Windows
Analysis Report
https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6#adres@example.com
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 4156 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 1632 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2192,i ,551973106 4174341387 ,101710506 6453762297 6,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2220 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6660 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://gatew ay.btfs.io /btfs/Qmbz me7iX8d3RS 7sQkyvDwws L6z2KB788h Ur=%206F8C QAJrB6#adr es@example .com" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Sample URL: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com | 13.250.202.186 | true | false | unknown | |
www.google.com | 142.251.32.100 | true | false | high | |
d2zgzy9au3frt5.cloudfront.net | 18.238.49.110 | true | false | unknown | |
gateway.btfs.io | unknown | unknown | false | unknown | |
finder.btfs.io | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true | unknown | ||
false |
| unknown | |
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.250.202.186 | k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
142.251.32.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
18.238.49.110 | d2zgzy9au3frt5.cloudfront.net | United States | 16509 | AMAZON-02US | false |
IP |
---|
192.168.2.6 |
192.168.2.10 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1645156 |
Start date and time: | 2025-03-21 14:32:24 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr= 6F8CQAJrB6#adres@example.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@21/2@6/5 |
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, Sgrmuserer.exe, conho st.exe, svchost.exe, TextInput Host.exe - Excluded IPs from analysis (wh
itelisted): 142.250.80.67, 142 .250.64.110, 142.250.80.110, 1 42.251.163.84, 142.250.65.174, 142.250.80.78, 199.232.210.17 2, 142.250.65.238, 142.251.40. 238, 142.250.80.46, 142.251.40 .142, 142.250.65.195, 142.251. 40.99, 142.251.167.84, 52.149. 20.212, 184.31.69.3 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, edged l.me.gvt1.com, accounts.google .com, redirector.gvt1.com, sls cr.update.microsoft.com, updat e.googleapis.com, ctldl.window supdate.com, clientservices.go ogleapis.com, clients.l.google .com, c.pki.goog, fe3cr.delive ry.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: https:
//gateway.btfs.io/btfs/Qmbzme7 iX8d3RS7sQkyvDwwsL6z2KB788hUr= %206F8CQAJrB6#adres@example.co m
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 135 |
Entropy (8bit): | 5.191626082812419 |
Encrypted: | false |
SSDEEP: | 3:KTmisTEJRror0IHgAw32S/ThMPBvdDizJmfAGMudBKCxKiAZ:KKis0RixAA1SbDmf2udBLm |
MD5: | 5DD5AA18CC83A00EE287880C4AE38042 |
SHA1: | 6F3768ADDA69DF4FAB8FB15BE86DF45685F736D7 |
SHA-256: | 12C806FA6E624E81F48C0B378FE4304B06FC193E9636471604AFFC4D346DF9CF |
SHA-512: | 808F249BE82F292661562A4A36F4FDEE6D6460DE60A416BC5C6AEDF7A85431198A5796FA6963919A12DDEF718BBDD4F7DBA0CCBFB41E668A1F45A1F6BCF129D8 |
Malicious: | false |
Reputation: | low |
URL: | https://gateway.btfs.io/btfs/Qmbzme7iX8d3RS7sQkyvDwwsL6z2KB788hUr=%206F8CQAJrB6 |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 86
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 21, 2025 14:33:16.833877087 CET | 49677 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:33:16.833878994 CET | 49676 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:33:16.833909988 CET | 49675 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:33:26.503859997 CET | 49677 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:33:26.564415932 CET | 49676 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:33:26.564439058 CET | 49675 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:33:29.591933012 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:29.591968060 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:29.592053890 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:29.592403889 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:29.592415094 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:29.799058914 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:29.799143076 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:29.801034927 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:29.801048994 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:29.801356077 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:29.848292112 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:31.399997950 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:31.400046110 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:31.400212049 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:31.400635958 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:31.400670052 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:31.400820017 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:31.400835037 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:31.400856972 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:31.401072025 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:31.401084900 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.414505959 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.414623022 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.415996075 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.416006088 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.416259050 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.416415930 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.416480064 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.416632891 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.417578936 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.417587042 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.417812109 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.460323095 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.470387936 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.753530979 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.753619909 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.753695965 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.755191088 CET | 49690 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.755207062 CET | 443 | 49690 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.859695911 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:32.900330067 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:32.928199053 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:33:33.199059010 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:33.199136019 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:33.199470043 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:33.199831009 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:33.199831009 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:33.199855089 CET | 443 | 49689 | 13.250.202.186 | 192.168.2.10 |
Mar 21, 2025 14:33:33.200068951 CET | 49689 | 443 | 192.168.2.10 | 13.250.202.186 |
Mar 21, 2025 14:33:33.237642050 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:33:33.372406960 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.372454882 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.372584105 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.373091936 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.373121023 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.571991920 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.572133064 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.587027073 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.587063074 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.587728977 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.590528011 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.632322073 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.795239925 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.795383930 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.795551062 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.797884941 CET | 49692 | 443 | 192.168.2.10 | 18.238.49.110 |
Mar 21, 2025 14:33:33.797904968 CET | 443 | 49692 | 18.238.49.110 | 192.168.2.10 |
Mar 21, 2025 14:33:33.846653938 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:33:35.050807953 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:33:37.455944061 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:33:39.786298990 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:39.786386013 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:39.786429882 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:39.788741112 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:33:39.804718971 CET | 49688 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:33:39.804749966 CET | 443 | 49688 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:33:39.888735056 CET | 80 | 49699 | 142.250.80.99 | 192.168.2.10 |
Mar 21, 2025 14:33:39.888834000 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:33:39.889163017 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:33:39.986761093 CET | 80 | 49699 | 142.250.80.99 | 192.168.2.10 |
Mar 21, 2025 14:33:39.987291098 CET | 80 | 49699 | 142.250.80.99 | 192.168.2.10 |
Mar 21, 2025 14:33:39.993973017 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:33:40.086534977 CET | 80 | 49699 | 142.250.80.99 | 192.168.2.10 |
Mar 21, 2025 14:33:40.127820015 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:33:41.441910028 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:33:41.753834963 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:33:42.260659933 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:33:42.363723993 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:33:43.566597939 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:33:45.973444939 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:33:50.783061028 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:33:51.862270117 CET | 49672 | 443 | 192.168.2.10 | 204.79.197.203 |
Mar 21, 2025 14:34:00.393701077 CET | 49678 | 443 | 192.168.2.10 | 20.189.173.26 |
Mar 21, 2025 14:34:29.551805973 CET | 49708 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:34:29.551851988 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:29.551922083 CET | 49708 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:34:29.552170992 CET | 49708 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:34:29.552182913 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:29.753736973 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:29.754194975 CET | 49708 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:34:29.754246950 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:31.683214903 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:31.684097052 CET | 49710 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:31.684145927 CET | 443 | 49710 | 2.23.227.208 | 192.168.2.10 |
Mar 21, 2025 14:34:31.684211969 CET | 49710 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:31.684776068 CET | 49710 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:31.684788942 CET | 443 | 49710 | 2.23.227.208 | 192.168.2.10 |
Mar 21, 2025 14:34:31.989142895 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:32.052210093 CET | 443 | 49710 | 2.23.227.208 | 192.168.2.10 |
Mar 21, 2025 14:34:32.052326918 CET | 49710 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:32.597453117 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:33.799668074 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:36.205553055 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:39.786310911 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:39.786390066 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:39.786446095 CET | 49708 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:34:39.804486036 CET | 49708 | 443 | 192.168.2.10 | 142.251.32.100 |
Mar 21, 2025 14:34:39.804516077 CET | 443 | 49708 | 142.251.32.100 | 192.168.2.10 |
Mar 21, 2025 14:34:40.284162998 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:34:40.379627943 CET | 80 | 49699 | 142.250.80.99 | 192.168.2.10 |
Mar 21, 2025 14:34:40.379678011 CET | 49699 | 80 | 192.168.2.10 | 142.250.80.99 |
Mar 21, 2025 14:34:41.020479918 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:50.627613068 CET | 49674 | 443 | 192.168.2.10 | 2.23.227.208 |
Mar 21, 2025 14:34:51.226991892 CET | 443 | 49710 | 2.23.227.208 | 192.168.2.10 |
Mar 21, 2025 14:34:51.227066994 CET | 49710 | 443 | 192.168.2.10 | 2.23.227.208 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 21, 2025 14:33:25.854384899 CET | 53 | 57175 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:25.856383085 CET | 53 | 53672 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:26.452116013 CET | 53 | 50643 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:26.606076002 CET | 53 | 64897 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:29.488866091 CET | 50970 | 53 | 192.168.2.10 | 1.1.1.1 |
Mar 21, 2025 14:33:29.489097118 CET | 55036 | 53 | 192.168.2.10 | 1.1.1.1 |
Mar 21, 2025 14:33:29.590219021 CET | 53 | 50970 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:29.590363026 CET | 53 | 55036 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:31.230773926 CET | 62505 | 53 | 192.168.2.10 | 1.1.1.1 |
Mar 21, 2025 14:33:31.231066942 CET | 62729 | 53 | 192.168.2.10 | 1.1.1.1 |
Mar 21, 2025 14:33:31.346673012 CET | 53 | 62729 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:31.399112940 CET | 53 | 62505 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:33.202217102 CET | 55750 | 53 | 192.168.2.10 | 1.1.1.1 |
Mar 21, 2025 14:33:33.202378988 CET | 51982 | 53 | 192.168.2.10 | 1.1.1.1 |
Mar 21, 2025 14:33:33.342753887 CET | 53 | 51982 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:33.371074915 CET | 53 | 55750 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:33:43.545213938 CET | 53 | 61990 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:34:02.380290985 CET | 53 | 50586 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:34:25.139795065 CET | 53 | 59471 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:34:25.275759935 CET | 53 | 64778 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:34:27.058109999 CET | 53 | 59420 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:34:27.912463903 CET | 53 | 59034 | 1.1.1.1 | 192.168.2.10 |
Mar 21, 2025 14:34:40.087915897 CET | 138 | 138 | 192.168.2.10 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 21, 2025 14:33:29.488866091 CET | 192.168.2.10 | 1.1.1.1 | 0xf2a8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 14:33:29.489097118 CET | 192.168.2.10 | 1.1.1.1 | 0xf683 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 14:33:31.230773926 CET | 192.168.2.10 | 1.1.1.1 | 0xd603 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 14:33:31.231066942 CET | 192.168.2.10 | 1.1.1.1 | 0xf6c | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 14:33:33.202217102 CET | 192.168.2.10 | 1.1.1.1 | 0xea5e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 14:33:33.202378988 CET | 192.168.2.10 | 1.1.1.1 | 0x1075 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 21, 2025 14:33:29.590219021 CET | 1.1.1.1 | 192.168.2.10 | 0xf2a8 | No error (0) | 142.251.32.100 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:29.590363026 CET | 1.1.1.1 | 192.168.2.10 | 0xf683 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 21, 2025 14:33:31.346673012 CET | 1.1.1.1 | 192.168.2.10 | 0xf6c | No error (0) | k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:31.399112940 CET | 1.1.1.1 | 192.168.2.10 | 0xd603 | No error (0) | k8s-btfsprod-btfsgate-f999b78d32-493095428.ap-southeast-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:31.399112940 CET | 1.1.1.1 | 192.168.2.10 | 0xd603 | No error (0) | 13.250.202.186 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:31.399112940 CET | 1.1.1.1 | 192.168.2.10 | 0xd603 | No error (0) | 13.215.113.18 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:31.399112940 CET | 1.1.1.1 | 192.168.2.10 | 0xd603 | No error (0) | 52.220.237.40 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:33.342753887 CET | 1.1.1.1 | 192.168.2.10 | 0x1075 | No error (0) | d2zgzy9au3frt5.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:33.371074915 CET | 1.1.1.1 | 192.168.2.10 | 0xea5e | No error (0) | d2zgzy9au3frt5.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:33.371074915 CET | 1.1.1.1 | 192.168.2.10 | 0xea5e | No error (0) | 18.238.49.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:33.371074915 CET | 1.1.1.1 | 192.168.2.10 | 0xea5e | No error (0) | 18.238.49.47 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:33.371074915 CET | 1.1.1.1 | 192.168.2.10 | 0xea5e | No error (0) | 18.238.49.129 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 14:33:33.371074915 CET | 1.1.1.1 | 192.168.2.10 | 0xea5e | No error (0) | 18.238.49.59 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.10 | 49699 | 142.250.80.99 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 21, 2025 14:33:39.889163017 CET | 202 | OUT | |
Mar 21, 2025 14:33:39.987291098 CET | 223 | IN | |
Mar 21, 2025 14:33:39.993973017 CET | 200 | OUT | |
Mar 21, 2025 14:33:40.086534977 CET | 223 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49690 | 13.250.202.186 | 443 | 1632 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 13:33:32 UTC | 720 | OUT | |
2025-03-21 13:33:32 UTC | 179 | IN | |
2025-03-21 13:33:32 UTC | 135 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49689 | 13.250.202.186 | 443 | 1632 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 13:33:32 UTC | 648 | OUT | |
2025-03-21 13:33:33 UTC | 206 | IN | |
2025-03-21 13:33:33 UTC | 134 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49692 | 18.238.49.110 | 443 | 1632 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 13:33:33 UTC | 590 | OUT | |
2025-03-21 13:33:33 UTC | 357 | IN | |
2025-03-21 13:33:33 UTC | 117 | IN | |
2025-03-21 13:33:33 UTC | 5 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 09:33:20 |
Start date: | 21/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ea9f0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 09:33:24 |
Start date: | 21/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ea9f0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 6 |
Start time: | 09:33:30 |
Start date: | 21/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ea9f0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |