Windows
Analysis Report
http://aktifkaan-paylaterss4.resmi-ak3.xyz/
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 3036 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 2064 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2120,i ,796897212 5858442703 ,715108982 1387546046 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version= 20250306-1 83004.4290 00 --mojo- platform-c hannel-han dle=2148 / prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 3192 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://aktifk aan-paylat erss4.resm i-ak3.xyz/ " MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 172.217.16.142 | true | false | high | |
www.google.com | 172.217.16.196 | true | false | high | |
aktifkaan-paylaterss4.resmi-ak3.xyz | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.16.196 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1637971 |
Start date and time: | 2025-03-14 01:43:00 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://aktifkaan-paylaterss4.resmi-ak3.xyz/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.troj.win@20/0@18/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): audiodg.exe, Ru ntimeBroker.exe, ShellExperien ceHost.exe, SIHClient.exe, Sgr mBroker.exe, backgroundTaskHos t.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.185.238, 1 42.250.184.227, 142.250.186.17 4, 64.233.167.84, 199.232.214. 172, 2.23.77.188 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, ocsp. digicert.com, accounts.google. com, slscr.update.microsoft.co m, ctldl.windowsupdate.com, cl ientservices.googleapis.com, c lients.l.google.com, fe3cr.del ivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: http:/
/aktifkaan-paylaterss4.resmi-a k3.xyz/
Download Network PCAP: filtered – full
- Total Packets: 89
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:44:00.105525970 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:00.417803049 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:01.042826891 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:02.245987892 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:04.745112896 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:07.833293915 CET | 49726 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:07.833329916 CET | 443 | 49726 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:07.833414078 CET | 49726 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:07.833827972 CET | 49726 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:07.833842039 CET | 443 | 49726 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:08.034019947 CET | 443 | 49726 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:08.034634113 CET | 49727 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:08.034684896 CET | 443 | 49727 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:08.034826040 CET | 49727 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:08.035161018 CET | 49727 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:08.035175085 CET | 443 | 49727 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:08.233829021 CET | 443 | 49727 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:08.871241093 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:44:09.183339119 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:44:09.558353901 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:09.800102949 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:44:10.047632933 CET | 49730 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.047673941 CET | 443 | 49730 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.047755003 CET | 49730 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.052700043 CET | 49730 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.052716017 CET | 443 | 49730 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.053257942 CET | 443 | 49730 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.054363012 CET | 49731 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.054420948 CET | 443 | 49731 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.054538965 CET | 49731 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.055054903 CET | 49731 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.055068970 CET | 443 | 49731 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.055406094 CET | 443 | 49731 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.056113958 CET | 49732 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.056163073 CET | 443 | 49732 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.056233883 CET | 49732 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.056909084 CET | 49732 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:10.056941986 CET | 443 | 49732 | 23.60.203.209 | 192.168.2.4 |
Mar 14, 2025 01:44:10.056998014 CET | 49732 | 443 | 192.168.2.4 | 23.60.203.209 |
Mar 14, 2025 01:44:11.012296915 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:44:13.093404055 CET | 49738 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:13.093453884 CET | 443 | 49738 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:13.093533039 CET | 49738 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:13.093996048 CET | 49738 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:13.094007015 CET | 443 | 49738 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:13.293801069 CET | 443 | 49738 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:13.294559956 CET | 49739 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:13.294625998 CET | 443 | 49739 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:13.294698954 CET | 49739 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:13.295291901 CET | 49739 | 443 | 192.168.2.4 | 172.217.16.196 |
Mar 14, 2025 01:44:13.295310020 CET | 443 | 49739 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:13.417923927 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:44:13.493278980 CET | 443 | 49739 | 172.217.16.196 | 192.168.2.4 |
Mar 14, 2025 01:44:14.041537046 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:44:14.046334982 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151822090 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151860952 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151880026 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151896000 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151906013 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:44:14.151921988 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151937008 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:44:14.151941061 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:44:14.151971102 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:44:14.151999950 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:44:14.650899887 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:44:14.949078083 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:44:15.558478117 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:44:16.135292053 CET | 49742 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.135339022 CET | 443 | 49742 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.135509014 CET | 49742 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.136501074 CET | 49742 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.136512995 CET | 443 | 49742 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.137150049 CET | 443 | 49742 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.160962105 CET | 49743 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.160995960 CET | 443 | 49743 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.161181927 CET | 49743 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.161464930 CET | 49743 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.161479950 CET | 443 | 49743 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.161931992 CET | 443 | 49743 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.226365089 CET | 49744 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.226399899 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.226542950 CET | 49744 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.226876020 CET | 49744 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.226890087 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.227440119 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.242511988 CET | 49745 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.242558956 CET | 443 | 49745 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.242707968 CET | 49745 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.243132114 CET | 49745 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.243149996 CET | 443 | 49745 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.243562937 CET | 443 | 49745 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.285094976 CET | 49746 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.285136938 CET | 443 | 49746 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.285310984 CET | 49746 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.285566092 CET | 49746 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.285581112 CET | 443 | 49746 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.286032915 CET | 443 | 49746 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.301260948 CET | 49747 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.301290035 CET | 443 | 49747 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.301433086 CET | 49747 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.302407980 CET | 49747 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.302422047 CET | 443 | 49747 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.303131104 CET | 443 | 49747 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.320228100 CET | 49748 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.320241928 CET | 443 | 49748 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.320419073 CET | 49748 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.320828915 CET | 49748 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.320842028 CET | 443 | 49748 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.321258068 CET | 443 | 49748 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.337901115 CET | 49749 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.337920904 CET | 443 | 49749 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.338063955 CET | 49749 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.338251114 CET | 49749 | 443 | 192.168.2.4 | 172.202.163.200 |
Mar 14, 2025 01:44:16.338263988 CET | 443 | 49749 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.338658094 CET | 443 | 49749 | 172.202.163.200 | 192.168.2.4 |
Mar 14, 2025 01:44:16.761198997 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:44:18.229958057 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:44:19.167571068 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:44:19.167571068 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:44:23.971784115 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:44:27.837302923 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:44:03.727555037 CET | 53 | 55771 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:03.819746971 CET | 53 | 60167 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:07.825443983 CET | 51559 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:07.825612068 CET | 57662 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:07.832190990 CET | 53 | 51559 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:07.832206964 CET | 53 | 57662 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.677063942 CET | 54842 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.677265882 CET | 58465 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.687449932 CET | 53 | 58465 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.687730074 CET | 53 | 54842 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.698086023 CET | 53514 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.707093954 CET | 53 | 53514 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.716629982 CET | 63266 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.717081070 CET | 57882 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.725605011 CET | 53 | 63266 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.727322102 CET | 53 | 57882 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.773828030 CET | 53755 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.774266958 CET | 50479 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.783699989 CET | 53 | 50479 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.783979893 CET | 53 | 53755 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.873811007 CET | 58085 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 14, 2025 01:44:09.874221087 CET | 64559 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:09.881217003 CET | 53 | 64559 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:09.888669968 CET | 53 | 58085 | 8.8.8.8 | 192.168.2.4 |
Mar 14, 2025 01:44:10.895066977 CET | 61450 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:10.895510912 CET | 65359 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:10.902719021 CET | 53 | 65359 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:10.903892040 CET | 53 | 61450 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:10.942163944 CET | 64820 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:10.942589998 CET | 53997 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:10.951283932 CET | 53 | 53997 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:10.951297998 CET | 53 | 64820 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:15.978228092 CET | 52346 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:15.978498936 CET | 54921 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:15.987426996 CET | 53 | 54921 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:15.988115072 CET | 53 | 52346 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:44:15.992808104 CET | 50665 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:44:16.002149105 CET | 53 | 50665 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:44:07.825443983 CET | 192.168.2.4 | 1.1.1.1 | 0x62b6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:07.825612068 CET | 192.168.2.4 | 1.1.1.1 | 0x49b2 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.677063942 CET | 192.168.2.4 | 1.1.1.1 | 0xa3e1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.677265882 CET | 192.168.2.4 | 1.1.1.1 | 0xf1bd | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.698086023 CET | 192.168.2.4 | 1.1.1.1 | 0x1fe4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.716629982 CET | 192.168.2.4 | 1.1.1.1 | 0xa830 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.717081070 CET | 192.168.2.4 | 1.1.1.1 | 0x7bf8 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.773828030 CET | 192.168.2.4 | 1.1.1.1 | 0x4201 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.774266958 CET | 192.168.2.4 | 1.1.1.1 | 0x797c | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.873811007 CET | 192.168.2.4 | 8.8.8.8 | 0xb0d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.874221087 CET | 192.168.2.4 | 1.1.1.1 | 0x6ae2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.895066977 CET | 192.168.2.4 | 1.1.1.1 | 0x994c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.895510912 CET | 192.168.2.4 | 1.1.1.1 | 0x9e73 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.942163944 CET | 192.168.2.4 | 1.1.1.1 | 0x9d4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.942589998 CET | 192.168.2.4 | 1.1.1.1 | 0x25ce | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:15.978228092 CET | 192.168.2.4 | 1.1.1.1 | 0x9443 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:15.978498936 CET | 192.168.2.4 | 1.1.1.1 | 0xe245 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:15.992808104 CET | 192.168.2.4 | 1.1.1.1 | 0xbde0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:44:07.832190990 CET | 1.1.1.1 | 192.168.2.4 | 0x62b6 | No error (0) | 172.217.16.196 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 01:44:07.832206964 CET | 1.1.1.1 | 192.168.2.4 | 0x49b2 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 14, 2025 01:44:09.687449932 CET | 1.1.1.1 | 192.168.2.4 | 0xf1bd | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.687730074 CET | 1.1.1.1 | 192.168.2.4 | 0xa3e1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.707093954 CET | 1.1.1.1 | 192.168.2.4 | 0x1fe4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.725605011 CET | 1.1.1.1 | 192.168.2.4 | 0xa830 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.727322102 CET | 1.1.1.1 | 192.168.2.4 | 0x7bf8 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.783699989 CET | 1.1.1.1 | 192.168.2.4 | 0x797c | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.783979893 CET | 1.1.1.1 | 192.168.2.4 | 0x4201 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:09.881217003 CET | 1.1.1.1 | 192.168.2.4 | 0x6ae2 | No error (0) | 172.217.16.142 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 01:44:09.888669968 CET | 8.8.8.8 | 192.168.2.4 | 0xb0d5 | No error (0) | 142.251.36.78 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 01:44:10.902719021 CET | 1.1.1.1 | 192.168.2.4 | 0x9e73 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.903892040 CET | 1.1.1.1 | 192.168.2.4 | 0x994c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.951283932 CET | 1.1.1.1 | 192.168.2.4 | 0x25ce | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:10.951297998 CET | 1.1.1.1 | 192.168.2.4 | 0x9d4c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:15.987426996 CET | 1.1.1.1 | 192.168.2.4 | 0xe245 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:44:15.988115072 CET | 1.1.1.1 | 192.168.2.4 | 0x9443 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:44:16.002149105 CET | 1.1.1.1 | 192.168.2.4 | 0xbde0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 20:43:57 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 20:44:02 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 9 |
Start time: | 20:44:08 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |