Edit tour

Windows Analysis Report
https://mtowner.com

Overview

General Information

Sample URL:	https://mtowner.com
Analysis ID:	1672167
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,1661100902761445158,14043072267814350238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1984 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mtowner.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.8:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.87.31.237:443 -> 192.168.2.8:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.87.31.237:443 -> 192.168.2.8:49696 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.71

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: mtowner.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mtowner.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mtowner.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mtowner.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Apr 2025 14:37:08 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 274Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.8:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.87.31.237:443 -> 192.168.2.8:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.87.31.237:443 -> 192.168.2.8:49696 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@21/4@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,1661100902761445158,14043072267814350238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1984 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mtowner.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,1661100902761445158,14043072267814350238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1984 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mtowner.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://mtowner.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.69.4	true	false		high
mtowner.com	194.87.31.237	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mtowner.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://mtowner.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States		15169	GOOGLEUS	false
194.87.31.237	mtowner.com	Russian Federation		49392	ASBAXETNRU	false

Private

IP
192.168.2.8
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672167
Start date and time:	2025-04-23 16:36:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mtowner.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/4@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.49.195, 142.250.68.238, 142.250.101.84, 142.250.69.14, 23.220.73.19, 20.12.23.50, 184.29.183.29
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://mtowner.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:wFSuL:wZL
MD5:	35D56D565628F654CCEFAEE619BA9728
SHA1:	4CB2C207D5A9BB582AA3DDD06786D1AFA0D8BADA
SHA-256:	B22550984AE425E3EA0ED0FCC3AD554A42C7206BCC9CEEF5CC72528463560EFD
SHA-512:	76DA290B4AD80FD6FC9CF9C155110F11A9EEC503C5B9C4A306EEE060C08B4192A1D59BA437D027AB6C1559A9BF92B63DCE8823C2A63CA871175B8B2DC1C7DED5
Malicious:	false
Reputation:	low
URL:	https://mtowner.com/
Preview:	It works.

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	274
Entropy (8bit):	5.199814983438777
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCwdExBFm8oD:J0+oxBeRmR9etdzRxGezHtdf8+
MD5:	C0B627F00C73171731BB84149A9A9663
SHA1:	187B5502E9F3C41971B1EF5145290361B37FE83E
SHA-256:	BDBE61F9CAEB9752F6959FB5C524EADBCBE590F24EA77B8282E1ECB03C4C1F34
SHA-512:	1F30B32BAD1E5D1F3DBA9898AC30056B24641CEB4E81FC2F70AEDECC95D45529825E7E04732AF4E8A8849C23A8EECEFF91C0FFF98863E5F1BA6C48B0335457E9
Malicious:	false
Reputation:	low
URL:	https://mtowner.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at mtowner.com Port 443</address>.</body></html>.

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 118
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:36:53.728415012 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.731436968 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.744431973 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.745877028 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.745965004 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.746949911 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.747030973 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.748855114 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.748874903 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.751646042 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.751765013 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.753875017 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.753954887 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.754098892 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.755889893 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.875827074 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.875972986 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.879033089 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.889573097 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.890249968 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.890660048 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.890842915 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.892929077 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.893062115 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.895329952 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.897463083 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:53.897540092 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.897676945 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:53.899458885 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.022388935 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.025511980 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.034174919 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.035289049 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.035393000 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.035752058 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.035811901 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.038414955 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.038496017 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.038570881 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.038635015 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.040529013 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.040673018 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.042849064 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.170192003 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.170325041 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.173541069 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.179025888 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.182554007 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.183015108 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.183079004 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.185872078 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.185924053 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.186383963 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.188766003 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.189385891 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.189515114 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.191441059 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.316044092 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.319634914 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.325965881 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.327330112 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.327409029 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.327755928 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.327805996 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.329982042 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.330096006 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.330166101 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.330379009 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.332089901 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.332396984 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.334569931 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.461097956 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.461306095 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.464126110 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.470693111 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.471389055 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.471784115 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.471856117 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.474149942 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.474186897 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.474344015 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.475425005 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.475495100 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.477649927 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.478498936 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.605173111 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.608851910 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.615081072 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.616238117 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.616369963 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.617625952 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.617716074 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.618922949 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.619676113 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.619782925 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.619878054 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.620037079 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.621912003 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.677104950 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.750097036 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.750278950 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.760399103 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.761194944 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.761318922 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:54.761610031 CEST	443	49681	13.107.246.71	192.168.2.8
Apr 23, 2025 16:36:54.802335024 CEST	49681	443	192.168.2.8	13.107.246.71
Apr 23, 2025 16:36:56.552045107 CEST	49675	443	192.168.2.8	2.23.227.215
Apr 23, 2025 16:36:56.552045107 CEST	49676	443	192.168.2.8	2.23.227.215
Apr 23, 2025 16:36:56.552181959 CEST	49674	443	192.168.2.8	2.23.227.208
Apr 23, 2025 16:36:57.458267927 CEST	49677	80	192.168.2.8	23.60.201.147
Apr 23, 2025 16:36:57.458268881 CEST	49672	443	192.168.2.8	2.19.104.63
Apr 23, 2025 16:37:04.339482069 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:04.339535952 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:04.339915037 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:04.340306997 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:04.340323925 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:04.659437895 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:04.659521103 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:04.660794973 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:04.660810947 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:04.661060095 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:04.710670948 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:05.682977915 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:05.683042049 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:05.683119059 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:05.683626890 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:05.683676004 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:05.683805943 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:05.684103012 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:05.684122086 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:05.684156895 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:05.684171915 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.162306070 CEST	49675	443	192.168.2.8	2.23.227.215
Apr 23, 2025 16:37:06.162307024 CEST	49676	443	192.168.2.8	2.23.227.215
Apr 23, 2025 16:37:06.162337065 CEST	49674	443	192.168.2.8	2.23.227.208
Apr 23, 2025 16:37:06.522015095 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.522114992 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:06.523823977 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:06.523837090 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.524157047 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.524493933 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:06.525420904 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.525566101 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:06.526588917 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:06.526601076 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.526885986 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.568279982 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:06.571094036 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:07.067536116 CEST	49672	443	192.168.2.8	2.19.104.63
Apr 23, 2025 16:37:07.067557096 CEST	49677	80	192.168.2.8	23.60.201.147
Apr 23, 2025 16:37:08.242772102 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:08.242897987 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:08.242970943 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:08.256998062 CEST	49695	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:08.257026911 CEST	443	49695	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:08.357834101 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:08.400273085 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:08.627495050 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:08.627571106 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:08.627701044 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:08.629636049 CEST	49696	443	192.168.2.8	194.87.31.237
Apr 23, 2025 16:37:08.629647017 CEST	443	49696	194.87.31.237	192.168.2.8
Apr 23, 2025 16:37:19.643755913 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:19.643812895 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:19.643908024 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:20.055187941 CEST	49694	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:37:20.055226088 CEST	443	49694	142.250.69.4	192.168.2.8
Apr 23, 2025 16:37:34.131341934 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:37:34.443240881 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:37:35.052634954 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:37:36.255795002 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:37:38.662225962 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:37:42.257110119 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:37:42.568850994 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:37:43.177727938 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:37:43.474608898 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:37:44.380852938 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:37:46.787633896 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:37:51.599828005 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:37:53.083954096 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2025 16:38:01.209486961 CEST	49678	443	192.168.2.8	20.42.65.90
Apr 23, 2025 16:38:04.257736921 CEST	49711	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:38:04.257795095 CEST	443	49711	142.250.69.4	192.168.2.8
Apr 23, 2025 16:38:04.257879972 CEST	49711	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:38:04.258174896 CEST	49711	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:38:04.258188963 CEST	443	49711	142.250.69.4	192.168.2.8
Apr 23, 2025 16:38:04.572369099 CEST	443	49711	142.250.69.4	192.168.2.8
Apr 23, 2025 16:38:04.572770119 CEST	49711	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:38:04.572801113 CEST	443	49711	142.250.69.4	192.168.2.8
Apr 23, 2025 16:38:14.566250086 CEST	443	49711	142.250.69.4	192.168.2.8
Apr 23, 2025 16:38:14.566308975 CEST	443	49711	142.250.69.4	192.168.2.8
Apr 23, 2025 16:38:14.566484928 CEST	49711	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:38:15.057092905 CEST	49711	443	192.168.2.8	142.250.69.4
Apr 23, 2025 16:38:15.057137966 CEST	443	49711	142.250.69.4	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:37:00.231513977 CEST	53	49627	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:00.236347914 CEST	53	56908	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:01.536475897 CEST	53	57650	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:01.797337055 CEST	53	53969	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:04.196165085 CEST	59583	53	192.168.2.8	1.1.1.1
Apr 23, 2025 16:37:04.196342945 CEST	49167	53	192.168.2.8	1.1.1.1
Apr 23, 2025 16:37:04.336760998 CEST	53	59583	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:04.337722063 CEST	53	49167	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:05.538650990 CEST	51156	53	192.168.2.8	1.1.1.1
Apr 23, 2025 16:37:05.538893938 CEST	56417	53	192.168.2.8	1.1.1.1
Apr 23, 2025 16:37:05.680874109 CEST	53	51156	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:05.681199074 CEST	53	56417	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:18.711663961 CEST	53	61184	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:37.525074959 CEST	53	53750	1.1.1.1	192.168.2.8
Apr 23, 2025 16:37:59.546041012 CEST	53	54865	1.1.1.1	192.168.2.8
Apr 23, 2025 16:38:00.451812983 CEST	53	54132	1.1.1.1	192.168.2.8
Apr 23, 2025 16:38:02.898885965 CEST	53	64860	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2025 16:37:04.196165085 CEST	192.168.2.8	1.1.1.1	0x7a28	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:37:04.196342945 CEST	192.168.2.8	1.1.1.1	0xf39b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 23, 2025 16:37:05.538650990 CEST	192.168.2.8	1.1.1.1	0xa37e	Standard query (0)	mtowner.com	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:37:05.538893938 CEST	192.168.2.8	1.1.1.1	0x6be	Standard query (0)	mtowner.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 23, 2025 16:37:04.336760998 CEST	1.1.1.1	192.168.2.8	0x7a28	No error (0)	www.google.com	142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:37:04.337722063 CEST	1.1.1.1	192.168.2.8	0xf39b	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 23, 2025 16:37:05.680874109 CEST	1.1.1.1	192.168.2.8	0xa37e	No error (0)	mtowner.com	194.87.31.237	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mtowner.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49695	194.87.31.237	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:37:06 UTC	661	OUT	GET / HTTP/1.1 Host: mtowner.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:37:08 UTC	166	IN	HTTP/1.1 200 OK Date: Wed, 23 Apr 2025 14:37:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 9 Connection: close Content-Type: text/html; charset=UTF-8
2025-04-23 14:37:08 UTC	9	IN	Data Raw: 49 74 20 77 6f 72 6b 73 2e Data Ascii: It works.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49696	194.87.31.237	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:37:08 UTC	585	OUT	GET /favicon.ico HTTP/1.1 Host: mtowner.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mtowner.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:37:08 UTC	180	IN	HTTP/1.1 404 Not Found Date: Wed, 23 Apr 2025 14:37:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 274 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-04-23 14:37:08 UTC	274	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 6d 74 6f 77 6e 65 72 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at mtowner.com Port 443</addre

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1592, Parent PID: 5676

Function Logs

General

Target ID:	0
Start time:	10:36:57
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6b29d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4076, Parent PID: 1592

Function Logs

General

Target ID:	1
Start time:	10:36:58
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,1661100902761445158,14043072267814350238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1984 /prefetch:3
Imagebase:	0x7ff6b29d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6400, Parent PID: 5676

Function Logs

General

Target ID:	5
Start time:	10:37:04
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mtowner.com"
Imagebase:	0x7ff6b29d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mtowner.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1592, Parent PID: 5676

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Windows Analysis Report
https://mtowner.com