Windows
Analysis Report
https://outlook-web-app-30c710.webflow.io/
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 2752 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 4748 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2036,i ,438447179 7931532710 ,838641043 3809053487 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version= 20250306-1 83004.4290 00 --mojo- platform-c hannel-han dle=2060 / prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 5584 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://outlo ok-web-app -30c710.we bflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
d3e54v103j8qbb.cloudfront.net | 13.33.251.68 | true | false | high | |
www.google.com | 142.251.40.228 | true | false | high | |
outlook-web-app-30c710.webflow.io | 104.18.36.248 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
true | unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.18.36.248 | outlook-web-app-30c710.webflow.io | United States | 13335 | CLOUDFLARENETUS | false | |
13.33.251.140 | unknown | United States | 16509 | AMAZON-02US | false | |
13.33.251.68 | d3e54v103j8qbb.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
142.251.40.228 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1653829 |
Start date and time: | 2025-04-01 16:50:03 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://outlook-web-app-30c710.webflow.io/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@21/11@9/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, a udiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHC lient.exe, SgrmBroker.exe, bac kgroundTaskHost.exe, conhost.e xe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.251.40.195, 14 2.250.80.14, 142.250.65.174, 1 72.253.115.84, 142.250.65.206, 142.251.41.14, 142.250.64.110 , 142.251.40.142, 142.251.40.2 38, 142.251.40.110, 142.251.32 .110, 142.250.64.99, 184.31.69 .3, 204.79.197.222, 20.12.23.5 0 - Excluded domains from analysis
(whitelisted): fp.msedge.net, fs.microsoft.com, clients2.go ogle.com, edgedl.me.gvt1.com, accounts.google.com, redirecto r.gvt1.com, slscr.update.micro soft.com, update.googleapis.co m, clientservices.googleapis.c om, clients.l.google.com, fe3c r.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: https:
//outlook-web-app-30c710.webfl ow.io/
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 688 |
Entropy (8bit): | 7.4656349096973305 |
Encrypted: | false |
SSDEEP: | 12:6v/7iY7/6Ts/f18COX+EA3JwtLndm9GI2LuMJKsWLZPq+OizNXHcpdbgxA4OgorD:27/6q+COuEAwdGGI8HJK4+OONXigKy2b |
MD5: | 88FCE7C7F8D3A7E53FDA27CEADAC4D12 |
SHA1: | A8B310F9A40E2D0CCEB5EE20E37A3657EEAEABF2 |
SHA-256: | E3E8D727E818CE2B05175AE721A17651AB71696BC10969319F87B6798D73E87A |
SHA-512: | 0798F656469C1072073141246B83C3EAD4B6EE023345BE2629170D7017B849A2C03B40AFD91A27DB2B508D4D65638099D3A2D538E0159D407AD0B702E54A95D0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 688 |
Entropy (8bit): | 7.4656349096973305 |
Encrypted: | false |
SSDEEP: | 12:6v/7iY7/6Ts/f18COX+EA3JwtLndm9GI2LuMJKsWLZPq+OizNXHcpdbgxA4OgorD:27/6q+COuEAwdGGI8HJK4+OONXigKy2b |
MD5: | 88FCE7C7F8D3A7E53FDA27CEADAC4D12 |
SHA1: | A8B310F9A40E2D0CCEB5EE20E37A3657EEAEABF2 |
SHA-256: | E3E8D727E818CE2B05175AE721A17651AB71696BC10969319F87B6798D73E87A |
SHA-512: | 0798F656469C1072073141246B83C3EAD4B6EE023345BE2629170D7017B849A2C03B40AFD91A27DB2B508D4D65638099D3A2D538E0159D407AD0B702E54A95D0 |
Malicious: | false |
Reputation: | low |
URL: | https://d3e54v103j8qbb.cloudfront.net/static/favicon_designer.88fce7c7f8.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 34041 |
Entropy (8bit): | 7.993384171292279 |
Encrypted: | true |
SSDEEP: | 768:NyNNFK8YgotAMrDRUIY6rHWSMJsGU7yBaUp7przzxWo8zB:gnK8ytAgSIR7WS4ZUWBaUxprhWnzB |
MD5: | ABF6E1188F57F609D6987CA7AA1F54B7 |
SHA1: | B226E5B656CAF3CE6ED5D9AD277850EA7CA27D05 |
SHA-256: | 40BB52D988186022D07C0248E9B6AF63A1DDE146B157797463BA7B5DADA4AC53 |
SHA-512: | 59152926E1062F1D41B6E9F81EB4D77263435FFB5CF7DA66E76A7FCFF1EE6F3FCF25FD62D020FB130FF4FEB257EE0D9C7E990584EF7EB01585FEC6745017BBCF |
Malicious: | false |
Reputation: | low |
URL: | https://d3e54v103j8qbb.cloudfront.net/fonts/Graphik-Medium-Web.abf6e1188f.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 30885 |
Entropy (8bit): | 7.9938302639105 |
Encrypted: | true |
SSDEEP: | 768:n/jo3BYAVy/zuMbOAR9Vb5McrtKfKTpCC4vOP:npXuMbOyRiWhTpCC4vg |
MD5: | 5A0C1A002E8A14BEDB37E60EE72642AC |
SHA1: | B5DF1451CE0D9AACE0D7337ABB26D10CD7999333 |
SHA-256: | CCDE0CF7CE5D0767EBA8AABD07F8537F24E5097CFB5E1F08E1685926EFCFBE84 |
SHA-512: | 329EB4B59CF67FD9B2581EB6AAD71189D16F52649EC0D8A54550D2BF9EA7954A9E0AA5CD2B9E936615B4FA505F22EEC595FCC127EA2FB0CE52FA7F92574F45A5 |
Malicious: | false |
Reputation: | low |
URL: | https://d3e54v103j8qbb.cloudfront.net/fonts/Graphik-Regular-Web.5a0c1a002e.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4176 |
Entropy (8bit): | 4.917297123338692 |
Encrypted: | false |
SSDEEP: | 96:McUPBqrrXyEVyDXyw7kXy01blI8q81SPqK:Mc8BErXyBXyJXyUrICK |
MD5: | C2BF6463065522E597390EEDB7A3F2F7 |
SHA1: | CFFF83E977BEA349743935E1B17BB753ACA11825 |
SHA-256: | A2693A37CDE8116FD113092E8F1D9794F1D2EBD336958C9385255B4B65BEDBBF |
SHA-512: | B32B4EEB0F8E9B2B61903037FD9397D453C095C41CF154F6A2DDA8DD2CDD81C6210FE4A7723376E91AF211EB44C64EF2CDDA58AE4C9BB75612CB700682252B75 |
Malicious: | false |
Reputation: | low |
URL: | https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 908 |
Entropy (8bit): | 4.922983707197396 |
Encrypted: | false |
SSDEEP: | 12:hYzDBNevXCsWJF8/UDy5y2TABUyr47qFgSSA2TABUn9yx0fqArxGmxCHxc9ev/Wn:hYzD8aJFxO5ls2y4BPs2ndg2JFxau |
MD5: | F30BDA7A1FD7BEF4C946D5E8F08F71F2 |
SHA1: | F2E0F6BFDFD7F2211C04B3C56F292C806969EE99 |
SHA-256: | E14487407359A2B8C009BBAAB7656357D5A9F315948EF97181E8E41711411593 |
SHA-512: | 5E4B68C3E734F8E508D738F7A05CF2352D0EE5DBE95947E80C2D5106A4029753F7A76AC768A2A304E0C920C2937B0E38FA6A5A2427BB53F16E470773C4753E0A |
Malicious: | false |
Reputation: | low |
URL: | https://outlook-web-app-30c710.webflow.io/ |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 116
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2025 16:51:01.717844963 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 16:51:01.874222040 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:02.186497927 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:02.795814991 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:03.998980045 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:06.405190945 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:10.639424086 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:10.951564074 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:11.219599009 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:11.326505899 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 16:51:11.560899973 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:12.436907053 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:12.436943054 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:12.437011003 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:12.437182903 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:12.437194109 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:12.646289110 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:12.646358967 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:12.650998116 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:12.651007891 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:12.651262045 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:12.701617956 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:12.764157057 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:15.168124914 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:15.254873037 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.254987955 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.255068064 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.255479097 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.255534887 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.255820990 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.259299040 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.259332895 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.259661913 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.259726048 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.481422901 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.481431961 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.481559038 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.482953072 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.494440079 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.494474888 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.494817019 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.495985985 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.496006966 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.496151924 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.496329069 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.536272049 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.548475027 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.769747972 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.769861937 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:15.770005941 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.772176027 CEST | 49730 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:15.772202969 CEST | 443 | 49730 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:16.924660921 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:16.924710035 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:16.924777985 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:16.925014019 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:16.925026894 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.140957117 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.141047955 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.148433924 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.148467064 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.148811102 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.149171114 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.196269989 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.331639051 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.331676960 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.331736088 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.331743002 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.331782103 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.333673000 CEST | 49732 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.333697081 CEST | 443 | 49732 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.362416983 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.362489939 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.362560034 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.362919092 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.362973928 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.363022089 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.363312006 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.363348961 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.363399029 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.363524914 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.363543034 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.363631010 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.363645077 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.363708973 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.363722086 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.567249060 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.567639112 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.567670107 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.567826033 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.567831993 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.567971945 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.568125963 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.568434000 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.568442106 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.568672895 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.568914890 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.569206953 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.569511890 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.569711924 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.569744110 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.570007086 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.570307016 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.616276979 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.616281033 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.759109974 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.759187937 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.759788036 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.760040998 CEST | 49735 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.760060072 CEST | 443 | 49735 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.769393921 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.769459963 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.769503117 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.769547939 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.769566059 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.769598007 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.769726038 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.778718948 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.778743029 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.778759003 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.779079914 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.779123068 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.779314041 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.786355019 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.786400080 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.786508083 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.786508083 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.786523104 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.787501097 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.788088083 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.788222075 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.788572073 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.788650036 CEST | 49734 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.788665056 CEST | 443 | 49734 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.798213005 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.798281908 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.798301935 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.798389912 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.798389912 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.798491001 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.804500103 CEST | 49733 | 443 | 192.168.2.4 | 13.33.251.68 |
Apr 1, 2025 16:51:17.804526091 CEST | 443 | 49733 | 13.33.251.68 | 192.168.2.4 |
Apr 1, 2025 16:51:17.872029066 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:17.872090101 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:17.872248888 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:17.872334957 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:17.872379065 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.068763971 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.068979979 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:18.072495937 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:18.072509050 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.072745085 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.076808929 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:18.124281883 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.260361910 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.260416031 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:18.260754108 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:18.262808084 CEST | 49736 | 443 | 192.168.2.4 | 13.33.251.140 |
Apr 1, 2025 16:51:18.262840986 CEST | 443 | 49736 | 13.33.251.140 | 192.168.2.4 |
Apr 1, 2025 16:51:19.970057964 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:20.096522093 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 16:51:20.112720013 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 16:51:20.200975895 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 16:51:20.218363047 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 16:51:20.222758055 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 16:51:20.222883940 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 16:51:20.222886086 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 16:51:20.222930908 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 16:51:20.829447985 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 16:51:22.633202076 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:22.633263111 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:22.633447886 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:23.728817940 CEST | 49728 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:51:23.728854895 CEST | 443 | 49728 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:51:29.574934006 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 16:51:30.206614971 CEST | 80 | 49711 | 23.203.176.221 | 192.168.2.4 |
Apr 1, 2025 16:51:30.221952915 CEST | 49711 | 80 | 192.168.2.4 | 23.203.176.221 |
Apr 1, 2025 16:51:30.467473030 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:30.467540979 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:30.469105005 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:31.728580952 CEST | 49729 | 443 | 192.168.2.4 | 104.18.36.248 |
Apr 1, 2025 16:51:31.728612900 CEST | 443 | 49729 | 104.18.36.248 | 192.168.2.4 |
Apr 1, 2025 16:51:53.639611959 CEST | 49713 | 80 | 192.168.2.4 | 142.250.72.99 |
Apr 1, 2025 16:51:53.639787912 CEST | 49712 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 1, 2025 16:51:53.639841080 CEST | 49714 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 1, 2025 16:51:53.733000040 CEST | 80 | 49712 | 199.232.214.172 | 192.168.2.4 |
Apr 1, 2025 16:51:53.733031034 CEST | 80 | 49714 | 199.232.214.172 | 192.168.2.4 |
Apr 1, 2025 16:51:53.733098984 CEST | 80 | 49714 | 199.232.214.172 | 192.168.2.4 |
Apr 1, 2025 16:51:53.733120918 CEST | 80 | 49713 | 142.250.72.99 | 192.168.2.4 |
Apr 1, 2025 16:51:53.733215094 CEST | 49714 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 1, 2025 16:51:53.733243942 CEST | 49713 | 80 | 192.168.2.4 | 142.250.72.99 |
Apr 1, 2025 16:51:53.740135908 CEST | 80 | 49712 | 199.232.214.172 | 192.168.2.4 |
Apr 1, 2025 16:51:53.740194082 CEST | 49712 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 1, 2025 16:52:12.360217094 CEST | 49743 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:52:12.360291004 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:52:12.360385895 CEST | 49743 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:52:12.360590935 CEST | 49743 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:52:12.360604048 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:52:12.563586950 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:52:12.564188957 CEST | 49743 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:52:12.564230919 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:52:22.558811903 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:52:22.558875084 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Apr 1, 2025 16:52:22.558979034 CEST | 49743 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:52:23.719960928 CEST | 49743 | 443 | 192.168.2.4 | 142.251.40.228 |
Apr 1, 2025 16:52:23.720041037 CEST | 443 | 49743 | 142.251.40.228 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2025 16:51:09.748511076 CEST | 53 | 57131 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:09.831324100 CEST | 53 | 57465 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:10.543956995 CEST | 53 | 49854 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:12.296523094 CEST | 60003 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:12.296523094 CEST | 50758 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:12.406837940 CEST | 53 | 60003 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:15.105257988 CEST | 56275 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:15.105375051 CEST | 52842 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:15.216479063 CEST | 53 | 56275 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:15.791666985 CEST | 60081 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:15.792224884 CEST | 61642 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:15.895658970 CEST | 53 | 61642 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:16.820235968 CEST | 58028 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:16.924029112 CEST | 53 | 58028 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:17.765157938 CEST | 50606 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:17.765157938 CEST | 59997 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 16:51:17.869891882 CEST | 53 | 50606 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:17.870457888 CEST | 53 | 59997 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:27.736661911 CEST | 53 | 58537 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:51:46.619191885 CEST | 53 | 61018 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:52:09.338138103 CEST | 53 | 55562 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:52:09.533992052 CEST | 53 | 57389 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 16:52:10.162141085 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 1, 2025 16:52:10.293051958 CEST | 53 | 54072 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 1, 2025 16:51:12.296523094 CEST | 192.168.2.4 | 1.1.1.1 | 0x15f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 16:51:12.296523094 CEST | 192.168.2.4 | 1.1.1.1 | 0x871b | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 16:51:15.105257988 CEST | 192.168.2.4 | 1.1.1.1 | 0x9df4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 16:51:15.105375051 CEST | 192.168.2.4 | 1.1.1.1 | 0x3d9a | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 16:51:15.791666985 CEST | 192.168.2.4 | 1.1.1.1 | 0xdd27 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 16:51:15.792224884 CEST | 192.168.2.4 | 1.1.1.1 | 0x778c | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 16:51:16.820235968 CEST | 192.168.2.4 | 1.1.1.1 | 0x471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 16:51:17.765157938 CEST | 192.168.2.4 | 1.1.1.1 | 0x7d78 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 16:51:17.765157938 CEST | 192.168.2.4 | 1.1.1.1 | 0x41d5 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 1, 2025 16:51:12.406837940 CEST | 1.1.1.1 | 192.168.2.4 | 0x15f2 | No error (0) | 142.251.40.228 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:15.216479063 CEST | 1.1.1.1 | 192.168.2.4 | 0x9df4 | No error (0) | 104.18.36.248 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:15.216479063 CEST | 1.1.1.1 | 192.168.2.4 | 0x9df4 | No error (0) | 172.64.151.8 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:16.924029112 CEST | 1.1.1.1 | 192.168.2.4 | 0x471 | No error (0) | 13.33.251.68 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:16.924029112 CEST | 1.1.1.1 | 192.168.2.4 | 0x471 | No error (0) | 13.33.251.140 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:16.924029112 CEST | 1.1.1.1 | 192.168.2.4 | 0x471 | No error (0) | 13.33.251.183 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:16.924029112 CEST | 1.1.1.1 | 192.168.2.4 | 0x471 | No error (0) | 13.33.251.210 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:17.869891882 CEST | 1.1.1.1 | 192.168.2.4 | 0x7d78 | No error (0) | 13.33.251.140 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:17.869891882 CEST | 1.1.1.1 | 192.168.2.4 | 0x7d78 | No error (0) | 13.33.251.68 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:17.869891882 CEST | 1.1.1.1 | 192.168.2.4 | 0x7d78 | No error (0) | 13.33.251.210 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 16:51:17.869891882 CEST | 1.1.1.1 | 192.168.2.4 | 0x7d78 | No error (0) | 13.33.251.183 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 104.18.36.248 | 443 | 4748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-01 14:51:15 UTC | 683 | OUT | |
2025-04-01 14:51:15 UTC | 692 | IN | |
2025-04-01 14:51:15 UTC | 677 | IN | |
2025-04-01 14:51:15 UTC | 238 | IN | |
2025-04-01 14:51:15 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49732 | 13.33.251.68 | 443 | 4748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-01 14:51:17 UTC | 637 | OUT | |
2025-04-01 14:51:17 UTC | 528 | IN | |
2025-04-01 14:51:17 UTC | 4176 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49735 | 13.33.251.68 | 443 | 4748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-01 14:51:17 UTC | 685 | OUT | |
2025-04-01 14:51:17 UTC | 575 | IN | |
2025-04-01 14:51:17 UTC | 688 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49734 | 13.33.251.68 | 443 | 4748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-01 14:51:17 UTC | 672 | OUT | |
2025-04-01 14:51:17 UTC | 619 | IN | |
2025-04-01 14:51:17 UTC | 15765 | IN | |
2025-04-01 14:51:17 UTC | 16384 | IN | |
2025-04-01 14:51:17 UTC | 1892 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49733 | 13.33.251.68 | 443 | 4748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-01 14:51:17 UTC | 673 | OUT | |
2025-04-01 14:51:17 UTC | 619 | IN | |
2025-04-01 14:51:17 UTC | 15765 | IN | |
2025-04-01 14:51:17 UTC | 15120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49736 | 13.33.251.140 | 443 | 4748 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-01 14:51:18 UTC | 431 | OUT | |
2025-04-01 14:51:18 UTC | 575 | IN | |
2025-04-01 14:51:18 UTC | 688 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 2 |
Start time: | 10:51:04 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 10:51:06 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 9 |
Start time: | 10:51:14 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |