Play interactive tourEdit tour
Analysis Report http://cobalten.com/apu.php?zoneid=1543391
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Found WSH timer for Javascript or VBS script (likely evasive script)
Potential browser exploit detected (process start blacklist hit)
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Path Interception | Process Injection2 | Masquerading1 | OS Credential Dumping | Process Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection2 | LSASS Memory | File and Directory Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Scripting1 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cobalten.com | 139.45.196.83 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true |
| low |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
139.45.196.83 | unknown | Netherlands | 9002 | RETN-ASEU | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 324344 |
Start date: | 29.11.2020 |
Start time: | 10:03:04 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://cobalten.com/apu.php?zoneid=1543391 |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@5/9@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32344 |
Entropy (8bit): | 1.796751689523737 |
Encrypted: | false |
SSDEEP: | 192:r9ZaZll299WfztTif2c+zMcWB3QiRkGP1AyXyp2:rTGl89Ufx0fPPF2yt |
MD5: | 14E3FBB02E4A1E3F4093CBDB2C849CC3 |
SHA1: | 58057F91AA6DD83F30ED46E619123179445FCD88 |
SHA-256: | 110EABAF3E1B741DED95DB1D72F94CE872430D538F6E8E5BC0AE65617DE70D05 |
SHA-512: | 531B42249C72F641A765CCC552CF15E97A2D4C89327FC277DA642BF404DD240C3CBACFE198F68723F555AE64EC8E72001A6D35D53D2A970CB171E1A568CE4DC7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 19032 |
Entropy (8bit): | 1.6006443159742842 |
Encrypted: | false |
SSDEEP: | 48:Iw/GcprGjGwpa+G4pQOhGrapbSjrGQpBl9WGHHpclOXsTGUpQlCiQGcpm:rVZaQ+6OxBSjFjl9V2lOXk6lgg |
MD5: | D46933DC8A8508F0DEF22E85BF63782A |
SHA1: | 5F1E6ACF5A510E2CC393327DBDE1543E6F374EBE |
SHA-256: | CFF602EE4C36BB577A44417725BF19F7CB264CF2E72E3E9146B769C212189D27 |
SHA-512: | 3610CBC47FDC460AE795E1156E24BDDABAFF6E4A4697801C998E3002457786A77594031C2B9056BE146C4D0D4374A073850B168BFE640A84B60294D63DEDCDEF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63244 |
Entropy (8bit): | 5.305075867676128 |
Encrypted: | false |
SSDEEP: | 768:zxU7XsA1y2H2wWirIv+XIJYN4b/QQASNOEguYJwjc6n5njZet1mC4HdrGB88q9i7:1UbsA1lrIv+XulNAB9u6Cjy1mjJE8w |
MD5: | 468803AC7B14D9E67D8533EE74D8E9DA |
SHA1: | E0B1B62B16DA21688CFB9E740ABD9AAD5014222F |
SHA-256: | C6910AF0DB585874714680D0B8F400A05C0B006733DAAA681B1F58D702411E2D |
SHA-512: | 28AF18835313C6806F688D3E1B6407D14DA2538902F4651616C13B6DFB3DB5B7F3A0F96CCB971F6F352669111ECA46B74A6A839790D9282CB990EBC44CC7539D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:W:W |
MD5: | ECCBC87E4B5CE2FE28308FD9F2A7BAF3 |
SHA1: | 77DE68DAECD823BABBB58EDB1C8E14D7106E83BB |
SHA-256: | 4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE |
SHA-512: | 3BAFBF08882A2D10133093A1B8433F50563B93C14ACD05B79028EB1D12799027241450980651994501423A66C276AE26C43B739BC65C4E16B10C3AF6C202AEBB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63244 |
Entropy (8bit): | 5.305075867676128 |
Encrypted: | false |
SSDEEP: | 768:zxU7XsA1y2H2wWirIv+XIJYN4b/QQASNOEguYJwjc6n5njZet1mC4HdrGB88q9i7:1UbsA1lrIv+XulNAB9u6Cjy1mjJE8w |
MD5: | 468803AC7B14D9E67D8533EE74D8E9DA |
SHA1: | E0B1B62B16DA21688CFB9E740ABD9AAD5014222F |
SHA-256: | C6910AF0DB585874714680D0B8F400A05C0B006733DAAA681B1F58D702411E2D |
SHA-512: | 28AF18835313C6806F688D3E1B6407D14DA2538902F4651616C13B6DFB3DB5B7F3A0F96CCB971F6F352669111ECA46B74A6A839790D9282CB990EBC44CC7539D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.376382982745554 |
Encrypted: | false |
SSDEEP: | 3:oVXVPIMfO75b8JOGXnFPIMfO75+un:o9WMqVqmMq0u |
MD5: | 28B3CDBBB2DEB560B229EF760BDA5DC3 |
SHA1: | 8A59EBC87777925FE32B755C5A9220376D75AA5D |
SHA-256: | 52F6CEEE041FD1774C0268E908F9D701BC71DD88D7AA9FA859F971756260D1A5 |
SHA-512: | E96573353E6711825682A45CED028A0689664E6C170F05EF41242A5A207EC40323EF298A098BC48222259E61C39D0C7E44BB124B542C583192D4530FF7F5B008 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29989 |
Entropy (8bit): | 0.3303862347843544 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwlA9lwlw9l2lm/9l2lz:kBqoxKAuvScS+ljl9lm+ljlCy |
MD5: | 34D95264272545DD591CDBECA4CF0FB9 |
SHA1: | 8325D66421DA421BECE431BF73E5C96D606E0013 |
SHA-256: | 781B0F673243B0FB06C3BD984B446A8C7D831D24B48249F3E2737B2376D42662 |
SHA-512: | 2000AFC90F607DDF3FFBF412BF880E90CA3F5233081B0A24AC83CCD0BC53FC4090F58405114ED6F823CDA45C30210BC4E676DDCBBA1FF90F8282FF90E95B35C5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12981 |
Entropy (8bit): | 0.4415542379601371 |
Encrypted: | false |
SSDEEP: | 12:c9lCg5/9lCgeK9l26an9l26an9l8fRRF9l8fRz9lTq5AoLC:c9lLh9lLh9lIn9lIn9loz9loz9lWs |
MD5: | 63F15878D07078EFAEE2987386A9FE86 |
SHA1: | 6D49A13E9915A4DCDB4FB0B038AB951C53CAAB8A |
SHA-256: | 80CEB98819C9FDB3D69747F0ECC0BFCC8AA112E51BECC629966780295F01B739 |
SHA-512: | 30EAE097291797F8274847140C8702DC0EF8498B8308A80894EAAB059292F9C8A23D29DD2FD3BD40193237D6C8EEF6649337416272519C7E407FBAF13C6AD515 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2020 10:03:49.936918974 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.937750101 CET | 49731 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.962661982 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.962770939 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.963325024 CET | 80 | 49731 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.963402987 CET | 49731 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.964040995 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.989686012 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996120930 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996169090 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996191978 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996202946 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996220112 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996246099 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996263027 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996294022 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996304035 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996335030 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996349096 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996377945 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996387959 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996413946 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996438026 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996459961 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996478081 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996500969 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:49.996537924 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:49.996550083 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022214890 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022252083 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022283077 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022298098 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022325039 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022330999 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022346973 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022360086 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022392035 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022399902 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022403955 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022433996 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:50.022454023 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:50.022481918 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:03:54.996385098 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:03:54.996725082 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:04:02.194062948 CET | 49730 | 80 | 192.168.2.4 | 139.45.196.83 |
Nov 29, 2020 10:04:02.219938040 CET | 80 | 49730 | 139.45.196.83 | 192.168.2.4 |
Nov 29, 2020 10:04:02.227606058 CET | 49731 | 80 | 192.168.2.4 | 139.45.196.83 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2020 10:03:48.832676888 CET | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:03:48.869710922 CET | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:03:49.890487909 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:03:49.925926924 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:03:56.968848944 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:03:56.996298075 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:17.220031023 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:17.247478962 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:18.823914051 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:18.863179922 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:19.255518913 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:19.291258097 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:19.827651978 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:19.863396883 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:20.830734015 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:20.866213083 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:22.453840017 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:22.490827084 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:22.562586069 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:22.599355936 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:22.846357107 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:22.881577969 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:23.023591042 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:23.079916000 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:23.466439009 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:23.501782894 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:23.647947073 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:23.674860954 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:24.192768097 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:24.230690002 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:24.807898998 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:24.843483925 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:24.879498005 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:24.891875982 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:24.918977976 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:24.923193932 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:25.212330103 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:25.248246908 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:25.653007030 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:25.688878059 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:26.185631990 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:26.221194983 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:26.302387953 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:26.329488993 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:26.830339909 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:26.862430096 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:26.865880966 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:26.900038958 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:27.251632929 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:27.278814077 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:27.369324923 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:27.404973030 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:28.603399992 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:28.639071941 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:29.618382931 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:29.645915985 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:30.717787027 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:30.745055914 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:31.743808985 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:31.771111012 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:32.807871103 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:32.835032940 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:33.316510916 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:33.343626976 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:34.089165926 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:34.116295099 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:35.219573021 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:35.246833086 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:36.208369970 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:36.244106054 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:37.914171934 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:37.941526890 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:39.007266045 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:39.043148994 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:40.089257956 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:40.116472960 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:41.432390928 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:41.459590912 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:42.604558945 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:42.631647110 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:43.709355116 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:43.736694098 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:44.821275949 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:44.848459005 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:51.890614033 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:51.901263952 CET | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:51.917781115 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:51.936786890 CET | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:04:55.120908022 CET | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:04:55.156374931 CET | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:05:26.084811926 CET | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:05:26.112126112 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Nov 29, 2020 10:05:27.608913898 CET | 53418 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 29, 2020 10:05:27.660434008 CET | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 29, 2020 10:03:49.890487909 CET | 192.168.2.4 | 8.8.8.8 | 0xa10 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 29, 2020 10:03:49.925926924 CET | 8.8.8.8 | 192.168.2.4 | 0xa10 | No error (0) | 139.45.196.83 | A (IP address) | IN (0x0001) | ||
Nov 29, 2020 10:03:49.925926924 CET | 8.8.8.8 | 192.168.2.4 | 0xa10 | No error (0) | 139.45.196.21 | A (IP address) | IN (0x0001) | ||
Nov 29, 2020 10:03:49.925926924 CET | 8.8.8.8 | 192.168.2.4 | 0xa10 | No error (0) | 139.45.195.158 | A (IP address) | IN (0x0001) | ||
Nov 29, 2020 10:03:49.925926924 CET | 8.8.8.8 | 192.168.2.4 | 0xa10 | No error (0) | 139.45.195.37 | A (IP address) | IN (0x0001) | ||
Nov 29, 2020 10:03:49.925926924 CET | 8.8.8.8 | 192.168.2.4 | 0xa10 | No error (0) | 139.45.197.8 | A (IP address) | IN (0x0001) | ||
Nov 29, 2020 10:03:49.925926924 CET | 8.8.8.8 | 192.168.2.4 | 0xa10 | No error (0) | 139.45.195.102 | A (IP address) | IN (0x0001) | ||
Nov 29, 2020 10:04:22.490827084 CET | 8.8.8.8 | 192.168.2.4 | 0x97c8 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 139.45.196.83 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 29, 2020 10:03:49.964040995 CET | 2 | OUT | |
Nov 29, 2020 10:03:49.996120930 CET | 3 | IN |