Windows
Analysis Report
http://208.48.229.99
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 7104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://2 08.48.229. 99/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2756 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2204 --fi eld-trial- handle=192 4,i,161116 2313424547 2612,15511 1035303345 76046,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Timestamp: | 04/24/24-12:54:07.309955 |
SID: | 2051023 |
Source Port: | 53948 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/24/24-12:54:07.310333 |
SID: | 2051023 |
Source Port: | 55642 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.141.104 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.141.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
208.48.229.99 | unknown | United States | 3549 | LVLT-3549US | false |
IP |
---|
192.168.2.17 |
192.168.2.16 |
192.168.2.13 |
192.168.2.23 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431000 |
Start date and time: | 2024-04-24 12:52:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://208.48.229.99 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@18/6@2/7 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.101, 142.251.2.139, 142.251.2.100, 142.251.2.102, 142.251.2.138, 142.251.2.113, 142.251.2.84, 34.104.35.123, 142.250.101.94, 74.125.137.139, 74.125.137.113, 74.125.137.100, 74.125.137.101, 74.125.137.138, 74.125.137.102
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9909934595859524 |
Encrypted: | false |
SSDEEP: | 48:8TdcTggbHXidAKZdA1FehwiZUklqehiy+3:86/1hy |
MD5: | 5D7D03B4250117B99F56C6738EEAB0F0 |
SHA1: | 2A9849FB6BA6CABDA990D20F33F808215626B2B7 |
SHA-256: | 1ECD9F59078327B6840B4AB05A9681991B4443035283AE66EA57A0B51B1953E6 |
SHA-512: | 51E17FBE544160DC36D4A4A3FE508D510FB09CADC309BE094EE02FF9F5D6F8F2B1D1A0422C739F838C6E8D79F39D2A9C17B29D67366D0AC11A7A40D2EBB668BB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.003640601450016 |
Encrypted: | false |
SSDEEP: | 48:8ndcTggbHXidAKZdA1seh/iZUkAQkqehRy+2:8m/r9QAy |
MD5: | D59DAF1C71C26A060E5D412698A1AB48 |
SHA1: | 9EAA8B114128073D796E39BFE7E6B330AB0476FC |
SHA-256: | 09DFE86C41813FD478F67A5FA979F39930C0D27F39B3DA3EACFF862042DE8A65 |
SHA-512: | 1EC40F4AE770D64B3F4E3324C9358AF61A919B5D1D985929693EB96137760691A6953769FDAA44983676FF564D908160D6591A957269521D0EDDAD37D47D03D3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.010566552735004 |
Encrypted: | false |
SSDEEP: | 48:8WdcTggAHXidAKZdA14meh7sFiZUkmgqeh7sXy+BX:8x/qnVy |
MD5: | 976A5085ABEEDD6E0DC9B62F16AD0A7A |
SHA1: | AA3757625406DDC9AF92559A39D4D7D9CE6E402F |
SHA-256: | 55F10B210A8A51FC8A6B741141876979AF6D63C9EBF1F1805F789C8DAF91732C |
SHA-512: | 6EF14DDF8B05392E13F8BA7CD570CFCC39C1BC8272E2A8DA7988D07AE83B8A7F3CCF62EEB239F37548072D634CF0FE5398FB940D5115CC8AC9C5E8AD2EA09274 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.001180388571555 |
Encrypted: | false |
SSDEEP: | 48:8AdcTggbHXidAKZdA1TehDiZUkwqehty+R:8r/4vy |
MD5: | 9A1EC9CE082B1DAA6FC1BFCB9E4B6780 |
SHA1: | 19530FE2ADA8A9E4B5FD6ADDF27499B837E403DC |
SHA-256: | ECB08E22DB00713B49394C8E95008B7A3E747F0589ED86273799669F3F9D7724 |
SHA-512: | FC02BA73F8419D0E4005E7AF954E0B1C3D2CDB54D122CC5621E380F6EA2F0D105772BA4D2CF35E1FA0A5BDC66ACB2CA83EE9F86EC1FAAFD506212A255F9C682F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9935680023439453 |
Encrypted: | false |
SSDEEP: | 48:8tdcTggbHXidAKZdA1dehBiZUk1W1qeh7y+C:88/I9by |
MD5: | DC0A774C4430C0B91CCFB80AB5B9BF5F |
SHA1: | 1F2805F792E8EA404073E493FD04D34FC55809A6 |
SHA-256: | 00093EE609660A2BA90B54E4D63A4E65F7A66089EB73C5856DD947507F6D0235 |
SHA-512: | 2AA9094E02024EC49B4BDDC9BF7A4BE5D60611003DEBAFF4C03ABCD253F6D25ED19EBDF5BBE098C4290EF86E15775177024EFD64288D1B1D3BB1099BD5503847 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.003143937955364 |
Encrypted: | false |
SSDEEP: | 48:8LAdcTggbHXidAKZdA1duTeehOuTbbiZUk5OjqehOuTbVy+yT+:8P/6TfTbxWOvTbVy7T |
MD5: | 9494C41FE5A94AFC8DD5F9E967D9AA93 |
SHA1: | 1C7AC596F437C06A11BBC436FB7161F2F6A32950 |
SHA-256: | 85C7C00C770122FDF9EE15C10DF2C58F7DE0BD60604CADC2FC4A9CB981CFFCB1 |
SHA-512: | D58A9BDE9EEB44C35DABBCF8476CAD2A626BD4DE4BDE405E06C8308101148883DA0526AF20CAB5F22A3D2A6698E33DF928A74DE83CF7A4E0317E938D258A6124 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/24/24-12:54:07.309955 | UDP | 2051023 | ET TROJAN SocGholish Domain in DNS Lookup (stake .libertariancounterpoint .com) | 53948 | 53 | 192.168.2.17 | 1.1.1.1 |
04/24/24-12:54:07.310333 | UDP | 2051023 | ET TROJAN SocGholish Domain in DNS Lookup (stake .libertariancounterpoint .com) | 55642 | 53 | 192.168.2.17 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 12:53:05.787813902 CEST | 49704 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:05.792391062 CEST | 49705 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:06.042227030 CEST | 49709 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:06.790805101 CEST | 49704 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:06.806775093 CEST | 49705 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:07.046787024 CEST | 49709 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:08.804785013 CEST | 49704 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:08.820792913 CEST | 49705 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:08.884371042 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:09.058829069 CEST | 49709 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:09.183815956 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:09.786792994 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:10.620891094 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:10.620976925 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:10.621083975 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:10.621287107 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:10.621325970 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:10.992726088 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:10.993072033 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:10.993103027 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:10.993801117 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:10.994596004 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:10.994693041 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:10.996265888 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:10.996356964 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:11.039819956 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:11.039849997 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:11.087815046 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:11.234147072 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:12.808901072 CEST | 49704 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:12.823904991 CEST | 49705 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:13.063837051 CEST | 49709 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:13.398793936 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:15.288619041 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.288664103 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.288781881 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.290786028 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.290808916 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.636425018 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.636528015 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.640114069 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.640135050 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.640588999 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.686925888 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.732120991 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.995601892 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.995675087 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.995737076 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.995805979 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.995826006 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:15.995847940 CEST | 49715 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:15.995855093 CEST | 443 | 49715 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.027798891 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:16.027848959 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:16.027935028 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:16.028956890 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:16.028966904 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:16.032454014 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.032476902 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.032558918 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.032767057 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.032776117 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.373429060 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.373517036 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.374758005 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.374763012 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.375072002 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.376328945 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.420120955 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.709500074 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.709575891 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.709635019 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.711213112 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.711231947 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.711249113 CEST | 49717 | 443 | 192.168.2.16 | 23.206.6.29 |
Apr 24, 2024 12:53:16.711255074 CEST | 443 | 49717 | 23.206.6.29 | 192.168.2.16 |
Apr 24, 2024 12:53:16.962007999 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:16.962131977 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:16.968384981 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:16.968424082 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:16.968789101 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.012923956 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.028660059 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.061223030 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:17.076117039 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.364808083 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:17.870522022 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870543003 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870549917 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870562077 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870600939 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870645046 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.870676041 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870701075 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.870722055 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.870732069 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870742083 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870785952 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.870799065 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870815992 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.870861053 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.882277012 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.882297993 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.882313967 CEST | 49716 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:17.882320881 CEST | 443 | 49716 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:17.967945099 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:18.206800938 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:19.180843115 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:20.823832035 CEST | 49704 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:20.823868036 CEST | 49705 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:20.995569944 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:20.995642900 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:20.995722055 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:21.078814983 CEST | 49709 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:21.519985914 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:21.584038019 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:21.822858095 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:21.968537092 CEST | 49711 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:53:21.968600035 CEST | 443 | 49711 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:53:22.426839113 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:23.640965939 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:26.050527096 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:26.398860931 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:27.811837912 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 24, 2024 12:53:27.866172075 CEST | 49718 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:27.866309881 CEST | 49719 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:28.131200075 CEST | 49720 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:28.877948046 CEST | 49719 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:28.877962112 CEST | 49718 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:29.132936954 CEST | 49720 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:30.851936102 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:30.883837938 CEST | 49719 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:30.883852959 CEST | 49718 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:31.139862061 CEST | 49720 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:34.897842884 CEST | 49719 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:34.897885084 CEST | 49718 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:35.153839111 CEST | 49720 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:36.000880957 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 24, 2024 12:53:40.456872940 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:53:42.900878906 CEST | 49719 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:42.900881052 CEST | 49718 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:43.156873941 CEST | 49720 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:53.162102938 CEST | 49698 | 80 | 192.168.2.16 | 23.1.234.57 |
Apr 24, 2024 12:53:53.162206888 CEST | 49699 | 80 | 192.168.2.16 | 23.1.234.57 |
Apr 24, 2024 12:53:53.321870089 CEST | 80 | 49698 | 23.1.234.57 | 192.168.2.16 |
Apr 24, 2024 12:53:53.321897984 CEST | 80 | 49699 | 23.1.234.57 | 192.168.2.16 |
Apr 24, 2024 12:53:53.321996927 CEST | 49698 | 80 | 192.168.2.16 | 23.1.234.57 |
Apr 24, 2024 12:53:53.322021961 CEST | 49699 | 80 | 192.168.2.16 | 23.1.234.57 |
Apr 24, 2024 12:53:53.948997021 CEST | 49721 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:53.949307919 CEST | 49722 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:54.212268114 CEST | 49723 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:54.442245007 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:54.442281008 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:54.442378044 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:54.442847013 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:54.442858934 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:54.962986946 CEST | 49721 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:54.963088036 CEST | 49722 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:55.216898918 CEST | 49723 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:55.375853062 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:55.376008034 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:55.377492905 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:55.377501965 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:55.377782106 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:55.379352093 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:55.424114943 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282058954 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282085896 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282121897 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282350063 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.282363892 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282418013 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.282455921 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282500982 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282524109 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.282530069 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282560110 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.282589912 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.282603979 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.287775993 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.287791014 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.287810087 CEST | 49724 | 443 | 192.168.2.16 | 40.68.123.157 |
Apr 24, 2024 12:53:56.287813902 CEST | 443 | 49724 | 40.68.123.157 | 192.168.2.16 |
Apr 24, 2024 12:53:56.973927021 CEST | 49721 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:56.973931074 CEST | 49722 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:53:57.228977919 CEST | 49723 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:00.989001036 CEST | 49722 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:00.989017010 CEST | 49721 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:01.242939949 CEST | 49723 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:08.995018005 CEST | 49721 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:08.995088100 CEST | 49722 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:09.253074884 CEST | 49723 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:10.528707027 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:10.528758049 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:10.528904915 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:10.529247999 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:10.529263020 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:10.891848087 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:10.892185926 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:10.892205954 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:10.893296003 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:10.893635988 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:10.893806934 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:10.939927101 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:11.370024920 CEST | 49688 | 443 | 192.168.2.16 | 13.107.21.200 |
Apr 24, 2024 12:54:20.930339098 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:20.930419922 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:20.930496931 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:21.973459959 CEST | 49726 | 443 | 192.168.2.16 | 142.250.141.104 |
Apr 24, 2024 12:54:21.973490000 CEST | 443 | 49726 | 142.250.141.104 | 192.168.2.16 |
Apr 24, 2024 12:54:44.686856985 CEST | 49701 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:54:44.846370935 CEST | 80 | 49701 | 192.229.211.108 | 192.168.2.16 |
Apr 24, 2024 12:54:44.846555948 CEST | 49701 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 24, 2024 12:54:45.012303114 CEST | 49728 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:45.012353897 CEST | 49729 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:45.277724981 CEST | 49730 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:46.024610996 CEST | 49728 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:46.025777102 CEST | 49729 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:46.279674053 CEST | 49730 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:48.038654089 CEST | 49728 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:48.038655996 CEST | 49729 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:48.293601990 CEST | 49730 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:52.046627998 CEST | 49728 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:52.046864986 CEST | 49729 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:54:52.301578999 CEST | 49730 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:55:00.051536083 CEST | 49729 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:55:00.051599979 CEST | 49728 | 80 | 192.168.2.16 | 208.48.229.99 |
Apr 24, 2024 12:55:00.307600021 CEST | 49730 | 80 | 192.168.2.16 | 208.48.229.99 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 12:53:05.941925049 CEST | 53 | 53043 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:53:05.951922894 CEST | 53 | 64720 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:53:06.906464100 CEST | 53 | 61329 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:53:10.466017962 CEST | 60224 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 24, 2024 12:53:10.466494083 CEST | 57377 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 24, 2024 12:53:10.619441986 CEST | 53 | 60224 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:53:10.619911909 CEST | 53 | 57377 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:53:23.972223043 CEST | 53 | 54029 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:53:42.839649916 CEST | 53 | 61503 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:54:05.792819977 CEST | 53 | 52546 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:54:05.900068045 CEST | 53 | 59628 | 1.1.1.1 | 192.168.2.16 |
Apr 24, 2024 12:54:13.232465029 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Apr 24, 2024 12:54:34.443691969 CEST | 53 | 58872 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 24, 2024 12:53:10.466017962 CEST | 192.168.2.16 | 1.1.1.1 | 0x4145 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 12:53:10.466494083 CEST | 192.168.2.16 | 1.1.1.1 | 0xebfc | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 12:53:10.619441986 CEST | 1.1.1.1 | 192.168.2.16 | 0x4145 | No error (0) | 142.250.141.104 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 12:53:10.619441986 CEST | 1.1.1.1 | 192.168.2.16 | 0x4145 | No error (0) | 142.250.141.105 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 12:53:10.619441986 CEST | 1.1.1.1 | 192.168.2.16 | 0x4145 | No error (0) | 142.250.141.106 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 12:53:10.619441986 CEST | 1.1.1.1 | 192.168.2.16 | 0x4145 | No error (0) | 142.250.141.103 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 12:53:10.619441986 CEST | 1.1.1.1 | 192.168.2.16 | 0x4145 | No error (0) | 142.250.141.147 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 12:53:10.619441986 CEST | 1.1.1.1 | 192.168.2.16 | 0x4145 | No error (0) | 142.250.141.99 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 12:53:10.619911909 CEST | 1.1.1.1 | 192.168.2.16 | 0xebfc | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49715 | 23.206.6.29 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 10:53:15 UTC | 161 | OUT | |
2024-04-24 10:53:15 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49717 | 23.206.6.29 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 10:53:16 UTC | 239 | OUT | |
2024-04-24 10:53:16 UTC | 531 | IN | |
2024-04-24 10:53:16 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49716 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 10:53:17 UTC | 306 | OUT | |
2024-04-24 10:53:17 UTC | 560 | IN | |
2024-04-24 10:53:17 UTC | 15824 | IN | |
2024-04-24 10:53:17 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49724 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 10:53:55 UTC | 306 | OUT | |
2024-04-24 10:53:56 UTC | 560 | IN | |
2024-04-24 10:53:56 UTC | 15824 | IN | |
2024-04-24 10:53:56 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:53:04 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 12:53:04 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |