Windows
Analysis Report
1513570779.svg
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w11x64_office
chrome.exe (PID: 7304 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C) chrome.exe (PID: 7500 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1900,i ,767401993 5859693911 ,894046847 1667833695 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version= 20250316-1 80048.7760 00 --mojo- platform-c hannel-han dle=2024 / prefetch:1 1 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
chrome.exe (PID: 7180 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "C:\ Users\user \Desktop\1 513570779. svg" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_JavaScriptembeddedinSVG | Yara detected JavaScript embedded in SVG | Joe Security | ||
JoeSecurity_HtmlPhish_80 | Yara detected HtmlPhish_80 | Joe Security |
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | File source: |
Source: | Joe Sandbox AI: |
Source: | File source: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a.nel.cloudflare.com | 35.190.80.1 | true | false | high | |
cxxziu8prd.moydow.de | 104.21.13.170 | true | false | unknown | |
www.google.com | 142.250.176.196 | true | false | high | |
onedscolprdwus16.westus.cloudapp.azure.com | 20.189.173.23 | true | false | high | |
browser.events.data.msn.cn | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false |
| unknown | |
false | high | ||
false | unknown | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.176.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
104.21.13.170 | cxxziu8prd.moydow.de | United States | 13335 | CLOUDFLARENETUS | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
192.168.2.24 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1647621 |
Start date and time: | 2025-03-25 03:51:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 1513570779.svg |
Detection: | MAL |
Classification: | mal64.phis.winSVG@24/4@9/5 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): SystemSettingsB roker.exe, SIHClient.exe, appi dcertstorecheck.exe, conhost.e xe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 199.232.210.172, 1 42.251.40.227, 142.251.40.206, 142.250.65.238, 64.233.180.84 , 142.250.176.206, 142.250.65. 206, 142.250.81.238, 142.251.3 5.174, 142.251.41.10, 142.250. 65.234, 142.250.72.106, 142.25 1.40.234, 142.250.80.106, 142. 250.65.170, 142.250.64.74, 142 .250.176.202, 142.251.40.202, 142.251.32.106, 142.250.80.74, 142.250.65.202, 142.250.81.23 4, 142.251.40.170, 142.250.64. 106, 142.250.80.42, 142.251.40 .238, 142.250.80.99, 142.251.4 0.99, 142.251.32.110, 142.250. 80.110, 172.217.165.142, 172.2 02.163.200 - Excluded domains from analysis
(whitelisted): clients1.googl e.com, accounts.google.com, sl scr.update.microsoft.com, ctld l.windowsupdate.com, clientser vices.googleapis.com, www.goog leapis.com, fe3cr.delivery.mp. microsoft.com, clients2.google .com, edgedl.me.gvt1.com, redi rector.gvt1.com, update.google apis.com, clients.l.google.com , c.pki.goog - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found .
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.13.170 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse | |||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse | |||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse | |||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT | Browse | |||
Get hash | malicious | Glupteba, Mars Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Amadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, Vidar | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
|
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1465 |
Entropy (8bit): | 5.213319658132415 |
Encrypted: | false |
SSDEEP: | 24:hM0mIh5f0ARJsUYMD5zt7lODbdYO517l0jzRlw+w+w2w/fVE28QMU6d/iG80TV:lmIbf0A8UYMbQnr+zbH1TSi8MUsf |
MD5: | 0644CF2088F5C5358F47F6BCDBB41AD9 |
SHA1: | A08446D8D08464D3C9E240DD218F3C9475A1DC01 |
SHA-256: | 163B55065C83DABC5EF88ABB0521B0BAF14B354BF0CE55B4A363568114A41183 |
SHA-512: | CE602AE36CC139CCAC71AE2C6344D5556E6CA7ED3093B88EA47A58AD77BE673D5EB6D3523892708410478629D8C094802621A5B8673D85193C930E6DE1B99CED |
Malicious: | false |
Reputation: | low |
URL: | https://cxxziu8prd.moydow.de/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1465 |
Entropy (8bit): | 5.213319658132415 |
Encrypted: | false |
SSDEEP: | 24:hM0mIh5f0ARJsUYMD5zt7lODbdYO517l0jzRlw+w+w2w/fVE28QMU6d/iG80TV:lmIbf0A8UYMbQnr+zbH1TSi8MUsf |
MD5: | 0644CF2088F5C5358F47F6BCDBB41AD9 |
SHA1: | A08446D8D08464D3C9E240DD218F3C9475A1DC01 |
SHA-256: | 163B55065C83DABC5EF88ABB0521B0BAF14B354BF0CE55B4A363568114A41183 |
SHA-512: | CE602AE36CC139CCAC71AE2C6344D5556E6CA7ED3093B88EA47A58AD77BE673D5EB6D3523892708410478629D8C094802621A5B8673D85193C930E6DE1B99CED |
Malicious: | false |
Reputation: | low |
URL: | https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au |
Preview: |
File type: | |
Entropy (8bit): | 5.641109808890761 |
TrID: | |
File name: | 1513570779.svg |
File size: | 4'174 bytes |
MD5: | 06afa7ff339723165feb610c1a530c46 |
SHA1: | ea1706a8cf0f257ad55dd29bde7b0fb5c89bb14f |
SHA256: | f2c28cb84714032ebf92bafe4e8341a9f3d1d8aedca7f8831617692e4d1771b5 |
SHA512: | 9bb90dcf75075ecc34cd4f5b8560beac0f896dabff41a7f633ade229838793d7a6573cafaa3b96faa2cd176b96e9722653caba2c3aff7bb26e09fed4726c32eb |
SSDEEP: | 96:A451Zh5qEvErGOkjWcIbOnSdUwJhHNdpIzFxo15u:AkewErGOMWHOUUwHb6Fv |
TLSH: | DF8123604C9F4E2C037441C3ECDD10CACB59E7D73A81E78DB68EAAF4A76652654CB4C9 |
File Content Preview: | The explorer composed a beautiful painting in the desert. -->.<svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%">. The child painted a curious thought while sailing across the seas. -->. <foreignObject width="100%" heig |
Icon Hash: | 173149cccc490307 |
Download Network PCAP: filtered – full
- Total Packets: 124
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 03:52:03.728663921 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:03.728710890 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:03.728830099 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:03.731106997 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:03.731127024 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.254158020 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.254329920 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.266537905 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.266556025 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.268853903 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.268953085 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.274266958 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.274370909 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.274429083 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.274451971 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.274497032 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.274677992 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.274801016 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.274840117 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.276237011 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:04.276299953 CET | 443 | 60828 | 20.189.173.23 | 192.168.2.24 |
Mar 25, 2025 03:52:04.276364088 CET | 60828 | 443 | 192.168.2.24 | 20.189.173.23 |
Mar 25, 2025 03:52:15.767205954 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:15.767236948 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:15.767328978 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:15.767762899 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:15.767774105 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:15.961306095 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:15.961422920 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:15.962733030 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:15.962743998 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:15.962979078 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:16.010215998 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:16.907763004 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:16.907793999 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:16.907994032 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:16.908236980 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:16.908246994 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.115549088 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.115696907 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.116941929 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.116945982 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.117160082 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.119373083 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.164313078 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.436999083 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.437040091 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.437114000 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.437226057 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.437226057 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.440325975 CET | 60844 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.440346956 CET | 443 | 60844 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.551871061 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.551918983 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.551979065 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.552722931 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.552733898 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.610816956 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.610872984 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.610960007 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.611357927 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.611376047 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.739835024 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.739897013 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.765163898 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.765202999 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.765466928 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.766102076 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.812325001 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.813015938 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.813925028 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.813939095 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.814502001 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:17.814508915 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:17.945297956 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.945369959 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.945420027 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.948904037 CET | 60845 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.948930025 CET | 443 | 60845 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.949891090 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.949928045 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.950001001 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.950140953 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:17.950153112 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:18.134262085 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:18.137485027 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:18.137499094 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:18.140686989 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:18.140692949 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:18.142187119 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:18.142234087 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:18.142287016 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:18.142302036 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:18.142366886 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:18.142417908 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:18.169084072 CET | 60846 | 443 | 192.168.2.24 | 104.21.13.170 |
Mar 25, 2025 03:52:18.169115067 CET | 443 | 60846 | 104.21.13.170 | 192.168.2.24 |
Mar 25, 2025 03:52:18.346885920 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:18.346937895 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:18.346998930 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:18.347446918 CET | 60847 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:52:18.347487926 CET | 443 | 60847 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:52:23.026024103 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.026139021 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.026170015 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.193572044 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.194010019 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.194025040 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.441596985 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.441673040 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.480377913 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.480396032 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.480542898 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.486706972 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.651647091 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.691634893 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.691816092 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.692418098 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.692471981 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.693259001 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.858804941 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.960494995 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.960652113 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:23.974195004 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:52:23.974272966 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:52:26.006078959 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:26.006207943 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:26.006342888 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:27.303198099 CET | 60838 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:52:27.303226948 CET | 443 | 60838 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:52:45.796128988 CET | 80 | 60820 | 23.203.176.221 | 192.168.2.24 |
Mar 25, 2025 03:52:45.796226978 CET | 60820 | 80 | 192.168.2.24 | 23.203.176.221 |
Mar 25, 2025 03:52:45.796264887 CET | 60820 | 80 | 192.168.2.24 | 23.203.176.221 |
Mar 25, 2025 03:52:46.102071047 CET | 60820 | 80 | 192.168.2.24 | 23.203.176.221 |
Mar 25, 2025 03:52:46.191451073 CET | 80 | 60820 | 23.203.176.221 | 192.168.2.24 |
Mar 25, 2025 03:52:54.268898010 CET | 80 | 60819 | 208.89.73.31 | 192.168.2.24 |
Mar 25, 2025 03:52:54.269023895 CET | 60819 | 80 | 192.168.2.24 | 208.89.73.31 |
Mar 25, 2025 03:52:54.269100904 CET | 60819 | 80 | 192.168.2.24 | 208.89.73.31 |
Mar 25, 2025 03:52:54.571548939 CET | 60819 | 80 | 192.168.2.24 | 208.89.73.31 |
Mar 25, 2025 03:52:54.665515900 CET | 80 | 60819 | 208.89.73.31 | 192.168.2.24 |
Mar 25, 2025 03:53:15.731424093 CET | 60857 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:53:15.731518030 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:15.731606007 CET | 60857 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:53:15.731875896 CET | 60857 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:53:15.731911898 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:15.927942991 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:15.928284883 CET | 60857 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:53:15.928311110 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:17.456861973 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.456907988 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.457000971 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.459916115 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.459935904 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.644263029 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.644510031 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.644532919 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.644668102 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.644674063 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.856889963 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.857081890 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.857187986 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.857449055 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.857465029 CET | 443 | 60859 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.857474089 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.857723951 CET | 60859 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.858409882 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.858453989 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:17.858571053 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.858897924 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:17.858912945 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.042943954 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.043309927 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:18.043340921 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.043596983 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:18.043602943 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.043632030 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:18.043636084 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.247828960 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.247936964 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:18.247991085 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:18.248286009 CET | 60860 | 443 | 192.168.2.24 | 35.190.80.1 |
Mar 25, 2025 03:53:18.248301029 CET | 443 | 60860 | 35.190.80.1 | 192.168.2.24 |
Mar 25, 2025 03:53:25.932986021 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:25.933056116 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:25.933137894 CET | 60857 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:53:27.776110888 CET | 60857 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:53:27.776190042 CET | 443 | 60857 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:53:43.649188042 CET | 60818 | 443 | 192.168.2.24 | 23.219.36.143 |
Mar 25, 2025 03:53:43.738920927 CET | 443 | 60818 | 23.219.36.143 | 192.168.2.24 |
Mar 25, 2025 03:53:43.738948107 CET | 443 | 60818 | 23.219.36.143 | 192.168.2.24 |
Mar 25, 2025 03:53:43.739125013 CET | 60818 | 443 | 192.168.2.24 | 23.219.36.143 |
Mar 25, 2025 03:53:43.739125967 CET | 60818 | 443 | 192.168.2.24 | 23.219.36.143 |
Mar 25, 2025 03:53:45.353984118 CET | 60821 | 443 | 192.168.2.24 | 23.219.36.143 |
Mar 25, 2025 03:53:45.443393946 CET | 443 | 60821 | 23.219.36.143 | 192.168.2.24 |
Mar 25, 2025 03:53:45.443470001 CET | 60821 | 443 | 192.168.2.24 | 23.219.36.143 |
Mar 25, 2025 03:53:45.443505049 CET | 443 | 60821 | 23.219.36.143 | 192.168.2.24 |
Mar 25, 2025 03:53:45.443553925 CET | 60821 | 443 | 192.168.2.24 | 23.219.36.143 |
Mar 25, 2025 03:53:49.649780989 CET | 60825 | 443 | 192.168.2.24 | 184.31.69.3 |
Mar 25, 2025 03:53:49.739244938 CET | 443 | 60825 | 184.31.69.3 | 192.168.2.24 |
Mar 25, 2025 03:53:49.739269972 CET | 443 | 60825 | 184.31.69.3 | 192.168.2.24 |
Mar 25, 2025 03:53:49.739362001 CET | 60825 | 443 | 192.168.2.24 | 184.31.69.3 |
Mar 25, 2025 03:53:49.739408970 CET | 60825 | 443 | 192.168.2.24 | 184.31.69.3 |
Mar 25, 2025 03:53:50.181075096 CET | 60826 | 443 | 192.168.2.24 | 184.31.69.3 |
Mar 25, 2025 03:53:50.271173954 CET | 443 | 60826 | 184.31.69.3 | 192.168.2.24 |
Mar 25, 2025 03:53:50.271230936 CET | 443 | 60826 | 184.31.69.3 | 192.168.2.24 |
Mar 25, 2025 03:53:50.271429062 CET | 60826 | 443 | 192.168.2.24 | 184.31.69.3 |
Mar 25, 2025 03:53:50.271534920 CET | 60826 | 443 | 192.168.2.24 | 184.31.69.3 |
Mar 25, 2025 03:54:15.790678978 CET | 60867 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:54:15.790738106 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:54:15.790853024 CET | 60867 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:54:15.791034937 CET | 60867 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:54:15.791057110 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:54:15.977682114 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:54:15.980850935 CET | 60867 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:54:15.980885983 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:54:24.024432898 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:54:24.024456978 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:54:24.024504900 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:54:24.024542093 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:54:24.024641037 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:54:24.336563110 CET | 60817 | 443 | 192.168.2.24 | 2.19.122.66 |
Mar 25, 2025 03:54:24.501794100 CET | 443 | 60817 | 2.19.122.66 | 192.168.2.24 |
Mar 25, 2025 03:54:25.980698109 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:54:25.980835915 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Mar 25, 2025 03:54:25.980932951 CET | 60867 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:54:26.650559902 CET | 60867 | 443 | 192.168.2.24 | 142.250.176.196 |
Mar 25, 2025 03:54:26.650600910 CET | 443 | 60867 | 142.250.176.196 | 192.168.2.24 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 03:52:03.584721088 CET | 60584 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:03.725406885 CET | 53 | 60584 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:11.408480883 CET | 53 | 59567 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:11.520581007 CET | 53 | 58707 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:12.181665897 CET | 53 | 62275 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:15.667737961 CET | 57234 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:15.668062925 CET | 62298 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:15.765319109 CET | 53 | 62298 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:15.765892029 CET | 53 | 57234 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:16.663542032 CET | 53807 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:16.663891077 CET | 65087 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:16.675079107 CET | 58363 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:16.675246000 CET | 62100 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:16.878369093 CET | 53 | 62100 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:16.894759893 CET | 53 | 65087 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:16.899982929 CET | 53 | 58363 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:16.900099993 CET | 53 | 53807 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.450901031 CET | 58930 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:17.451076984 CET | 61963 | 53 | 192.168.2.24 | 1.1.1.1 |
Mar 25, 2025 03:52:17.548238039 CET | 53 | 61963 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:17.551007032 CET | 53 | 58930 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:29.201492071 CET | 53 | 51603 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:36.086090088 CET | 137 | 137 | 192.168.2.24 | 192.168.2.255 |
Mar 25, 2025 03:52:36.836823940 CET | 137 | 137 | 192.168.2.24 | 192.168.2.255 |
Mar 25, 2025 03:52:37.586757898 CET | 137 | 137 | 192.168.2.24 | 192.168.2.255 |
Mar 25, 2025 03:52:41.034796953 CET | 53 | 58047 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:52:48.313322067 CET | 53 | 65213 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:53:10.720727921 CET | 53 | 53047 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:53:11.161798000 CET | 53 | 59271 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:53:14.008979082 CET | 53 | 60383 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:53:41.750225067 CET | 53 | 58601 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:54:26.756145954 CET | 53 | 58764 | 1.1.1.1 | 192.168.2.24 |
Mar 25, 2025 03:54:26.922734976 CET | 138 | 138 | 192.168.2.24 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 25, 2025 03:52:16.900249958 CET | 192.168.2.24 | 1.1.1.1 | c21e | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 25, 2025 03:52:03.584721088 CET | 192.168.2.24 | 1.1.1.1 | 0x2d1d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 25, 2025 03:52:15.667737961 CET | 192.168.2.24 | 1.1.1.1 | 0xd39f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 25, 2025 03:52:15.668062925 CET | 192.168.2.24 | 1.1.1.1 | 0x837d | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 25, 2025 03:52:16.663542032 CET | 192.168.2.24 | 1.1.1.1 | 0x7990 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 25, 2025 03:52:16.663891077 CET | 192.168.2.24 | 1.1.1.1 | 0xc814 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 25, 2025 03:52:16.675079107 CET | 192.168.2.24 | 1.1.1.1 | 0x6b9a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 25, 2025 03:52:16.675246000 CET | 192.168.2.24 | 1.1.1.1 | 0xf34 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 25, 2025 03:52:17.450901031 CET | 192.168.2.24 | 1.1.1.1 | 0x84fc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 25, 2025 03:52:17.451076984 CET | 192.168.2.24 | 1.1.1.1 | 0x2859 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 25, 2025 03:52:03.725406885 CET | 1.1.1.1 | 192.168.2.24 | 0x2d1d | No error (0) | global.asimov.events.data.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:03.725406885 CET | 1.1.1.1 | 192.168.2.24 | 0x2d1d | No error (0) | onedscolprdwus16.westus.cloudapp.azure.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:03.725406885 CET | 1.1.1.1 | 192.168.2.24 | 0x2d1d | No error (0) | 20.189.173.23 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:15.765319109 CET | 1.1.1.1 | 192.168.2.24 | 0x837d | No error (0) | 65 | IN (0x0001) | false | |||
Mar 25, 2025 03:52:15.765892029 CET | 1.1.1.1 | 192.168.2.24 | 0xd39f | No error (0) | 142.250.176.196 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:16.878369093 CET | 1.1.1.1 | 192.168.2.24 | 0xf34 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 25, 2025 03:52:16.894759893 CET | 1.1.1.1 | 192.168.2.24 | 0xc814 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 25, 2025 03:52:16.899982929 CET | 1.1.1.1 | 192.168.2.24 | 0x6b9a | No error (0) | 104.21.13.170 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:16.899982929 CET | 1.1.1.1 | 192.168.2.24 | 0x6b9a | No error (0) | 172.67.200.219 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:16.900099993 CET | 1.1.1.1 | 192.168.2.24 | 0x7990 | No error (0) | 104.21.13.170 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:16.900099993 CET | 1.1.1.1 | 192.168.2.24 | 0x7990 | No error (0) | 172.67.200.219 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 03:52:17.551007032 CET | 1.1.1.1 | 192.168.2.24 | 0x84fc | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.24 | 60828 | 20.189.173.23 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:52:04 UTC | 473 | OUT | |
2025-03-25 02:52:04 UTC | 3656 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.24 | 60844 | 104.21.13.170 | 443 | 7500 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:52:17 UTC | 1099 | OUT | |
2025-03-25 02:52:17 UTC | 863 | IN | |
2025-03-25 02:52:17 UTC | 506 | IN | |
2025-03-25 02:52:17 UTC | 966 | IN | |
2025-03-25 02:52:17 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.24 | 60845 | 35.190.80.1 | 443 | 7500 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:52:17 UTC | 559 | OUT | |
2025-03-25 02:52:17 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.24 | 60846 | 104.21.13.170 | 443 | 7500 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:52:17 UTC | 1046 | OUT | |
2025-03-25 02:52:18 UTC | 865 | IN | |
2025-03-25 02:52:18 UTC | 504 | IN | |
2025-03-25 02:52:18 UTC | 968 | IN | |
2025-03-25 02:52:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.24 | 60847 | 35.190.80.1 | 443 | 7500 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:52:18 UTC | 534 | OUT | |
2025-03-25 02:52:18 UTC | 834 | OUT | |
2025-03-25 02:52:18 UTC | 214 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.24 | 60859 | 35.190.80.1 | 443 | 7500 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:53:17 UTC | 557 | OUT | |
2025-03-25 02:53:17 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.24 | 60860 | 35.190.80.1 | 443 | 7500 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 02:53:18 UTC | 532 | OUT | |
2025-03-25 02:53:18 UTC | 877 | OUT | |
2025-03-25 02:53:18 UTC | 214 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 22:52:08 |
Start date: | 24/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64ad70000 |
File size: | 3'384'928 bytes |
MD5 hash: | DBE43C1D0092437B88CFF7BD9ABC336C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 1 |
Start time: | 22:52:09 |
Start date: | 24/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64ad70000 |
File size: | 3'384'928 bytes |
MD5 hash: | DBE43C1D0092437B88CFF7BD9ABC336C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 6 |
Start time: | 22:52:16 |
Start date: | 24/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64ad70000 |
File size: | 3'384'928 bytes |
MD5 hash: | DBE43C1D0092437B88CFF7BD9ABC336C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |