Windows
Analysis Report
https://linklock.titanhq.com/analyse?url=https%3A%2F%2Fwww.dhl.com%2Fdiscover%2Fen-gb%2Fship-with-dhl%2Fproducts-and-services%2Fcustoms-declaration-service&data=eJw9S0sOgjAUPA3sSrSiyKILg0BYiIl4AWwb2kg_9LVwfbtQk0nmT8kpL4o9xqwo8yNOGcFD02bV_ZYqcg6Txsval9XiUyDhLZU1zkOS75iYM2pU6kjXt4_62tX9c4j5_x2I8N5Ccrg
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6360 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6864 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2264 --fi eld-trial- handle=202 0,i,965584 3497627695 300,710477 9581214469 232,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 5964 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://linkl ock.titanh q.com/anal yse?url=ht tps%3A%2F% 2Fwww.dhl. com%2Fdisc over%2Fen- gb%2Fship- with-dhl%2 Fproducts- and-servic es%2Fcusto ms-declara tion-servi ce&data=eJ w9S0sOgjAU PA3sSrSiyK ILg0BYiIl4 AWwb2kg_9L VwfbtQk0nm T8kpL4o9xq wo8yNOGcFD 02bV_ZYqcg 6Txsval9Xi UyDhLZU1zk OS75iYM2pU 6kjXt4_62t X9c4j5_x2I 8N5CcrgkuI nYti37nqJj EqhZuYuSaz S9IoOQFm3S CxRn0VtnWK Ae0KgZAu5W STnEnAbwRg FinM6jG700 -ld_AI2IQ7 0%25" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
k8s-ingressn-ingressn-e4b41ee854-e87a49efc6c35241.elb.us-east-2.amazonaws.com | 18.223.179.225 | true | false | high | |
www.google.com | 142.250.217.164 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown | |
www.dhl.com | unknown | unknown | false | high | |
linklock.titanhq.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
18.223.179.225 | k8s-ingressn-ingressn-e4b41ee854-e87a49efc6c35241.elb.us-east-2.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
142.250.217.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.8 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432151 |
Start date and time: | 2024-04-26 15:47:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://linklock.titanhq.com/analyse?url=https%3A%2F%2Fwww.dhl.com%2Fdiscover%2Fen-gb%2Fship-with-dhl%2Fproducts-and-services%2Fcustoms-declaration-service&data=eJw9S0sOgjAUPA3sSrSiyKILg0BYiIl4AWwb2kg_9LVwfbtQk0nmT8kpL4o9xqwo8yNOGcFD02bV_ZYqcg6Txsval9XiUyDhLZU1zkOS75iYM2pU6kjXt4_62tX9c4j5_x2I8N5CcrgkuInYti37nqJjEqhZuYuSazS9IoOQFm3SCxRn0VtnWKAe0KgZAu5WSTnEnAbwRgFinM6jG700-ld_AI2IQ70%25 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@16/6@6/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 192.178.50.67, 192.178.50.46, 173.194.215.84, 34.104.35.123, 23.194.251.132, 20.12.23.50, 192.229.211.108, 20.242.39.171, 20.3.187.198, 172.217.3.67
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, e19263.dsca.akamaiedge.net, www.dhl.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, www.dhl.com.edgekey.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9744331733002207 |
Encrypted: | false |
SSDEEP: | 48:8Hp0dEToosHoidAKZdA1oehwiZUklqehly+3:8Hp/fqmy |
MD5: | 0A85A3206B7FE2887DB13005CD495815 |
SHA1: | 86EDAD08D577996AEE1CFF6131697388605D1503 |
SHA-256: | 31CDC3B8AABF534AA4FEF627997CEEDD8EC39D3CE2D4A038D4D07E8396E9A10E |
SHA-512: | 9DDAFF8EBE343F6BDBA396B50153C58471063E1B948787C697AE3E9784227E1D9F55E5024A7F4619CB5D96B6A47AC984D58E79B81B68D112101D501B7FC04FC2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9891982810939592 |
Encrypted: | false |
SSDEEP: | 48:8p0dEToosHoidAKZdA1leh/iZUkAQkqehWy+2:8p/fg9Q/y |
MD5: | 810D0EF6ED323A385DAFAFC72B7BA831 |
SHA1: | F78057FF79095031B1B9BBCA5EC74995F5161399 |
SHA-256: | 11A2911A66D7070123BB0B0C299FCC4A276D3D869DA9B2968CDD3DF86062F3C2 |
SHA-512: | E7B0443E4D84E6371E795E1D8D961BD98B9700263BBBCC9745E0C2A3709CA7FC411EF4A1948DD5A5393E6F3854C456CAE1AA56F3654736D3B63E4422CF30559F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.000959607775902 |
Encrypted: | false |
SSDEEP: | 48:8N0dEToobHoidAKZdA14t5eh7sFiZUkmgqeh7sYy+BX:8N/fhniy |
MD5: | DB38DF748317480D633CB5C89C4C54C8 |
SHA1: | FF69C1A54276AEE6F2283F0CDB5A693EDB37FA56 |
SHA-256: | 587F924317FDE20F8643ACB4958CC3E722ADDBB1C2E5E771DF81A807E9501222 |
SHA-512: | CED2CEF58D21F04327100FF9FCBA0D55DA142E93150F862CD9181FE5F9213C6BE27A98A612F3694F9B0BD97828BCAF0CDE9E53ED43FBCF342FAACBC211562912 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.990223075071193 |
Encrypted: | false |
SSDEEP: | 48:8E0dEToosHoidAKZdA16ehDiZUkwqehKy+R:8E/f7Ay |
MD5: | 50D9302D6AD36560255C0BFFA40E74F4 |
SHA1: | 1371677FAD4BA1CCFE3D675D9038513023ABF7E6 |
SHA-256: | 8FCD29E08989F5C0715D114C3D586CD72B6735C10E6D28F34B0DD53ABEE5F96B |
SHA-512: | 352F9B56FC62315C58833E38CF3AB1901734004749602F6776EDD70F77D90DF9E5D7A7FDB77532F16138CD451EFA271A7B718EE7DF5A19600EF3C773E67A3E62 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9803772474869263 |
Encrypted: | false |
SSDEEP: | 48:8s0dEToosHoidAKZdA1UehBiZUk1W1qehky+C:8s/f79Ey |
MD5: | 91BCA10F07E4D72F17F0E1FD45BE7CED |
SHA1: | 7F4C45E977D21DECF7F3C26E056B4057F0684463 |
SHA-256: | 19A1D2F0B6D6081025FE4BCF4F4F0E71A0E47A9F85F472E59EA24126E1A095E5 |
SHA-512: | A07B10414C2AD4761CA3F7678E20F5669E8B5FB22190C8ABE6D80E5C7D825E92B864EEF7BA5FB1487ECE80C2BC5A800D028E2D63410EF81A7B99AD6849AFDFE1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9903136664611 |
Encrypted: | false |
SSDEEP: | 48:8l0dEToosHoidAKZdA1duTrehOuTbbiZUk5OjqehOuTbiy+yT+:8l/f0TYTbxWOvTbiy7T |
MD5: | A45BB66A97E483F0856C4C02A9FC4031 |
SHA1: | 6436A198ACDAA073B8E8FBE70C446C2CEBDB122A |
SHA-256: | FDD1862606C6920201BA1E9C3E5BB18BDBBDB28213DB9C97494D780FB187F888 |
SHA-512: | F94F6C7E5BB7964089F1F48257C5B3C97728EBD4E124045D7044EF7FC9E70D63C2A240A6667CBEADA8163F06B976885CCA105AB392BB1624D9AAA3EDB8EC81BB |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 15:47:55.995762110 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Apr 26, 2024 15:47:57.605104923 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:47:57.933197975 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:00.808227062 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Apr 26, 2024 15:48:02.136301994 CEST | 49671 | 443 | 192.168.2.8 | 204.79.197.203 |
Apr 26, 2024 15:48:04.345592976 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:04.347137928 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:04.376159906 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.376266956 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:04.376338005 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.376610994 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.376662016 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:04.376983881 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.377037048 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:04.377091885 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.377286911 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.377305031 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:04.856251955 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:04.857126951 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:04.904788971 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:04.904793978 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.482402086 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.482441902 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.483011961 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.483048916 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.484116077 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.484185934 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.484216928 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.484268904 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.535646915 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.535834074 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.538731098 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.538938046 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.539190054 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.539205074 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.582530975 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.582534075 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:05.582547903 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:05.623930931 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:06.856617928 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:06.856704950 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:06.856751919 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:06.857601881 CEST | 49711 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:06.857615948 CEST | 443 | 49711 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:07.220762968 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:07.666713953 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:07.749764919 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:07.749852896 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:07.749937057 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:07.759491920 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:07.759525061 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:08.095016003 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:08.146667957 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:09.752886057 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:09.752953053 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:09.754192114 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:09.754204035 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:09.754275084 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:09.822094917 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:09.822252035 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:09.864234924 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:09.864258051 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:09.909127951 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:09.983320951 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:09.983366966 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:09.983447075 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:09.987240076 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:09.987253904 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.246042967 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.246115923 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.268207073 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.268227100 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.268469095 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.315078974 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.327265024 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.368148088 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.490849018 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.490917921 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.490981102 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Apr 26, 2024 15:48:10.490988970 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.491108894 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.491108894 CEST | 49716 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.491131067 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.491142988 CEST | 443 | 49716 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.521790028 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.521831989 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.521898031 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.522152901 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.522169113 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.779241085 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.779309034 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.781472921 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.781482935 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.781873941 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:10.783682108 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:10.824127913 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:11.027604103 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:11.027978897 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:11.028126955 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:11.029508114 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:11.029508114 CEST | 49717 | 443 | 192.168.2.8 | 23.204.76.112 |
Apr 26, 2024 15:48:11.029531956 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:11.029542923 CEST | 443 | 49717 | 23.204.76.112 | 192.168.2.8 |
Apr 26, 2024 15:48:18.076626062 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:18.076684952 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:18.076746941 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:18.304616928 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:18.503395081 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:18.504184961 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:18.504266024 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:18.504276991 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:18.504317999 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:18.504352093 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:18.504379988 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:18.504473925 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:19.394398928 CEST | 49715 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:48:19.394469023 CEST | 443 | 49715 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:48:20.538444996 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.737894058 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:20.737971067 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.739084005 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.739142895 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.739355087 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.739528894 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.938333035 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:20.955050945 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:20.958328962 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:20.958384037 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:20.958421946 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:20.958456993 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:21.004553080 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:21.004575968 CEST | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Apr 26, 2024 15:48:21.004616022 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:21.004653931 CEST | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Apr 26, 2024 15:48:50.596065998 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:48:50.596092939 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:48:51.209614992 CEST | 49704 | 80 | 192.168.2.8 | 208.111.136.128 |
Apr 26, 2024 15:48:51.246510029 CEST | 80 | 49704 | 208.111.136.128 | 192.168.2.8 |
Apr 26, 2024 15:48:51.246598005 CEST | 49704 | 80 | 192.168.2.8 | 208.111.136.128 |
Apr 26, 2024 15:48:51.336074114 CEST | 80 | 49704 | 208.111.136.128 | 192.168.2.8 |
Apr 26, 2024 15:49:04.853194952 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:49:04.853276968 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:49:04.853377104 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:49:05.039594889 CEST | 49710 | 443 | 192.168.2.8 | 18.223.179.225 |
Apr 26, 2024 15:49:05.039628983 CEST | 443 | 49710 | 18.223.179.225 | 192.168.2.8 |
Apr 26, 2024 15:49:07.662677050 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:07.662727118 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:07.662795067 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:07.663070917 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:07.663093090 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:07.990567923 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:07.990888119 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:07.990905046 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:07.991208076 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:07.991617918 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:07.991672039 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:08.039747000 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:17.986105919 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:17.986177921 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Apr 26, 2024 15:49:17.986454010 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:19.040162086 CEST | 49722 | 443 | 192.168.2.8 | 142.250.217.164 |
Apr 26, 2024 15:49:19.040172100 CEST | 443 | 49722 | 142.250.217.164 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 15:48:02.773849010 CEST | 53 | 62158 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:02.814116955 CEST | 53 | 54302 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:03.847955942 CEST | 53 | 55067 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:04.166502953 CEST | 57615 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 26, 2024 15:48:04.166692972 CEST | 59364 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 26, 2024 15:48:04.309467077 CEST | 53 | 57615 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:04.370826960 CEST | 53 | 59364 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:06.860342026 CEST | 63313 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 26, 2024 15:48:06.860826969 CEST | 49755 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 26, 2024 15:48:07.608256102 CEST | 63789 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 26, 2024 15:48:07.608416080 CEST | 62081 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 26, 2024 15:48:07.740344048 CEST | 53 | 62081 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:07.741745949 CEST | 53 | 63789 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:24.302318096 CEST | 53 | 50953 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:43.364115953 CEST | 53 | 51412 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:48:51.231802940 CEST | 138 | 138 | 192.168.2.8 | 192.168.2.255 |
Apr 26, 2024 15:49:02.876770020 CEST | 53 | 50055 | 1.1.1.1 | 192.168.2.8 |
Apr 26, 2024 15:49:05.939908981 CEST | 53 | 51605 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 15:48:04.166502953 CEST | 192.168.2.8 | 1.1.1.1 | 0x5b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 15:48:04.166692972 CEST | 192.168.2.8 | 1.1.1.1 | 0x70d6 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 15:48:06.860342026 CEST | 192.168.2.8 | 1.1.1.1 | 0xe00b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 15:48:06.860826969 CEST | 192.168.2.8 | 1.1.1.1 | 0x68a6 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 15:48:07.608256102 CEST | 192.168.2.8 | 1.1.1.1 | 0xa746 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 15:48:07.608416080 CEST | 192.168.2.8 | 1.1.1.1 | 0x828 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 15:48:04.309467077 CEST | 1.1.1.1 | 192.168.2.8 | 0x5b | No error (0) | k8s-ingressn-ingressn-e4b41ee854-e87a49efc6c35241.elb.us-east-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:04.309467077 CEST | 1.1.1.1 | 192.168.2.8 | 0x5b | No error (0) | 18.223.179.225 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:04.309467077 CEST | 1.1.1.1 | 192.168.2.8 | 0x5b | No error (0) | 3.131.14.177 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:04.309467077 CEST | 1.1.1.1 | 192.168.2.8 | 0x5b | No error (0) | 18.118.56.25 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:04.370826960 CEST | 1.1.1.1 | 192.168.2.8 | 0x70d6 | No error (0) | k8s-ingressn-ingressn-e4b41ee854-e87a49efc6c35241.elb.us-east-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:06.987963915 CEST | 1.1.1.1 | 192.168.2.8 | 0x68a6 | No error (0) | www.dhl.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:07.053822994 CEST | 1.1.1.1 | 192.168.2.8 | 0xe00b | No error (0) | www.dhl.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:07.740344048 CEST | 1.1.1.1 | 192.168.2.8 | 0x828 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 15:48:07.741745949 CEST | 1.1.1.1 | 192.168.2.8 | 0xa746 | No error (0) | 142.250.217.164 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:19.143817902 CEST | 1.1.1.1 | 192.168.2.8 | 0xb3ca | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:19.143817902 CEST | 1.1.1.1 | 192.168.2.8 | 0xb3ca | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:31.669570923 CEST | 1.1.1.1 | 192.168.2.8 | 0xe199 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:31.669570923 CEST | 1.1.1.1 | 192.168.2.8 | 0xe199 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:58.433243036 CEST | 1.1.1.1 | 192.168.2.8 | 0x8287 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:48:58.433243036 CEST | 1.1.1.1 | 192.168.2.8 | 0x8287 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 15:49:15.776617050 CEST | 1.1.1.1 | 192.168.2.8 | 0x15b1 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 15:49:15.776617050 CEST | 1.1.1.1 | 192.168.2.8 | 0x15b1 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 15:48:18.504317999 CEST | 23.206.229.226 | 443 | 192.168.2.8 | 49703 | CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US | CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020 | Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0 | 28a2c9bd18a11de089ef85a160da29e4 |
CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US | CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Aug 12 02:00:00 CEST 2020 | Fri Jun 28 01:59:59 CEST 2024 |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49711 | 18.223.179.225 | 443 | 6864 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 13:48:05 UTC | 1021 | OUT | |
2024-04-26 13:48:06 UTC | 261 | IN | |
2024-04-26 13:48:06 UTC | 133 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49716 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 13:48:10 UTC | 161 | OUT | |
2024-04-26 13:48:10 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49717 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 13:48:10 UTC | 239 | OUT | |
2024-04-26 13:48:11 UTC | 530 | IN | |
2024-04-26 13:48:11 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:47:57 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 15:48:01 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 15:48:03 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |