Windows
Analysis Report
https://www.leoni.com/fileadmin/common/data_protection/datenschutzinformationen_fuer_business_partner_und_kunden.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6832 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 4612 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2044 --fi eld-trial- handle=199 2,i,179254 7137422562 503,109606 9158225356 3914,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 280 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://www.l eoni.com/f ileadmin/c ommon/data _protectio n/datensch utzinforma tionen_fue r_business _partner_u nd_kunden. pdf" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 11 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false |
| unknown |
www.google.com | 142.250.65.228 | true | false | high | |
leoni-website-live-519859459.eu-central-1.elb.amazonaws.com | 35.157.71.104 | true | false | high | |
d1619fmrcx9c43.cloudfront.net | 13.35.90.23 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false |
| unknown |
www.leoni.com | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.65.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
13.35.90.87 | unknown | United States | 16509 | AMAZON-02US | false | |
13.35.90.23 | d1619fmrcx9c43.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
35.157.71.104 | leoni-website-live-519859459.eu-central-1.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false |
IP |
---|
192.168.2.9 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430153 |
Start date and time: | 2024-04-23 08:12:40 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.leoni.com/fileadmin/common/data_protection/datenschutzinformationen_fuer_business_partner_und_kunden.pdf |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@19/11@8/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.40.195, 142.250.65.174, 142.251.167.84, 34.104.35.123, 20.114.59.183, 192.229.211.108, 52.165.164.15, 13.85.23.206, 142.250.65.227
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.97572044161974 |
Encrypted: | false |
SSDEEP: | 48:8SdWTQPHAidAKZdA1P4ehwiZUklqehyy+3:8fM6Ody |
MD5: | 3322EDA100F5A10BF8EE6B059EC29A84 |
SHA1: | 0ABA5F310B52791CBBF8A7E4C8625A7D0705B7F1 |
SHA-256: | 80A691A27DFD53D8AEDEF287134011C13FB877C4A815FB0223E30107D53CF229 |
SHA-512: | ABBEEB8C05E7FE3C436B2B7211CC0BD38B4AB6ACBD5686A1A122060895909731CF21502BE0AF19C29F1A89FE9E01EFA46F9F753E8EB732AAE264577FD0EFE85D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9941037879828163 |
Encrypted: | false |
SSDEEP: | 48:8QdWTQPHAidAKZdA1+4eh/iZUkAQkqehNy+2:8NM7F9Qoy |
MD5: | 6E83C4BFBC944B9E131E4D4E879BE462 |
SHA1: | 23D38351B843CB9A4A154D8859675B5EC8B9ECE2 |
SHA-256: | DB9A63DBC13C5F86D05B4BDA657D6ECBC754F2C6FC81A2C868F9942A8CA043E9 |
SHA-512: | FC8546CAD27F282124BB0B879A8B9C46EDBDC52454DF1BF3B9A63844D61A62E6C3DD1C43EFDBF55FFAA207AA147CEB80E5C195751B8C4E1A7DB9A3A908DD4089 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.002172406971555 |
Encrypted: | false |
SSDEEP: | 48:8qdWTQVHAidAKZdA1404eh7sFiZUkmgqeh7sDy+BX:8nMYIn5y |
MD5: | CDF894991A3CB949E6940D778A41A694 |
SHA1: | 6AC19BE40A8CED8BBEEA3F6D17503031678E7E44 |
SHA-256: | EB982738DC4AF06DECC17C1DD2CB3B147F3C81CB028F4CE1C5F3BC8A1683C52A |
SHA-512: | C083BD535DB3D00C591CB8CDD48DEA433CC066072202B42C9EE3B0B69C26DB1906014E5715C5ADC96A1D2AE7D00C8C9B65C6D42D966DA2D0FDAED512E86A365F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.990131794601005 |
Encrypted: | false |
SSDEEP: | 48:8qdWTQPHAidAKZdA1p4ehDiZUkwqehBy+R:8nMM5Ly |
MD5: | 53E8BD06B056B040501D40C0BCEF0597 |
SHA1: | 7975661BEFFE39065025A92208AC550DEC2C4E30 |
SHA-256: | 3C7D38B34580DC67142F4DF6F5D4EB3EFCC8B1BCF52945167B29B79D1DA8200D |
SHA-512: | 0A8C1F9731C3DCC95388F75025375776E736AD764A00DD376930732B7779B7E765BCC29B6C6D3EA6F41C023A72FA3DB042F94571F2AFA9525AAAE5A3C3F77466 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.980396103716328 |
Encrypted: | false |
SSDEEP: | 48:8GdWTQPHAidAKZdA1X4ehBiZUk1W1qeh/y+C:8zMCb9fy |
MD5: | 0F0D3A74ADEDC5A288F12EBA9F079981 |
SHA1: | 79F339B9A2B358FA9B06B5B1C89071592375712D |
SHA-256: | EB5ED44BDEF9BB4935774AA243619289F799D4D304EE5C0338640A6AE065D322 |
SHA-512: | 51A8748AD5A75EFF27E09611D6782A6A0EF8D726D370B0907C5417A13D88B687D3228246DDC421D9F277B0F4EE0E28631484F34589EA2658B2F281DF973A5701 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9914879689269545 |
Encrypted: | false |
SSDEEP: | 48:8tdWTQPHAidAKZdA1duTc4ehOuTbbiZUk5OjqehOuTb5y+yT+:82MnTcJTbxWOvTb5y7T |
MD5: | 650F5F8CBB93B305A4331F73F6720FFE |
SHA1: | 4DAE4F23E4D2EB4A91C5491ECA3F271A8A4E6635 |
SHA-256: | 1CB14D3D1CF1EF0B647E85D33BFD563505E95DF13811F4A876E615B59F15C110 |
SHA-512: | C1C84E20629F5610D8CEE18098482ED86B3A0EABFF7E6A2533C112414923B247416B1EB94EFE04DE82BE10040E58082D4E5AD3BC7058378EB1F71C124F2256EA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1150 |
Entropy (8bit): | 4.041131349538279 |
Encrypted: | false |
SSDEEP: | 12:7IAIIIIIIIIIIIIl7hcOYKKzt54YYlJ8gZFZ9k:pIIIIIIIIIIIIlGOYBzt5A8e |
MD5: | 6CD6909EFDB32BEB5A7429796B3F2C7E |
SHA1: | 52BB7F65F1B62277D37B04C0F74354CFF5F0EE15 |
SHA-256: | 0C77738F28233059AE1913CCFFCC3B63EC716EB69E7E0B4F81A3E962AA1EFC8F |
SHA-512: | 303DA6A3B4199860B0982E4C4FB92AB4652B0AD21B07317DDDE35E292D5BE404FE100B9FDCDA22AB8016B965E4041B93AD843247BE15A169737666A33F0F0DA6 |
Malicious: | false |
Reputation: | low |
URL: | https://d1619fmrcx9c43.cloudfront.net/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1150 |
Entropy (8bit): | 4.041131349538279 |
Encrypted: | false |
SSDEEP: | 12:7IAIIIIIIIIIIIIl7hcOYKKzt54YYlJ8gZFZ9k:pIIIIIIIIIIIIlGOYBzt5A8e |
MD5: | 6CD6909EFDB32BEB5A7429796B3F2C7E |
SHA1: | 52BB7F65F1B62277D37B04C0F74354CFF5F0EE15 |
SHA-256: | 0C77738F28233059AE1913CCFFCC3B63EC716EB69E7E0B4F81A3E962AA1EFC8F |
SHA-512: | 303DA6A3B4199860B0982E4C4FB92AB4652B0AD21B07317DDDE35E292D5BE404FE100B9FDCDA22AB8016B965E4041B93AD843247BE15A169737666A33F0F0DA6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 103034 |
Entropy (8bit): | 7.893328848126814 |
Encrypted: | false |
SSDEEP: | 1536:kha9WZINjNPSNjpPo4XczBQyOJMv3e6/lddxb42kqat8WahP6i6MM8RfDdvS8V2f:RWZIDgRoFBQyB3ewPuXSp6ic8BDlBW |
MD5: | 97A977C49A9832352AB6C74CE1C6FA36 |
SHA1: | 8990F5CF6A8A7A48ED69859D05B2C74956E6DBD6 |
SHA-256: | D2184030D8AA80661DDE5AB73F5C6650D91BD3AC52A535745F711CDE87974507 |
SHA-512: | 3C35918CA18AFFDB5C6CA02B64A39BA6505A22A6F1929DA1076465AE92FD54D179FE576D2BB6E9CD0BEB4F7A4CE616DEAECA0464185D3A1656BEEAC17CF4DB80 |
Malicious: | false |
Reputation: | low |
URL: | https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/datenschutzinformationen_fuer_business_partner_und_kunden.pdf?1663161028 |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 08:13:25.571964979 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:25.884155035 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:26.493479967 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:26.509136915 CEST | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
Apr 23, 2024 08:13:26.556031942 CEST | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:26.556056023 CEST | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:26.712287903 CEST | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:27.696614981 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:30.102870941 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:34.290453911 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.290513039 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.290597916 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.291038036 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.291057110 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.291241884 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.291280985 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.291306973 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.291467905 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.291492939 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.810688019 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.811039925 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.811084032 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.811192989 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.811470985 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.811480045 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.812298059 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.812366962 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.812551022 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.812618017 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.813652992 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.813743114 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.814874887 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.814884901 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.815035105 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.815098047 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.856498003 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.858001947 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:34.858020067 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:34.903779030 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:34.904674053 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:35.005814075 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:35.006078005 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:35.006165981 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:35.008502960 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:35.008542061 CEST | 443 | 49712 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:13:35.008570910 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:35.008621931 CEST | 49712 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:13:35.114062071 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.114118099 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.114202976 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.114655972 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.114671946 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.299849987 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.300293922 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.300306082 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.301565886 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.301645994 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.303225994 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.303323030 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.303788900 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.303802967 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.357759953 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.499397039 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511643887 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511653900 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511703014 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511708975 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.511718988 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511727095 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511739969 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.511774063 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.511801958 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.526669979 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.526695013 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.526740074 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.526752949 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.526803970 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.528898001 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.528959036 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.596843004 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.596863985 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.596930981 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.596944094 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.597008944 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.613087893 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.613099098 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.613174915 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.613184929 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.613246918 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.629185915 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.629211903 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.629261017 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.629267931 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.629345894 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.676610947 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.676676035 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.676701069 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.676711082 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.676762104 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.679537058 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.679613113 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.681426048 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.681488037 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.681493998 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.681514025 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:35.681572914 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.713258982 CEST | 49715 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:35.713275909 CEST | 443 | 49715 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:36.109458923 CEST | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
Apr 23, 2024 08:13:36.157799959 CEST | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:36.157803059 CEST | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:36.314486980 CEST | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:36.897003889 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:36.897046089 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:36.897118092 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:36.980709076 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:36.980735064 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:37.160769939 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.160818100 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.160892010 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.171323061 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:37.200618029 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.200663090 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.201031923 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:37.201055050 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:37.202239990 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:37.202301979 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:37.280734062 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:37.280925989 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:37.325174093 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:37.325186014 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:37.367208004 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:37.383235931 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.434271097 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.533654928 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.533720970 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.534425974 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.536969900 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.537153006 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.537823915 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.584125996 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.627240896 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.627392054 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:37.627506971 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.700265884 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:13:37.700377941 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:37.845352888 CEST | 49717 | 443 | 192.168.2.9 | 13.35.90.23 |
Apr 23, 2024 08:13:37.845422983 CEST | 443 | 49717 | 13.35.90.23 | 192.168.2.9 |
Apr 23, 2024 08:13:38.190443039 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.190462112 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.190840960 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.192557096 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.192575932 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.379117966 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.379220009 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.383460045 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.383475065 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.383965015 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.429018021 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.511920929 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.556116104 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.600742102 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.600827932 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.601646900 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.618472099 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.618488073 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.618521929 CEST | 49718 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.618529081 CEST | 443 | 49718 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.698225975 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.698259115 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.698472977 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.699517965 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.699537992 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.701432943 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.701525927 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.701613903 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.706299067 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.706335068 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.881021976 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.882128954 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.882144928 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.883219004 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.883270979 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.890232086 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.890341997 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.892036915 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.892157078 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.893095970 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.893110037 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:38.896064997 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.896114111 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.896472931 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:38.902817965 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:38.932818890 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:38.944117069 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:39.057034969 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:39.057173967 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:39.057220936 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:39.059683084 CEST | 49719 | 443 | 192.168.2.9 | 13.35.90.87 |
Apr 23, 2024 08:13:39.059705019 CEST | 443 | 49719 | 13.35.90.87 | 192.168.2.9 |
Apr 23, 2024 08:13:39.063991070 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:39.064178944 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:39.064332008 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:39.069031000 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:39.069057941 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:39.069076061 CEST | 49720 | 443 | 192.168.2.9 | 23.51.58.94 |
Apr 23, 2024 08:13:39.069084883 CEST | 443 | 49720 | 23.51.58.94 | 192.168.2.9 |
Apr 23, 2024 08:13:44.513058901 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Apr 23, 2024 08:13:47.166110039 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:47.166157961 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:47.166353941 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:48.587311029 CEST | 49716 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:13:48.587342024 CEST | 443 | 49716 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:13:49.270447969 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:49.270849943 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:49.270849943 CEST | 49725 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:49.270899057 CEST | 443 | 49725 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:13:49.271332026 CEST | 49725 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:49.271332026 CEST | 49725 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:13:49.271372080 CEST | 443 | 49725 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:13:49.424854040 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:13:49.424874067 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:13:49.586400032 CEST | 443 | 49725 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:13:49.586484909 CEST | 49725 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:14:08.736434937 CEST | 443 | 49725 | 23.206.229.209 | 192.168.2.9 |
Apr 23, 2024 08:14:08.737627029 CEST | 49725 | 443 | 192.168.2.9 | 23.206.229.209 |
Apr 23, 2024 08:14:19.870693922 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:14:19.870734930 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:14:36.504036903 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:14:36.504252911 CEST | 443 | 49711 | 35.157.71.104 | 192.168.2.9 |
Apr 23, 2024 08:14:36.504322052 CEST | 49711 | 443 | 192.168.2.9 | 35.157.71.104 |
Apr 23, 2024 08:14:36.826870918 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:36.826919079 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:36.826981068 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:36.827754021 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:36.827766895 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:37.019416094 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:37.039143085 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:37.039165020 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:37.040445089 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:37.040868044 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:37.041048050 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:37.090271950 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:47.026370049 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:47.026437044 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Apr 23, 2024 08:14:47.026506901 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:51.032231092 CEST | 49728 | 443 | 192.168.2.9 | 142.250.65.228 |
Apr 23, 2024 08:14:51.032259941 CEST | 443 | 49728 | 142.250.65.228 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 08:13:32.104243040 CEST | 53 | 57035 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:32.196551085 CEST | 53 | 63762 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:32.734963894 CEST | 53 | 64320 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:34.098004103 CEST | 54663 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:34.098155975 CEST | 53448 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:34.288532019 CEST | 53 | 53448 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:34.289722919 CEST | 53 | 54663 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:35.009577036 CEST | 60485 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:35.009871006 CEST | 56301 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:35.107403040 CEST | 53 | 56301 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:35.113105059 CEST | 53 | 60485 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:36.784746885 CEST | 64547 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:36.785527945 CEST | 61688 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:36.872663975 CEST | 53 | 64547 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:36.873606920 CEST | 53 | 61688 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:38.575726032 CEST | 59515 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:38.575994968 CEST | 55615 | 53 | 192.168.2.9 | 1.1.1.1 |
Apr 23, 2024 08:13:38.678261042 CEST | 53 | 55615 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:38.693737030 CEST | 53 | 59515 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:13:52.856417894 CEST | 53 | 51330 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:14:12.289335012 CEST | 53 | 63760 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:14:25.407267094 CEST | 138 | 138 | 192.168.2.9 | 192.168.2.255 |
Apr 23, 2024 08:14:31.981209993 CEST | 53 | 65533 | 1.1.1.1 | 192.168.2.9 |
Apr 23, 2024 08:14:36.592571020 CEST | 53 | 61056 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 23, 2024 08:13:34.098004103 CEST | 192.168.2.9 | 1.1.1.1 | 0x8637 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 08:13:34.098155975 CEST | 192.168.2.9 | 1.1.1.1 | 0x95d3 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 08:13:35.009577036 CEST | 192.168.2.9 | 1.1.1.1 | 0x7b19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 08:13:35.009871006 CEST | 192.168.2.9 | 1.1.1.1 | 0xae61 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 08:13:36.784746885 CEST | 192.168.2.9 | 1.1.1.1 | 0x5975 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 08:13:36.785527945 CEST | 192.168.2.9 | 1.1.1.1 | 0x3132 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 08:13:38.575726032 CEST | 192.168.2.9 | 1.1.1.1 | 0x4374 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 08:13:38.575994968 CEST | 192.168.2.9 | 1.1.1.1 | 0x5e6c | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 23, 2024 08:13:34.288532019 CEST | 1.1.1.1 | 192.168.2.9 | 0x95d3 | No error (0) | leoni-website-live-519859459.eu-central-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:34.289722919 CEST | 1.1.1.1 | 192.168.2.9 | 0x8637 | No error (0) | leoni-website-live-519859459.eu-central-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:34.289722919 CEST | 1.1.1.1 | 192.168.2.9 | 0x8637 | No error (0) | 35.157.71.104 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:34.289722919 CEST | 1.1.1.1 | 192.168.2.9 | 0x8637 | No error (0) | 18.159.182.129 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:35.113105059 CEST | 1.1.1.1 | 192.168.2.9 | 0x7b19 | No error (0) | 13.35.90.23 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:35.113105059 CEST | 1.1.1.1 | 192.168.2.9 | 0x7b19 | No error (0) | 13.35.90.37 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:35.113105059 CEST | 1.1.1.1 | 192.168.2.9 | 0x7b19 | No error (0) | 13.35.90.87 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:35.113105059 CEST | 1.1.1.1 | 192.168.2.9 | 0x7b19 | No error (0) | 13.35.90.56 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:36.872663975 CEST | 1.1.1.1 | 192.168.2.9 | 0x5975 | No error (0) | 142.250.65.228 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:36.873606920 CEST | 1.1.1.1 | 192.168.2.9 | 0x3132 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 08:13:38.693737030 CEST | 1.1.1.1 | 192.168.2.9 | 0x4374 | No error (0) | 13.35.90.87 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:38.693737030 CEST | 1.1.1.1 | 192.168.2.9 | 0x4374 | No error (0) | 13.35.90.37 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:38.693737030 CEST | 1.1.1.1 | 192.168.2.9 | 0x4374 | No error (0) | 13.35.90.56 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:38.693737030 CEST | 1.1.1.1 | 192.168.2.9 | 0x4374 | No error (0) | 13.35.90.23 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:47.632488966 CEST | 1.1.1.1 | 192.168.2.9 | 0x5453 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:47.632488966 CEST | 1.1.1.1 | 192.168.2.9 | 0x5453 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:47.992935896 CEST | 1.1.1.1 | 192.168.2.9 | 0x1793 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 08:13:47.992935896 CEST | 1.1.1.1 | 192.168.2.9 | 0x1793 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:14:04.214519978 CEST | 1.1.1.1 | 192.168.2.9 | 0x7b91 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 08:14:04.214519978 CEST | 1.1.1.1 | 192.168.2.9 | 0x7b91 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:14:27.365765095 CEST | 1.1.1.1 | 192.168.2.9 | 0xf3c2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 08:14:27.365765095 CEST | 1.1.1.1 | 192.168.2.9 | 0xf3c2 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 08:14:48.151490927 CEST | 1.1.1.1 | 192.168.2.9 | 0x35df | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 08:14:48.151490927 CEST | 1.1.1.1 | 192.168.2.9 | 0x35df | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49712 | 35.157.71.104 | 443 | 4612 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:13:34 UTC | 750 | OUT | |
2024-04-23 06:13:35 UTC | 735 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49715 | 13.35.90.23 | 443 | 4612 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:13:35 UTC | 777 | OUT | |
2024-04-23 06:13:35 UTC | 674 | IN | |
2024-04-23 06:13:35 UTC | 16384 | IN | |
2024-04-23 06:13:35 UTC | 16384 | IN | |
2024-04-23 06:13:35 UTC | 1514 | IN | |
2024-04-23 06:13:35 UTC | 16384 | IN | |
2024-04-23 06:13:35 UTC | 16384 | IN | |
2024-04-23 06:13:35 UTC | 16384 | IN | |
2024-04-23 06:13:35 UTC | 11610 | IN | |
2024-04-23 06:13:35 UTC | 4774 | IN | |
2024-04-23 06:13:35 UTC | 3216 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49717 | 13.35.90.23 | 443 | 4612 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:13:37 UTC | 719 | OUT | |
2024-04-23 06:13:37 UTC | 552 | IN | |
2024-04-23 06:13:37 UTC | 1150 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49718 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:13:38 UTC | 161 | OUT | |
2024-04-23 06:13:38 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.9 | 49719 | 13.35.90.87 | 443 | 4612 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:13:38 UTC | 364 | OUT | |
2024-04-23 06:13:39 UTC | 552 | IN | |
2024-04-23 06:13:39 UTC | 1150 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.9 | 49720 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:13:38 UTC | 239 | OUT | |
2024-04-23 06:13:39 UTC | 455 | IN | |
2024-04-23 06:13:39 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 08:13:27 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2cb0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 08:13:30 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2cb0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 08:13:32 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2cb0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |