Windows
Analysis Report
http://fo238.top
Overview
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6428 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6660 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2432 --fi eld-trial- handle=238 8,i,591806 9433829580 078,544168 8739374392 254,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2972 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://fo238. top" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
a.nel.cloudflare.com | 35.190.80.1 | true | false | high | |
fo238.top | 172.67.206.98 | true | false | unknown | |
www.google.com | 64.233.185.104 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false | |
172.67.206.98 | fo238.top | United States | 13335 | CLOUDFLARENETUS | false | |
64.233.185.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
104.21.93.68 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430412 |
Start date and time: | 2024-04-23 16:26:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://fo238.top |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@17/11@10/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.15.94, 142.250.105.139, 142.250.105.113, 142.250.105.101, 142.250.105.102, 142.250.105.100, 142.250.105.138, 64.233.185.84, 34.104.35.123, 40.68.123.157, 23.205.104.8, 192.229.211.108, 199.232.214.172, 52.165.164.15, 13.85.23.206, 64.233.176.94, 23.46.238.194, 23.46.238.193, 23.215.0.17, 23.215.0.6
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://fo238.top
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9694652243808246 |
Encrypted: | false |
SSDEEP: | 48:82dTTb/jQHridAKZdA19ehwiZUklqehZy+3:8i/j46y |
MD5: | 7243E8F7FD6A7115C4326B8ABE2075FD |
SHA1: | 5C5CCEEAE730A5745E4DDE7ECA29C488D4BAB1D0 |
SHA-256: | 885259CD761C58D56CA901CB3EF35DDC18A6CD0DEE4978046677D5275E684FD1 |
SHA-512: | B72CD8978ACC76F0E1572BD7165E33C18D51DAFC627ADD4441E307E9191FEF629C99085C4A06EAA7FB8B52ECBC88E3455374D605A4E530DDEDC88F9394DC60D3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9846243089661413 |
Encrypted: | false |
SSDEEP: | 48:82dTTb/jQHridAKZdA1weh/iZUkAQkqehqy+2:8i/jS9Qry |
MD5: | 3A6ECA28C369A950A89441C4659CCCE7 |
SHA1: | CE83995C4FA7622E88F1D38D7D058A4C0F659785 |
SHA-256: | E3E60A9D64A8FB73641387FCDC5D301E7905E85437D2CE20D5EDA2D1BA211BAF |
SHA-512: | 6B9EB7E7E9936FEA44247DEC1F57C2A366BFE678B0DCC91D42DBED98A231D632F849F077963BCA385D81920CB116FCE7B59B3089A37D306F8FFB3CB3DE4B9E3A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.00149083795162 |
Encrypted: | false |
SSDEEP: | 48:8x0dTTb/jsHridAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8xM/jGney |
MD5: | AEB8FCE476BB5CFC33EA0F00F1518D03 |
SHA1: | 46692937AE1D7B582B85166A1BB22BE1903880C7 |
SHA-256: | 8FED2E1BFEE5443143F30021241E90E9DFAB07A318ACC1832DB9276176E180AD |
SHA-512: | 8C06837C2A6FFCA184AD0FEDA1EB33089A88A9105DC944E6E91B813AC330CFF66E519094CEEE243EB4EA6E6EED99EA5E549F49833CA96B19567FDBE3603FE71C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.987826127428573 |
Encrypted: | false |
SSDEEP: | 48:8TdTTb/jQHridAKZdA1vehDiZUkwqehmy+R:8V/j5Ey |
MD5: | F76BE08B6F96844015337B2CF30DE85D |
SHA1: | 81C9E973FBCAA02E64491544C59CC1C24B97C736 |
SHA-256: | D40173B2F55F6DF4737DA6250D13776D46644B837734B4A8FFF554653F71D71A |
SHA-512: | FDA1CBC976A7DEDBDA3CDDB126B148A8211AF7F1B5AA252EA8F0A2B4F84338487537EC6BAE5EC277A768049E330B056B248910761CFD3FC6020D01FB792CDBA2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9745377071854415 |
Encrypted: | false |
SSDEEP: | 48:8ydTTb/jQHridAKZdA1hehBiZUk1W1qehwy+C:82/jJ9Qy |
MD5: | A08530BBBF6B897D84DDC3DF9D388025 |
SHA1: | 870D31358E6724A720C465EE31A829052FFC1E02 |
SHA-256: | 86F3CC8A36ABB35579644238358409031FEC5EDB0A197A73A8CF763490AF436F |
SHA-512: | 6484F35DA7BCEE9C054DE01393EE94995FF6669B8646E875D405A3E836287D2CDC9F53836980ADFE6EE10EB9FFB81F5C12A0931CA4473E1E9A00D194044DFC85 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9907340339295536 |
Encrypted: | false |
SSDEEP: | 48:84dTTb/jQHridAKZdA1duT+ehOuTbbiZUk5OjqehOuTbey+yT+:8I/jVT/TbxWOvTbey7T |
MD5: | 598823535B42DF0CE9CC6DD43C21C0C6 |
SHA1: | 4FDA8ACB7FD67FA22910A22E3795BD05DFB4B84D |
SHA-256: | BEC3FE040AC58F6F55C7EFCD3650DFA73117FECEA014DBF6C683A6B32BF754E1 |
SHA-512: | D94C9EFA8BDF818008E2CA9E580FB2E4E39C01D22557CC2D6DA77FE9E3529E821247618B3D67662B76ADF71EFF15651AA4CB3590B0A33368DC4BBB274DDE2C6B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20 |
Entropy (8bit): | 3.3841837197791884 |
Encrypted: | false |
SSDEEP: | 3:OHKW3Ae:OqOAe |
MD5: | DC5BCBF7F9372CCC9AEDB581FE88EDFE |
SHA1: | 79097FE77C29B4CA590114BDD0331431A1EFC470 |
SHA-256: | D872E8E4176213EA84EBC76D8FB621C31B4CA116FD0A51258813E804FE110CA4 |
SHA-512: | 1EA2F632E9647FBDE1DA45DB3F295620E3B8228E48C237134DE7ADCE74121F9F12B0A647D27A574B4172A93A4E86B9C1B5868C24ABA5F48253E6283EAB35F6F0 |
Malicious: | false |
Reputation: | low |
URL: | https://fo238.top/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34 |
Entropy (8bit): | 4.594672032363179 |
Encrypted: | false |
SSDEEP: | 3:dnHnyD:k |
MD5: | 1AD7058E90D7DB22A25C7579186C04AD |
SHA1: | 6CF6D451E28E0A5FF7A8C7A4ACE24D8A0977F0C1 |
SHA-256: | E1E10747C2374F621AA59FEFEDE6EF99DC6ACDB41B267AB4AF408D5529F89EA8 |
SHA-512: | 17E04CD2B654D710FAAD47F8A7664BB6A136AC9E52C83D3F3C590E9F6C18EAF8C52988E5741AECAAC7D95DAF130AB6C70671E7EA3B107F0AC3A2BB3EDFC5C9E0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 34 |
Entropy (8bit): | 4.594672032363179 |
Encrypted: | false |
SSDEEP: | 3:dnHnyD:k |
MD5: | 1AD7058E90D7DB22A25C7579186C04AD |
SHA1: | 6CF6D451E28E0A5FF7A8C7A4ACE24D8A0977F0C1 |
SHA-256: | E1E10747C2374F621AA59FEFEDE6EF99DC6ACDB41B267AB4AF408D5529F89EA8 |
SHA-512: | 17E04CD2B654D710FAAD47F8A7664BB6A136AC9E52C83D3F3C590E9F6C18EAF8C52988E5741AECAAC7D95DAF130AB6C70671E7EA3B107F0AC3A2BB3EDFC5C9E0 |
Malicious: | false |
Reputation: | low |
URL: | https://fo238.top/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 16:27:16.488673925 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:16.488928080 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:16.582418919 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:25.399301052 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.399332047 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.399401903 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.399916887 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.399931908 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.628340006 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.635438919 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.635457039 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.637130022 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.637227058 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.642041922 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.642232895 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.760502100 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.760545969 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:25.760631084 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.760921001 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.760935068 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:25.852129936 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:25.852216959 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:25.980134010 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:25.980443954 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.980462074 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:25.981314898 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:25.981384039 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.982677937 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.982745886 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:25.982947111 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:25.982956886 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.116111994 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:26.116118908 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.178976059 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:26.312815905 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:26.484663010 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.484741926 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.484788895 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.487721920 CEST | 49712 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.487741947 CEST | 443 | 49712 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.594224930 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.594289064 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.594405890 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.594702005 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.594734907 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.620089054 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.620129108 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.620212078 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.620497942 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.620515108 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.812213898 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.812761068 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.812793016 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.813679934 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.813783884 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.815169096 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.815247059 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.815413952 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.815432072 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.846533060 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.846956968 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.846972942 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.848177910 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.849531889 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.849713087 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:26.849812031 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:26.880747080 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:26.892117977 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:27.046303988 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.046382904 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.046560049 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.046859026 CEST | 49713 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.046897888 CEST | 443 | 49713 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.047599077 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.047683001 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.047787905 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.048024893 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.048048019 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.180716038 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:27.180999994 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:27.181092978 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:27.181910992 CEST | 49714 | 443 | 192.168.2.5 | 104.21.93.68 |
Apr 23, 2024 16:27:27.181943893 CEST | 443 | 49714 | 104.21.93.68 | 192.168.2.5 |
Apr 23, 2024 16:27:27.261945963 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.262399912 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.262435913 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.262757063 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.263215065 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.263279915 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.263386011 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.294920921 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.294951916 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.295037031 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.295259953 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.295279026 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.304135084 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.499327898 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.499413967 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.499483109 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.499934912 CEST | 49716 | 443 | 192.168.2.5 | 35.190.80.1 |
Apr 23, 2024 16:27:27.499954939 CEST | 443 | 49716 | 35.190.80.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.517693996 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.518023968 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.518053055 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.521253109 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.521336079 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.524060011 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.524163961 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.524363995 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.524384975 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.561975956 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:27.562096119 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:27.613876104 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.782843113 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.783096075 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:27.783190012 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.784508944 CEST | 49717 | 443 | 192.168.2.5 | 172.67.206.98 |
Apr 23, 2024 16:27:27.784534931 CEST | 443 | 49717 | 172.67.206.98 | 192.168.2.5 |
Apr 23, 2024 16:27:28.035681009 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.035718918 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.035814047 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.037935019 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.037971020 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.287164927 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.287360907 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.293557882 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.293574095 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.293983936 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.335823059 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.380116940 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.516207933 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.516289949 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.516345024 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.516798973 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.516824961 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.516840935 CEST | 49718 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.516849041 CEST | 443 | 49718 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.574762106 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.574882984 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.575045109 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.575489044 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.575525999 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.816170931 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.816262007 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.867072105 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.867127895 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.867465973 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:28.875567913 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:28.920116901 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:29.055392981 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:29.055476904 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:29.055541039 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:29.058720112 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:29.058721066 CEST | 49719 | 443 | 192.168.2.5 | 23.221.242.90 |
Apr 23, 2024 16:27:29.058767080 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:29.058798075 CEST | 443 | 49719 | 23.221.242.90 | 192.168.2.5 |
Apr 23, 2024 16:27:35.633790970 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:35.633892059 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:35.633979082 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:35.986771107 CEST | 49711 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:27:35.986850023 CEST | 443 | 49711 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:27:37.602134943 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.602440119 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.602912903 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.602946997 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.603015900 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.604136944 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.604155064 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.755738020 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.755880117 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.926680088 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.926759958 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.948309898 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.948327065 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.948681116 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.948740005 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.949311972 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.949341059 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:37.949615955 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:37.949624062 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:38.268687963 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:38.268755913 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:27:38.269145966 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:38.269190073 CEST | 443 | 49723 | 23.1.237.91 | 192.168.2.5 |
Apr 23, 2024 16:27:38.269239902 CEST | 49723 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 23, 2024 16:28:25.106091976 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:25.106178045 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:25.106261969 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:25.106904984 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:25.106941938 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:25.325932026 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:25.326328039 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:25.326359034 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:25.327521086 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:25.328190088 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:25.328361988 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:25.380239964 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:35.327364922 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:35.327537060 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Apr 23, 2024 16:28:35.327595949 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:35.913393021 CEST | 49729 | 443 | 192.168.2.5 | 64.233.185.104 |
Apr 23, 2024 16:28:35.913419008 CEST | 443 | 49729 | 64.233.185.104 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 16:27:21.929135084 CEST | 53 | 57912 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:21.929342985 CEST | 53 | 63134 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:22.987555027 CEST | 53 | 63990 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:25.288288116 CEST | 58678 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:25.292751074 CEST | 62353 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:25.393172026 CEST | 53 | 58678 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:25.397186041 CEST | 53 | 62353 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:25.440793037 CEST | 56466 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:25.440958977 CEST | 63923 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:25.548401117 CEST | 53 | 63923 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:25.548839092 CEST | 53 | 56466 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:25.648642063 CEST | 59367 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:25.652564049 CEST | 63388 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:25.754369974 CEST | 53 | 59367 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:25.759794950 CEST | 53 | 63388 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.487415075 CEST | 59185 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:26.487591028 CEST | 56448 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:26.592437029 CEST | 53 | 56448 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:26.593157053 CEST | 53 | 59185 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.186755896 CEST | 64153 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:27.187077045 CEST | 56941 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 23, 2024 16:27:27.292767048 CEST | 53 | 64153 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:27.294420004 CEST | 53 | 56941 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:27:41.760937929 CEST | 53 | 53572 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:28:01.025114059 CEST | 53 | 59216 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:28:20.787421942 CEST | 53 | 55412 | 1.1.1.1 | 192.168.2.5 |
Apr 23, 2024 16:28:23.684048891 CEST | 53 | 49329 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 23, 2024 16:27:25.288288116 CEST | 192.168.2.5 | 1.1.1.1 | 0xc70c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 16:27:25.292751074 CEST | 192.168.2.5 | 1.1.1.1 | 0xd944 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 16:27:25.440793037 CEST | 192.168.2.5 | 1.1.1.1 | 0x87e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 16:27:25.440958977 CEST | 192.168.2.5 | 1.1.1.1 | 0xd83f | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 16:27:25.648642063 CEST | 192.168.2.5 | 1.1.1.1 | 0xb1b6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 16:27:25.652564049 CEST | 192.168.2.5 | 1.1.1.1 | 0xa4a4 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 16:27:26.487415075 CEST | 192.168.2.5 | 1.1.1.1 | 0x3417 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 16:27:26.487591028 CEST | 192.168.2.5 | 1.1.1.1 | 0xdc4d | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 16:27:27.186755896 CEST | 192.168.2.5 | 1.1.1.1 | 0xa257 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 16:27:27.187077045 CEST | 192.168.2.5 | 1.1.1.1 | 0x5a7a | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 23, 2024 16:27:25.393172026 CEST | 1.1.1.1 | 192.168.2.5 | 0xc70c | No error (0) | 64.233.185.104 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.393172026 CEST | 1.1.1.1 | 192.168.2.5 | 0xc70c | No error (0) | 64.233.185.103 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.393172026 CEST | 1.1.1.1 | 192.168.2.5 | 0xc70c | No error (0) | 64.233.185.147 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.393172026 CEST | 1.1.1.1 | 192.168.2.5 | 0xc70c | No error (0) | 64.233.185.105 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.393172026 CEST | 1.1.1.1 | 192.168.2.5 | 0xc70c | No error (0) | 64.233.185.106 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.393172026 CEST | 1.1.1.1 | 192.168.2.5 | 0xc70c | No error (0) | 64.233.185.99 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.397186041 CEST | 1.1.1.1 | 192.168.2.5 | 0xd944 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 16:27:25.548401117 CEST | 1.1.1.1 | 192.168.2.5 | 0xd83f | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 16:27:25.548839092 CEST | 1.1.1.1 | 192.168.2.5 | 0x87e4 | No error (0) | 172.67.206.98 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.548839092 CEST | 1.1.1.1 | 192.168.2.5 | 0x87e4 | No error (0) | 104.21.93.68 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.754369974 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1b6 | No error (0) | 104.21.93.68 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.754369974 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1b6 | No error (0) | 172.67.206.98 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:25.759794950 CEST | 1.1.1.1 | 192.168.2.5 | 0xa4a4 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 16:27:26.593157053 CEST | 1.1.1.1 | 192.168.2.5 | 0x3417 | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:27.292767048 CEST | 1.1.1.1 | 192.168.2.5 | 0xa257 | No error (0) | 172.67.206.98 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:27.292767048 CEST | 1.1.1.1 | 192.168.2.5 | 0xa257 | No error (0) | 104.21.93.68 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:27.294420004 CEST | 1.1.1.1 | 192.168.2.5 | 0x5a7a | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 16:27:37.360738039 CEST | 1.1.1.1 | 192.168.2.5 | 0xa92e | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:37.360738039 CEST | 1.1.1.1 | 192.168.2.5 | 0xa92e | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:37.505203962 CEST | 1.1.1.1 | 192.168.2.5 | 0xba74 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:37.505203962 CEST | 1.1.1.1 | 192.168.2.5 | 0xba74 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:50.833878994 CEST | 1.1.1.1 | 192.168.2.5 | 0xe300 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:27:50.833878994 CEST | 1.1.1.1 | 192.168.2.5 | 0xe300 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:28:16.096458912 CEST | 1.1.1.1 | 192.168.2.5 | 0x57a9 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 16:28:16.096458912 CEST | 1.1.1.1 | 192.168.2.5 | 0x57a9 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49712 | 104.21.93.68 | 443 | 6660 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:25 UTC | 652 | OUT | |
2024-04-23 14:27:26 UTC | 873 | IN | |
2024-04-23 14:27:26 UTC | 20 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49713 | 35.190.80.1 | 443 | 6660 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:26 UTC | 530 | OUT | |
2024-04-23 14:27:27 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49714 | 104.21.93.68 | 443 | 6660 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:26 UTC | 574 | OUT | |
2024-04-23 14:27:27 UTC | 969 | IN | |
2024-04-23 14:27:27 UTC | 40 | IN | |
2024-04-23 14:27:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49716 | 35.190.80.1 | 443 | 6660 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:27 UTC | 478 | OUT | |
2024-04-23 14:27:27 UTC | 378 | OUT | |
2024-04-23 14:27:27 UTC | 168 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49717 | 172.67.206.98 | 443 | 6660 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:27 UTC | 344 | OUT | |
2024-04-23 14:27:27 UTC | 982 | IN | |
2024-04-23 14:27:27 UTC | 40 | IN | |
2024-04-23 14:27:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49718 | 23.221.242.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:28 UTC | 161 | OUT | |
2024-04-23 14:27:28 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49719 | 23.221.242.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:28 UTC | 239 | OUT | |
2024-04-23 14:27:29 UTC | 773 | IN | |
2024-04-23 14:27:29 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
7 | 192.168.2.5 | 49723 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 14:27:37 UTC | 2148 | OUT | |
2024-04-23 14:27:37 UTC | 1 | OUT | |
2024-04-23 14:27:37 UTC | 2483 | OUT | |
2024-04-23 14:27:38 UTC | 479 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 16:27:15 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 16:27:18 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 16:27:22 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |