Windows
Analysis Report
http://stats.microsoft.regsvc.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 6196 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6972 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2056 --fi eld-trial- handle=196 0,i,102181 1898179178 5353,28595 3002148086 16,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6652 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://stats. microsoft. regsvc.com " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sendgrid.net | 167.89.118.109 | true | false |
| unknown |
www.google.com | 142.250.186.132 | true | false |
| unknown |
stats.microsoft.regsvc.com | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
167.89.118.109 | sendgrid.net | United States | 11377 | SENDGRIDUS | false | |
142.250.186.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1525380 |
Start date and time: | 2024-10-04 04:32:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://stats.microsoft.regsvc.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@17/10@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.184.206, 108.177.15.84, 34.104.35.123, 142.250.186.99, 142.250.74.206
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.981503834384604 |
Encrypted: | false |
SSDEEP: | 48:8Dd4cTY2LLqcHYUidAKZdA1FehwiZUklqehQy+3:8CcsYqj6/y |
MD5: | 6B1C8377A3153CCE981701D10D218BC6 |
SHA1: | DECB2E67F0F62F37BEF79B3148DCDB94E0A2110E |
SHA-256: | 9837A7C8DAAF5F6E93600675A90840989051D44AB16AEB326240B0133C152BF4 |
SHA-512: | 73BE0F018FEF12FEF4B3B6BC77E6F3B20729AD51C3E6781E65E25733EFD2A0FA8BD2E8E9F26D660A78D1DCA0E447CBF60F58C9F3C88EC804D2B31FFEE43E84D9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.999021651427548 |
Encrypted: | false |
SSDEEP: | 48:82d4cTY2LLqcHYUidAKZdA1seh/iZUkAQkqehvy+2:8VcsYqj09QWy |
MD5: | 77C1E3EC431F06B42BED27E1D77A5CE1 |
SHA1: | C16E7E23344BA94A510510E19271F8250C4E6481 |
SHA-256: | D66DCB51628C7497A3A7069629680410E93086CA5B81D6F406B5449E28A6886C |
SHA-512: | 982D6CA8CA07C667463A9A6F50085E8A3527AD74E05ADD651B7C5AF211254A05A0D3CB7284710B9A1DC71EAEBFDFB906E688206E435F530A773A4C4BCD5F2BBE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.00696560281615 |
Encrypted: | false |
SSDEEP: | 48:80d4cTY2LLAHYUidAKZdA14meh7sFiZUkmgqeh7sdy+BX:8PcsYP4nLy |
MD5: | 0A2F0176F08415A23247CB29E3875F5F |
SHA1: | 9551018A3EBF9291DAA89C0F15678956CD1AB989 |
SHA-256: | C858DF3561BC718C26522440C034118126275018924728FDA1213CE16258FD14 |
SHA-512: | 4CB8FFCD09361E94B646B7CC3690EF96E77D9B099E94AEEF6B4FE9B46999EC3B67E7570E5427F2EC87A0FB177E889C85A569A2DECD7A932485DFF1B043DF170F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9960363851032206 |
Encrypted: | false |
SSDEEP: | 48:8Hd4cTY2LLqcHYUidAKZdA1TehDiZUkwqehjy+R:8mcsYqjvVy |
MD5: | 1D3A04A89B9A6F474A0049E93859ABC1 |
SHA1: | 1EB87C415420F0515DEF254E38430FF85D4B0320 |
SHA-256: | AA5B522E4B8894595BFA5AA24AD6FD791772891C45A4FE26AD1EB28CF7E553EF |
SHA-512: | 457617CC59FE3CBD5022F0818C5B38C0546BDC8796D0EF02901DCDB0A240215E28F4CA6D7C4101FCDEF105A9EF54AB9BBD564ACF9C34A4FA8477AE5073D0C0A4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9847746371833273 |
Encrypted: | false |
SSDEEP: | 48:8Mgd4cTY2LLqcHYUidAKZdA1dehBiZUk1W1qehJy+C:8MrcsYqjv9py |
MD5: | 112274E567E904968EF24998AF06A085 |
SHA1: | F17A713C6A55CD3176C0283A1C217855959F7E5B |
SHA-256: | DB01368AD843BE5ED8A30D07894AEB714F93AECA3C0B915A5728548D4328A413 |
SHA-512: | F06CA85CC7E79B2C27CF2C2FB504587694DD2262D0EFEAD5FFB979E605C387EC74075AEBA31F79E7FBE7D6B60BD568B8E933A799517FBAE85EED5B5B7ADF612F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9942184953336235 |
Encrypted: | false |
SSDEEP: | 48:8Nd4cTY2LLqcHYUidAKZdA1duTeehOuTbbiZUk5OjqehOuTbLy+yT+:84csYqjTTfTbxWOvTbLy7T |
MD5: | 4EA6DEF07EB446E85111AC9B6BA2C5D1 |
SHA1: | 9F5D2B9A469D44C387E08E6DB6A6A6DAA7900D63 |
SHA-256: | 4E86E3F1787DF16CE5880CB5FBC640B6DC051706C1BD8C44CECD4BA1C44CD65D |
SHA-512: | A78AC8105D69C12D630A9AC07AD66F92F85BE16A4EDAE12D37238CC076842FE7BFD9F1DADC5BED605AE77639CBCD68F2E9D1FA3121F9A7C2347C652AE7E0E4F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 564 |
Entropy (8bit): | 4.72971822420855 |
Encrypted: | false |
SSDEEP: | 12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc |
MD5: | 8E325DC2FEA7C8900FC6C4B8C6C394FE |
SHA1: | 1B3291D4EEA179C84145B2814CB53E6A506EC201 |
SHA-256: | 0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2 |
SHA-512: | 084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14 |
Malicious: | false |
Reputation: | low |
URL: | http://stats.microsoft.regsvc.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 564 |
Entropy (8bit): | 4.72971822420855 |
Encrypted: | false |
SSDEEP: | 12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc |
MD5: | 8E325DC2FEA7C8900FC6C4B8C6C394FE |
SHA1: | 1B3291D4EEA179C84145B2814CB53E6A506EC201 |
SHA-256: | 0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2 |
SHA-512: | 084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14 |
Malicious: | false |
Reputation: | low |
URL: | http://stats.microsoft.regsvc.com/ |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 4, 2024 04:32:40.452605009 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:40.453319073 CEST | 49707 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:40.457457066 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:32:40.457547903 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:40.457676888 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:40.458177090 CEST | 80 | 49707 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:32:40.458249092 CEST | 49707 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:40.462435961 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:32:41.071374893 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:32:41.117024899 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:41.226779938 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:41.231671095 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:32:41.403768063 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:32:41.451035976 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:32:42.198503017 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:32:42.501986980 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:32:43.108969927 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:32:44.313940048 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:32:44.354827881 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:44.354887009 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:44.354995966 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:44.355278015 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:44.355293989 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:44.841584921 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:32:44.991805077 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:44.992311954 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:44.992376089 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:44.994043112 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:44.994127035 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:44.995457888 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:44.995557070 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:45.045053959 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:45.045118093 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:45.093059063 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:46.721976995 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:32:48.424143076 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:48.424252987 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:48.424352884 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:48.425937891 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:48.425966978 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.063771009 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.064026117 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.066606045 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.066634893 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.066849947 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.107642889 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.155407906 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.336236000 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.336299896 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.336365938 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.337542057 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.337574959 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.337608099 CEST | 49713 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.337616920 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.352766991 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:49.352796078 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:49.352864027 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:49.354032993 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:49.354044914 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:49.369394064 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.369474888 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:49.369579077 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.369827986 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:49.369859934 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.016877890 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.016963005 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:50.018147945 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:50.018163919 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.018529892 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.021650076 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:50.038177967 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.038254976 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.040787935 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.040796995 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.041176081 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.067406893 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.085886002 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.094724894 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.139409065 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.294238091 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.294337034 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.294413090 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:50.295094967 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:50.295142889 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.295173883 CEST | 49715 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 04:32:50.295191050 CEST | 443 | 49715 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315366983 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315409899 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315424919 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315437078 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315468073 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315494061 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.315509081 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315537930 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.315572023 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.315785885 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.315850973 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.315857887 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.316205978 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.316265106 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.328478098 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.328499079 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.328543901 CEST | 49714 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:32:50.328550100 CEST | 443 | 49714 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:32:50.372293949 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:32:50.674959898 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:32:51.280941010 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:32:51.535931110 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:32:52.493990898 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:32:54.840087891 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:32:54.894864082 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:54.895030022 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:54.895137072 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:54.903959990 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:32:55.140954018 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:32:55.753976107 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:32:55.755752087 CEST | 49711 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:32:55.755824089 CEST | 443 | 49711 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:32:56.969079018 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:32:59.373294115 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:32:59.707032919 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:33:01.146112919 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 04:33:04.179980993 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:33:09.317079067 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 04:33:13.783061981 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 04:33:25.468302011 CEST | 49707 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:33:25.474108934 CEST | 80 | 49707 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:33:26.411210060 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:33:26.416928053 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:33:26.657901049 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:26.657993078 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:26.658365965 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:26.658807993 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:26.658889055 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.067300081 CEST | 49697 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 04:33:27.067300081 CEST | 49698 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 04:33:27.072643995 CEST | 80 | 49697 | 93.184.221.240 | 192.168.2.16 |
Oct 4, 2024 04:33:27.072734118 CEST | 49697 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 04:33:27.072961092 CEST | 80 | 49698 | 93.184.221.240 | 192.168.2.16 |
Oct 4, 2024 04:33:27.073018074 CEST | 49698 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 04:33:27.341557980 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.342057943 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.343661070 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.343715906 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.344187975 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.346416950 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.387481928 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.603498936 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.603528976 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.603548050 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.603672028 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.603708029 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.603780985 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.604051113 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.604094028 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.604126930 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.604135990 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.604183912 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.604783058 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.604840040 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.604846954 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.604908943 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.607353926 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.607383013 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:27.607436895 CEST | 49716 | 443 | 192.168.2.16 | 20.109.210.53 |
Oct 4, 2024 04:33:27.607445955 CEST | 443 | 49716 | 20.109.210.53 | 192.168.2.16 |
Oct 4, 2024 04:33:40.991252899 CEST | 80 | 49707 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:33:40.991396904 CEST | 49707 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:33:41.754534960 CEST | 49707 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:33:41.760988951 CEST | 80 | 49707 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:33:44.399898052 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:44.399955988 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:44.400230885 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:44.400501966 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:44.400541067 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:45.040724993 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:45.041256905 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:45.041320086 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:45.042206049 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:45.042613983 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:45.042759895 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:45.087063074 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:46.404917002 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:33:46.405241966 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:33:47.755049944 CEST | 49706 | 80 | 192.168.2.16 | 167.89.118.109 |
Oct 4, 2024 04:33:47.760730982 CEST | 80 | 49706 | 167.89.118.109 | 192.168.2.16 |
Oct 4, 2024 04:33:54.956156015 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:54.956227064 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:33:54.956289053 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:55.754791975 CEST | 49718 | 443 | 192.168.2.16 | 142.250.186.132 |
Oct 4, 2024 04:33:55.754863024 CEST | 443 | 49718 | 142.250.186.132 | 192.168.2.16 |
Oct 4, 2024 04:34:17.441123962 CEST | 49700 | 80 | 192.168.2.16 | 192.229.221.95 |
Oct 4, 2024 04:34:17.447613001 CEST | 80 | 49700 | 192.229.221.95 | 192.168.2.16 |
Oct 4, 2024 04:34:17.448122025 CEST | 49700 | 80 | 192.168.2.16 | 192.229.221.95 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 4, 2024 04:32:39.514178038 CEST | 53 | 52186 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:39.647604942 CEST | 53 | 60274 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:40.426635027 CEST | 49460 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 04:32:40.426800013 CEST | 56275 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 04:32:40.445419073 CEST | 53 | 49460 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:40.466265917 CEST | 53 | 56275 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:40.610383034 CEST | 53 | 56646 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:44.347049952 CEST | 63893 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 04:32:44.347209930 CEST | 55156 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 04:32:44.353692055 CEST | 53 | 63893 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:44.353843927 CEST | 53 | 55156 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:32:57.610193014 CEST | 53 | 58751 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:33:16.631834984 CEST | 53 | 50986 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:33:39.269081116 CEST | 53 | 50904 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:33:39.482526064 CEST | 53 | 50526 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 04:33:46.548907042 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Oct 4, 2024 04:34:07.639369965 CEST | 53 | 60583 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Oct 4, 2024 04:32:40.466322899 CEST | 192.168.2.16 | 1.1.1.1 | c24f | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 4, 2024 04:32:40.426635027 CEST | 192.168.2.16 | 1.1.1.1 | 0x6dd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 4, 2024 04:32:40.426800013 CEST | 192.168.2.16 | 1.1.1.1 | 0xbb13 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 4, 2024 04:32:44.347049952 CEST | 192.168.2.16 | 1.1.1.1 | 0xf992 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 4, 2024 04:32:44.347209930 CEST | 192.168.2.16 | 1.1.1.1 | 0x74f3 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.118.109 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.118.128 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.115.52 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.115.61 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.115.150 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.115.28 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.115.120 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.115.56 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.118.52 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.118.95 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.118.83 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.445419073 CEST | 1.1.1.1 | 192.168.2.16 | 0x6dd0 | No error (0) | 167.89.118.120 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:40.466265917 CEST | 1.1.1.1 | 192.168.2.16 | 0xbb13 | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:44.353692055 CEST | 1.1.1.1 | 192.168.2.16 | 0xf992 | No error (0) | 142.250.186.132 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 04:32:44.353843927 CEST | 1.1.1.1 | 192.168.2.16 | 0x74f3 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49706 | 167.89.118.109 | 80 | 6972 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 4, 2024 04:32:40.457676888 CEST | 441 | OUT | |
Oct 4, 2024 04:32:41.071374893 CEST | 712 | IN | |
Oct 4, 2024 04:32:41.226779938 CEST | 396 | OUT | |
Oct 4, 2024 04:32:41.403768063 CEST | 712 | IN | |
Oct 4, 2024 04:33:26.411210060 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49707 | 167.89.118.109 | 80 | 6972 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 4, 2024 04:33:25.468302011 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49713 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 02:32:49 UTC | 161 | OUT | |
2024-10-04 02:32:49 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49715 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 02:32:50 UTC | 239 | OUT | |
2024-10-04 02:32:50 UTC | 515 | IN | |
2024-10-04 02:32:50 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49714 | 20.109.210.53 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 02:32:50 UTC | 306 | OUT | |
2024-10-04 02:32:50 UTC | 560 | IN | |
2024-10-04 02:32:50 UTC | 15824 | IN | |
2024-10-04 02:32:50 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49716 | 20.109.210.53 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 02:33:27 UTC | 306 | OUT | |
2024-10-04 02:33:27 UTC | 560 | IN | |
2024-10-04 02:33:27 UTC | 15824 | IN | |
2024-10-04 02:33:27 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 22:32:37 |
Start date: | 03/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 22:32:38 |
Start date: | 03/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 22:32:39 |
Start date: | 03/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |