Windows
Analysis Report
https://2h.ae/HWtB
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5552 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2840 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=195 2,i,722049 7278789268 327,868429 0281839842 3,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion /pref etch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6508 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://2h.ae /HWtB" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a.nel.cloudflare.com | 35.190.80.1 | true | false | high | |
dgt.lat | 104.21.56.244 | true | false | unknown | |
www.google.com | 142.250.141.104 | true | false | high | |
2h.ae | 172.67.205.158 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high | ||
true | unknown | ||
false | high | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
104.21.56.244 | dgt.lat | United States | 13335 | CLOUDFLARENETUS | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false | |
142.250.141.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.67.205.158 | 2h.ae | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431057 |
Start date and time: | 2024-04-24 14:19:55 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://2h.ae/HWtB |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@17/4@8/7 |
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.139, 142.251.2.100, 142.251.2.138, 142.251.2.102, 142.251.2.101, 142.251.2.113, 142.251.2.84, 34.104.35.123, 20.12.23.50, 23.1.234.57, 23.1.234.24, 192.229.211.108, 20.3.187.198, 142.250.101.94
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9 |
Entropy (8bit): | 2.94770277922009 |
Encrypted: | false |
SSDEEP: | 3:Obn:Obn |
MD5: | 9D1EAD73E678FA2F51A70A933B0BF017 |
SHA1: | D205CBD6783332A212C5AE92D73C77178C2D2F28 |
SHA-256: | 0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5 |
SHA-512: | 935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34 |
Malicious: | false |
Reputation: | low |
URL: | https://dgt.lat/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9 |
Entropy (8bit): | 2.94770277922009 |
Encrypted: | false |
SSDEEP: | 3:Obn:Obn |
MD5: | 9D1EAD73E678FA2F51A70A933B0BF017 |
SHA1: | D205CBD6783332A212C5AE92D73C77178C2D2F28 |
SHA-256: | 0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5 |
SHA-512: | 935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34 |
Malicious: | false |
Reputation: | low |
URL: | https://dgt.lat/entra |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 14:20:38.383193970 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
Apr 24, 2024 14:20:40.507972002 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 24, 2024 14:20:48.277358055 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.277439117 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.277587891 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.277822018 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.277883053 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.277932882 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.278089046 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.278140068 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.278234005 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.278253078 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.611964941 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.612293959 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.612313032 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.613363028 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.613430023 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.614033937 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.614691973 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.614712954 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.615724087 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.615791082 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.615984917 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.615993977 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.616229057 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.616290092 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.617373943 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.617458105 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.660655975 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.661391020 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:48.661426067 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:48.709235907 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:49.973352909 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:49.977591038 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:49.977634907 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:49.981472015 CEST | 49737 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:20:49.981499910 CEST | 443 | 49737 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:20:50.119702101 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 24, 2024 14:20:50.239497900 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.239550114 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.239629030 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.240295887 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.240325928 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.355494022 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.355576038 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.355658054 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.355887890 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.355921030 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.573556900 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.577461004 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.577497959 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.579093933 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.579179049 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.716877937 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.717217922 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.717272997 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.718251944 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.718359947 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.801234961 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:50.801278114 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:50.801522017 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:50.810359001 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:50.810373068 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:50.865324974 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.865324974 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.865408897 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.865565062 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.866050005 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.866218090 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.914963007 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:50.914982080 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.914992094 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:20:50.915039062 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:50.959391117 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:50.959471941 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:20:51.155462027 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.155822992 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.161392927 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.161437035 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.161664963 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.205389023 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.212076902 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.212239981 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.214816093 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.223974943 CEST | 49739 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.223999977 CEST | 443 | 49739 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.320127964 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.320194006 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.321443081 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.321789026 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.321825981 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.356055975 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.391154051 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.391208887 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.391371012 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.393471003 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.393488884 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.396152973 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.525125980 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.525187016 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.525247097 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.547581911 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.547646046 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.547677994 CEST | 49741 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.547694921 CEST | 443 | 49741 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.606946945 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.606990099 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.607058048 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.607908964 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.607925892 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.656213999 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.656558990 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.656582117 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.657741070 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.658648968 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.658844948 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.659091949 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:51.700145006 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:51.755716085 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.756336927 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.756350040 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.757921934 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.757987022 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.766952038 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.767041922 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.767173052 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.767187119 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.819247961 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:51.954957008 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.955053091 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.956397057 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:51.956423998 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.957412004 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:51.958764076 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:52.004112959 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:52.041649103 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:52.041733027 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:52.041795015 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:52.042531967 CEST | 49742 | 443 | 192.168.2.4 | 104.21.56.244 |
Apr 24, 2024 14:20:52.042576075 CEST | 443 | 49742 | 104.21.56.244 | 192.168.2.4 |
Apr 24, 2024 14:20:52.136362076 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.136431932 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.136473894 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.136625051 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.136651039 CEST | 443 | 49743 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.136662960 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.136701107 CEST | 49743 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.137089014 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.137124062 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.137190104 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.137443066 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.137458086 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.316171885 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:52.316338062 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:52.316402912 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:52.321405888 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:52.321460009 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:52.321501017 CEST | 49744 | 443 | 192.168.2.4 | 23.206.6.29 |
Apr 24, 2024 14:20:52.321517944 CEST | 443 | 49744 | 23.206.6.29 | 192.168.2.4 |
Apr 24, 2024 14:20:52.487298012 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.505477905 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.505502939 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.506704092 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.553986073 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.587009907 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.587179899 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.588035107 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.628151894 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.877614975 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.877707005 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:20:52.877854109 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.889785051 CEST | 49745 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:20:52.889837027 CEST | 443 | 49745 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:00.716429949 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:00.716495037 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:00.716801882 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:02.498891115 CEST | 49740 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:02.498960018 CEST | 443 | 49740 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:03.599906921 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:21:03.599976063 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:21:03.600044012 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:21:04.248971939 CEST | 49736 | 443 | 192.168.2.4 | 172.67.205.158 |
Apr 24, 2024 14:21:04.249032021 CEST | 443 | 49736 | 172.67.205.158 | 192.168.2.4 |
Apr 24, 2024 14:21:50.228914976 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:50.228949070 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:50.229022026 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:50.230024099 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:50.230036974 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:50.589513063 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:50.590188026 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:50.590214968 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:50.591310024 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:50.591983080 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:50.592067003 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:21:50.646783113 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:21:51.226382971 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.226466894 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.226553917 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.227974892 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.228012085 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.576412916 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.576740980 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.576806068 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.577933073 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.578478098 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.578641891 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.578675032 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.631186008 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.972615004 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.972815990 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.972879887 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.973306894 CEST | 49756 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.973315954 CEST | 443 | 49756 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.974731922 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.974744081 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:51.974809885 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.975469112 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:51.975482941 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.327585936 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.331432104 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:52.331444979 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.331914902 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.346462011 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:52.346666098 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.355849028 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:52.396141052 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.719677925 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.719875097 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.719943047 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:52.720109940 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:52.720118999 CEST | 443 | 49757 | 35.190.80.1 | 192.168.2.4 |
Apr 24, 2024 14:21:52.720168114 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:52.720176935 CEST | 49757 | 443 | 192.168.2.4 | 35.190.80.1 |
Apr 24, 2024 14:21:57.321047068 CEST | 49723 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 24, 2024 14:21:57.321341991 CEST | 49724 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 24, 2024 14:21:57.480293989 CEST | 80 | 49723 | 72.21.81.240 | 192.168.2.4 |
Apr 24, 2024 14:21:57.480475903 CEST | 49723 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 24, 2024 14:21:57.480567932 CEST | 80 | 49724 | 72.21.81.240 | 192.168.2.4 |
Apr 24, 2024 14:21:57.480762959 CEST | 49724 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 24, 2024 14:22:00.597408056 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:22:00.597588062 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Apr 24, 2024 14:22:00.597681999 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:22:02.244451046 CEST | 49755 | 443 | 192.168.2.4 | 142.250.141.104 |
Apr 24, 2024 14:22:02.244483948 CEST | 443 | 49755 | 142.250.141.104 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 14:20:46.165534019 CEST | 53 | 64282 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:46.172344923 CEST | 53 | 56578 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:47.268094063 CEST | 53 | 55860 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:48.103518963 CEST | 51161 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:48.103641033 CEST | 58425 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:48.275902033 CEST | 53 | 51161 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:48.276595116 CEST | 53 | 58425 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:49.984749079 CEST | 56941 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:49.985346079 CEST | 59932 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:50.177879095 CEST | 55728 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:50.200762987 CEST | 50661 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:50.223027945 CEST | 53 | 59932 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:50.223076105 CEST | 53 | 56941 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:50.331564903 CEST | 53 | 55728 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:50.354425907 CEST | 53 | 50661 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.221642017 CEST | 49868 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:51.221642971 CEST | 51159 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 14:20:51.377803087 CEST | 53 | 49868 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:20:51.390379906 CEST | 53 | 51159 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:21:04.646287918 CEST | 53 | 58269 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:21:08.908278942 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 24, 2024 14:21:23.695956945 CEST | 53 | 52340 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:21:45.726653099 CEST | 53 | 56250 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 14:21:46.719619989 CEST | 53 | 56147 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 24, 2024 14:20:48.103518963 CEST | 192.168.2.4 | 1.1.1.1 | 0x6d89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 14:20:48.103641033 CEST | 192.168.2.4 | 1.1.1.1 | 0xbd7 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 24, 2024 14:20:49.984749079 CEST | 192.168.2.4 | 1.1.1.1 | 0xb89f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 14:20:49.985346079 CEST | 192.168.2.4 | 1.1.1.1 | 0x9fcb | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 24, 2024 14:20:50.177879095 CEST | 192.168.2.4 | 1.1.1.1 | 0x6402 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 14:20:50.200762987 CEST | 192.168.2.4 | 1.1.1.1 | 0xff6f | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 24, 2024 14:20:51.221642017 CEST | 192.168.2.4 | 1.1.1.1 | 0x34b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 14:20:51.221642971 CEST | 192.168.2.4 | 1.1.1.1 | 0x8d9f | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 14:20:48.275902033 CEST | 1.1.1.1 | 192.168.2.4 | 0x6d89 | No error (0) | 172.67.205.158 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:48.275902033 CEST | 1.1.1.1 | 192.168.2.4 | 0x6d89 | No error (0) | 104.21.77.80 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:48.276595116 CEST | 1.1.1.1 | 192.168.2.4 | 0xbd7 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 24, 2024 14:20:50.223027945 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fcb | No error (0) | 65 | IN (0x0001) | false | |||
Apr 24, 2024 14:20:50.223076105 CEST | 1.1.1.1 | 192.168.2.4 | 0xb89f | No error (0) | 104.21.56.244 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.223076105 CEST | 1.1.1.1 | 192.168.2.4 | 0xb89f | No error (0) | 172.67.138.233 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.331564903 CEST | 1.1.1.1 | 192.168.2.4 | 0x6402 | No error (0) | 142.250.141.104 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.331564903 CEST | 1.1.1.1 | 192.168.2.4 | 0x6402 | No error (0) | 142.250.141.99 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.331564903 CEST | 1.1.1.1 | 192.168.2.4 | 0x6402 | No error (0) | 142.250.141.103 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.331564903 CEST | 1.1.1.1 | 192.168.2.4 | 0x6402 | No error (0) | 142.250.141.106 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.331564903 CEST | 1.1.1.1 | 192.168.2.4 | 0x6402 | No error (0) | 142.250.141.147 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.331564903 CEST | 1.1.1.1 | 192.168.2.4 | 0x6402 | No error (0) | 142.250.141.105 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:20:50.354425907 CEST | 1.1.1.1 | 192.168.2.4 | 0xff6f | No error (0) | 65 | IN (0x0001) | false | |||
Apr 24, 2024 14:20:51.377803087 CEST | 1.1.1.1 | 192.168.2.4 | 0x34b2 | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:03.813492060 CEST | 1.1.1.1 | 192.168.2.4 | 0xa092 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:03.813492060 CEST | 1.1.1.1 | 192.168.2.4 | 0xa092 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:16.780989885 CEST | 1.1.1.1 | 192.168.2.4 | 0x4bab | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:16.780989885 CEST | 1.1.1.1 | 192.168.2.4 | 0x4bab | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:38.739985943 CEST | 1.1.1.1 | 192.168.2.4 | 0x801d | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:38.739985943 CEST | 1.1.1.1 | 192.168.2.4 | 0x801d | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:58.943013906 CEST | 1.1.1.1 | 192.168.2.4 | 0x9c96 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 14:21:58.943013906 CEST | 1.1.1.1 | 192.168.2.4 | 0x9c96 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 172.67.205.158 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:48 UTC | 652 | OUT | |
2024-04-24 12:20:49 UTC | 926 | IN | |
2024-04-24 12:20:49 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 104.21.56.244 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:50 UTC | 655 | OUT | |
2024-04-24 12:20:51 UTC | 632 | IN | |
2024-04-24 12:20:51 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49741 | 23.206.6.29 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:51 UTC | 161 | OUT | |
2024-04-24 12:20:51 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49742 | 104.21.56.244 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:51 UTC | 575 | OUT | |
2024-04-24 12:20:52 UTC | 657 | IN | |
2024-04-24 12:20:52 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49743 | 35.190.80.1 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:51 UTC | 514 | OUT | |
2024-04-24 12:20:52 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49744 | 23.206.6.29 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:51 UTC | 239 | OUT | |
2024-04-24 12:20:52 UTC | 531 | IN | |
2024-04-24 12:20:52 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49745 | 35.190.80.1 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:20:52 UTC | 464 | OUT | |
2024-04-24 12:20:52 UTC | 383 | OUT | |
2024-04-24 12:20:52 UTC | 168 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49756 | 35.190.80.1 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:21:51 UTC | 512 | OUT | |
2024-04-24 12:21:51 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49757 | 35.190.80.1 | 443 | 2840 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:21:52 UTC | 462 | OUT | |
2024-04-24 12:21:52 UTC | 413 | OUT | |
2024-04-24 12:21:52 UTC | 168 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 14:20:41 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:20:44 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 14:20:47 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |