Windows
Analysis Report
https://www.clktoro.com/feed/click/?t1=128&tid=859&uid=26&subid=remotescripps.org&id=62b00eca6d15ba41d06e054ec8234620:c5cc33c8f67a8e2157054b6a1a46513330d8d1b9ba254759e28d5e39682faf3a0c638282c2c64e9d5352d1ed667ebaaf8201abc8c47aea233add3225b515fb85693743b12c7509aae6fe6327275ef08dc3f481903563d1550be494
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 3608 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1988 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2288 --fi eld-trial- handle=222 4,i,148824 3707127176 6059,13575 4450177222 08668,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 3964 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://www.c lktoro.com /feed/clic k/?t1=128& tid=859&ui d=26&subid =remotescr ipps.org&i d=62b00eca 6d15ba41d0 6e054ec823 4620:c5cc3 3c8f67a8e2 157054b6a1 a46513330d 8d1b9ba254 759e28d5e3 9682faf3a0 c638282c2c 64e9d5352d 1ed667ebaa f8201abc8c 47aea233ad d3225b515f b85693743b 12c7509aae 6fe6327275 ef08dc3f48 1903563d15 50be49405e 93a390c411 76fe292821 b7d6098f34 b28b9e7b3c 1a327f1682 18dd37d959 e1d8326a3d c7910042cd 769fb91dfb 171de39390 7f5870d110 0482cb1587 54118b4017 27ac226cff c957846c78 b0e9abcca8 d32d5a6ad7 5dd1af64e7 feee6f847b a1695ac8b9 515c5fe28c c4005f0012 c33f25f149 67186986fa 0130af2fc9 61a6ad412c 9b4aa8c9bb 8de73d1c78 5c14d432fe 083fc1215c 9564a8991d 6fc9805ac1 27a42ffdfa df6dae0f27 31324a242c 43e3fceec3 023a215593 9fe1a27676 e4a6a87cfc 84b770a7bc 9f80a549fd 09cfb1ad64 5853bdfb1b 7639d71e11 035e1789b9 64e38c9135 2f7c5a319e 5df2967102 2a79d04" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
clicks.torromi.luckarea.com | 142.93.240.225 | true | false | unknown | |
www.google.com | 142.250.217.164 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown | |
www.clktoro.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.217.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.93.240.225 | clicks.torromi.luckarea.com | United States | 14061 | DIGITALOCEAN-ASNUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432301 |
Start date and time: | 2024-04-26 20:23:28 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.clktoro.com/feed/click/?t1=128&tid=859&uid=26&subid=remotescripps.org&id=62b00eca6d15ba41d06e054ec8234620:c5cc33c8f67a8e2157054b6a1a46513330d8d1b9ba254759e28d5e39682faf3a0c638282c2c64e9d5352d1ed667ebaaf8201abc8c47aea233add3225b515fb85693743b12c7509aae6fe6327275ef08dc3f481903563d1550be49405e93a390c41176fe292821b7d6098f34b28b9e7b3c1a327f168218dd37d959e1d8326a3dc7910042cd769fb91dfb171de393907f5870d1100482cb158754118b401727ac226cffc957846c78b0e9abcca8d32d5a6ad75dd1af64e7feee6f847ba1695ac8b9515c5fe28cc4005f0012c33f25f14967186986fa0130af2fc961a6ad412c9b4aa8c9bb8de73d1c785c14d432fe083fc1215c9564a8991d6fc9805ac127a42ffdfadf6dae0f2731324a242c43e3fceec3023a2155939fe1a27676e4a6a87cfc84b770a7bc9f80a549fd09cfb1ad645853bdfb1b7639d71e11035e1789b964e38c91352f7c5a319e5df29671022a79d04 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@16/6@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.217.163, 142.250.189.142, 142.251.107.84, 34.104.35.123, 23.45.182.107, 23.45.182.104, 23.45.182.69, 23.45.182.105, 23.45.182.80, 23.45.182.97, 23.45.182.76, 23.45.182.100, 23.45.182.73, 23.45.182.83, 192.229.211.108, 13.95.31.18, 13.85.23.206, 142.250.189.131, 23.45.182.93, 23.45.182.85, 23.45.182.70, 23.45.182.68
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.977001134337559 |
Encrypted: | false |
SSDEEP: | 48:86dLTTTFH0idAKZdA19ehwiZUklqehKy+3:827AFy |
MD5: | 6F62A40099113D30B23E9547AB73F72C |
SHA1: | B7871CDE982BFE4262227FDB7EBB5569652D83C6 |
SHA-256: | D571DA4A7AB7AC7ACCD19A8E31868EF722C146A8C12A573C65F8FF61CE55177D |
SHA-512: | AAA85402184EE94C8F052E4C336571E1A58CA730D107388B5547F43A8D680140787E6CD607686D2D47CFDA7BD9C296814E11A31FC0E4B60DF49F4E709DD806A9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.995271521045806 |
Encrypted: | false |
SSDEEP: | 48:8SdLTTTFH0idAKZdA1weh/iZUkAQkqeh1y+2:8+769Qoy |
MD5: | 5DC0C041BB170E961B0E1A9A57A66E5B |
SHA1: | BD4155D91617464C6FDFA24EF440DF4A09AD7047 |
SHA-256: | 220CF2450B6B0FA5265A3747872E0440E363A20E4AE6D1902803E1553CADBCE9 |
SHA-512: | 55431C66ED5436CD876FD56FD639120BFDB6AB70518D07C766525EAEF8EB6B61040E6854CAED890E4D321D79B1C354D122290DA4D14AA21F680E21831368E68B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.004906271665713 |
Encrypted: | false |
SSDEEP: | 48:8xsdLTTTsH0idAKZdA14tseh7sFiZUkmgqeh7sby+BX:8x87Nn5y |
MD5: | DB012E90067946D4AAD7489D3A36BE64 |
SHA1: | D4234B591FFD6FC55AAE7EC8BEFFB7D31B11D33D |
SHA-256: | 8A7678985F56FF6448CE26C64F89D7C3ED305C0E5C335C57AD67D7F7095BF32B |
SHA-512: | 35431E956D0BF2A04A052A6798B5522C8EDBF22123F7EC2DA1A5DDDF7FF5DBF9C4C93E0AFFC4CF687FA5239FE19157F8899298BD92B9746EE91E4360F4456441 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.990779535725161 |
Encrypted: | false |
SSDEEP: | 48:8hdLTTTFH0idAKZdA1vehDiZUkwqehxy+R:8n7hzy |
MD5: | 9796F4CD603B058F6D530F27DC6B462D |
SHA1: | 02B4F8D4E8097E68204DBFCA451CDE190A4795F1 |
SHA-256: | A3182E16EFF059CF5D5C6F3E8362777BAD2516FC1BFCCF0901DBE19B9ED54419 |
SHA-512: | 4AC538ED69D972639AE9F51CEF864EF8D376E0ECCB1DEAD4498AA896AD8875F7022B1AA9FCA68F7ABDF411A79C0542880C0A6F916037EAC79E3D02ECDC233ADF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9833114626418453 |
Encrypted: | false |
SSDEEP: | 48:8/dLTTTFH0idAKZdA1hehBiZUk1W1qehPy+C:8R7h9vy |
MD5: | DF4E461A90C5A8D729C2CB90F94AF146 |
SHA1: | 8070791262C6EC241B8C51507D1D0268774DFE6D |
SHA-256: | 871F010CEECD37A26FCC6279A9E71CE965D94567BD24F83D67735DAB3ED2EE92 |
SHA-512: | 5B72C8F37A8ACC8572C97A668763ACFA4AE87CC83C1B1AE661BEC177A524A3812AFCFFAB3420240B9C7E9FEDFA0938106AEA61365F5EC3CE2748CF33F698F9BD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9926003846349833 |
Encrypted: | false |
SSDEEP: | 48:88dLTTTFH0idAKZdA1duT+ehOuTbbiZUk5OjqehOuTb5y+yT+:8s7dT/TbxWOvTb5y7T |
MD5: | B6563056E0693C70010FB75C05B4572D |
SHA1: | EF24DECD2767146C5E4AC6BF170B0D553C59809D |
SHA-256: | A2AFC428A97F113242088A51C2C39555962CB0C88CE2FBA24732A0A238031E36 |
SHA-512: | 1FE3F0C474BF0B278EC62BB0713F249BB5D7072823867E73C73886713C288F9CD54B458873E8F1E4ECC48653EDFD2E9D83CD901796FE690E797ED31B5A34747B |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 20:24:12.437757015 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:12.437854052 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:12.562717915 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:22.114768982 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:22.177174091 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:22.224092007 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:23.181418896 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.181477070 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.185199022 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.185381889 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.185420990 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.185472012 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.186307907 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.186336040 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.186459064 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.186475992 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.517828941 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.518631935 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.528157949 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.528177977 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.528325081 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.528351068 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.529145956 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.529205084 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.529237986 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.529297113 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.538579941 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.538641930 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.538834095 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.538845062 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.539083004 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.539150000 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.671415091 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.678042889 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:23.678221941 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:23.724575996 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.724592924 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.869864941 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.872016907 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:23.872081041 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.914911985 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.938863039 CEST | 49711 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:23.938898087 CEST | 443 | 49711 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:24.216645956 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:24.264115095 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:24.377449989 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:24.377526045 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:24.377614975 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:24.378778934 CEST | 49710 | 443 | 192.168.2.5 | 142.93.240.225 |
Apr 26, 2024 20:24:24.378788948 CEST | 443 | 49710 | 142.93.240.225 | 192.168.2.5 |
Apr 26, 2024 20:24:24.404558897 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:24.404603958 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:24.404696941 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:24.405255079 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:24.405270100 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:24.741410971 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:24.741817951 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:24.741879940 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:24.742932081 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:24.743007898 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:25.146014929 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:25.146151066 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:25.270447969 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:25.270507097 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:25.379832983 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:27.548589945 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:27.548645020 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:27.548728943 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:27.554991961 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:27.555006981 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:27.814500093 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:27.814570904 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:27.821352005 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:27.821367025 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:27.821578026 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:27.926696062 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.241120100 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.288115025 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.367292881 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.367403030 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.367499113 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.568790913 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.568819046 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.568830967 CEST | 49714 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.568837881 CEST | 443 | 49714 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.626924992 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.627011061 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.627094984 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.627913952 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.627927065 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.884659052 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.884728909 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.892324924 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:28.892343998 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:28.892770052 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:29.071593046 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:30.720129013 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:30.768114090 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:30.846568108 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:30.846623898 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:30.846690893 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:30.892160892 CEST | 49715 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 20:24:30.892199993 CEST | 443 | 49715 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 20:24:32.680011034 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:32.680049896 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:32.680116892 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:32.681745052 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:32.681756973 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:33.153729916 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:33.153810978 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:33.235795021 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:33.235816956 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:33.236248016 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:33.286797047 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:33.843507051 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:33.888118029 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.085108042 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.085350990 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.085712910 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.085735083 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.085864067 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.086194992 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.086205006 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150691032 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150710106 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150717020 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150736094 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150787115 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150813103 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:34.150836945 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150845051 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150871992 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:34.150887966 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.150923014 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:34.150955915 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:34.310420990 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.310542107 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.434355021 CEST | 49716 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:24:34.434386015 CEST | 443 | 49716 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:24:34.554466009 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.554531097 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.606702089 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.606725931 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.607893944 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.608551979 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.609025955 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.609083891 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.609226942 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:34.609236002 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:34.719542980 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:34.719691992 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:24:34.719763994 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:35.034949064 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:35.035038948 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:35.035056114 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:35.035072088 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 20:24:35.035101891 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:35.035183907 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 20:24:36.460522890 CEST | 49713 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:24:36.460604906 CEST | 443 | 49713 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:10.845683098 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:10.845709085 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:10.845877886 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:10.849448919 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:10.849461079 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.315124989 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.315278053 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.348853111 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.348870993 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.349112034 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.360344887 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.408107042 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.771878004 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.771898985 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.771950006 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.771965027 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.771981001 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.772010088 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.772032976 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.772846937 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.772895098 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.772910118 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:11.772912025 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.772958994 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.780622005 CEST | 49724 | 443 | 192.168.2.5 | 20.12.23.50 |
Apr 26, 2024 20:25:11.780632973 CEST | 443 | 49724 | 20.12.23.50 | 192.168.2.5 |
Apr 26, 2024 20:25:24.334755898 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:24.334806919 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:24.334908009 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:24.335210085 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:24.335227966 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:24.722173929 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:24.722433090 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:24.722453117 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:24.722743034 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:24.723113060 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:24.723176956 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:24.770881891 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:34.711477041 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:34.711544037 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 20:25:34.711616039 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:36.460552931 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 20:25:36.460589886 CEST | 443 | 49726 | 142.250.217.164 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 20:24:20.376480103 CEST | 53 | 58701 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:20.422049999 CEST | 53 | 56752 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:21.387258053 CEST | 53 | 64303 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:22.834539890 CEST | 61503 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 20:24:22.834661961 CEST | 52861 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 20:24:22.960750103 CEST | 53 | 61503 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:22.961011887 CEST | 53 | 52861 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:24.276838064 CEST | 64057 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 20:24:24.277434111 CEST | 65444 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 20:24:24.401784897 CEST | 53 | 64057 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:24.402992964 CEST | 53 | 65444 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:38.812011003 CEST | 53 | 58805 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:24:57.627316952 CEST | 53 | 55856 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:25:20.146934032 CEST | 53 | 53429 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 20:25:20.712266922 CEST | 53 | 58600 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 20:24:22.834539890 CEST | 192.168.2.5 | 1.1.1.1 | 0x9a8f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 20:24:22.834661961 CEST | 192.168.2.5 | 1.1.1.1 | 0x3971 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 20:24:24.276838064 CEST | 192.168.2.5 | 1.1.1.1 | 0x7776 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 20:24:24.277434111 CEST | 192.168.2.5 | 1.1.1.1 | 0xf5ff | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 20:24:22.960750103 CEST | 1.1.1.1 | 192.168.2.5 | 0x9a8f | No error (0) | clicks.torromi.luckarea.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:22.960750103 CEST | 1.1.1.1 | 192.168.2.5 | 0x9a8f | No error (0) | 142.93.240.225 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:22.961011887 CEST | 1.1.1.1 | 192.168.2.5 | 0x3971 | No error (0) | clicks.torromi.luckarea.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:24.401784897 CEST | 1.1.1.1 | 192.168.2.5 | 0x7776 | No error (0) | 142.250.217.164 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:24.402992964 CEST | 1.1.1.1 | 192.168.2.5 | 0xf5ff | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 20:24:33.693598986 CEST | 1.1.1.1 | 192.168.2.5 | 0x8f9f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:33.693598986 CEST | 1.1.1.1 | 192.168.2.5 | 0x8f9f | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:46.814152002 CEST | 1.1.1.1 | 192.168.2.5 | 0x5497 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 20:24:46.814152002 CEST | 1.1.1.1 | 192.168.2.5 | 0x5497 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 20:25:12.713223934 CEST | 1.1.1.1 | 192.168.2.5 | 0x588b | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 20:25:12.713223934 CEST | 1.1.1.1 | 192.168.2.5 | 0x588b | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 20:25:33.800682068 CEST | 1.1.1.1 | 192.168.2.5 | 0x70a2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 20:25:33.800682068 CEST | 1.1.1.1 | 192.168.2.5 | 0x70a2 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 142.93.240.225 | 443 | 1988 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:24:23 UTC | 1424 | OUT | |
2024-04-26 18:24:23 UTC | 318 | IN | |
2024-04-26 18:24:23 UTC | 44 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 142.93.240.225 | 443 | 1988 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:24:24 UTC | 1352 | OUT | |
2024-04-26 18:24:24 UTC | 147 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49714 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:24:28 UTC | 161 | OUT | |
2024-04-26 18:24:28 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49715 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:24:30 UTC | 239 | OUT | |
2024-04-26 18:24:30 UTC | 530 | IN | |
2024-04-26 18:24:30 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49716 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:24:33 UTC | 306 | OUT | |
2024-04-26 18:24:34 UTC | 560 | IN | |
2024-04-26 18:24:34 UTC | 15824 | IN | |
2024-04-26 18:24:34 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.2.5 | 49721 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:24:34 UTC | 2148 | OUT | |
2024-04-26 18:24:34 UTC | 1 | OUT | |
2024-04-26 18:24:34 UTC | 2483 | OUT | |
2024-04-26 18:24:35 UTC | 480 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49724 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 18:25:11 UTC | 306 | OUT | |
2024-04-26 18:25:11 UTC | 560 | IN | |
2024-04-26 18:25:11 UTC | 15824 | IN | |
2024-04-26 18:25:11 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 20:24:13 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 20:24:18 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 20:24:20 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |