Windows
Analysis Report
http://ts.amazon-adsystem.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 2364 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 1076 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2088 --fi eld-trial- handle=193 2,i,547629 5455390092 873,563892 9777083765 58,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 6280 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://ts.ama zon-adsyst em.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.217.18.4 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
d21t3ooy68jlh9.cloudfront.net | 18.66.122.129 | true | false | unknown | |
ts.amazon-adsystem.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
18.66.122.129 | d21t3ooy68jlh9.cloudfront.net | United States | 3 | MIT-GATEWAYSUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.18.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
18.66.122.32 | unknown | United States | 3 | MIT-GATEWAYSUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520804 |
Start date and time: | 2024-09-27 23:20:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://ts.amazon-adsystem.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@18/0@6/5 |
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, con host.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.186.163, 1 42.250.185.238, 74.125.71.84, 34.104.35.123, 20.114.59.183, 2.16.100.168, 88.221.110.91, 1 92.229.221.95, 52.165.164.15, 13.95.31.18, 216.58.206.67 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, accounts.google.com, slscr .update.microsoft.com, ctldl.w indowsupdate.com.delivery.micr osoft.com, clientservices.goog leapis.com, ctldl.windowsupdat e.com, a767.dspw65.akamai.net, download.windowsupdate.com.ed gesuite.net, fe3cr.delivery.mp .microsoft.com, fe3.delivery.m p.microsoft.com, clients2.goog le.com, edgedl.me.gvt1.com, oc sp.digicert.com, ocsp.edge.dig icert.com, glb.cws.prod.dcat.d sp.trafficmanager.net, sls.upd ate.microsoft.com, update.goog leapis.com, clients.l.google.c om, wu-b-net.trafficmanager.ne t, glb.sls.prod.dcat.dsp.traff icmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtSetInformationFile c alls found. - VT rate limit hit for: http:/
/ts.amazon-adsystem.com
Download Network PCAP: filtered – full
- Total Packets: 66
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 23:21:28.969616890 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Sep 27, 2024 23:21:29.168840885 CEST | 49735 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:21:29.169136047 CEST | 49736 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:21:29.173784971 CEST | 80 | 49735 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:21:29.174587965 CEST | 80 | 49736 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:21:29.174679995 CEST | 49735 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:21:29.174685001 CEST | 49736 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:21:29.174884081 CEST | 49736 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:21:29.188503027 CEST | 80 | 49736 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:21:29.884366035 CEST | 80 | 49736 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:21:29.904896975 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:29.904934883 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:29.905009985 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:29.905200958 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:29.905213118 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:29.930226088 CEST | 49736 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:21:30.745552063 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:30.745837927 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:30.745852947 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:30.746818066 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:30.746876955 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:30.747853041 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:30.747915030 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:30.748095989 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:30.748101950 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:30.800268888 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:31.073781967 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:31.073877096 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:31.073930025 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:31.074690104 CEST | 49737 | 443 | 192.168.2.4 | 18.66.122.32 |
Sep 27, 2024 23:21:31.074713945 CEST | 443 | 49737 | 18.66.122.32 | 192.168.2.4 |
Sep 27, 2024 23:21:31.898227930 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:31.898279905 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:31.898335934 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:31.899091959 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:31.899110079 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:32.350759029 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:32.350805044 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:32.350925922 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:32.352596998 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:32.352617025 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:32.551678896 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:32.552131891 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:32.552140951 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:32.553834915 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:32.553953886 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:32.641302109 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:32.641417027 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:32.686625004 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:32.686635017 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:32.733525038 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:33.006196976 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.006272078 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.011761904 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.011771917 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.012042046 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.061630011 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.071049929 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.111438990 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.278268099 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.278343916 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.278435946 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.278669119 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.278691053 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.278708935 CEST | 49741 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.278716087 CEST | 443 | 49741 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.318761110 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.318780899 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.318954945 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.319370985 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.319391966 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.989108086 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.989182949 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.990329981 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:33.990339994 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.990683079 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:33.991652966 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:34.035442114 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:34.268286943 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:34.268460035 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:34.268511057 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:34.287810087 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 23:21:34.287820101 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 23:21:42.486093044 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:42.486160040 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:42.486243010 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:44.227253914 CEST | 49740 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:21:44.227277994 CEST | 443 | 49740 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:21:44.887676001 CEST | 80 | 49723 | 217.20.57.40 | 192.168.2.4 |
Sep 27, 2024 23:21:44.887825966 CEST | 49723 | 80 | 192.168.2.4 | 217.20.57.40 |
Sep 27, 2024 23:21:44.887826920 CEST | 49723 | 80 | 192.168.2.4 | 217.20.57.40 |
Sep 27, 2024 23:21:44.892843962 CEST | 80 | 49723 | 217.20.57.40 | 192.168.2.4 |
Sep 27, 2024 23:21:59.766189098 CEST | 80 | 49735 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:21:59.766268969 CEST | 49735 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:22:00.113269091 CEST | 49735 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:22:00.118252993 CEST | 80 | 49735 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:22:14.890650034 CEST | 49736 | 80 | 192.168.2.4 | 18.66.122.129 |
Sep 27, 2024 23:22:14.895648003 CEST | 80 | 49736 | 18.66.122.129 | 192.168.2.4 |
Sep 27, 2024 23:22:31.870776892 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:31.870861053 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:31.871182919 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:31.871611118 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:31.871658087 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:32.507874012 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:32.510957956 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:32.510999918 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:32.511480093 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:32.515265942 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:32.515355110 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:32.555741072 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:33.977732897 CEST | 49724 | 80 | 192.168.2.4 | 93.184.221.240 |
Sep 27, 2024 23:22:33.982990980 CEST | 80 | 49724 | 93.184.221.240 | 192.168.2.4 |
Sep 27, 2024 23:22:33.983141899 CEST | 49724 | 80 | 192.168.2.4 | 93.184.221.240 |
Sep 27, 2024 23:22:42.430128098 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:42.430211067 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Sep 27, 2024 23:22:42.430279016 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:44.197285891 CEST | 49751 | 443 | 192.168.2.4 | 172.217.18.4 |
Sep 27, 2024 23:22:44.197346926 CEST | 443 | 49751 | 172.217.18.4 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 23:21:27.964689016 CEST | 53 | 58794 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:27.966942072 CEST | 53 | 54643 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:29.160320044 CEST | 55093 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 23:21:29.160448074 CEST | 57643 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 23:21:29.167747021 CEST | 53 | 57643 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:29.168365955 CEST | 53 | 55093 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:29.190838099 CEST | 53 | 63728 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:29.886594057 CEST | 53780 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 23:21:29.886718988 CEST | 53454 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 23:21:29.901132107 CEST | 53 | 53780 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:29.904515028 CEST | 53 | 53454 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:31.821190119 CEST | 58558 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 23:21:31.821484089 CEST | 49284 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 23:21:31.842695951 CEST | 53 | 58558 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:31.842734098 CEST | 53 | 49284 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:21:45.552339077 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Sep 27, 2024 23:21:46.241625071 CEST | 53 | 57560 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:22:05.010111094 CEST | 53 | 50561 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:22:27.759490967 CEST | 53 | 53718 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 23:22:27.759500980 CEST | 53 | 55311 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 23:21:29.160320044 CEST | 192.168.2.4 | 1.1.1.1 | 0x5836 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 23:21:29.160448074 CEST | 192.168.2.4 | 1.1.1.1 | 0x39e6 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 23:21:29.886594057 CEST | 192.168.2.4 | 1.1.1.1 | 0x2071 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 23:21:29.886718988 CEST | 192.168.2.4 | 1.1.1.1 | 0x2f5c | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 23:21:31.821190119 CEST | 192.168.2.4 | 1.1.1.1 | 0xb0df | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 23:21:31.821484089 CEST | 192.168.2.4 | 1.1.1.1 | 0x4f40 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 23:21:29.167747021 CEST | 1.1.1.1 | 192.168.2.4 | 0x39e6 | No error (0) | d21t3ooy68jlh9.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.168365955 CEST | 1.1.1.1 | 192.168.2.4 | 0x5836 | No error (0) | d21t3ooy68jlh9.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.168365955 CEST | 1.1.1.1 | 192.168.2.4 | 0x5836 | No error (0) | 18.66.122.129 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.168365955 CEST | 1.1.1.1 | 192.168.2.4 | 0x5836 | No error (0) | 18.66.122.76 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.168365955 CEST | 1.1.1.1 | 192.168.2.4 | 0x5836 | No error (0) | 18.66.122.32 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.168365955 CEST | 1.1.1.1 | 192.168.2.4 | 0x5836 | No error (0) | 18.66.122.93 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.901132107 CEST | 1.1.1.1 | 192.168.2.4 | 0x2071 | No error (0) | d21t3ooy68jlh9.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.901132107 CEST | 1.1.1.1 | 192.168.2.4 | 0x2071 | No error (0) | 18.66.122.32 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.901132107 CEST | 1.1.1.1 | 192.168.2.4 | 0x2071 | No error (0) | 18.66.122.129 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.901132107 CEST | 1.1.1.1 | 192.168.2.4 | 0x2071 | No error (0) | 18.66.122.76 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.901132107 CEST | 1.1.1.1 | 192.168.2.4 | 0x2071 | No error (0) | 18.66.122.93 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:29.904515028 CEST | 1.1.1.1 | 192.168.2.4 | 0x2f5c | No error (0) | d21t3ooy68jlh9.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:31.842695951 CEST | 1.1.1.1 | 192.168.2.4 | 0xb0df | No error (0) | 172.217.18.4 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:31.842734098 CEST | 1.1.1.1 | 192.168.2.4 | 0x4f40 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 27, 2024 23:21:44.961662054 CEST | 1.1.1.1 | 192.168.2.4 | 0x1afb | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:44.961662054 CEST | 1.1.1.1 | 192.168.2.4 | 0x1afb | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:57.087095976 CEST | 1.1.1.1 | 192.168.2.4 | 0xf196 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:21:57.087095976 CEST | 1.1.1.1 | 192.168.2.4 | 0xf196 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:22:20.133945942 CEST | 1.1.1.1 | 192.168.2.4 | 0x777d | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:22:20.133945942 CEST | 1.1.1.1 | 192.168.2.4 | 0x777d | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:22:40.872541904 CEST | 1.1.1.1 | 192.168.2.4 | 0x9526 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 23:22:40.872541904 CEST | 1.1.1.1 | 192.168.2.4 | 0x9526 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49736 | 18.66.122.129 | 80 | 1076 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:21:29.174884081 CEST | 437 | OUT | |
Sep 27, 2024 23:21:29.884366035 CEST | 572 | IN | |
Sep 27, 2024 23:22:14.890650034 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 18.66.122.32 | 443 | 1076 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:21:30 UTC | 665 | OUT | |
2024-09-27 21:21:31 UTC | 346 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:21:33 UTC | 161 | OUT | |
2024-09-27 21:21:33 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49742 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:21:33 UTC | 239 | OUT | |
2024-09-27 21:21:34 UTC | 515 | IN | |
2024-09-27 21:21:34 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 17:21:23 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 17:21:25 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 17:21:27 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |