Windows
Analysis Report
http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5792 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 5304 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1964,i ,247185024 6389426269 ,117019802 8330017356 7,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2024 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6224 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://korsra ttell.xyz/ 4aOtHU2283 8Suwi159gc sfxkvhbv31 3ZKADSMRFT RQKBHF2983 8ICNA3548X 40" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Phisher_2 | Yara detected Phisher | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-27T20:30:19.759443+0100 | 2859622 | 1 | Exploit Kit Activity Detected | 188.132.128.218 | 80 | 192.168.2.7 | 49687 | TCP |
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | File source: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Suricata IDS: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.worldoneonline.com | 69.30.237.86 | true | false | high | |
beacons-handoff.gcp.gvt2.com | 142.251.116.94 | true | false | high | |
www.google.com | 142.250.81.228 | true | false | high | |
korsrattell.xyz | 188.132.128.218 | true | false | high | |
beacons.gvt2.com | 142.250.81.227 | true | false | high | |
beacons.gcp.gvt2.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
false | high | ||
false | high | ||
true |
| unknown | |
false | high | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.132.128.218 | korsrattell.xyz | Turkey | 42910 | PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTR | false | |
69.30.237.86 | www.worldoneonline.com | United States | 32097 | WIIUS | false | |
142.250.81.228 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.7 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1650588 |
Start date and time: | 2025-03-27 20:29:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.phis.troj.win@22/6@20/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): sppsvc.exe, SIH Client.exe, SgrmBroker.exe, sv chost.exe, TextInputHost.exe - Excluded IPs from analysis (wh
itelisted): 142.251.32.110, 14 2.250.80.67, 142.251.163.84, 1 42.250.81.238, 23.210.92.197, 142.251.40.131, 4.245.163.56, 23.9.183.29 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, edged l.me.gvt1.com, accounts.google .com, redirector.gvt1.com, sls cr.update.microsoft.com, updat e.googleapis.com, ctldl.window supdate.com, clientservices.go ogleapis.com, clients.l.google .com, c.pki.goog, fe3cr.delive ry.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: http:/
/korsrattell.xyz/4aOtHU22838Su wi159gcsfxkvhbv313ZKADSMRFTRQK BHF29838ICNA3548X40
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 458 |
Entropy (8bit): | 5.131460290374407 |
Encrypted: | false |
SSDEEP: | 12:8AaJ+dAW1FTWoK9xGixFoBwdNDJNZUSbZkXCABHRsqq+7p:8bJOAWYragNvZUSuzRsqZp |
MD5: | 0A3E69B8B37A6DF0ACD7E7F5D9D3B854 |
SHA1: | 680DE96CFE2AFF1B030BFBD4A7CFA2529993EA61 |
SHA-256: | 0F3A07F36D6BDDEE418F7D7548BC165B09817E10764A359D2773388CDEC9FF8A |
SHA-512: | 9C5C0679E082A5776536835110B90436CD6531E3B2C4FC7A15BDCE7F550D6647447C904E68D660FAF81E39C108E17198830E8B133E86D8559180FA6FB5CE25C7 |
Malicious: | false |
Reputation: | low |
URL: | http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 304 |
Entropy (8bit): | 5.471355015469421 |
Encrypted: | false |
SSDEEP: | 6:uIRnXHFmmmULhOzXFV9JQcqgidV/FJKSK1YGLhOzXFV9JQcqgiPed/VMCGYoVL:lXHAx+O5JJqldvpQO5JJqle9IL |
MD5: | 180D3111BF4B95B105B0AD913DA78812 |
SHA1: | 3541E6C5346CDFF7442403A15A2C69BC1438F1C3 |
SHA-256: | 3D9104A90EFD3BB116EE3BAAC3B392E3DE5C0276BC4F70E133C84779749D690E |
SHA-512: | 46A1CC7C59E8A471920BDFF03384B16ACB802D865FD88EF9E377891592C8C4573EEEF9F3C3B91791549A310AC10C0E2A89DE0B7BCF1B59026DA9E3487846522C |
Malicious: | false |
Reputation: | low |
URL: | http://korsrattell.xyz/t/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 884 |
Entropy (8bit): | 5.140994617901 |
Encrypted: | false |
SSDEEP: | 24:rrgOuPbq/BHslgT1d1uawBATPuoBN2t2t2t2t2t2t2tomffffffo:rrgOu+/KlgJXwBAzuSNYYYYYYYomfffw |
MD5: | 1871450607ED8315EA3211DF56301424 |
SHA1: | 20798060F8A8D2F95F7921AEFFD86D10D98B3FEA |
SHA-256: | ED0D553E726BBDB888F3B942655EF3A60BA948643255F6F1EC85FB833E473F89 |
SHA-512: | AE731526FCFC93241F301749EAB16DD58054634D53062D85A170A843806107CB388517186C51594307FB5C5D3FD56B074ACF2D966444D0933C9514E6F17C33BA |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE |
Preview: |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-27T20:30:19.759443+0100 | 2859622 | ETPRO EXPLOIT_KIT FoxTDS Initial Check | 1 | 188.132.128.218 | 80 | 192.168.2.7 | 49687 | TCP |
- Total Packets: 117
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2025 20:30:08.092412949 CET | 49674 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:08.092540026 CET | 49673 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:08.095788956 CET | 49675 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:13.126022100 CET | 49676 | 80 | 192.168.2.7 | 23.199.215.203 |
Mar 27, 2025 20:30:13.126041889 CET | 49677 | 443 | 192.168.2.7 | 2.18.98.62 |
Mar 27, 2025 20:30:15.420516968 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:15.420561075 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:15.420680046 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:15.420849085 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:15.420861006 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:15.618704081 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:15.618885040 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:15.620045900 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:15.620054960 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:15.620466948 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:15.670959949 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:16.348294020 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:16.348530054 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:16.358686924 CET | 49689 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:16.358722925 CET | 443 | 49689 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:16.358854055 CET | 49689 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:16.360728025 CET | 49689 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:16.360739946 CET | 443 | 49689 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:16.578174114 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:16.578248978 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:17.360760927 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:17.587754965 CET | 80 | 49688 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:17.587842941 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:17.705451012 CET | 49673 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:17.705459118 CET | 49674 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:17.705486059 CET | 49675 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:18.256206989 CET | 443 | 49689 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:18.256263018 CET | 443 | 49689 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:18.256331921 CET | 49689 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:18.256521940 CET | 49689 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:18.256541967 CET | 443 | 49689 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:18.256947994 CET | 49690 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:18.256993055 CET | 443 | 49690 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:18.257087946 CET | 49690 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:18.257211924 CET | 49690 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:18.257224083 CET | 443 | 49690 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:18.815535069 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:18.860270977 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:18.934201956 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:18.936623096 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:18.936676979 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:18.971107006 CET | 49686 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:30:18.971132040 CET | 443 | 49686 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:30:19.158128977 CET | 443 | 49690 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:19.158157110 CET | 443 | 49690 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:19.158231020 CET | 49690 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:19.159899950 CET | 49690 | 443 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:19.159945965 CET | 443 | 49690 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:19.202447891 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:19.431339979 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:19.431682110 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:19.479783058 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:19.529114962 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:19.759443045 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:19.814327002 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:20.516860962 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:20.784570932 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:20.837574959 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:20.884015083 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:21.992352962 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:21.992389917 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:21.992440939 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:21.992647886 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:21.992660999 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:21.993057966 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:21.993083954 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:21.993130922 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:21.993283987 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:21.993292093 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.239423990 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.239499092 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.240941048 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.240955114 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.241235971 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.241497993 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.242388964 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.242474079 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.243350983 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.243360996 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.243679047 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.284271955 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.296967030 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.556210041 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.556309938 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.558156967 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.558187962 CET | 443 | 49694 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:22.558224916 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:22.566080093 CET | 49694 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:27.895086050 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:30:27.985615969 CET | 80 | 49698 | 142.251.41.3 | 192.168.2.7 |
Mar 27, 2025 20:30:27.985713005 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:30:27.985897064 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:30:28.076598883 CET | 80 | 49698 | 142.251.41.3 | 192.168.2.7 |
Mar 27, 2025 20:30:28.076947927 CET | 80 | 49698 | 142.251.41.3 | 192.168.2.7 |
Mar 27, 2025 20:30:28.095133066 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:30:28.185807943 CET | 80 | 49698 | 142.251.41.3 | 192.168.2.7 |
Mar 27, 2025 20:30:28.233189106 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:30:28.912853003 CET | 49672 | 443 | 192.168.2.7 | 2.23.227.208 |
Mar 27, 2025 20:30:28.912873030 CET | 443 | 49672 | 2.23.227.208 | 192.168.2.7 |
Mar 27, 2025 20:30:32.355720997 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:32.355782032 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:30:32.355947971 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:30:32.820305109 CET | 80 | 49688 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:32.820357084 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:36.118999004 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:36.119240046 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:40.235291958 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:30:40.548239946 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:30:41.155921936 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:30:42.359035015 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:30:44.765049934 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:30:48.046564102 CET | 80 | 49688 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:48.046618938 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:48.803632021 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:30:49.109265089 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:30:49.577089071 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:30:49.717745066 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:30:50.921279907 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:30:51.348346949 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:30:51.348407984 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:30:53.328140020 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:30:58.140382051 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:30:59.186415911 CET | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Mar 27, 2025 20:31:02.593425989 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:31:02.820975065 CET | 80 | 49688 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:31:05.842550039 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:31:06.071217060 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:31:07.749452114 CET | 49678 | 443 | 192.168.2.7 | 20.189.173.15 |
Mar 27, 2025 20:31:15.392457008 CET | 49710 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:31:15.392492056 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:15.392556906 CET | 49710 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:31:15.392748117 CET | 49710 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:31:15.392762899 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:15.588069916 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:15.588366032 CET | 49710 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:31:15.588376999 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:17.359962940 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:31:17.359983921 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:31:17.875869989 CET | 80 | 49688 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:31:17.876250982 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:31:18.049679995 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:31:18.276549101 CET | 80 | 49688 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:31:18.276606083 CET | 49688 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:31:21.078361988 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:31:21.078403950 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Mar 27, 2025 20:31:24.047441006 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:31:24.047461987 CET | 443 | 49695 | 69.30.237.86 | 192.168.2.7 |
Mar 27, 2025 20:31:24.047560930 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:31:24.047560930 CET | 49695 | 443 | 192.168.2.7 | 69.30.237.86 |
Mar 27, 2025 20:31:25.604482889 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:25.604554892 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:25.604634047 CET | 49710 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:31:26.047982931 CET | 49710 | 443 | 192.168.2.7 | 142.250.81.228 |
Mar 27, 2025 20:31:26.048000097 CET | 443 | 49710 | 142.250.81.228 | 192.168.2.7 |
Mar 27, 2025 20:31:28.436465979 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:31:28.525588989 CET | 80 | 49698 | 142.251.41.3 | 192.168.2.7 |
Mar 27, 2025 20:31:28.525798082 CET | 49698 | 80 | 192.168.2.7 | 142.251.41.3 |
Mar 27, 2025 20:31:36.306087017 CET | 80 | 49687 | 188.132.128.218 | 192.168.2.7 |
Mar 27, 2025 20:31:36.306312084 CET | 49687 | 80 | 192.168.2.7 | 188.132.128.218 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2025 20:30:10.939683914 CET | 53 | 59073 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:11.003848076 CET | 53 | 64545 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:11.892266989 CET | 53 | 52046 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:11.924674034 CET | 53 | 64944 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:15.328526020 CET | 50258 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:15.328526020 CET | 64479 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:15.419044971 CET | 53 | 50258 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:15.419056892 CET | 53 | 64479 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:16.227334023 CET | 51197 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:16.230276108 CET | 55795 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:16.268137932 CET | 62937 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:16.268373013 CET | 50510 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:16.343914032 CET | 53 | 55795 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:16.344357014 CET | 53 | 51197 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:16.357945919 CET | 53 | 62937 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:16.357966900 CET | 53 | 50510 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:21.902324915 CET | 56949 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:21.902708054 CET | 59451 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:30:21.991486073 CET | 53 | 56949 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:21.991769075 CET | 53 | 59451 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:28.997864962 CET | 53 | 65109 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:47.767416954 CET | 53 | 50019 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:30:52.841727972 CET | 53 | 61219 | 162.159.36.2 | 192.168.2.7 |
Mar 27, 2025 20:31:10.260528088 CET | 53 | 50256 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:10.702967882 CET | 53 | 52860 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:20.051075935 CET | 56104 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:20.051075935 CET | 58889 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:20.141076088 CET | 53 | 56104 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:20.141100883 CET | 53 | 58889 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:21.062694073 CET | 54809 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:21.062988043 CET | 53338 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:21.152015924 CET | 53 | 54809 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:21.152040005 CET | 53 | 53338 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:23.095802069 CET | 60553 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:23.184973001 CET | 53 | 60553 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:24.108516932 CET | 60553 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:24.197604895 CET | 53 | 60553 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:25.108906984 CET | 60553 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:25.197608948 CET | 53 | 60553 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:27.109261036 CET | 60553 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:27.198648930 CET | 53 | 60553 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:31.110740900 CET | 60553 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:31.195806980 CET | 53 | 60553 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:36.050122976 CET | 53700 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:36.050309896 CET | 58257 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:36.136620998 CET | 53 | 53700 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:36.136639118 CET | 53 | 58257 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2025 20:31:37.062091112 CET | 58074 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2025 20:31:37.146414995 CET | 53 | 58074 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 27, 2025 20:30:11.892297029 CET | 192.168.2.7 | 1.1.1.1 | c1fc | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 27, 2025 20:30:15.328526020 CET | 192.168.2.7 | 1.1.1.1 | 0x3065 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:30:15.328526020 CET | 192.168.2.7 | 1.1.1.1 | 0x17eb | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:30:16.227334023 CET | 192.168.2.7 | 1.1.1.1 | 0x33db | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:30:16.230276108 CET | 192.168.2.7 | 1.1.1.1 | 0xa6b0 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:30:16.268137932 CET | 192.168.2.7 | 1.1.1.1 | 0x1dbb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:30:16.268373013 CET | 192.168.2.7 | 1.1.1.1 | 0x7bc3 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:30:21.902324915 CET | 192.168.2.7 | 1.1.1.1 | 0x416f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:30:21.902708054 CET | 192.168.2.7 | 1.1.1.1 | 0x79 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:31:20.051075935 CET | 192.168.2.7 | 1.1.1.1 | 0x6271 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:31:20.051075935 CET | 192.168.2.7 | 1.1.1.1 | 0x9f52 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:21.062694073 CET | 192.168.2.7 | 1.1.1.1 | 0x29b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:21.062988043 CET | 192.168.2.7 | 1.1.1.1 | 0x4ab6 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:31:23.095802069 CET | 192.168.2.7 | 1.1.1.1 | 0x7dab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:24.108516932 CET | 192.168.2.7 | 1.1.1.1 | 0x7dab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:25.108906984 CET | 192.168.2.7 | 1.1.1.1 | 0x7dab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:27.109261036 CET | 192.168.2.7 | 1.1.1.1 | 0x7dab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:31.110740900 CET | 192.168.2.7 | 1.1.1.1 | 0x7dab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:36.050122976 CET | 192.168.2.7 | 1.1.1.1 | 0x71b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 20:31:36.050309896 CET | 192.168.2.7 | 1.1.1.1 | 0x1b23 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 20:31:37.062091112 CET | 192.168.2.7 | 1.1.1.1 | 0x7f68 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 27, 2025 20:30:15.419044971 CET | 1.1.1.1 | 192.168.2.7 | 0x3065 | No error (0) | 142.250.81.228 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:30:15.419056892 CET | 1.1.1.1 | 192.168.2.7 | 0x17eb | No error (0) | 65 | IN (0x0001) | false | |||
Mar 27, 2025 20:30:16.344357014 CET | 1.1.1.1 | 192.168.2.7 | 0x33db | No error (0) | 188.132.128.218 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:30:16.357945919 CET | 1.1.1.1 | 192.168.2.7 | 0x1dbb | No error (0) | 188.132.128.218 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:30:21.991486073 CET | 1.1.1.1 | 192.168.2.7 | 0x416f | No error (0) | 69.30.237.86 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:20.141076088 CET | 1.1.1.1 | 192.168.2.7 | 0x6271 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:20.141100883 CET | 1.1.1.1 | 192.168.2.7 | 0x9f52 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:20.141100883 CET | 1.1.1.1 | 192.168.2.7 | 0x9f52 | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:21.152015924 CET | 1.1.1.1 | 192.168.2.7 | 0x29b | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:21.152015924 CET | 1.1.1.1 | 192.168.2.7 | 0x29b | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:21.152040005 CET | 1.1.1.1 | 192.168.2.7 | 0x4ab6 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:23.184973001 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:23.184973001 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:24.197604895 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:24.197604895 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:25.197608948 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:25.197608948 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:27.198648930 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:27.198648930 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:31.195806980 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:31.195806980 CET | 1.1.1.1 | 192.168.2.7 | 0x7dab | No error (0) | 142.251.116.94 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:36.136620998 CET | 1.1.1.1 | 192.168.2.7 | 0x71b0 | No error (0) | 142.250.81.227 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 20:31:37.146414995 CET | 1.1.1.1 | 192.168.2.7 | 0x7f68 | No error (0) | 142.250.81.227 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49687 | 188.132.128.218 | 80 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2025 20:30:19.202447891 CET | 492 | OUT | |
Mar 27, 2025 20:30:19.431682110 CET | 711 | IN | |
Mar 27, 2025 20:30:19.529114962 CET | 436 | OUT | |
Mar 27, 2025 20:30:19.759443045 CET | 259 | IN | |
Mar 27, 2025 20:30:20.516860962 CET | 590 | OUT | |
Mar 27, 2025 20:30:20.837574959 CET | 557 | IN | |
Mar 27, 2025 20:31:05.842550039 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.2.7 | 49698 | 142.251.41.3 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2025 20:30:27.985897064 CET | 202 | OUT | |
Mar 27, 2025 20:30:28.076947927 CET | 223 | IN | |
Mar 27, 2025 20:30:28.095133066 CET | 200 | OUT | |
Mar 27, 2025 20:30:28.185807943 CET | 223 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49688 | 188.132.128.218 | 80 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2025 20:31:02.593425989 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49686 | 142.250.81.228 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-27 19:30:18 UTC | 575 | OUT | |
2025-03-27 19:30:18 UTC | 1303 | IN | |
2025-03-27 19:30:18 UTC | 891 | IN | |
2025-03-27 19:30:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49694 | 69.30.237.86 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-27 19:30:22 UTC | 750 | OUT | |
2025-03-27 19:30:22 UTC | 225 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49695 | 69.30.237.86 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-27 19:30:32 UTC | 102 | IN | |
2025-03-27 19:30:32 UTC | 110 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:30:07 |
Start date: | 27/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff778810000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 15:30:08 |
Start date: | 27/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff778810000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 15:30:14 |
Start date: | 27/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff778810000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |