Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://safety-profiles-fb-ads-156388685.vercel.app/

Overview

General Information

Sample URL:http://safety-profiles-fb-ads-156388685.vercel.app/
Analysis ID:1637969
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4952 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://safety-profiles-fb-ads-156388685.vercel.app/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://safety-profiles-fb-ads-156388685.vercel.app/Avira URL Cloud: detection malicious, Label: phishing
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: safety-profiles-fb-ads-156388685.vercel.app
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55423 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55422 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55422
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55423
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5956_1024850312Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5956_1024850312Jump to behavior
Source: classification engineClassification label: mal48.win@27/0@23/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4952 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://safety-profiles-fb-ads-156388685.vercel.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4952 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637969 URL: http://safety-profiles-fb-a... Startdate: 14/03/2025 Architecture: WINDOWS Score: 48 17 beacons6.gvt2.com 2->17 19 beacons.gvt2.com 2->19 21 2 other IPs or domains 2->21 35 Antivirus / Scanner detection for submitted sample 2->35 7 chrome.exe 2 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 23 192.168.2.14 unknown unknown 7->23 25 192.168.2.5, 138, 443, 49339 unknown unknown 7->25 27 192.168.2.6 unknown unknown 7->27 12 chrome.exe 7->12         started        15 chrome.exe 7->15         started        process6 dnsIp7 29 216.198.79.129, 443, 49732, 49733 NBS11696US United States 12->29 31 www.google.com 142.250.185.132, 443, 49727, 49728 GOOGLEUS United States 12->31 33 5 other IPs or domains 12->33

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://safety-profiles-fb-ads-156388685.vercel.app/100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
safety-profiles-fb-ads-156388685.vercel.app
64.29.17.65
truefalse
    		unknown
    beacons-handoff.gcp.gvt2.com
    		142.250.180.99
    		truefalse
      		high
      www.google.com
      		142.250.185.132
      		truefalse
        		high
        beacons.gvt2.com
        		142.251.143.67
        		truefalse
          		high
          beacons6.gvt2.com
          		216.58.206.35
          		truefalse
            		high
            beacons.gcp.gvt2.com
            		unknown
            		unknownfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              142.250.185.132
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              64.29.17.65
              		safety-profiles-fb-ads-156388685.vercel.appCanada
              		13768COGECO-PEER1CAfalse
              216.198.79.129
              		unknownUnited States
              		11696NBS11696USfalse

              Private

              IP
              192.168.2.6
              192.168.2.5
              192.168.2.14

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1637969
              Start date and time:2025-03-14 01:40:58 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 2m 56s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://safety-profiles-fb-ads-156388685.vercel.app/
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:20
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal48.win@27/0@23/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, BackgroundTransferHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.186.163, 216.58.206.78, 142.251.5.84, 142.250.186.131, 142.250.184.238
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, g.bing.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenFile calls found.
              • VT rate limit hit for: http://safety-profiles-fb-ads-156388685.vercel.app/

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              No static file info

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 221
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Mar 14, 2025 01:41:42.019402027 CET8049707184.30.131.245192.168.2.5
              Mar 14, 2025 01:41:42.023627996 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.023696899 CET49706443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.023935080 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.023976088 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.024017096 CET49706443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.024039984 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.028321981 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.028333902 CET443497062.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.028605938 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.028615952 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.028786898 CET443497062.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.028796911 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.064698935 CET4970780192.168.2.5184.30.131.245
              Mar 14, 2025 01:41:42.142839909 CET49672443192.168.2.5204.79.197.203
              Mar 14, 2025 01:41:42.208621025 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.208688021 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.211169958 CET443497062.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.211229086 CET49706443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.215503931 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.215517044 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.215528011 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.215538979 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.215549946 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.215564966 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.215605974 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.215675116 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.220376968 CET443497052.19.96.120192.168.2.5
              Mar 14, 2025 01:41:42.333453894 CET49705443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.333492994 CET49706443192.168.2.52.19.96.120
              Mar 14, 2025 01:41:42.333658934 CET4970780192.168.2.5184.30.131.245
              Mar 14, 2025 01:41:44.549102068 CET49672443192.168.2.5204.79.197.203
              Mar 14, 2025 01:41:46.887368917 CET49711443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.887404919 CET4434971123.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.887471914 CET49711443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.889254093 CET49711443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.889266968 CET4434971123.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.890841007 CET4434971123.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.897964001 CET49712443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.897996902 CET4434971223.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.898061991 CET49712443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.899019003 CET49712443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.899034023 CET4434971223.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.899508953 CET4434971223.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.899772882 CET49713443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.899806976 CET4434971323.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.899861097 CET49713443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.902015924 CET49713443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:46.902049065 CET4434971323.60.203.209192.168.2.5
              Mar 14, 2025 01:41:46.902097940 CET49713443192.168.2.523.60.203.209
              Mar 14, 2025 01:41:48.445233107 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:41:48.752253056 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:41:49.361684084 CET49672443192.168.2.5204.79.197.203
              Mar 14, 2025 01:41:49.373331070 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:41:50.580363035 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:41:53.080348015 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:41:57.657942057 CET49727443192.168.2.5142.250.185.132
              Mar 14, 2025 01:41:57.657979012 CET44349727142.250.185.132192.168.2.5
              Mar 14, 2025 01:41:57.658072948 CET49727443192.168.2.5142.250.185.132
              Mar 14, 2025 01:41:57.658380985 CET49727443192.168.2.5142.250.185.132
              Mar 14, 2025 01:41:57.658396006 CET44349727142.250.185.132192.168.2.5
              Mar 14, 2025 01:41:57.857249022 CET44349727142.250.185.132192.168.2.5
              Mar 14, 2025 01:41:57.857933044 CET49728443192.168.2.5142.250.185.132
              Mar 14, 2025 01:41:57.857966900 CET44349728142.250.185.132192.168.2.5
              Mar 14, 2025 01:41:57.858033895 CET49728443192.168.2.5142.250.185.132
              Mar 14, 2025 01:41:57.858391047 CET49728443192.168.2.5142.250.185.132
              Mar 14, 2025 01:41:57.858405113 CET44349728142.250.185.132192.168.2.5
              Mar 14, 2025 01:41:57.893217087 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:41:58.057504892 CET44349728142.250.185.132192.168.2.5
              Mar 14, 2025 01:41:58.937032938 CET49731443192.168.2.564.29.17.65
              Mar 14, 2025 01:41:58.937087059 CET4434973164.29.17.65192.168.2.5
              Mar 14, 2025 01:41:58.937268972 CET49731443192.168.2.564.29.17.65
              Mar 14, 2025 01:41:58.937701941 CET49731443192.168.2.564.29.17.65
              Mar 14, 2025 01:41:58.937722921 CET4434973164.29.17.65192.168.2.5
              Mar 14, 2025 01:41:58.963171959 CET49732443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:58.963207960 CET44349732216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:58.963506937 CET49733443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:58.963535070 CET44349733216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:58.963597059 CET49732443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:58.963598013 CET49733443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:58.963895082 CET49733443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:58.963911057 CET44349733216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:58.964143991 CET49732443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:58.964158058 CET44349732216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:58.971581936 CET49672443192.168.2.5204.79.197.203
              Mar 14, 2025 01:41:59.136938095 CET4434973164.29.17.65192.168.2.5
              Mar 14, 2025 01:41:59.137520075 CET49734443192.168.2.564.29.17.65
              Mar 14, 2025 01:41:59.137554884 CET4434973464.29.17.65192.168.2.5
              Mar 14, 2025 01:41:59.137687922 CET49734443192.168.2.564.29.17.65
              Mar 14, 2025 01:41:59.138046026 CET49734443192.168.2.564.29.17.65
              Mar 14, 2025 01:41:59.138057947 CET4434973464.29.17.65192.168.2.5
              Mar 14, 2025 01:41:59.161886930 CET44349732216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.161923885 CET44349733216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.162492990 CET49735443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:59.162514925 CET44349735216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.162676096 CET49735443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:59.162961960 CET49736443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:59.163002014 CET44349736216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.163084030 CET49736443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:59.163574934 CET49735443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:59.163575888 CET49736443192.168.2.5216.198.79.129
              Mar 14, 2025 01:41:59.163589954 CET44349735216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.163594961 CET44349736216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.337395906 CET4434973464.29.17.65192.168.2.5
              Mar 14, 2025 01:41:59.361023903 CET44349735216.198.79.129192.168.2.5
              Mar 14, 2025 01:41:59.361296892 CET44349736216.198.79.129192.168.2.5
              Mar 14, 2025 01:42:00.387646914 CET49741443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.387698889 CET4434974164.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.387813091 CET49741443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.388426065 CET49742443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.388432026 CET49741443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.388448954 CET4434974164.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.388463020 CET4434974264.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.388642073 CET49742443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.389260054 CET49742443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.389286041 CET4434974264.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.589051962 CET4434974164.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.589243889 CET4434974264.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.589704037 CET49743443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.589728117 CET4434974364.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.590182066 CET49744443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.590214968 CET4434974464.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.590245962 CET49743443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.590368032 CET49744443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.590804100 CET49744443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.590805054 CET49743443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:00.590814114 CET4434974364.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.590818882 CET4434974464.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.789024115 CET4434974364.29.17.65192.168.2.5
              Mar 14, 2025 01:42:00.789187908 CET4434974464.29.17.65192.168.2.5
              Mar 14, 2025 01:42:04.336484909 CET49745443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.336532116 CET443497454.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.337455034 CET49745443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.348673105 CET49745443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.348690987 CET443497454.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.349457026 CET443497454.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.366908073 CET49746443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.366941929 CET443497464.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.367008924 CET49746443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.367399931 CET49746443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.367415905 CET443497464.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.367965937 CET443497464.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.397039890 CET49747443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.397069931 CET443497474.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.397339106 CET49747443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.397933960 CET49747443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.397948980 CET443497474.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.398571968 CET443497474.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.410621881 CET49748443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.410650015 CET443497484.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.410837889 CET49748443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.411211014 CET49748443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.411221027 CET443497484.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.411798954 CET443497484.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.467546940 CET49749443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.467586040 CET443497494.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.467689991 CET49749443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.468130112 CET49749443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.468144894 CET443497494.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.468849897 CET443497494.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.510971069 CET49750443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.511015892 CET443497504.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.511079073 CET49750443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.511482954 CET49750443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.511499882 CET443497504.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.512227058 CET443497504.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.559820890 CET49751443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.559863091 CET443497514.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.559931993 CET49751443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.560513020 CET49751443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.560524940 CET443497514.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.561351061 CET443497514.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.584682941 CET49752443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.584723949 CET443497524.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.584791899 CET49752443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.585367918 CET49752443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:04.585383892 CET443497524.245.163.56192.168.2.5
              Mar 14, 2025 01:42:04.585855961 CET443497524.245.163.56192.168.2.5
              Mar 14, 2025 01:42:05.814201117 CET49753443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:05.814245939 CET4434975364.29.17.65192.168.2.5
              Mar 14, 2025 01:42:05.814316988 CET49753443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:05.814870119 CET49753443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:05.814883947 CET4434975364.29.17.65192.168.2.5
              Mar 14, 2025 01:42:05.834110022 CET49754443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:05.834141016 CET4434975464.29.17.65192.168.2.5
              Mar 14, 2025 01:42:05.834209919 CET49754443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:05.836082935 CET49754443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:05.836096048 CET4434975464.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.013394117 CET4434975364.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.014043093 CET49755443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:06.014084101 CET4434975564.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.014169931 CET49755443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:06.014511108 CET49755443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:06.014524937 CET4434975564.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.033829927 CET4434975464.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.035959959 CET49756443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:06.036001921 CET4434975664.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.036077976 CET49756443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:06.036468029 CET49756443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:06.036484003 CET4434975664.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.084765911 CET49757443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.084808111 CET44349757150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.084891081 CET49757443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.087516069 CET49757443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.087528944 CET44349757150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.088073969 CET44349757150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.088510990 CET49758443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.088536978 CET44349758150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.088630915 CET49758443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.089037895 CET49758443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.089050055 CET44349758150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.089452028 CET44349758150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.089890003 CET49759443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.089910030 CET44349759150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.090044022 CET49759443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.090069056 CET49759443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.090106964 CET44349759150.171.27.10192.168.2.5
              Mar 14, 2025 01:42:06.090184927 CET49759443192.168.2.5150.171.27.10
              Mar 14, 2025 01:42:06.213179111 CET4434975564.29.17.65192.168.2.5
              Mar 14, 2025 01:42:06.237193108 CET4434975664.29.17.65192.168.2.5
              Mar 14, 2025 01:42:07.501956940 CET49676443192.168.2.520.189.173.14
              Mar 14, 2025 01:42:35.400712967 CET8049688217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.400896072 CET4968880192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.401071072 CET4968880192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.405663967 CET8049688217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.571890116 CET8049690217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.572117090 CET4969080192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.572117090 CET4969080192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.576781034 CET8049690217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.588913918 CET8049689217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.589365005 CET4968980192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.589670897 CET4968980192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.595002890 CET8049689217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.740787029 CET8049691217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:35.741004944 CET4969180192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.741041899 CET4969180192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:35.745693922 CET8049691217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:36.254698992 CET49768443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.254759073 CET4434976864.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.254882097 CET49769443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.254894018 CET49768443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.254935026 CET4434976964.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.254998922 CET49769443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.255372047 CET49768443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.255390882 CET4434976864.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.256688118 CET49769443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.256711960 CET4434976964.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.453470945 CET4434976864.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.454267979 CET49770443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.454315901 CET4434977064.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.454407930 CET49770443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.454727888 CET49770443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.454744101 CET4434977064.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.457617044 CET4434976964.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.458389044 CET49771443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.458446026 CET4434977164.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.458514929 CET49771443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.458949089 CET49771443192.168.2.564.29.17.65
              Mar 14, 2025 01:42:36.458962917 CET4434977164.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.653676987 CET4434977064.29.17.65192.168.2.5
              Mar 14, 2025 01:42:36.658004999 CET4434977164.29.17.65192.168.2.5
              Mar 14, 2025 01:42:37.974483967 CET8049696217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:37.974581003 CET4969680192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:37.974623919 CET4969680192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:37.979330063 CET8049696217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:39.596836090 CET4970380192.168.2.5172.217.18.3
              Mar 14, 2025 01:42:39.596982956 CET4970180192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:39.602626085 CET8049703172.217.18.3192.168.2.5
              Mar 14, 2025 01:42:39.602744102 CET4970380192.168.2.5172.217.18.3
              Mar 14, 2025 01:42:39.602853060 CET8049701217.20.57.20192.168.2.5
              Mar 14, 2025 01:42:39.603087902 CET4970180192.168.2.5217.20.57.20
              Mar 14, 2025 01:42:40.444502115 CET49697443192.168.2.52.19.96.120
              Mar 14, 2025 01:42:40.444880009 CET4970480192.168.2.5184.30.131.245
              Mar 14, 2025 01:42:40.754551888 CET49772443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.754591942 CET443497724.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.754662991 CET49772443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.755145073 CET49772443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.755156040 CET443497724.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.755803108 CET443497724.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.758301020 CET49773443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.758346081 CET443497734.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.758413076 CET49773443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.758748055 CET49773443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.758773088 CET443497734.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.759264946 CET443497734.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.784806013 CET49774443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.784842968 CET443497744.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.784908056 CET49774443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.785481930 CET49774443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.785494089 CET443497744.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.786016941 CET443497744.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.801245928 CET49775443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.801301956 CET443497754.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.801379919 CET49775443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.801682949 CET49775443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.801693916 CET443497754.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.802217960 CET443497754.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.820389986 CET49776443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.820444107 CET443497764.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.820519924 CET49776443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.820775986 CET49776443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.820786953 CET443497764.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.821304083 CET443497764.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.833333015 CET49777443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.833373070 CET443497774.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.833462954 CET49777443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.833703995 CET49777443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.833718061 CET443497774.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.834110022 CET443497774.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.849862099 CET49778443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.849900007 CET443497784.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.850101948 CET49778443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.850492001 CET49778443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.850506067 CET443497784.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.850866079 CET443497784.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.872454882 CET49779443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.872508049 CET443497794.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.872581005 CET49779443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.873059988 CET49779443192.168.2.54.245.163.56
              Mar 14, 2025 01:42:40.873074055 CET443497794.245.163.56192.168.2.5
              Mar 14, 2025 01:42:40.873424053 CET443497794.245.163.56192.168.2.5
              Mar 14, 2025 01:42:57.707415104 CET49789443192.168.2.5142.250.185.132
              Mar 14, 2025 01:42:57.707477093 CET44349789142.250.185.132192.168.2.5
              Mar 14, 2025 01:42:57.707566023 CET49789443192.168.2.5142.250.185.132
              Mar 14, 2025 01:42:57.707956076 CET49789443192.168.2.5142.250.185.132
              Mar 14, 2025 01:42:57.707974911 CET44349789142.250.185.132192.168.2.5
              Mar 14, 2025 01:42:57.905143023 CET44349789142.250.185.132192.168.2.5
              Mar 14, 2025 01:42:57.906100035 CET49790443192.168.2.5142.250.185.132
              Mar 14, 2025 01:42:57.906152010 CET44349790142.250.185.132192.168.2.5
              Mar 14, 2025 01:42:57.906223059 CET49790443192.168.2.5142.250.185.132
              Mar 14, 2025 01:42:57.906544924 CET49790443192.168.2.5142.250.185.132
              Mar 14, 2025 01:42:57.906558990 CET44349790142.250.185.132192.168.2.5
              Mar 14, 2025 01:42:58.105746031 CET44349790142.250.185.132192.168.2.5
              Mar 14, 2025 01:43:07.436156988 CET49791443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.436212063 CET4434979164.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.436295033 CET49791443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.436548948 CET49792443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.436580896 CET4434979264.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.436638117 CET49792443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.439001083 CET49792443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.439019918 CET4434979264.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.439810991 CET49791443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.439832926 CET4434979164.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.637161970 CET4434979264.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.637495995 CET4434979164.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.638032913 CET49793443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.638099909 CET4434979364.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.638180971 CET49793443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.638514042 CET49794443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.638576031 CET4434979464.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.638649940 CET49794443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.638906002 CET49793443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.638921976 CET4434979364.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.639163971 CET49794443192.168.2.564.29.17.65
              Mar 14, 2025 01:43:07.639177084 CET4434979464.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.837593079 CET4434979464.29.17.65192.168.2.5
              Mar 14, 2025 01:43:07.837666988 CET4434979364.29.17.65192.168.2.5
              Mar 14, 2025 01:43:15.712764978 CET5542153192.168.2.51.1.1.1
              Mar 14, 2025 01:43:15.717519999 CET53554211.1.1.1192.168.2.5
              Mar 14, 2025 01:43:15.717609882 CET5542153192.168.2.51.1.1.1
              Mar 14, 2025 01:43:15.717658043 CET5542153192.168.2.51.1.1.1
              Mar 14, 2025 01:43:15.722444057 CET53554211.1.1.1192.168.2.5
              Mar 14, 2025 01:43:16.451082945 CET53554211.1.1.1192.168.2.5
              Mar 14, 2025 01:43:16.459755898 CET5542153192.168.2.51.1.1.1
              Mar 14, 2025 01:43:16.464955091 CET53554211.1.1.1192.168.2.5
              Mar 14, 2025 01:43:16.468424082 CET5542153192.168.2.51.1.1.1
              Mar 14, 2025 01:43:16.468758106 CET55422443192.168.2.5142.250.114.94
              Mar 14, 2025 01:43:16.468791962 CET44355422142.250.114.94192.168.2.5
              Mar 14, 2025 01:43:16.468873978 CET55422443192.168.2.5142.250.114.94
              Mar 14, 2025 01:43:16.469372034 CET55422443192.168.2.5142.250.114.94
              Mar 14, 2025 01:43:16.469379902 CET44355422142.250.114.94192.168.2.5
              Mar 14, 2025 01:43:16.681350946 CET44355422142.250.114.94192.168.2.5
              Mar 14, 2025 01:43:16.685323000 CET55423443192.168.2.5142.250.114.94
              Mar 14, 2025 01:43:16.685358047 CET44355423142.250.114.94192.168.2.5
              Mar 14, 2025 01:43:16.685421944 CET55423443192.168.2.5142.250.114.94
              Mar 14, 2025 01:43:16.685697079 CET55423443192.168.2.5142.250.114.94
              Mar 14, 2025 01:43:16.685709000 CET44355423142.250.114.94192.168.2.5
              Mar 14, 2025 01:43:16.885868073 CET44355423142.250.114.94192.168.2.5
              TimestampSource PortDest PortSource IPDest IP
              Mar 14, 2025 01:41:53.293092966 CET53628861.1.1.1192.168.2.5
              Mar 14, 2025 01:41:53.484899998 CET53597441.1.1.1192.168.2.5
              Mar 14, 2025 01:41:57.646930933 CET5532053192.168.2.51.1.1.1
              Mar 14, 2025 01:41:57.647294044 CET5045553192.168.2.51.1.1.1
              Mar 14, 2025 01:41:57.656872034 CET53553201.1.1.1192.168.2.5
              Mar 14, 2025 01:41:57.657160997 CET53504551.1.1.1192.168.2.5
              Mar 14, 2025 01:41:58.903003931 CET5839953192.168.2.51.1.1.1
              Mar 14, 2025 01:41:58.903350115 CET4970053192.168.2.51.1.1.1
              Mar 14, 2025 01:41:58.919239044 CET53497001.1.1.1192.168.2.5
              Mar 14, 2025 01:41:58.921829939 CET4970853192.168.2.51.1.1.1
              Mar 14, 2025 01:41:58.921829939 CET6378553192.168.2.51.1.1.1
              Mar 14, 2025 01:41:58.930473089 CET53497081.1.1.1192.168.2.5
              Mar 14, 2025 01:41:58.930854082 CET53637851.1.1.1192.168.2.5
              Mar 14, 2025 01:41:58.952013016 CET53583991.1.1.1192.168.2.5
              Mar 14, 2025 01:41:58.953036070 CET5048953192.168.2.51.1.1.1
              Mar 14, 2025 01:41:58.953265905 CET5628953192.168.2.51.1.1.1
              Mar 14, 2025 01:41:58.961893082 CET53562891.1.1.1192.168.2.5
              Mar 14, 2025 01:41:58.962554932 CET53504891.1.1.1192.168.2.5
              Mar 14, 2025 01:42:51.667536974 CET138138192.168.2.5192.168.2.255
              Mar 14, 2025 01:42:53.063723087 CET53520571.1.1.1192.168.2.5
              Mar 14, 2025 01:42:53.481158972 CET53599431.1.1.1192.168.2.5
              Mar 14, 2025 01:42:53.985635996 CET53602141.1.1.1192.168.2.5
              Mar 14, 2025 01:42:55.648721933 CET4933953192.168.2.51.1.1.1
              Mar 14, 2025 01:42:55.648972988 CET5131453192.168.2.51.1.1.1
              Mar 14, 2025 01:42:55.655702114 CET53513141.1.1.1192.168.2.5
              Mar 14, 2025 01:42:55.655756950 CET53493391.1.1.1192.168.2.5
              Mar 14, 2025 01:42:56.675159931 CET5200453192.168.2.51.1.1.1
              Mar 14, 2025 01:42:56.675159931 CET5605253192.168.2.51.1.1.1
              Mar 14, 2025 01:42:56.681991100 CET53560521.1.1.1192.168.2.5
              Mar 14, 2025 01:42:56.682009935 CET53520041.1.1.1192.168.2.5
              Mar 14, 2025 01:42:58.707072020 CET6390253192.168.2.51.1.1.1
              Mar 14, 2025 01:42:58.714755058 CET53639021.1.1.1192.168.2.5
              Mar 14, 2025 01:42:59.721832037 CET6390253192.168.2.51.1.1.1
              Mar 14, 2025 01:42:59.728622913 CET53639021.1.1.1192.168.2.5
              Mar 14, 2025 01:43:00.737433910 CET6390253192.168.2.51.1.1.1
              Mar 14, 2025 01:43:00.744118929 CET53639021.1.1.1192.168.2.5
              Mar 14, 2025 01:43:02.753038883 CET6390253192.168.2.51.1.1.1
              Mar 14, 2025 01:43:02.764188051 CET53639021.1.1.1192.168.2.5
              Mar 14, 2025 01:43:06.753706932 CET6390253192.168.2.51.1.1.1
              Mar 14, 2025 01:43:06.760695934 CET53639021.1.1.1192.168.2.5
              Mar 14, 2025 01:43:11.651900053 CET5536453192.168.2.51.1.1.1
              Mar 14, 2025 01:43:11.652177095 CET5340053192.168.2.51.1.1.1
              Mar 14, 2025 01:43:11.661595106 CET53553641.1.1.1192.168.2.5
              Mar 14, 2025 01:43:11.662781000 CET53534001.1.1.1192.168.2.5
              Mar 14, 2025 01:43:12.674782038 CET5027553192.168.2.51.1.1.1
              Mar 14, 2025 01:43:12.681735992 CET53502751.1.1.1192.168.2.5
              Mar 14, 2025 01:43:14.706231117 CET5725553192.168.2.51.1.1.1
              Mar 14, 2025 01:43:14.713545084 CET53572551.1.1.1192.168.2.5
              Mar 14, 2025 01:43:15.705565929 CET5725553192.168.2.51.1.1.1
              Mar 14, 2025 01:43:15.712224007 CET53572551.1.1.1192.168.2.5

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 14, 2025 01:41:57.646930933 CET192.168.2.51.1.1.10x1669Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:57.647294044 CET192.168.2.51.1.1.10x7bc5Standard query (0)www.google.com65IN (0x0001)false
              Mar 14, 2025 01:41:58.903003931 CET192.168.2.51.1.1.10xbdf4Standard query (0)safety-profiles-fb-ads-156388685.vercel.appA (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.903350115 CET192.168.2.51.1.1.10x56e0Standard query (0)safety-profiles-fb-ads-156388685.vercel.app65IN (0x0001)false
              Mar 14, 2025 01:41:58.921829939 CET192.168.2.51.1.1.10xdcfaStandard query (0)safety-profiles-fb-ads-156388685.vercel.appA (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.921829939 CET192.168.2.51.1.1.10x2341Standard query (0)safety-profiles-fb-ads-156388685.vercel.app65IN (0x0001)false
              Mar 14, 2025 01:41:58.953036070 CET192.168.2.51.1.1.10x5201Standard query (0)safety-profiles-fb-ads-156388685.vercel.appA (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.953265905 CET192.168.2.51.1.1.10xe186Standard query (0)safety-profiles-fb-ads-156388685.vercel.app65IN (0x0001)false
              Mar 14, 2025 01:42:55.648721933 CET192.168.2.51.1.1.10x7b17Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:55.648972988 CET192.168.2.51.1.1.10x34b0Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
              Mar 14, 2025 01:42:56.675159931 CET192.168.2.51.1.1.10x5909Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:56.675159931 CET192.168.2.51.1.1.10x4782Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
              Mar 14, 2025 01:42:58.707072020 CET192.168.2.51.1.1.10x303Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:59.721832037 CET192.168.2.51.1.1.10x303Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:00.737433910 CET192.168.2.51.1.1.10x303Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:02.753038883 CET192.168.2.51.1.1.10x303Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:06.753706932 CET192.168.2.51.1.1.10x303Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:11.651900053 CET192.168.2.51.1.1.10x162aStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:11.652177095 CET192.168.2.51.1.1.10xa8b2Standard query (0)beacons.gvt2.com65IN (0x0001)false
              Mar 14, 2025 01:43:12.674782038 CET192.168.2.51.1.1.10x16f1Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:14.706231117 CET192.168.2.51.1.1.10xe7a1Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:15.705565929 CET192.168.2.51.1.1.10xe7a1Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:15.717658043 CET192.168.2.51.1.1.10x1Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 14, 2025 01:41:57.656872034 CET1.1.1.1192.168.2.50x1669No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:57.657160997 CET1.1.1.1192.168.2.50x7bc5No error (0)www.google.com65IN (0x0001)false
              Mar 14, 2025 01:41:58.930473089 CET1.1.1.1192.168.2.50xdcfaNo error (0)safety-profiles-fb-ads-156388685.vercel.app64.29.17.65A (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.930473089 CET1.1.1.1192.168.2.50xdcfaNo error (0)safety-profiles-fb-ads-156388685.vercel.app216.198.79.65A (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.952013016 CET1.1.1.1192.168.2.50xbdf4No error (0)safety-profiles-fb-ads-156388685.vercel.app216.198.79.129A (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.952013016 CET1.1.1.1192.168.2.50xbdf4No error (0)safety-profiles-fb-ads-156388685.vercel.app64.29.17.129A (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.962554932 CET1.1.1.1192.168.2.50x5201No error (0)safety-profiles-fb-ads-156388685.vercel.app216.198.79.129A (IP address)IN (0x0001)false
              Mar 14, 2025 01:41:58.962554932 CET1.1.1.1192.168.2.50x5201No error (0)safety-profiles-fb-ads-156388685.vercel.app64.29.17.129A (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:55.655702114 CET1.1.1.1192.168.2.50x34b0No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:42:55.655756950 CET1.1.1.1192.168.2.50x7b17No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:42:55.655756950 CET1.1.1.1192.168.2.50x7b17No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:56.681991100 CET1.1.1.1192.168.2.50x4782No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:42:56.682009935 CET1.1.1.1192.168.2.50x5909No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:42:56.682009935 CET1.1.1.1192.168.2.50x5909No error (0)beacons-handoff.gcp.gvt2.com142.251.143.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:58.714755058 CET1.1.1.1192.168.2.50x303No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:42:58.714755058 CET1.1.1.1192.168.2.50x303No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:42:59.728622913 CET1.1.1.1192.168.2.50x303No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:42:59.728622913 CET1.1.1.1192.168.2.50x303No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:00.744118929 CET1.1.1.1192.168.2.50x303No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:43:00.744118929 CET1.1.1.1192.168.2.50x303No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:02.764188051 CET1.1.1.1192.168.2.50x303No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:43:02.764188051 CET1.1.1.1192.168.2.50x303No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:06.760695934 CET1.1.1.1192.168.2.50x303No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:43:06.760695934 CET1.1.1.1192.168.2.50x303No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:11.661595106 CET1.1.1.1192.168.2.50x162aNo error (0)beacons.gvt2.com142.251.143.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:12.681735992 CET1.1.1.1192.168.2.50x16f1No error (0)beacons.gvt2.combeacons6.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:43:12.681735992 CET1.1.1.1192.168.2.50x16f1No error (0)beacons6.gvt2.com216.58.206.35A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:14.713545084 CET1.1.1.1192.168.2.50xe7a1No error (0)beacons.gvt2.combeacons6.gvt2.comCNAME (Canonical name)IN (0x0001)false
              Mar 14, 2025 01:43:14.713545084 CET1.1.1.1192.168.2.50xe7a1No error (0)beacons6.gvt2.com216.58.206.67A (IP address)IN (0x0001)false
              Mar 14, 2025 01:43:16.451082945 CET1.1.1.1192.168.2.50x1No error (0)beacons.gvt2.com142.250.114.94A (IP address)IN (0x0001)false

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.549707184.30.131.24580
              TimestampBytes transferredDirectionData
              Mar 14, 2025 01:41:42.019402027 CET717INHTTP/1.1 200 OK
              Content-Type: application/ocsp-response
              Content-Length: 312
              Cache-Control: max-age=3073
              Expires: Fri, 14 Mar 2025 01:32:54 GMT
              Date: Fri, 14 Mar 2025 00:41:41 GMT
              Connection: keep-alive
              Server-Timing: cdn-cache; desc=HIT
              Server-Timing: edge; dur=1
              Akamai-GRN: 0.a67a7b5c.1741912901.17cd2b60
              Server-Timing: ak_p; desc="1741912901924_1551596198_399321952_18_1346_178_0_-";dur=1
              Data Raw: 30 82 01 34 0a 01 00 a0 82 01 2d 30 82 01 29 06 09 2b 06 01 05 05 07 30 01 01 04 82 01 1a 30 82 01 16 30 81 9e a2 16 04 14 b3 db 48 a4 f9 a1 c5 d8 ae 36 41 cc 11 63 69 62 29 bc 4b c6 18 0f 32 30 32 35 30 33 31 32 31 39 30 34 33 35 5a 30 73 30 71 30 49 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 eb 8e bc 9d 47 2b 7e 02 91 77 19 23 f2 a5 f1 c1 c5 1e 57 b5 04 14 b3 db 48 a4 f9 a1 c5 d8 ae 36 41 cc 11 63 69 62 29 bc 4b c6 02 10 02 39 3d 48 d7 02 42 5a 7c b4 1c 00 0b 0e d7 ca 80 00 18 0f 32 30 32 35 30 33 31 32 31 39 30 34 33 35 5a a0 11 18 0f 32 30 32 35 30 33 31 39 31 39 30 34 33 35 5a 30 0a 06 08 2a 86 48 ce 3d 04 03 03 03 67 00 30 64 02 30 2e 47 aa 9a b2 f0 76 88 3e 82 06 35 cc 8e 7b 2d 88 d8 da b0 cb 95 b8 d4 b5 4c 3f f2 72 93 ba 5b b1 a3 e8 57 8e 20 2a 8b da 46 8b 8a 7b 3f e6 4d 02 30 63 d1 d4 37 77 47 2c 69 3c 42 21 6a 9f 1a 68 34 ae 88 aa 5e 29 46 43 37 2d c2 56 6a cb ad 5b b1 31 d0 8f 70 c3 ca ad a9 88 f6 e2 be 9b af 2d 8d
              Data Ascii: 04-0)+000H6Acib)K20250312190435Z0s0q0I0+G+~w#WH6Acib)K9=HBZ|20250312190435Z20250319190435Z0*H=g0d0.Gv>5{-L?r[W *F{?M0c7wG,i<B!jh4^)FC7-Vj[1p-


              Statistics

              CPU Usage

              020406080s020406080100

              Click to jump to process

              Memory Usage

              020406080s0.0050100MB

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:1
              Start time:20:41:45
              Start date:13/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff68aaa0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              COM Activities

              Show Windows behavior

              Process Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Token Activities


              General

              Target ID:4
              Start time:20:41:51
              Start date:13/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3
              Imagebase:0x7ff68aaa0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:9
              Start time:20:41:54
              Start date:13/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,8748762235944217247,6867490386744010562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4952 /prefetch:8
              Imagebase:0x7ff68aaa0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities


              General

              Target ID:12
              Start time:20:41:57
              Start date:13/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://safety-profiles-fb-ads-156388685.vercel.app/"
              Imagebase:0x7ff68aaa0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              No disassembly