Windows
Analysis Report
https://t.co/1A1wQwNFVf
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4444 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3716 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1848 --fi eld-trial- handle=200 8,i,258188 2664336918 239,651365 3453507597 270,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6428 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://t.co/ 1A1wQwNFVf " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
t.co | 172.66.0.227 | true | false | unknown | |
duckduckgo.com | 40.114.177.156 | true | false | unknown | |
49anx.leadernegligent.top | 23.177.184.66 | true | false | unknown | |
www.google.com | 142.250.184.196 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
false |
| unknown | |
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.184.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
40.114.177.156 | duckduckgo.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
23.177.184.66 | 49anx.leadernegligent.top | Reserved | 397321 | PROVIDENCE-MB-CA-01CA | false | |
172.66.0.227 | t.co | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520357 |
Start date and time: | 2024-09-27 08:59:50 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://t.co/1A1wQwNFVf |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@17/5@10/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.185.142, 142.251.168.84, 34.104.35.123, 20.12.23.50, 88.221.110.91, 2.16.100.168, 192.229.221.95, 20.3.187.198, 13.85.23.206, 13.85.23.86, 216.58.206.35
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://t.co/1A1wQwNFVf
Input | Output |
---|---|
URL: http://49anx.leadernegligent.top/contactos Model: jbxai | { "brand":["Globi"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41976 |
Entropy (8bit): | 5.230242913065828 |
Encrypted: | false |
SSDEEP: | 768:jRh3Dh4PrG0k+67kFZRugOK9TMtrEdc2Vm5ENm:jRhU9OUTMtMrV/c |
MD5: | FBCDB99507159D5ADDFB611628D97B0D |
SHA1: | 212A53454C0708CC1FE7D9CDD6A6601D1A9928AD |
SHA-256: | 9E4F86A55CC1DA7B15691188799F9B66EAD59E1223DCCCED1AEE0AE90283B31E |
SHA-512: | CD2DD15C5B670C1704C8D0D5AAA4DAD994CE883103CEB799B6AB6D2F843A545DF2E19852078F6803E14D9A38C9288594942CEF0350C14D2EFD7AB2C175E50E56 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 320 |
Entropy (8bit): | 4.7688408145247045 |
Encrypted: | false |
SSDEEP: | 6:p/ntc7pc3MRJVxCxXYBAlhl3d+AUm0RlXYBAlhl3FX9BXW31AXVbXYBAlrv3ub:plcVc3MxxGQAt3dWm0RlQAt3FPXK+XV8 |
MD5: | E6BE8AEBAAD1FB100BC0BF4AFF4A57F2 |
SHA1: | 474CD0F4588F669772C78304AD13516EFF6948DD |
SHA-256: | 6EB6DD179E319775FE73BD72E43738444AB71B4AE84CC7FD1DC644B80172D8F6 |
SHA-512: | EFCD9536B38F8CF6356C03B824EBFA8E29A367CAFAC26F6B0EF45CD4D93CCBDDF666AB7DC7427271EC256065E71D51828E9F91ADD4CD2EADF607AB9DD8516BEE |
Malicious: | false |
Reputation: | low |
URL: | https://t.co/1A1wQwNFVf |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 286 |
Entropy (8bit): | 4.619770731844525 |
Encrypted: | false |
SSDEEP: | 6:hxLMmyr5EdxqXCrHFWyh1L203OTxBVWR7qa0XyN3hO97KG4Qb:hKd4x5DsyhslhWRWUfpNQb |
MD5: | D8826A6F923CF0B8A54FFF6694D7968D |
SHA1: | 8F58D51CF27F3736C6BE9AECAEF4B114A7FF6195 |
SHA-256: | 05ACA3F12D00636ED4561BF87C6DFA3EDD2891D3B50DCD1C4A96EE4B5B30A2D6 |
SHA-512: | 91FC3BF02B1E76667F0C1CED9B148EED32907DCB8E99F0B03C82219DF93BF0DBFCF9AD0B255ADA7B068315C62F47C5B8294E00EF02F09240CEF6BEEF07D06328 |
Malicious: | false |
Reputation: | low |
URL: | http://49anx.leadernegligent.top/contactos |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 09:00:44.825350046 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Sep 27, 2024 09:00:50.420409918 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.420449972 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.420535088 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.420607090 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.420639992 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.420694113 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.420944929 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.420958042 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.421155930 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.421176910 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.905240059 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.906059027 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.906086922 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.906343937 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.906879902 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.906944990 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.907751083 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.907834053 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.907978058 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.907983065 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.911433935 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.911596060 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.912031889 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.912039042 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:50.912478924 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:50.912585020 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:51.042581081 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:51.042671919 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:51.120611906 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:51.245220900 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:51.315057039 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:51.315253973 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:51.315305948 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:51.320796013 CEST | 49735 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:00:51.320812941 CEST | 443 | 49735 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:00:51.835721016 CEST | 49739 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:51.838349104 CEST | 49740 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:51.840993881 CEST | 80 | 49739 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:51.841094017 CEST | 49739 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:51.841790915 CEST | 49739 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:51.843415976 CEST | 80 | 49740 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:51.843530893 CEST | 49740 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:51.846991062 CEST | 80 | 49739 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:51.965514898 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:51.965555906 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:51.965624094 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:51.970196009 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:51.970210075 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:52.615252018 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:52.615803957 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:52.615818024 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:52.617233038 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:52.617327929 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:52.829672098 CEST | 80 | 49739 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:52.829731941 CEST | 80 | 49739 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:52.829802036 CEST | 49739 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:52.866596937 CEST | 49739 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:52.872160912 CEST | 80 | 49739 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:53.192028999 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:53.192234993 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:53.319489002 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:53.319497108 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:00:53.424654007 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:00:53.648497105 CEST | 49740 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:53.653928041 CEST | 80 | 49740 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:54.428189039 CEST | 80 | 49740 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:54.428246975 CEST | 80 | 49740 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:54.428277016 CEST | 80 | 49740 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:54.428519964 CEST | 49740 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:54.439403057 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:54.439431906 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:54.439636946 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:54.443872929 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:54.443883896 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:54.448615074 CEST | 49740 | 80 | 192.168.2.4 | 23.177.184.66 |
Sep 27, 2024 09:00:54.454018116 CEST | 80 | 49740 | 23.177.184.66 | 192.168.2.4 |
Sep 27, 2024 09:00:54.460378885 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:54.460417032 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:54.460501909 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:54.461134911 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:54.461150885 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.082967043 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.083334923 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.083353043 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.084923983 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.085040092 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.098882914 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.098994017 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.103507996 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.103514910 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.103729010 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.177306890 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.219481945 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.371391058 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.371433020 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.371620893 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.373481035 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.373491049 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.373642921 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.373647928 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.518625021 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.519098997 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.520050049 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.520067930 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.616339922 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.616453886 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.616555929 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.617367029 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:55.617450953 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:55.621125937 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.769849062 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.769908905 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.769928932 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.769936085 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.769963026 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.769968987 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.770004988 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.770008087 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.770025015 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.770050049 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.770056963 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.770071030 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.770098925 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.770122051 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.780267000 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.780297041 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.780334949 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.780349970 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.780401945 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.780414104 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.780422926 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.780432940 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.780473948 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.782073975 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.782124996 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.782152891 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.782157898 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.782213926 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:55.782252073 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:55.782305002 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.023134947 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.023135900 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.023163080 CEST | 443 | 49743 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.023243904 CEST | 49743 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.067131996 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.067162037 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.067236900 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.068133116 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.068144083 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.262655020 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.262772083 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:56.273165941 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:56.273207903 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.273437977 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.276546001 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:56.319418907 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.545681000 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.545721054 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.545855999 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:56.547851086 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:56.547893047 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.547925949 CEST | 49744 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 27, 2024 09:00:56.547940969 CEST | 443 | 49744 | 184.28.90.27 | 192.168.2.4 |
Sep 27, 2024 09:00:56.688738108 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.689435959 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.689445972 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.691119909 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.691191912 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.692265034 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.692409039 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.692665100 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.692671061 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.746134043 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.948813915 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.948879004 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.948918104 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.948926926 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.948954105 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.948955059 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.949017048 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.949023962 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.949033022 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:56.949074030 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:56.949107885 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.030586004 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.030653954 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.030689955 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.030695915 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.030728102 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.030761957 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.031335115 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.031425953 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.031430960 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.031488895 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.031493902 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.031534910 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.031568050 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:00:57.031739950 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.031829119 CEST | 49745 | 443 | 192.168.2.4 | 40.114.177.156 |
Sep 27, 2024 09:00:57.031836987 CEST | 443 | 49745 | 40.114.177.156 | 192.168.2.4 |
Sep 27, 2024 09:01:02.522864103 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:02.523001909 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:02.523381948 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:02.805052042 CEST | 49723 | 80 | 192.168.2.4 | 199.232.210.172 |
Sep 27, 2024 09:01:02.810446978 CEST | 80 | 49723 | 199.232.210.172 | 192.168.2.4 |
Sep 27, 2024 09:01:02.810522079 CEST | 49723 | 80 | 192.168.2.4 | 199.232.210.172 |
Sep 27, 2024 09:01:02.862371922 CEST | 49741 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:02.862385035 CEST | 443 | 49741 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:05.806961060 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:01:05.807116032 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:01:05.807203054 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:01:06.445677996 CEST | 49736 | 443 | 192.168.2.4 | 172.66.0.227 |
Sep 27, 2024 09:01:06.445750952 CEST | 443 | 49736 | 172.66.0.227 | 192.168.2.4 |
Sep 27, 2024 09:01:51.997675896 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:51.997721910 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:51.997840881 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:51.998076916 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:51.998092890 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:52.137140036 CEST | 49724 | 80 | 192.168.2.4 | 199.232.210.172 |
Sep 27, 2024 09:01:52.142518997 CEST | 80 | 49724 | 199.232.210.172 | 192.168.2.4 |
Sep 27, 2024 09:01:52.142699003 CEST | 49724 | 80 | 192.168.2.4 | 199.232.210.172 |
Sep 27, 2024 09:01:52.635481119 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:52.635812044 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:52.635822058 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:52.636943102 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:52.637378931 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:01:52.637546062 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:01:52.683892965 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:02:02.541260958 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:02:02.541407108 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Sep 27, 2024 09:02:02.541501045 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:02:02.857712030 CEST | 49754 | 443 | 192.168.2.4 | 142.250.184.196 |
Sep 27, 2024 09:02:02.857738972 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 09:00:48.269263029 CEST | 53 | 52100 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:48.386667967 CEST | 53 | 65015 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:49.410310030 CEST | 53 | 51695 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:50.411662102 CEST | 58206 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:50.411988020 CEST | 50323 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:50.419127941 CEST | 53 | 50323 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:50.419202089 CEST | 53 | 58206 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:51.586205006 CEST | 50047 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:51.586760044 CEST | 58835 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:51.790177107 CEST | 53 | 58835 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:51.827811003 CEST | 53 | 50047 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:51.954835892 CEST | 55245 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:51.955826044 CEST | 61211 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:51.962346077 CEST | 53 | 55245 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:51.962466955 CEST | 53 | 61211 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:54.451858997 CEST | 52615 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:54.452483892 CEST | 53612 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:54.458830118 CEST | 53 | 52615 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:54.459621906 CEST | 53 | 53612 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:56.057943106 CEST | 61988 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:56.058917999 CEST | 60621 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 09:00:56.065258980 CEST | 53 | 61988 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:00:56.066328049 CEST | 53 | 60621 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:01:03.742456913 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Sep 27, 2024 09:01:06.453170061 CEST | 53 | 57316 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:01:25.482306004 CEST | 53 | 56240 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:01:47.754214048 CEST | 53 | 55694 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 09:01:48.245408058 CEST | 53 | 62834 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 09:00:50.411662102 CEST | 192.168.2.4 | 1.1.1.1 | 0xbc0d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 09:00:50.411988020 CEST | 192.168.2.4 | 1.1.1.1 | 0xafa2 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 09:00:51.586205006 CEST | 192.168.2.4 | 1.1.1.1 | 0x1341 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 09:00:51.586760044 CEST | 192.168.2.4 | 1.1.1.1 | 0xd1ab | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 09:00:51.954835892 CEST | 192.168.2.4 | 1.1.1.1 | 0x230d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 09:00:51.955826044 CEST | 192.168.2.4 | 1.1.1.1 | 0xd85c | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 09:00:54.451858997 CEST | 192.168.2.4 | 1.1.1.1 | 0x9e21 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 09:00:54.452483892 CEST | 192.168.2.4 | 1.1.1.1 | 0x9e06 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 09:00:56.057943106 CEST | 192.168.2.4 | 1.1.1.1 | 0x1ab4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 09:00:56.058917999 CEST | 192.168.2.4 | 1.1.1.1 | 0xe7ab | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 09:00:50.419202089 CEST | 1.1.1.1 | 192.168.2.4 | 0xbc0d | No error (0) | 172.66.0.227 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 09:00:51.827811003 CEST | 1.1.1.1 | 192.168.2.4 | 0x1341 | No error (0) | 23.177.184.66 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 09:00:51.962346077 CEST | 1.1.1.1 | 192.168.2.4 | 0x230d | No error (0) | 142.250.184.196 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 09:00:51.962466955 CEST | 1.1.1.1 | 192.168.2.4 | 0xd85c | No error (0) | 65 | IN (0x0001) | false | |||
Sep 27, 2024 09:00:54.458830118 CEST | 1.1.1.1 | 192.168.2.4 | 0x9e21 | No error (0) | 40.114.177.156 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 09:00:56.065258980 CEST | 1.1.1.1 | 192.168.2.4 | 0x1ab4 | No error (0) | 40.114.177.156 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 09:01:00.774249077 CEST | 1.1.1.1 | 192.168.2.4 | 0xd43f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 09:01:00.774249077 CEST | 1.1.1.1 | 192.168.2.4 | 0xd43f | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 09:01:14.206955910 CEST | 1.1.1.1 | 192.168.2.4 | 0x4cbb | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 09:01:14.206955910 CEST | 1.1.1.1 | 192.168.2.4 | 0x4cbb | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 23.177.184.66 | 80 | 3716 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 09:00:51.841790915 CEST | 483 | OUT | |
Sep 27, 2024 09:00:52.829672098 CEST | 580 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 23.177.184.66 | 80 | 3716 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 09:00:53.648497105 CEST | 431 | OUT | |
Sep 27, 2024 09:00:54.428189039 CEST | 235 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 172.66.0.227 | 443 | 3716 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 07:00:50 UTC | 657 | OUT | |
2024-09-27 07:00:51 UTC | 1176 | IN | |
2024-09-27 07:00:51 UTC | 193 | IN | |
2024-09-27 07:00:51 UTC | 134 | IN | |
2024-09-27 07:00:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49742 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 07:00:55 UTC | 161 | OUT | |
2024-09-27 07:00:55 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49743 | 40.114.177.156 | 443 | 3716 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 07:00:55 UTC | 452 | OUT | |
2024-09-27 07:00:55 UTC | 2365 | IN | |
2024-09-27 07:00:55 UTC | 14019 | IN | |
2024-09-27 07:00:55 UTC | 16384 | IN | |
2024-09-27 07:00:55 UTC | 11573 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49744 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 07:00:56 UTC | 239 | OUT | |
2024-09-27 07:00:56 UTC | 514 | IN | |
2024-09-27 07:00:56 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49745 | 40.114.177.156 | 443 | 3716 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 07:00:56 UTC | 338 | OUT | |
2024-09-27 07:00:56 UTC | 2365 | IN | |
2024-09-27 07:00:56 UTC | 14019 | IN | |
2024-09-27 07:00:57 UTC | 16384 | IN | |
2024-09-27 07:00:57 UTC | 11573 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 03:00:39 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 03:00:46 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 03:00:49 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |