Windows
Analysis Report
https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 2184 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 64 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1988 --fi eld-trial- handle=197 2,i,695307 3780709153 962,233392 0208916373 190,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 3968 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://offic e.microsof toniline.c om/common/ oauth2/v2. 0/authoriz e/?clinet_ id=2e5d6a5 7-eb8c-44b f3-8bd3-fc 61824af882 " MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | SlashNext | Credential Stealing type: Phishing & Social usering |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
office.microsoftoniline.com | 51.79.237.104 | true | false | unknown | |
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
www.google.com | 172.217.16.132 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
51.79.237.104 | office.microsoftoniline.com | Canada | 16276 | OVHFR | false | |
172.217.16.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500185 |
Start date and time: | 2024-08-28 00:50:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@18/0@6/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.142, 66.102.1.84, 34.104.35.123, 104.115.89.234, 20.12.23.50, 192.229.221.95, 20.242.39.171, 199.232.210.172, 52.165.164.15, 142.250.184.227
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 28, 2024 00:51:18.134882927 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:18.134884119 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:18.447362900 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:24.265445948 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:24.265501976 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:24.265564919 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:24.267241955 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:24.267256975 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.042718887 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.042798996 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.062863111 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.062905073 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.063117027 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.097105980 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.107917070 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.107942104 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.108381987 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.152509928 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.286123991 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.286494970 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:25.286555052 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.290589094 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.290589094 CEST | 49710 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:25.290617943 CEST | 443 | 49710 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:26.542273998 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:26.542320967 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:26.542432070 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:26.546293020 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:26.546308041 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:27.741813898 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:27.741813898 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:27.905286074 CEST | 49719 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:27.905323982 CEST | 443 | 49719 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:27.905381918 CEST | 49719 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:27.907375097 CEST | 49720 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:27.907382011 CEST | 443 | 49720 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:27.907438993 CEST | 49720 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:27.908046961 CEST | 49719 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:27.908057928 CEST | 443 | 49719 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:27.908566952 CEST | 49720 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:27.908575058 CEST | 443 | 49720 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:28.055902958 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:28.076435089 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.076508045 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.088500977 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.088529110 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.088721037 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.098031998 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.098417044 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.098426104 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.098982096 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.144495964 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.273195982 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.273257971 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:28.273313046 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.274167061 CEST | 49716 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:28.274192095 CEST | 443 | 49716 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:29.670545101 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:29.670572042 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:29.670631886 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:29.671458006 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:29.671468973 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:29.784775019 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:51:29.784858942 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:30.309912920 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:30.316158056 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:30.316168070 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:30.317045927 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:30.317106009 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:30.347413063 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:30.347476959 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:30.398071051 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:30.398080111 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:30.446410894 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:34.526062012 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:34.526110888 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:34.526798010 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:34.526994944 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:34.527009010 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.321382046 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.321484089 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.323641062 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.323652983 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.323904037 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.325685024 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.325836897 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.325836897 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.325841904 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.372497082 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.496514082 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.496592999 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.496685982 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.496939898 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.496961117 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.879329920 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.879369020 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:35.879431009 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.880028009 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:35.880038023 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:36.862334967 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:36.862406015 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:36.864706039 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:36.864717007 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:36.864958048 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:36.867338896 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:36.867358923 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:36.867364883 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:36.867492914 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:36.912492037 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:37.039556026 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:37.039637089 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:37.039736032 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:37.039954901 CEST | 49725 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:37.039972067 CEST | 443 | 49725 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:40.229991913 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:40.230060101 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:40.230103970 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:41.546431065 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:41.546613932 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:41.547432899 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:41.547473907 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:51:41.547584057 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:41.548986912 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:41.549000025 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:51:41.551347017 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:51:41.551388025 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:51:41.833897114 CEST | 49721 | 443 | 192.168.2.6 | 172.217.16.132 |
Aug 28, 2024 00:51:41.833920002 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.6 |
Aug 28, 2024 00:51:42.166959047 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:51:42.167037964 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:51:49.036309958 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:49.036351919 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:49.036420107 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:49.037883997 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:49.037895918 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.092180014 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.092282057 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.099849939 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.099864960 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.100150108 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.106012106 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.106012106 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.106030941 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.106631041 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.148504972 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.295838118 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.295928955 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.296415091 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.296448946 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.296459913 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.296461105 CEST | 49731 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.296468973 CEST | 443 | 49731 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.462594032 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.462649107 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:50.462717056 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.463356018 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:50.463368893 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.304425955 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.304506063 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.313003063 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.313033104 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.313270092 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.316528082 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.316706896 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.316714048 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.317059994 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.364495039 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.490423918 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.490554094 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:51.490607023 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.495763063 CEST | 49732 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:51:51.495784998 CEST | 443 | 49732 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:51:57.908031940 CEST | 49719 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:57.908198118 CEST | 443 | 49719 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:57.908267021 CEST | 49719 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:57.908818007 CEST | 49720 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:57.908983946 CEST | 443 | 49720 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:57.909040928 CEST | 49720 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.015264988 CEST | 49734 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.015315056 CEST | 443 | 49734 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:59.015384912 CEST | 49734 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.016196966 CEST | 49735 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.016236067 CEST | 443 | 49735 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:59.016318083 CEST | 49735 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.031132936 CEST | 49735 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.031173944 CEST | 443 | 49735 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:51:59.031606913 CEST | 49734 | 443 | 192.168.2.6 | 51.79.237.104 |
Aug 28, 2024 00:51:59.031627893 CEST | 443 | 49734 | 51.79.237.104 | 192.168.2.6 |
Aug 28, 2024 00:52:01.351907969 CEST | 443 | 49730 | 173.222.162.64 | 192.168.2.6 |
Aug 28, 2024 00:52:01.351969957 CEST | 49730 | 443 | 192.168.2.6 | 173.222.162.64 |
Aug 28, 2024 00:52:05.205049992 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:05.205092907 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:05.205219984 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:05.205874920 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:05.205887079 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.295455933 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.295553923 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.300666094 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.300681114 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.300942898 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.302763939 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.302993059 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.302999020 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.303195953 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.344501972 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.656836987 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.656961918 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Aug 28, 2024 00:52:06.657061100 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.658380985 CEST | 49736 | 443 | 192.168.2.6 | 40.115.3.253 |
Aug 28, 2024 00:52:06.658409119 CEST | 443 | 49736 | 40.115.3.253 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 28, 2024 00:51:24.886316061 CEST | 53 | 52438 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:25.182470083 CEST | 53 | 52978 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:26.181087017 CEST | 53 | 58421 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:26.845226049 CEST | 57695 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 28, 2024 00:51:26.847008944 CEST | 64958 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 28, 2024 00:51:27.858190060 CEST | 61138 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 28, 2024 00:51:27.858985901 CEST | 49599 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 28, 2024 00:51:27.899739027 CEST | 53 | 57695 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:27.899763107 CEST | 53 | 64958 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:27.918154955 CEST | 53 | 61138 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:27.946882963 CEST | 53 | 49599 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:29.592401981 CEST | 62746 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 28, 2024 00:51:29.593502998 CEST | 57749 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 28, 2024 00:51:29.599235058 CEST | 53 | 62746 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:29.600219965 CEST | 53 | 57749 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:43.161873102 CEST | 53 | 59636 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:51:56.858016968 CEST | 53 | 53110 | 1.1.1.1 | 192.168.2.6 |
Aug 28, 2024 00:52:02.587869883 CEST | 53 | 58410 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Aug 28, 2024 00:51:27.918217897 CEST | 192.168.2.6 | 1.1.1.1 | c203 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 28, 2024 00:51:26.845226049 CEST | 192.168.2.6 | 1.1.1.1 | 0x74dd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 28, 2024 00:51:26.847008944 CEST | 192.168.2.6 | 1.1.1.1 | 0xb595 | Standard query (0) | 65 | IN (0x0001) | false | |
Aug 28, 2024 00:51:27.858190060 CEST | 192.168.2.6 | 1.1.1.1 | 0xcbc3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 28, 2024 00:51:27.858985901 CEST | 192.168.2.6 | 1.1.1.1 | 0x1161 | Standard query (0) | 65 | IN (0x0001) | false | |
Aug 28, 2024 00:51:29.592401981 CEST | 192.168.2.6 | 1.1.1.1 | 0xf1e2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 28, 2024 00:51:29.593502998 CEST | 192.168.2.6 | 1.1.1.1 | 0xb310 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 28, 2024 00:51:27.899739027 CEST | 1.1.1.1 | 192.168.2.6 | 0x74dd | No error (0) | 51.79.237.104 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:27.918154955 CEST | 1.1.1.1 | 192.168.2.6 | 0xcbc3 | No error (0) | 51.79.237.104 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:29.599235058 CEST | 1.1.1.1 | 192.168.2.6 | 0xf1e2 | No error (0) | 172.217.16.132 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:29.600219965 CEST | 1.1.1.1 | 192.168.2.6 | 0xb310 | No error (0) | 65 | IN (0x0001) | false | |||
Aug 28, 2024 00:51:39.249902964 CEST | 1.1.1.1 | 192.168.2.6 | 0x6dce | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:39.249902964 CEST | 1.1.1.1 | 192.168.2.6 | 0x6dce | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:41.222417116 CEST | 1.1.1.1 | 192.168.2.6 | 0x503e | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:41.222417116 CEST | 1.1.1.1 | 192.168.2.6 | 0x503e | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:58.708647013 CEST | 1.1.1.1 | 192.168.2.6 | 0x225 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Aug 28, 2024 00:51:58.708647013 CEST | 1.1.1.1 | 192.168.2.6 | 0x225 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.6 | 49709 | 20.7.1.246 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:15 UTC | 71 | OUT | |
2024-08-27 22:51:15 UTC | 249 | OUT | |
2024-08-27 22:51:15 UTC | 1084 | OUT | |
2024-08-27 22:51:15 UTC | 74 | OUT | |
2024-08-27 22:51:15 UTC | 14 | IN | |
2024-08-27 22:51:15 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.2.6 | 49710 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:25 UTC | 70 | OUT | |
2024-08-27 22:51:25 UTC | 249 | OUT | |
2024-08-27 22:51:25 UTC | 1083 | OUT | |
2024-08-27 22:51:25 UTC | 73 | OUT | |
2024-08-27 22:51:25 UTC | 14 | IN | |
2024-08-27 22:51:25 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.2.6 | 49716 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:28 UTC | 71 | OUT | |
2024-08-27 22:51:28 UTC | 249 | OUT | |
2024-08-27 22:51:28 UTC | 1084 | OUT | |
2024-08-27 22:51:28 UTC | 218 | OUT | |
2024-08-27 22:51:28 UTC | 14 | IN | |
2024-08-27 22:51:28 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.6 | 49724 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:35 UTC | 71 | OUT | |
2024-08-27 22:51:35 UTC | 249 | OUT | |
2024-08-27 22:51:35 UTC | 1084 | OUT | |
2024-08-27 22:51:35 UTC | 74 | OUT | |
2024-08-27 22:51:35 UTC | 14 | IN | |
2024-08-27 22:51:35 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
4 | 192.168.2.6 | 49725 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:36 UTC | 71 | OUT | |
2024-08-27 22:51:36 UTC | 249 | OUT | |
2024-08-27 22:51:36 UTC | 1084 | OUT | |
2024-08-27 22:51:36 UTC | 218 | OUT | |
2024-08-27 22:51:37 UTC | 14 | IN | |
2024-08-27 22:51:37 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.2.6 | 49731 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:50 UTC | 71 | OUT | |
2024-08-27 22:51:50 UTC | 249 | OUT | |
2024-08-27 22:51:50 UTC | 1084 | OUT | |
2024-08-27 22:51:50 UTC | 74 | OUT | |
2024-08-27 22:51:50 UTC | 14 | IN | |
2024-08-27 22:51:50 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
6 | 192.168.2.6 | 49732 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:51:51 UTC | 71 | OUT | |
2024-08-27 22:51:51 UTC | 249 | OUT | |
2024-08-27 22:51:51 UTC | 1084 | OUT | |
2024-08-27 22:51:51 UTC | 218 | OUT | |
2024-08-27 22:51:51 UTC | 14 | IN | |
2024-08-27 22:51:51 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
7 | 192.168.2.6 | 49736 | 40.115.3.253 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-27 22:52:06 UTC | 71 | OUT | |
2024-08-27 22:52:06 UTC | 249 | OUT | |
2024-08-27 22:52:06 UTC | 1084 | OUT | |
2024-08-27 22:52:06 UTC | 218 | OUT | |
2024-08-27 22:52:06 UTC | 14 | IN | |
2024-08-27 22:52:06 UTC | 58 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:51:19 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:51:23 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:51:25 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |