520897 CEST | 1.1.1.1 | 192.168.2.5 | 0x1ed9 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 00:31:21.300858974 CEST | 1.1.1.1 | 192.168.2.5 | 0x5e84 | No error (0) | 216.58.212.164 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:32.554817915 CEST | 1.1.1.1 | 192.168.2.5 | 0x88b6 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:32.554817915 CEST | 1.1.1.1 | 192.168.2.5 | 0x88b6 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:33.130744934 CEST | 1.1.1.1 | 192.168.2.5 | 0xc6b5 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:33.130744934 CEST | 1.1.1.1 | 192.168.2.5 | 0xc6b5 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:47.076160908 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc69 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:31:47.076160908 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc69 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 00:32:09.211086035 CEST | 1.1.1.1 | 192.168.2.5 | 0x53c6 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 00:32:09.211086035 CEST | 1.1.1.1 | 192.168.2.5 | 0x53c6 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 104.18.39.169 | 443 | 2364 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:31:19 UTC | 657 | OUT | |
2024-07-04 22:31:19 UTC | 236 | IN | |
2024-07-04 22:31:19 UTC | 1133 | IN | |
2024-07-04 22:31:19 UTC | 1369 | IN | |
2024-07-04 22:31:19 UTC | 244 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 104.18.39.169 | 443 | 2364 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:31:21 UTC | 584 | OUT | |
2024-07-04 22:31:21 UTC | 236 | IN | |
2024-07-04 22:31:21 UTC | 1133 | IN | |
2024-07-04 22:31:21 UTC | 1369 | IN | |
2024-07-04 22:31:21 UTC | 244 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49717 | 23.211.4.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:31:22 UTC | 161 | OUT | |
2024-07-04 22:31:22 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49718 | 23.211.4.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 22:31:23 UTC | 239 | OUT | |
2024-07-04 22:31:23 UTC | 535 | IN | |
2024-07-04 22:31:23 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:31:12 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:31:15 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:31:17 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |