Windows
Analysis Report
http://bestresulttostart.com
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 1880 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4296 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2224 --fi eld-trial- handle=179 2,i,318705 8256800355 177,137999 3953763023 5712,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6420 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://bestre sulttostar t.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Timestamp: | 04/17/24-22:59:13.670606 |
SID: | 2051948 |
Source Port: | 56414 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:15.160588 |
SID: | 2051949 |
Source Port: | 49740 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:19.535331 |
SID: | 2051949 |
Source Port: | 49745 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:12.928077 |
SID: | 2051948 |
Source Port: | 64840 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:13.670829 |
SID: | 2051948 |
Source Port: | 53193 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:19.204500 |
SID: | 2051948 |
Source Port: | 54694 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:12.928226 |
SID: | 2051948 |
Source Port: | 65084 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:14.001015 |
SID: | 2051949 |
Source Port: | 49737 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-22:59:19.205225 |
SID: | 2051948 |
Source Port: | 62320 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bestresulttostart.com | 193.163.7.113 | true | true | unknown | |
www.google.com | 172.253.124.106 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
true | unknown | ||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.253.124.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
193.163.7.113 | bestresulttostart.com | Denmark | 1935 | FR-RENATER-LIMOUSINReseauRegionalLimousinEU | true |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427642 |
Start date and time: | 2024-04-17 22:58:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://bestresulttostart.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@17/5@8/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.9.113, 142.250.9.138, 142.250.9.100, 142.250.9.139, 142.250.9.102, 142.250.9.101, 74.125.136.84, 172.217.215.94, 34.104.35.123, 20.12.23.50, 96.7.245.67, 96.7.245.8, 96.7.245.41, 96.7.245.89, 96.7.245.42, 96.7.245.96, 96.7.245.50, 96.7.245.64, 96.7.245.48, 20.166.126.56, 192.229.211.108, 172.253.124.94
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://bestresulttostart.com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13786 |
Entropy (8bit): | 5.3437849678241625 |
Encrypted: | false |
SSDEEP: | 384:5rUrsylveggod/jxOPZFixd7PXMcVYznQxeth4ukT/e6WmniyiR45nwdCKpD:5rUrsylGgBdLWZFixd7PXbVYznQxeo3S |
MD5: | 58D15C8061659EF77D42E8C5D3FF4984 |
SHA1: | 4FEFB78331EE102E720C03A36265F3B286DF3457 |
SHA-256: | 709F60C4E7BE64193C1EFF6ACA024338E157DA87200E114E84B061BFED693F98 |
SHA-512: | B19FADFBA525AFFA4A19B99F9B204BD6C4B74BEC88CF8892B5B17F996FF79C5782680EC9B57062600483226BD58CA5893EF61B95953B206E2EE1AC009DEF2885 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2569 |
Entropy (8bit): | 5.189345850041082 |
Encrypted: | false |
SSDEEP: | 48:Sv+g8d7+CZirJpGs3kGKsljbMeiHr6Gn3kIt5NtvQ7C3kIS3kInzKxr:S+C51MHr6GrrI79KB |
MD5: | 6A7720F00CDB8F8EF45A710192A61129 |
SHA1: | 49C333915A22CB5ADD86906888D96FB66C22A50A |
SHA-256: | DBD92BDD8B0BD06903D4922F102B3648D42E6EA2788B5FAEA4164466A1F5CA43 |
SHA-512: | EAA09707EF36C0A86AD5BC7537D27125828B2ACB4D67F3DDD2D2229E4554685C907A1757E9895756D5186714384B572568E1171FDD3E51ADD848DB4BB09B699F |
Malicious: | false |
Reputation: | low |
URL: | https://bestresulttostart.com/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 13786 |
Entropy (8bit): | 5.3437849678241625 |
Encrypted: | false |
SSDEEP: | 384:5rUrsylveggod/jxOPZFixd7PXMcVYznQxeth4ukT/e6WmniyiR45nwdCKpD:5rUrsylGgBdLWZFixd7PXbVYznQxeo3S |
MD5: | 58D15C8061659EF77D42E8C5D3FF4984 |
SHA1: | 4FEFB78331EE102E720C03A36265F3B286DF3457 |
SHA-256: | 709F60C4E7BE64193C1EFF6ACA024338E157DA87200E114E84B061BFED693F98 |
SHA-512: | B19FADFBA525AFFA4A19B99F9B204BD6C4B74BEC88CF8892B5B17F996FF79C5782680EC9B57062600483226BD58CA5893EF61B95953B206E2EE1AC009DEF2885 |
Malicious: | false |
Reputation: | low |
URL: | https://bestresulttostart.com/favicon.ico |
Preview: |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/17/24-22:59:13.670606 | UDP | 2051948 | ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) | 56414 | 53 | 192.168.2.4 | 1.1.1.1 |
04/17/24-22:59:15.160588 | TCP | 2051949 | ET CURRENT_EVENTS Balada Domain in TLS SNI (bestresulttostart .com) | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
04/17/24-22:59:19.535331 | TCP | 2051949 | ET CURRENT_EVENTS Balada Domain in TLS SNI (bestresulttostart .com) | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
04/17/24-22:59:12.928077 | UDP | 2051948 | ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) | 64840 | 53 | 192.168.2.4 | 1.1.1.1 |
04/17/24-22:59:13.670829 | UDP | 2051948 | ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) | 53193 | 53 | 192.168.2.4 | 1.1.1.1 |
04/17/24-22:59:19.204500 | UDP | 2051948 | ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) | 54694 | 53 | 192.168.2.4 | 1.1.1.1 |
04/17/24-22:59:12.928226 | UDP | 2051948 | ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) | 65084 | 53 | 192.168.2.4 | 1.1.1.1 |
04/17/24-22:59:14.001015 | TCP | 2051949 | ET CURRENT_EVENTS Balada Domain in TLS SNI (bestresulttostart .com) | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
04/17/24-22:59:19.205225 | UDP | 2051948 | ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) | 62320 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 22:59:04.313013077 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 17, 2024 22:59:13.259165049 CEST | 49735 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:13.259687901 CEST | 49736 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:13.463929892 CEST | 80 | 49736 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:13.464150906 CEST | 49736 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:13.464292049 CEST | 49736 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:13.468589067 CEST | 80 | 49735 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:13.468964100 CEST | 49735 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:13.668433905 CEST | 80 | 49736 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:13.668490887 CEST | 80 | 49736 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:13.721477985 CEST | 49736 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:13.924947023 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 17, 2024 22:59:14.000673056 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.000749111 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.000842094 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.001014948 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.001032114 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.432419062 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.432749033 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.432805061 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.434032917 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.434114933 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.435137033 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.435214043 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.435359955 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.435374975 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.475553036 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.826878071 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.826975107 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.827039957 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.827090979 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.827265978 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:14.827322960 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.959733009 CEST | 49737 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:14.959772110 CEST | 443 | 49737 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.159997940 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:15.160036087 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.160092115 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:15.160588026 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:15.160603046 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.595547915 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.596165895 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:15.596178055 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.597276926 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.598324060 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:15.598480940 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:15.598933935 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:15.644119024 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013052940 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013192892 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013242960 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.013257980 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013355970 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013403893 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.013408899 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013520956 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.013564110 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.013569117 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.066143036 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.066153049 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.114128113 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.220474958 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.220582962 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.220624924 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.220645905 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.220654964 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.220711946 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.220731974 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.221137047 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.221147060 CEST | 443 | 49740 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:16.221167088 CEST | 49740 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:16.470252991 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:16.470335007 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:16.470607042 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:16.471950054 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:16.472026110 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:16.693850040 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:16.749327898 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:17.879050970 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:17.879132032 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:17.882977962 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:17.883017063 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:17.883064985 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:17.926485062 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:18.325459957 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:18.325547934 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:18.325731993 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:18.328042984 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:18.328078985 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:18.553715944 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:18.553812027 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:18.569072962 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:18.569147110 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:18.570137978 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:18.614100933 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:18.699296951 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:18.699686050 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:18.754607916 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:18.754621029 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:18.801482916 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:19.046083927 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.088144064 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.152704000 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.152851105 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.152920961 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.156369925 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.156414032 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.156445026 CEST | 49743 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.156461000 CEST | 443 | 49743 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.217327118 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.217366934 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.217564106 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.218579054 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.218651056 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.434824944 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.434911966 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.440512896 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.440542936 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.440848112 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.443058968 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.484159946 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.534544945 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.534636021 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:19.534708977 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.535331011 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.535365105 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:19.640458107 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.640511990 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.640716076 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.643040895 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.643040895 CEST | 49744 | 443 | 192.168.2.4 | 184.31.62.93 |
Apr 17, 2024 22:59:19.643105030 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.643142939 CEST | 443 | 49744 | 184.31.62.93 | 192.168.2.4 |
Apr 17, 2024 22:59:19.968231916 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:19.968513966 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.968564987 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:19.969639063 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:19.969707966 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.970096111 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.970166922 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:19.970374107 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:19.970391035 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.015054941 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.383397102 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.383424997 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.383449078 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.383487940 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.383503914 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.383503914 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.383553028 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.383593082 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.383614063 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.589642048 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.589673996 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.589693069 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.589745998 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:20.589755058 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.589905977 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.598093033 CEST | 49745 | 443 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:20.598140001 CEST | 443 | 49745 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:26.707943916 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:26.708128929 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:26.708213091 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:28.217509031 CEST | 49742 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 22:59:28.217569113 CEST | 443 | 49742 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 22:59:43.671863079 CEST | 80 | 49736 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:43.671956062 CEST | 49736 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:44.252192020 CEST | 49736 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:44.456676960 CEST | 80 | 49736 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 22:59:58.468707085 CEST | 49735 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 22:59:58.678612947 CEST | 80 | 49735 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 23:00:14.172800064 CEST | 49735 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 23:00:14.382476091 CEST | 80 | 49735 | 193.163.7.113 | 192.168.2.4 |
Apr 17, 2024 23:00:14.382544041 CEST | 49735 | 80 | 192.168.2.4 | 193.163.7.113 |
Apr 17, 2024 23:00:16.307564020 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:16.307641983 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:16.307816029 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:16.308001041 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:16.308039904 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:16.527964115 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:16.528264999 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:16.528323889 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:16.529046059 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:16.529903889 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:16.530033112 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:16.578113079 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:20.969044924 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 17, 2024 23:00:20.969299078 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 17, 2024 23:00:21.072823048 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
Apr 17, 2024 23:00:21.072870016 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
Apr 17, 2024 23:00:21.072911978 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
Apr 17, 2024 23:00:21.072921991 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 17, 2024 23:00:21.072957993 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
Apr 17, 2024 23:00:21.073021889 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
Apr 17, 2024 23:00:26.534086943 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:26.534234047 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Apr 17, 2024 23:00:26.534302950 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:28.173779011 CEST | 49753 | 443 | 192.168.2.4 | 172.253.124.106 |
Apr 17, 2024 23:00:28.173839092 CEST | 443 | 49753 | 172.253.124.106 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 22:59:11.931283951 CEST | 53 | 56543 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:11.932423115 CEST | 53 | 53379 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:12.634787083 CEST | 53 | 60287 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:12.928076982 CEST | 64840 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:12.928225994 CEST | 65084 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:13.253396988 CEST | 53 | 65084 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:13.258524895 CEST | 53 | 64840 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:13.670605898 CEST | 56414 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:13.670829058 CEST | 53193 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:13.989984989 CEST | 53 | 56414 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:13.998239040 CEST | 53 | 53193 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:16.252331018 CEST | 62021 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:16.252562046 CEST | 55724 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:16.357214928 CEST | 53 | 55724 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:16.357829094 CEST | 53 | 62021 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:19.204499960 CEST | 54694 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:19.205224991 CEST | 62320 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 22:59:19.311165094 CEST | 53 | 62320 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:19.533945084 CEST | 53 | 54694 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:29.904892921 CEST | 53 | 56925 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 22:59:32.538456917 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 17, 2024 22:59:48.808496952 CEST | 53 | 60737 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 23:00:11.172007084 CEST | 53 | 61302 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 23:00:11.866554976 CEST | 53 | 52632 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 22:59:12.928076982 CEST | 192.168.2.4 | 1.1.1.1 | 0x2eb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 22:59:12.928225994 CEST | 192.168.2.4 | 1.1.1.1 | 0x3d91 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 17, 2024 22:59:13.670605898 CEST | 192.168.2.4 | 1.1.1.1 | 0x51e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 22:59:13.670829058 CEST | 192.168.2.4 | 1.1.1.1 | 0x9f9f | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 17, 2024 22:59:16.252331018 CEST | 192.168.2.4 | 1.1.1.1 | 0xb8c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 22:59:16.252562046 CEST | 192.168.2.4 | 1.1.1.1 | 0xfb8e | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 17, 2024 22:59:19.204499960 CEST | 192.168.2.4 | 1.1.1.1 | 0xf1ab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 22:59:19.205224991 CEST | 192.168.2.4 | 1.1.1.1 | 0xbd03 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 22:59:13.258524895 CEST | 1.1.1.1 | 192.168.2.4 | 0x2eb | No error (0) | 193.163.7.113 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:13.989984989 CEST | 1.1.1.1 | 192.168.2.4 | 0x51e3 | No error (0) | 193.163.7.113 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:16.357214928 CEST | 1.1.1.1 | 192.168.2.4 | 0xfb8e | No error (0) | 65 | IN (0x0001) | false | |||
Apr 17, 2024 22:59:16.357829094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb8c3 | No error (0) | 172.253.124.106 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:16.357829094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb8c3 | No error (0) | 172.253.124.103 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:16.357829094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb8c3 | No error (0) | 172.253.124.104 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:16.357829094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb8c3 | No error (0) | 172.253.124.105 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:16.357829094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb8c3 | No error (0) | 172.253.124.99 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:16.357829094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb8c3 | No error (0) | 172.253.124.147 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:19.533945084 CEST | 1.1.1.1 | 192.168.2.4 | 0xf1ab | No error (0) | 193.163.7.113 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:28.319523096 CEST | 1.1.1.1 | 192.168.2.4 | 0x8008 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:28.319523096 CEST | 1.1.1.1 | 192.168.2.4 | 0x8008 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:44.980669022 CEST | 1.1.1.1 | 192.168.2.4 | 0x1e72 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 22:59:44.980669022 CEST | 1.1.1.1 | 192.168.2.4 | 0x1e72 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:00:03.909961939 CEST | 1.1.1.1 | 192.168.2.4 | 0x1dab | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 23:00:03.909961939 CEST | 1.1.1.1 | 192.168.2.4 | 0x1dab | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:00:24.573575974 CEST | 1.1.1.1 | 192.168.2.4 | 0x6623 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 23:00:24.573575974 CEST | 1.1.1.1 | 192.168.2.4 | 0x6623 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49736 | 193.163.7.113 | 80 | 4296 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 17, 2024 22:59:13.464292049 CEST | 436 | OUT | |
Apr 17, 2024 22:59:13.668490887 CEST | 360 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49735 | 193.163.7.113 | 80 | 4296 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 17, 2024 22:59:58.468707085 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 193.163.7.113 | 443 | 4296 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 20:59:14 UTC | 664 | OUT | |
2024-04-17 20:59:14 UTC | 339 | IN | |
2024-04-17 20:59:14 UTC | 1030 | IN | |
2024-04-17 20:59:14 UTC | 1369 | IN | |
2024-04-17 20:59:14 UTC | 170 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 193.163.7.113 | 443 | 4296 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 20:59:15 UTC | 598 | OUT | |
2024-04-17 20:59:16 UTC | 263 | IN | |
2024-04-17 20:59:16 UTC | 1106 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN | |
2024-04-17 20:59:16 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49743 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 20:59:19 UTC | 161 | OUT | |
2024-04-17 20:59:19 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49744 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 20:59:19 UTC | 239 | OUT | |
2024-04-17 20:59:19 UTC | 804 | IN | |
2024-04-17 20:59:19 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49745 | 193.163.7.113 | 443 | 4296 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 20:59:19 UTC | 356 | OUT | |
2024-04-17 20:59:20 UTC | 263 | IN | |
2024-04-17 20:59:20 UTC | 1106 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN | |
2024-04-17 20:59:20 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 22:59:06 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 22:59:09 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 22:59:11 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |