Edit tour

Windows Analysis Report
https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655

Overview

General Information

Sample URL:	https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce
Analysis ID:	1578536
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

AI detected suspicious URL

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=2536,i,6187232916633203488,5412401990464861850,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /x/Resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://samsupports-com.jmailroute.netSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_49.3.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_49.3.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_55.3.dr	String found in binary or memory: http://www.imagemagick.org
Source: chromecache_47.3.dr, chromecache_51.3.dr	String found in binary or memory: https://chrome.google.com/webstore/detail/ehomdgjhgmbidokdgicgmdiedadncbgf
Source: chromecache_52.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Raleway:400
Source: chromecache_50.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2)
Source: chromecache_50.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCAIT5lu.woff2)
Source: chromecache_50.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCIIT5lu.woff2)
Source: chromecache_50.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCMIT5lu.woff2)
Source: chromecache_50.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCkIT5lu.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49931 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@17/19@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=2536,i,6187232916633203488,5412401990464861850,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=2536,i,6187232916633203488,5412401990464861850,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
jngo.net	104.248.15.35	true	false	unknown
www.google.com	142.250.181.132	true	false	high
samsupports-com.jmailroute.net	35.90.200.159	true	false	unknown
track.samsupport.jmsend.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False	true	unknown
https://samsupports-com.jmailroute.net/x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True	false	unknown
https://samsupports-com.jmailroute.net/x/UnsubscribeDone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False	true	unknown
https://samsupports-com.jmailroute.net/assets/css/main2.css	false	unknown
https://samsupports-com.jmailroute.net/assets/css/font-awesome.min.css	false	unknown
https://samsupports-com.jmailroute.net/x/Resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0	false	unknown
https://samsupports-com.jmailroute.net/manifest.json	false	unknown
https://samsupports-com.jmailroute.net/x/u?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0	false	unknown
https://samsupports-com.jmailroute.net/favicon-32x32.png	false	unknown
https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True	false	unknown
https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False	true	unknown
https://samsupports-com.jmailroute.net/x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False	true	unknown
https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655	false	unknown
https://samsupports-com.jmailroute.net/x/resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.imagemagick.org	chromecache_55.3.dr	false	high
http://fontawesome.io	chromecache_49.3.dr	false	high
https://chrome.google.com/webstore/detail/ehomdgjhgmbidokdgicgmdiedadncbgf	chromecache_47.3.dr, chromecache_51.3.dr	false	high
http://fontawesome.io/license	chromecache_49.3.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
104.248.15.35	jngo.net	United States	14061	DIGITALOCEAN-ASNUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.90.200.159	samsupports-com.jmailroute.net	United States	237	MERIT-AS-14US	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578536
Start date and time:	2024-12-19 21:29:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/19@8/5

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.206, 64.233.164.84, 142.250.181.142, 172.217.17.42, 192.229.221.95, 172.217.19.234, 217.20.58.101, 142.250.181.67, 172.217.17.35, 13.107.246.63, 92.122.16.236, 20.109.210.53
Excluded domains from analysis (whitelisted): client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ajax.googleapis.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655

Input	Output
URL: https://track.samsupport.jmsend.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://track.samsupport.jmsend.com
URL: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Unsubscribe?", "prominent_button_name": "CONFIRM UNSUBSCRIBE", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "MADE A MISTAKE? CLICK HERE TO RE-SUBSCRIBE", "prominent_button_name": "MADE A MISTAKE? CLICK HERE TO RE-SUBSCRIBE", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "MADE A MISTAKE? CLICK HERE TO RE-SUBSCRIBE", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Model: Joe Sandbox AI	{ "brands": [ "GMass, Inc." ] }
	{ "brands": [ "GMass, Inc." ] }
URL: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	720
Entropy (8bit):	4.569092186365795
Encrypted:	false
SSDEEP:	12:Kt80BxG0LtWtM0BxGRdgtLtWcM0BxGIxLtWk0BxGGd1LtWO0BxGxe3RLtWF0BxGe:zOkutdg5kcMcNkkCbkOI3tkFleRk8
MD5:	B58FCFA7628C9205CB11A1B2C3E8F99A
SHA1:	D11FEBF9E708A9E11BAEE37ED7DC5E99902580BE
SHA-256:	27ECA3E8297EB7FF340DEB3849B210185A459B3845456AA4D0036F6D966B3518
SHA-512:	66ED2703C1AE9A94DE01DD47707F9ED6CF3E2A035A3359793A06AFAE682A7DD4ABF06FF05109905841FE85747802C94708CE4A9EE56C7FBB8CC578EC556BF6D3
Malicious:	false
Reputation:	low
URL:	https://samsupports-com.jmailroute.net/manifest.json
Preview:	{. "name": "App",. "icons": [. {. "src": "\/android-icon-36x36.png",. "sizes": "36x36",. "type": "image\/png",. "density": "0.75". },. {. "src": "\/android-icon-48x48.png",. "sizes": "48x48",. "type": "image\/png",. "density": "1.0". },. {. "src": "\/android-icon-72x72.png",. "sizes": "72x72",. "type": "image\/png",. "density": "1.5". },. {. "src": "\/android-icon-96x96.png",. "sizes": "96x96",. "type": "image\/png",. "density": "2.0". },. {. "src": "\/android-icon-144x144.png",. "sizes": "144x144",. "type": "image\/png",. "density": "3.0". },. {. "src": "\/android-icon-192x192.png",. "sizes": "192x192",. "type": "image\/png",. "density": "4.0". }. ].}

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3298
Entropy (8bit):	5.11377703176043
Encrypted:	false
SSDEEP:	96:QkjUMUkqkVxUG0S7FUrbuILbpXSRLlxB7rCH:lUyeGbMuILFXSllxBfCH
MD5:	960BBB6414420A63FFE765FE19CCF9C8
SHA1:	19D6E4D9B8BB8B5E0C5BF46331DD5BC4C8317623
SHA-256:	5DB80A54AEE13A3A8C407B483661D4A5BC3EA542AFA00E90715FDA30F066E690
SHA-512:	DDCF3AF7BA6B14A69130ED7BBF36D35EECF0CE69F552025665734FA7F0D0908A691447C98165CCD2B2D73F49FB9455FF7703E59365B4886776522870CFF09DEA
Malicious:	false
Reputation:	low
URL:	https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False
Preview:	<html>..<head>.. <title>Unsubscribe</title>.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. [if lte IE 8]><script src="/assets/js/ie/html5shiv.js"></script><![endif]-->.. <link rel="stylesheet" href="/assets/css/main2.css">.. [if lte IE 8]><link rel="stylesheet" href="/assets/css/ie8.css" /><![endif]-->.. [if lte IE 9]><link rel="stylesheet" href="/assets/css/ie9.css" /><![endif]-->.. <link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/ehomdgjhgmbidokdgicgmdiedadncbgf">.... favicon stuff-->.. <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">.. <link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png">.. <link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png">.. <link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png">.. <link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-11

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1883
Entropy (8bit):	7.460180737293841
Encrypted:	false
SSDEEP:	48:hdwqOF0JBDiOz6onAHiW5Tp93rREX77NHrE/I7D4FNAnglO:uF0J1iOz6onAHXdSnmI7ko
MD5:	1F2D48B931F81937B5D2D3558DCA92B3
SHA1:	CF92C094F0888598243D945B67D95D61D641C15B
SHA-256:	A4994027672AF005C60C4F743780D598EA3C5074BF88D7FFD34094DA90E23BDA
SHA-512:	3C25A859149C1C777665397B50B0173FF6B38543C2B99EC2B2EB96C2D8B7ECCE5A9D69A83CBFCF1ECF16169F80DF4016D398A0D4F08C0B36E1C5EB188C53386A
Malicious:	false
Reputation:	low
URL:	https://samsupports-com.jmailroute.net/favicon-32x32.png
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....PLTE.....................UZ.?F.X].\|......bg.7>.6<._d.....bg.-4.,3.`e......7>.5;.ty.`e.di.\b.af...9?.6<.w{....hm..5.,3._d.....jo.9?.7=.af.....~..`e.di.z~.(/.%,.'..AG.#.").!(.8;.7:.BH. '.VY.......RU.<B..........RT.&-.XY.............SU.ST.......ee.ed.......OQ.QS....fg."(.ef...... &....... (..%.Y[...AD..%.!(.$+.YY.\|z.{y.xw.xv.yx.GI.)......ll.!'.CD..........+0.".-1..........0.69....................15........,1..2.;>.:<.EE...............+1............)/....wy.14.....37...yz..%.47......59....&...wx..#.59...6;..$..\|z.XX.%+.YZ.\|{.....AB.!).<>.......15.&+.............04.......&,.(-.79.:;.9;./.9:.89.'-.CI.=C.b.H...8tRNS.........t...l.............u..e....m..a............e..a........bKGDI...\|....pHYs...H...H.F.k>....IDAT8.c``......V.<.\|L......6.6X..........8Vi...I).i..y[T....<..;{.T........]\...pg.@......FV..`

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23577), with CRLF line terminators
Category:	downloaded
Size (bytes):	23742
Entropy (8bit):	4.758506126869505
Encrypted:	false
SSDEEP:	192:U1MrZX8W+ab2edrKeTUKuErArKlcZJVrJ3ee+cR6waYm215bvfhf5DrkHUasT:Xs5yWeTUKb+KlkJ5de2UYmyTfhYUasT
MD5:	F667E6132F8470A39D2395B81AB4EF09
SHA1:	3E435D5167460AAF367836E1973E90A47039FAEA
SHA-256:	222D75918BB518D46A4D283DA7DE243B4409D597A8C6856070A07E96B600E6D7
SHA-512:	ACABE5C467CCC2E68B8E3C2625B3540A1FDDE4610639F031E35E2C4B1D9724DB5A8F3A713724DDDD9C64B7949905D6FF26156CEE41290E8F6A1A9C87AAA569C7
Malicious:	false
Reputation:	low
URL:	https://samsupports-com.jmailroute.net/assets/css/font-awesome.min.css
Preview:	/!.. Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome.. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License).. */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.3.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.3.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.3.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.3.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.3.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.3.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;transform:translate(0, 0)}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5181
Entropy (8bit):	5.432912183540733
Encrypted:	false
SSDEEP:	96:vOL/fOLBFZOGOL0xOL+Jc+uKOLVNaOg/fOgBFZOGOg0xOg+Jc+uKOgVNaOC/fOCA:K/a4z00ukU/94o0fuPm/D4K05upk
MD5:	56BCB4C5C7528BC001994DC116A29747
SHA1:	FE2C3A44AB1BE8FD62824FD22A293A2D181AA3F8
SHA-256:	AF447CF3CA18B81250773AD73E64B3B8277E98419141032F4958B24F31E36DF7
SHA-512:	8D652ACE21FFB3D775E3F742A2D91A05779C0379CB7B0861EF68DB78FB204CA930556F4DCB3AB7701848B81428458C5EAFC3776A15E140536835BDE71A2AE722
Malicious:	false
Reputation:	low
URL:	"https://fonts.googleapis.com/css?family=Raleway:400,500,700"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Raleway';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCAIT5lu.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Raleway';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCkIT5lu.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ vietnamese /.@font-face {. font-family: 'Raleway';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCIIT5lu.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext */.@font-face {. font-family: 'Raleway';. font-style

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4684
Entropy (8bit):	4.966015413554586
Encrypted:	false
SSDEEP:	96:akjUMUkqkVxUG0S7FUrbuIGJoznhJ/F9H:nUyeGbMuI8oznPPH
MD5:	6ECAD917C66F0699BC92B01D373619AB
SHA1:	CB61BAC028DF7AC0F9E1CDF27182D35FF350B96B
SHA-256:	F900C88D9D7065A1C93E51AED5DDD4120BBD81AF439038F95499602E0B2B14FE
SHA-512:	DDCB33AA87693ACD61C8FBA956F40B45B4582051FBA293962DB56C8A5B880ED38EBD650E1A228F0EBACE34476FB474E6C5123F25E38D10BD4783A7FFBBE82676
Malicious:	false
Reputation:	low
URL:	https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False
Preview:	<html>..<head>.. <title>Unsubscribe Done</title>.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. [if lte IE 8]><script src="/assets/js/ie/html5shiv.js"></script><![endif]-->.. <link rel="stylesheet" href="/assets/css/main2.css">.. [if lte IE 8]><link rel="stylesheet" href="/assets/css/ie8.css" /><![endif]-->.. [if lte IE 9]><link rel="stylesheet" href="/assets/css/ie9.css" /><![endif]-->.. <link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/ehomdgjhgmbidokdgicgmdiedadncbgf">.... favicon stuff-->.. <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">.. <link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png">.. <link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png">.. <link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png">.. <link rel="apple-touch-icon" sizes="114x114" href="/apple-ic

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (493), with CRLF line terminators
Category:	downloaded
Size (bytes):	78724
Entropy (8bit):	5.207552396751227
Encrypted:	false
SSDEEP:	768:naHEkmlxcnJ9oNKrW7r5+1qH+PpD0GUN+gchhH+PpD0GUN+gchy7C/vdunx7C/vE:na1V5
MD5:	01F9DEC1C2D0A94822FADC7452EB030B
SHA1:	A6B540FA4E838EEA11C71DF7228EC885EF047AE0
SHA-256:	37F5DDE0431C026CEB0F488DFBC2DC58BB8E67E0562A065D0B83CBA0CDBBB6C8
SHA-512:	089BA4A328BD27A98EAB1CA0600133644995816FB452E335D4E0DAA187C6BDF0CAB2900FCD542CEF9208927BCD06AADD49490C921AC1C65998F8E8CE6954DC50
Malicious:	false
Reputation:	low
URL:	https://samsupports-com.jmailroute.net/assets/css/main2.css
Preview:	.@charset "UTF-8";..@import url(font-awesome.min.css);..@import url("https://fonts.googleapis.com/css?family=Raleway:400,500,700");..../...Retrospect by TEMPLATED...templated.co @templatedco...Released for free under the Creative Commons Attribution 3.0 license (templated.co/license)../..../* Reset */.....question {...font-weight: normal; ...background-color: #EEE;..}.......html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video {....margin: 0;....padding: 0;....border: 0;....font-size: 100%;....font: inherit;....vertical-align: baseline;...}.....article,

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32061)
Category:	dropped
Size (bytes):	84245
Entropy (8bit):	5.369495907619158
Encrypted:	false
SSDEEP:	1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh
MD5:	E40EC2161FE7993196F23C8A07346306
SHA1:	AFB90752E0A90C24B7F724FACA86C5F3D15D1178
SHA-256:	874706B2B1311A0719B5267F7D1CF803057E367E94AE1FF7BF78C5450D30F5D4
SHA-512:	5F57CC757FFF0E9990A72E78F6373F0A24BCE2EDF3C4559F0B6FEF3CF65EDF932C0F3ECA5A35511EA11EABC0A412F1C7563282EC76F6FA005CC59504417159EB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.1.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32061)
Category:	downloaded
Size (bytes):	84245
Entropy (8bit):	5.369495907619158
Encrypted:	false
SSDEEP:	1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh
MD5:	E40EC2161FE7993196F23C8A07346306
SHA1:	AFB90752E0A90C24B7F724FACA86C5F3D15D1178
SHA-256:	874706B2B1311A0719B5267F7D1CF803057E367E94AE1FF7BF78C5450D30F5D4
SHA-512:	5F57CC757FFF0E9990A72E78F6373F0A24BCE2EDF3C4559F0B6FEF3CF65EDF932C0F3ECA5A35511EA11EABC0A412F1C7563282EC76F6FA005CC59504417159EB
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Preview:	/! jQuery v2.1.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1883
Entropy (8bit):	7.460180737293841
Encrypted:	false
SSDEEP:	48:hdwqOF0JBDiOz6onAHiW5Tp93rREX77NHrE/I7D4FNAnglO:uF0J1iOz6onAHXdSnmI7ko
MD5:	1F2D48B931F81937B5D2D3558DCA92B3
SHA1:	CF92C094F0888598243D945B67D95D61D641C15B
SHA-256:	A4994027672AF005C60C4F743780D598EA3C5074BF88D7FFD34094DA90E23BDA
SHA-512:	3C25A859149C1C777665397B50B0173FF6B38543C2B99EC2B2EB96C2D8B7ECCE5A9D69A83CBFCF1ECF16169F80DF4016D398A0D4F08C0B36E1C5EB188C53386A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....PLTE.....................UZ.?F.X].\|......bg.7>.6<._d.....bg.-4.,3.`e......7>.5;.ty.`e.di.\b.af...9?.6<.w{....hm..5.,3._d.....jo.9?.7=.af.....~..`e.di.z~.(/.%,.'..AG.#.").!(.8;.7:.BH. '.VY.......RU.<B..........RT.&-.XY.............SU.ST.......ee.ed.......OQ.QS....fg."(.ef...... &....... (..%.Y[...AD..%.!(.$+.YY.\|z.{y.xw.xv.yx.GI.)......ll.!'.CD..........+0.".-1..........0.69....................15........,1..2.;>.:<.EE...............+1............)/....wy.14.....37...yz..%.47......59....&...wx..#.59...6;..$..\|z.XX.%+.YZ.\|{.....AB.!).<>.......15.&+.............04.......&,.(-.79.:;.9;./.9:.89.'-.CI.=C.b.H...8tRNS.........t...l.............u..e....m..a............e..a........bKGDI...\|....pHYs...H...H.F.k>....IDAT8.c``......V.<.\|L......6.6X..........8Vi...I).i..y[T....<..;{.T........]\...pg.@......FV..`

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.202819531114783
Encrypted:	false
SSDEEP:	3:YWQRAW64:YWQmq
MD5:	7363E85FE9EDEE6F053A4B319588C086
SHA1:	A15E2127145548437173FC17F3E980E3F3DEE2D0
SHA-256:	C955E57777EC0D73639DCA6748560D00AA5EB8E12F13EBB2ED9656ADD3908F97
SHA-512:	A2FD24056E3EC2F1628F89EB2F1B36A9FC2437AE58D34190630FE065DF2BBEDAF9BD8AEE5F8949A002070052CA68CC6C0167214DD55DF289783CFF682B808D85
Malicious:	false
Reputation:	low
Preview:	{"success":true}

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 21:30:21.845289946 CET	443	49711	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:21.888078928 CET	49711	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:22.082526922 CET	443	49711	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:22.084060907 CET	49711	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:22.203735113 CET	443	49711	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:22.626344919 CET	443	49711	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:22.669359922 CET	49711	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:22.728072882 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:22.728112936 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:22.728208065 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:22.728929043 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:22.728939056 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:23.153718948 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:23.153729916 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:23.403729916 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:24.952692986 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:24.952789068 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:24.958776951 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:24.958792925 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:24.960314035 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:24.962409973 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:24.962471962 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:24.962476969 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:24.962642908 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:25.003357887 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:25.508177996 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:25.509047985 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:25.509128094 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:25.539778948 CET	49712	443	192.168.2.6	20.198.119.143
Dec 19, 2024 21:30:25.539813042 CET	443	49712	20.198.119.143	192.168.2.6
Dec 19, 2024 21:30:32.761282921 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:32.761353016 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:33.011256933 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:34.463517904 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:34.463566065 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:34.463637114 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:34.463884115 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:34.463903904 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:34.725056887 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:34.725112915 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:34.725178957 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:34.725918055 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:34.725938082 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:35.436757088 CET	443	49707	173.222.162.64	192.168.2.6
Dec 19, 2024 21:30:35.436860085 CET	49707	443	192.168.2.6	173.222.162.64
Dec 19, 2024 21:30:35.954823971 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:35.954891920 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:35.955029011 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:35.955295086 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:35.955351114 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:35.955394983 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:35.955763102 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:35.955785036 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:35.956006050 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:35.956053019 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:36.160410881 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:36.160707951 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:36.160732031 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:36.162353992 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:36.162424088 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:36.163548946 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:36.163639069 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:36.215221882 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:36.215245008 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:36.261136055 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:36.940507889 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:36.940602064 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:36.942348003 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:36.942384005 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:36.943164110 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:36.945102930 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:36.945190907 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:36.945221901 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:36.945334911 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:36.987341881 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:37.187153101 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.187446117 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.187465906 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.188450098 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.188558102 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.189460993 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.194624901 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.194693089 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.194976091 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.194999933 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.195365906 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.195374966 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.196542025 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.196604967 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.197834015 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.197921991 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.247551918 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.247662067 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.247678995 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.294543028 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.488053083 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:37.488265038 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:37.488363028 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:37.488594055 CET	49728	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:37.488626957 CET	443	49728	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:37.803962946 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.804455042 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.804476023 CET	443	49735	104.248.15.35	192.168.2.6
Dec 19, 2024 21:30:37.804600954 CET	49735	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:30:37.949333906 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:37.949367046 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:37.949623108 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:37.949907064 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:37.949925900 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.311611891 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.334147930 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.334172010 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.338398933 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.338486910 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.342065096 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.342269897 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.342520952 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.342529058 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.394148111 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.864942074 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.865278959 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.865348101 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.865639925 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.865639925 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.865654945 CET	443	49743	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.865829945 CET	49743	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.867954969 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.868000984 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:39.868083000 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.868398905 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:39.868416071 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.233144045 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.233443022 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.233465910 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.233983040 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.234306097 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.234386921 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.234492064 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.275342941 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.279459000 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.757389069 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.757591009 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.757819891 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.757838011 CET	443	49744	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.757848024 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.757884026 CET	49744	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.760111094 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.760145903 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:41.760340929 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.760607004 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:41.760618925 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.128185034 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.128528118 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.128542900 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.129163980 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.129493952 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.129585028 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.129631996 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.171329021 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.172605991 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.660290003 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.660314083 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.660393000 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.660408020 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.660418987 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.660455942 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.660507917 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.662157059 CET	49750	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.662172079 CET	443	49750	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.763005018 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.763087988 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:43.763184071 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.765036106 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:43.765069962 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.118746042 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.119057894 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.119100094 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.119642019 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.120279074 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.120395899 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.120553970 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.167330027 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.746876001 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.746915102 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.746934891 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.746984959 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.747040033 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.747071981 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.747095108 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.853943110 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:45.854016066 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:45.854058981 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:45.864681005 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.864700079 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.864748001 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.864775896 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.864804983 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.864840984 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.906239033 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.906256914 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.906325102 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.906351089 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:45.906379938 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:45.906400919 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.043349981 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.043373108 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.043443918 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.043484926 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.043513060 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.043533087 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.064904928 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.064945936 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.064984083 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.065001011 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.065025091 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.065027952 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.065056086 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.065078974 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.065598011 CET	49757	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.065649986 CET	443	49757	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.071887016 CET	49727	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:30:46.071917057 CET	443	49727	142.250.181.132	192.168.2.6
Dec 19, 2024 21:30:46.072304010 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.072340012 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.072407961 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.073430061 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:46.073441029 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:46.944550991 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:46.944590092 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:46.944694996 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:46.945271015 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:46.945281982 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:47.425890923 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:47.426212072 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:47.426219940 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:47.426698923 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:47.427093983 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:47.427180052 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:47.427243948 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:47.466746092 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:47.466752052 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054430008 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054465055 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054476023 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054490089 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054513931 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054596901 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.054596901 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.054608107 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.054672003 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.144783020 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.144901037 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.144901037 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.145032883 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.145416021 CET	49766	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.145430088 CET	443	49766	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.782437086 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.782485008 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.782639027 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.783068895 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.783129930 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.783190966 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.783364058 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.783381939 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:48.783626080 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:48.783665895 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:49.155546904 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.155677080 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.159645081 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.159658909 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.159890890 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.164336920 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.164336920 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.164359093 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.164577007 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.211344957 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.825815916 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.825898886 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:49.825946093 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.826159954 CET	49774	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:30:49.826179028 CET	443	49774	20.198.119.84	192.168.2.6
Dec 19, 2024 21:30:50.151288986 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.151604891 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.151623011 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.152174950 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.152496099 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.152728081 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.152838945 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.152879953 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.152894974 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.153012991 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.154357910 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.154422045 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.154946089 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.155025005 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.155072927 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.155080080 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.195327997 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.199348927 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.659931898 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.659976959 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.660034895 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.660057068 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.660221100 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.660284042 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.660881996 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.660983086 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.660995960 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.661015987 CET	443	49782	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.661031008 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.661031961 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.661082983 CET	49782	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.664978027 CET	49781	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.664998055 CET	443	49781	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.807033062 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.807055950 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:50.807154894 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.807543039 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:50.807560921 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.166024923 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.166517019 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.166529894 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.171809912 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.171894073 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.172333956 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.172425032 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.172473907 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.214279890 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.214289904 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.261147022 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.671998024 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.672018051 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.672086954 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.672100067 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.672111988 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:52.672197104 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.705219030 CET	49785	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:52.705233097 CET	443	49785	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:58.663131952 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:58.663160086 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:58.663264990 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:58.668576956 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:58.668590069 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:58.670587063 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:58.670618057 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:30:58.670687914 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:58.671835899 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:30:58.671854019 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.229518890 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.229904890 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.229932070 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.230302095 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.232011080 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.232094049 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.232388020 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.233061075 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.233308077 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.233335018 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.234452009 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.234765053 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.234935999 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.278266907 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.279349089 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.764219999 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.764353037 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.764408112 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.773473024 CET	49806	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.773489952 CET	443	49806	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:00.781704903 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:00.823335886 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:01.181483984 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:01.181699991 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:01.181761026 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.181991100 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.182009935 CET	443	49807	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:01.182024956 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.182068110 CET	49807	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.184818029 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.184859991 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:01.184946060 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.185170889 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:01.185187101 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:02.041801929 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:02.041845083 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:02.041964054 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:02.043117046 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:02.043127060 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:02.533091068 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:02.533622026 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:02.533684969 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:02.534260035 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:02.534848928 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:02.534940958 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:02.535043001 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:02.575328112 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:03.048171997 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:03.048254013 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:03.048371077 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:03.048939943 CET	49813	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:03.048955917 CET	443	49813	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:03.051651955 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:03.051681995 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:03.051767111 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:03.052057981 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:03.052069902 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.262418032 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.262556076 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.266668081 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.266674042 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.267505884 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.269629002 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.269690037 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.269694090 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.269840956 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.315326929 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.401909113 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.402277946 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:04.402292967 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.402600050 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.403254032 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:04.403309107 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.405400038 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:04.451329947 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.967941046 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.968055010 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.968118906 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.968247890 CET	49817	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:04.968282938 CET	443	49817	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:04.974709034 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.974734068 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.974795103 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:04.974807024 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.975935936 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:04.975981951 CET	443	49820	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:04.976039886 CET	49820	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:12.889038086 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:12.889081001 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:12.889158010 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:12.889580011 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:12.889591932 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.243196964 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.243551016 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.243570089 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.245044947 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.245120049 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.245496988 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.245574951 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.245641947 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.245647907 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.293157101 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.778229952 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.778412104 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.778469086 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.839482069 CET	49843	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.839500904 CET	443	49843	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.944880009 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.944890022 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:14.944941998 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.945168018 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:14.945177078 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.294168949 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.294572115 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.294626951 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.295121908 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.295453072 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.295547009 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.295594931 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.340526104 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.340552092 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.813132048 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.813332081 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.813399076 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.813592911 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.813613892 CET	443	49849	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.813621998 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.813662052 CET	49849	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.815234900 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.815273046 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:16.815355062 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.815570116 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:16.815586090 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.168068886 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.168369055 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:18.168390036 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.168876886 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.169306993 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:18.169394970 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.169472933 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:18.215332031 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.919493914 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.919580936 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:18.919636011 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:18.921787977 CET	49853	443	192.168.2.6	35.90.200.159
Dec 19, 2024 21:31:18.921802044 CET	443	49853	35.90.200.159	192.168.2.6
Dec 19, 2024 21:31:22.261054993 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:31:22.261085987 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:31:25.098484039 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:25.098573923 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:25.098704100 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:25.099494934 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:25.099525928 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.311640978 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.311793089 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.314013004 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.314048052 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.314330101 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.316121101 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.316181898 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.316195011 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.316324949 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.363332033 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.978066921 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.978208065 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:27.978276014 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.978538990 CET	49875	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:27.978564978 CET	443	49875	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:34.388339996 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:34.388371944 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:34.388469934 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:34.388737917 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:34.388751030 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:36.081047058 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:36.081732035 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:36.081749916 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:36.082216978 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:36.082540035 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:36.082624912 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:36.136466980 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:38.638309956 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:31:38.638420105 CET	443	49736	104.248.15.35	192.168.2.6
Dec 19, 2024 21:31:38.638525009 CET	49736	443	192.168.2.6	104.248.15.35
Dec 19, 2024 21:31:45.785842896 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:45.785916090 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:45.785979986 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:46.638046980 CET	49896	443	192.168.2.6	142.250.181.132
Dec 19, 2024 21:31:46.638068914 CET	443	49896	142.250.181.132	192.168.2.6
Dec 19, 2024 21:31:48.989290953 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:48.989319086 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:48.989428997 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:48.990066051 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:48.990081072 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.205740929 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.205930948 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.208028078 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.208039045 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.208807945 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.210720062 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.210798979 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.210804939 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.210947990 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.251368046 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.908129930 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.908334970 CET	443	49931	20.198.119.84	192.168.2.6
Dec 19, 2024 21:31:51.908421040 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.908482075 CET	49931	443	192.168.2.6	20.198.119.84
Dec 19, 2024 21:31:51.908504963 CET	443	49931	20.198.119.84	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 21:30:30.489774942 CET	53	60279	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:30.591757059 CET	53	61540	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:33.282233953 CET	53	65361	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:34.325149059 CET	62351	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:34.325347900 CET	65099	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:34.462111950 CET	53	62351	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:34.462132931 CET	53	65099	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:35.813518047 CET	53175	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:35.813997030 CET	54718	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:35.952783108 CET	53	54718	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:35.954152107 CET	53	53175	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:37.807127953 CET	53516	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:37.807284117 CET	58055	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:37.947571993 CET	53	58055	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:37.948261976 CET	53	53516	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:43.906857014 CET	53	57554	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:46.212692022 CET	53	52260	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:46.936795950 CET	53	54207	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:50.306515932 CET	53	49386	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:50.668405056 CET	64284	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:50.668557882 CET	50948	53	192.168.2.6	1.1.1.1
Dec 19, 2024 21:30:50.806143999 CET	53	64284	1.1.1.1	192.168.2.6
Dec 19, 2024 21:30:50.806174994 CET	53	50948	1.1.1.1	192.168.2.6
Dec 19, 2024 21:31:09.040201902 CET	53	60587	1.1.1.1	192.168.2.6
Dec 19, 2024 21:31:30.205955982 CET	53	58595	1.1.1.1	192.168.2.6
Dec 19, 2024 21:31:31.493396044 CET	53	50433	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 21:30:34.325149059 CET	192.168.2.6	1.1.1.1	0x7b25	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:34.325347900 CET	192.168.2.6	1.1.1.1	0x63a1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 19, 2024 21:30:35.813518047 CET	192.168.2.6	1.1.1.1	0x177d	Standard query (0)	track.samsupport.jmsend.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:35.813997030 CET	192.168.2.6	1.1.1.1	0x348a	Standard query (0)	track.samsupport.jmsend.com	65	IN (0x0001)	false
Dec 19, 2024 21:30:37.807127953 CET	192.168.2.6	1.1.1.1	0xd74a	Standard query (0)	samsupports-com.jmailroute.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:37.807284117 CET	192.168.2.6	1.1.1.1	0xc85c	Standard query (0)	samsupports-com.jmailroute.net	65	IN (0x0001)	false
Dec 19, 2024 21:30:50.668405056 CET	192.168.2.6	1.1.1.1	0x8dfc	Standard query (0)	samsupports-com.jmailroute.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:50.668557882 CET	192.168.2.6	1.1.1.1	0x2d2d	Standard query (0)	samsupports-com.jmailroute.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 21:30:34.462111950 CET	1.1.1.1	192.168.2.6	0x7b25	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:34.462132931 CET	1.1.1.1	192.168.2.6	0x63a1	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 19, 2024 21:30:35.952783108 CET	1.1.1.1	192.168.2.6	0x348a	No error (0)	track.samsupport.jmsend.com	jngo.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 21:30:35.954152107 CET	1.1.1.1	192.168.2.6	0x177d	No error (0)	track.samsupport.jmsend.com	jngo.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 21:30:35.954152107 CET	1.1.1.1	192.168.2.6	0x177d	No error (0)	jngo.net		104.248.15.35	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:35.954152107 CET	1.1.1.1	192.168.2.6	0x177d	No error (0)	jngo.net		159.65.33.93	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:37.948261976 CET	1.1.1.1	192.168.2.6	0xd74a	No error (0)	samsupports-com.jmailroute.net		35.90.200.159	A (IP address)	IN (0x0001)	false
Dec 19, 2024 21:30:50.806143999 CET	1.1.1.1	192.168.2.6	0x8dfc	No error (0)	samsupports-com.jmailroute.net		35.90.200.159	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

track.samsupport.jmsend.com

samsupports-com.jmailroute.net

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 6c 38 31 45 72 33 6d 56 30 2b 58 65 4e 43 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 65 61 33 37 31 39 38 33 34 39 66 38 32 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: jl81Er3mV0+XeNCn.1Context: b6ea37198349f82a
2024-12-19 20:30:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 20:30:24 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 6c 38 31 45 72 33 6d 56 30 2b 58 65 4e 43 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 65 61 33 37 31 39 38 33 34 39 66 38 32 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: jl81Er3mV0+XeNCn.2Context: b6ea37198349f82a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-19 20:30:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 6c 38 31 45 72 33 6d 56 30 2b 58 65 4e 43 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 65 61 33 37 31 39 38 33 34 39 66 38 32 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: jl81Er3mV0+XeNCn.3Context: b6ea37198349f82a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 20:30:25 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 20:30:25 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 44 4a 68 72 66 2b 56 58 45 79 49 4c 36 50 31 6f 35 45 67 71 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: JDJhrf+VXEyIL6P1o5Egqg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49728	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:36 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 53 6b 36 77 32 62 66 72 55 2b 37 6c 4c 42 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 31 38 66 37 65 37 61 64 65 38 35 38 35 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: RSk6w2bfrU+7lLBP.1Context: 4d18f7e7ade8585a
2024-12-19 20:30:36 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 20:30:36 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 52 53 6b 36 77 32 62 66 72 55 2b 37 6c 4c 42 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 31 38 66 37 65 37 61 64 65 38 35 38 35 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: RSk6w2bfrU+7lLBP.2Context: 4d18f7e7ade8585a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-19 20:30:36 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 53 6b 36 77 32 62 66 72 55 2b 37 6c 4c 42 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 31 38 66 37 65 37 61 64 65 38 35 38 35 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: RSk6w2bfrU+7lLBP.3Context: 4d18f7e7ade8585a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 20:30:37 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 20:30:37 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 6d 68 67 48 48 2b 5a 54 30 43 6b 74 4d 54 6c 2f 4d 41 6d 76 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: rmhgHH+ZT0CktMTl/MAmvA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49735	104.248.15.35	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:37 UTC	852	OUT	GET /z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655 HTTP/1.1 Host: track.samsupport.jmsend.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:37 UTC	418	IN	HTTP/1.1 302 Found X-Powered-By: Express date: Thu, 19 Dec 2024 20:30:37 GMT content-type: text/html; charset=utf-8 content-length: 198 connection: close cache-control: private,private, must-revalidate, max-age=0 pragma: no-cache location: https://samsupports-com.jmailroute.net/x/u?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0 server: Microsoft-IIS/8.5 x-aspnet-version: 4.0.30319 x-frame-options: SAMEORIGIN
2024-12-19 20:30:37 UTC	198	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 61 6d 73 75 70 70 6f 72 74 73 2d 63 6f 6d 2e 6a 6d 61 69 6c 72 6f 75 74 65 2e 6e 65 74 2f 78 2f 75 3f 75 3d 65 62 65 35 32 38 62 63 2d 61 33 63 31 2d 34 36 32 34 2d 61 66 66 31 2d 63 37 30 34 32 66 32 37 33 65 62 30 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://samsupports-com.jmailroute.net/x/u?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49743	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:39 UTC	715	OUT	GET /x/u?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:39 UTC	800	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 Set-Cookie: GMassUniqueID=5d93006b-0b19-4f86-9c21-95bae93f2b35; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure Set-Cookie: GMassAffiliateID=; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:39 GMT Connection: close Content-Length: 192
2024-12-19 20:30:39 UTC	192	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 78 2f 55 6e 73 75 62 73 63 72 69 62 65 3f 75 3d 65 62 65 35 32 38 62 63 2d 61 33 63 31 2d 34 36 32 34 2d 61 66 66 31 2d 63 37 30 34 32 66 32 37 33 65 62 30 26 61 6d 70 3b 75 6e 73 75 62 73 63 72 69 62 65 3d 46 61 6c 73 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49744	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:41 UTC	743	OUT	GET /x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:41 UTC	513	IN	HTTP/1.1 301 Moved Permanently Cache-Control: private Location: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:41 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49750	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:43 UTC	743	OUT	GET /x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:43 UTC	715	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 Set-Cookie: GMassUniqueID=59384f3a-1fe6-4368-a587-5d108b11e57b; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure Set-Cookie: GMassAffiliateID=; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:42 GMT Connection: close Content-Length: 3298
2024-12-19 20:30:43 UTC	3298	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 73 75 62 73 63 72 69 62 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 38 5d 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 6a 73 2f 69 65 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c Data Ascii: <html><head> <title>Unsubscribe</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ...[if lte IE 8]><script src="/assets/js/ie/html5shiv.js"></script><![endif]--> <link rel="styl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49757	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:45 UTC	649	OUT	GET /assets/css/main2.css HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:45 UTC	447	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Wed, 10 Apr 2024 14:54:13 GMT Accept-Ranges: bytes ETag: "58f9c2f3568bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:44 GMT Connection: close Content-Length: 78724
2024-12-19 20:30:45 UTC	15937	IN	Data Raw: ef bb bf 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 29 3b 0d 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 61 6c 65 77 61 79 3a 34 30 30 2c 35 30 30 2c 37 30 30 22 29 3b 0d 0a 0d 0a 2f 2a 0d 0a 09 52 65 74 72 6f 73 70 65 63 74 20 62 79 20 54 45 4d 50 4c 41 54 45 44 0d 0a 09 74 65 6d 70 6c 61 74 65 64 2e 63 6f 20 40 74 65 6d 70 6c 61 74 65 64 63 6f 0d 0a 09 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 74 68 65 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 33 2e Data Ascii: @charset "UTF-8";@import url(font-awesome.min.css);@import url("https://fonts.googleapis.com/css?family=Raleway:400,500,700");/*Retrospect by TEMPLATEDtemplated.co @templatedcoReleased for free under the Creative Commons Attribution 3.
2024-12-19 20:30:45 UTC	16384	IN	Data Raw: 0d 0a 09 09 09 63 6c 65 61 72 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0d 0a 09 09 7d 0d 0a 0d 0a 09 09 2e 5c 33 39 20 75 5c 32 38 6d 65 64 69 75 6d 5c 32 39 2c 20 2e 5c 33 39 20 75 5c 32 34 5c 32 38 6d 65 64 69 75 6d 5c 32 39 20 7b 0d 0a 09 09 09 77 69 64 74 68 3a 20 37 35 25 3b 0d 0a 09 09 09 63 6c 65 61 72 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0d 0a 09 09 7d 0d 0a 0d 0a 09 09 2e 5c 33 38 20 75 5c 32 38 6d 65 64 69 75 6d 5c 32 39 2c 20 2e 5c 33 38 20 75 5c 32 34 5c 32 38 6d 65 64 69 75 6d 5c 32 39 20 7b 0d 0a 09 09 09 77 69 64 74 68 3a 20 36 36 2e 36 36 36 36 36 36 36 36 36 37 25 3b 0d 0a 09 09 09 63 6c 65 61 72 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 6d 61 72 67 69 6e 2d 6c Data Ascii: clear: none;margin-left: 0;}.\39 u\28medium\29, .\39 u\24\28medium\29 {width: 75%;clear: none;margin-left: 0;}.\38 u\28medium\29, .\38 u\24\28medium\29 {width: 66.6666666667%;clear: none;margin-l
2024-12-19 20:30:45 UTC	16384	IN	Data Raw: 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 31 70 78 20 23 35 31 42 41 41 34 3b 0d 0a 09 09 7d 0d 0a 0d 0a 09 2e 73 65 6c 65 63 74 2d 77 72 61 70 70 65 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 72 67 62 61 28 31 34 34 2c 20 31 34 34 2c 20 31 34 34 2c 20 30 2e 32 35 29 3b 0d 0a 09 7d 0d 0a 0d 0a 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 2b 20 6c 61 62 65 6c 2c 0d 0a 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 20 2b 20 6c 61 62 65 6c 20 7b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0d 0a 09 7d 0d 0a 0d 0a 09 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 2b 20 6c 61 62 65 6c 3a 62 65 66 6f 72 65 2c 0d 0a 09 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 Data Ascii: box-shadow: 0 0 0 1px #51BAA4;}.select-wrapper:before {color: rgba(144, 144, 144, 0.25);}input[type="checkbox"] + label,input[type="radio"] + label {color: #777;}input[type="checkbox"] + label:before,input[type="
2024-12-19 20:30:46 UTC	16384	IN	Data Raw: 20 23 62 62 62 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 09 09 09 7d 0d 0a 0d 0a 09 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 31 20 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0d 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 62 62 62 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 09 09 09 7d 0d 0a 0d 0a 09 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 31 20 3a 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0d 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 62 62 62 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 09 09 09 7d 0d 0a 0d 0a 09 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 31 20 3a 2d 6d 73 2d 69 6e 70 75 74 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0d 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 62 62 62 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d Data Ascii: #bbb !important;}.wrapper.style1 :-moz-placeholder {color: #bbb !important;}.wrapper.style1 ::-moz-placeholder {color: #bbb !important;}.wrapper.style1 :-ms-input-placeholder {color: #bbb !important;
2024-12-19 20:30:46 UTC	13635	IN	Data Raw: 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 33 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 2e 73 70 65 63 69 61 6c 3a 61 63 74 69 76 65 2c 0d 0a 09 09 09 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 33 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 2e 73 70 65 63 69 61 6c 3a 61 63 74 69 76 65 2c 0d 0a 09 09 09 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 33 20 62 75 74 74 6f 6e 2e 73 70 65 63 69 61 6c 3a 61 63 74 69 76 65 2c 0d 0a 09 09 09 09 09 2e 77 72 61 70 70 65 72 2e 73 74 79 6c 65 33 20 2e 62 75 74 74 6f 6e 2e 73 70 65 63 69 61 6c 3a 61 63 74 69 76 65 20 7b 0d 0a 09 09 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 35 61 64 39 37 3b 0d 0a 09 09 09 09 09 7d 0d 0a 0d 0a 09 09 09 09 2e Data Ascii: .wrapper.style3 input[type="reset"].special:active,.wrapper.style3 input[type="button"].special:active,.wrapper.style3 button.special:active,.wrapper.style3 .button.special:active {background-color: #45ad97;}.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49766	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:47 UTC	610	OUT	GET /assets/css/font-awesome.min.css HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://samsupports-com.jmailroute.net/assets/css/main2.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:48 UTC	447	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Wed, 10 Apr 2024 14:54:13 GMT Accept-Ranges: bytes ETag: "fad7c7f3568bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:47 GMT Connection: close Content-Length: 23742
2024-12-19 20:30:48 UTC	15937	IN	Data Raw: 2f 2a 21 0d 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 33 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0d 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0d 0a 20 2a 2f 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 46 6f 6e 74 41 77 65 73 6f 6d 65 27 3b 73 72 63 3a 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 65 6f 74 3f 76 3d 34 2e 33 2e 30 27 Data Ascii: /! Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.3.0'
2024-12-19 20:30:48 UTC	7805	IN	Data Raw: 65 6e 74 3a 22 5c 66 31 36 35 22 7d 2e 66 61 2d 79 6f 75 74 75 62 65 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 36 22 7d 2e 66 61 2d 79 6f 75 74 75 62 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 37 22 7d 2e 66 61 2d 78 69 6e 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 38 22 7d 2e 66 61 2d 78 69 6e 67 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 39 22 7d 2e 66 61 2d 79 6f 75 74 75 62 65 2d 70 6c 61 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 61 22 7d 2e 66 61 2d 64 72 6f 70 62 6f 78 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 62 22 7d 2e 66 61 2d 73 74 61 63 6b 2d 6f 76 65 72 66 6c 6f 77 3a 62 Data Ascii: ent:"\f165"}.fa-youtube-square:before{content:"\f166"}.fa-youtube:before{content:"\f167"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-youtube-play:before{content:"\f16a"}.fa-dropbox:before{content:"\f16b"}.fa-stack-overflow:b

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49774	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 41 55 55 4e 64 55 4e 35 6b 65 30 6d 59 51 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 35 36 33 32 37 30 31 37 37 66 66 34 33 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2AUUNdUN5ke0mYQO.1Context: b3563270177ff43a
2024-12-19 20:30:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 20:30:49 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 41 55 55 4e 64 55 4e 35 6b 65 30 6d 59 51 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 35 36 33 32 37 30 31 37 37 66 66 34 33 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2AUUNdUN5ke0mYQO.2Context: b3563270177ff43a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-19 20:30:49 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 41 55 55 4e 64 55 4e 35 6b 65 30 6d 59 51 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 35 36 33 32 37 30 31 37 37 66 66 34 33 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2AUUNdUN5ke0mYQO.3Context: b3563270177ff43a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 20:30:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 20:30:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 64 61 50 34 32 47 5a 4e 37 30 47 46 6b 77 6e 65 30 2f 32 75 4f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: daP42GZN70GFkwne0/2uOw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49782	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:50 UTC	692	OUT	GET /favicon-32x32.png HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:50 UTC	445	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Sun, 05 Nov 2023 05:47:10 GMT Accept-Ranges: bytes ETag: "bff6285abfda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:49 GMT Connection: close Content-Length: 1883
2024-12-19 20:30:50 UTC	1883	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 a6 50 4c 54 45 00 00 00 ee c3 c5 ec bb bd e3 9b 9f e1 91 95 e3 9b 9e ef c6 c8 ed be c0 f7 e4 e5 dd 86 89 d0 55 5a ca 3f 46 d1 58 5d db 7c 80 f5 db dc ea b3 b5 d3 62 67 c8 37 3e c7 36 3c d3 5f 64 e6 a3 a6 fb f0 f1 d4 62 67 c5 2d 34 c4 2c 33 d3 60 65 f8 e4 e5 de 86 8a c8 37 3e c7 35 3b d9 74 79 d3 60 65 d4 64 69 d2 5c 62 d3 61 66 dd 86 8a c8 39 3f c7 36 3c d9 77 7b fd f8 f8 d5 68 6d c5 2e 35 c5 2c 33 d3 5f 64 f8 e7 e7 ea b4 b7 d6 6a 6f Data Ascii: PNGIHDR DgAMAasRGB cHRMz&u0`:pQ<PLTEUZ?FX]\|bg7>6<_dbg-4,3`e7>5;ty`edi\baf9?6<w{hm.5,3_djo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49781	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:50 UTC	627	OUT	GET /manifest.json HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: manifest Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:50 UTC	451	IN	HTTP/1.1 200 OK Content-Type: application/json Last-Modified: Sun, 05 Nov 2023 05:47:10 GMT Accept-Ranges: bytes ETag: "3e68e85abfda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:49 GMT Connection: close Content-Length: 720
2024-12-19 20:30:50 UTC	720	IN	Data Raw: 7b 0a 20 22 6e 61 6d 65 22 3a 20 22 41 70 70 22 2c 0a 20 22 69 63 6f 6e 73 22 3a 20 5b 0a 20 20 7b 0a 20 20 20 22 73 72 63 22 3a 20 22 5c 2f 61 6e 64 72 6f 69 64 2d 69 63 6f 6e 2d 33 36 78 33 36 2e 70 6e 67 22 2c 0a 20 20 20 22 73 69 7a 65 73 22 3a 20 22 33 36 78 33 36 22 2c 0a 20 20 20 22 74 79 70 65 22 3a 20 22 69 6d 61 67 65 5c 2f 70 6e 67 22 2c 0a 20 20 20 22 64 65 6e 73 69 74 79 22 3a 20 22 30 2e 37 35 22 0a 20 20 7d 2c 0a 20 20 7b 0a 20 20 20 22 73 72 63 22 3a 20 22 5c 2f 61 6e 64 72 6f 69 64 2d 69 63 6f 6e 2d 34 38 78 34 38 2e 70 6e 67 22 2c 0a 20 20 20 22 73 69 7a 65 73 22 3a 20 22 34 38 78 34 38 22 2c 0a 20 20 20 22 74 79 70 65 22 3a 20 22 69 6d 61 67 65 5c 2f 70 6e 67 22 2c 0a 20 20 20 22 64 65 6e 73 69 74 79 22 3a 20 22 31 2e 30 22 0a 20 20 7d Data Ascii: { "name": "App", "icons": [ { "src": "\/android-icon-36x36.png", "sizes": "36x36", "type": "image\/png", "density": "0.75" }, { "src": "\/android-icon-48x48.png", "sizes": "48x48", "type": "image\/png", "density": "1.0" }

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49785	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:30:52 UTC	371	OUT	GET /favicon-32x32.png HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:30:52 UTC	445	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Sun, 05 Nov 2023 05:47:10 GMT Accept-Ranges: bytes ETag: "bff6285abfda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:30:51 GMT Connection: close Content-Length: 1883
2024-12-19 20:30:52 UTC	1883	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 a6 50 4c 54 45 00 00 00 ee c3 c5 ec bb bd e3 9b 9f e1 91 95 e3 9b 9e ef c6 c8 ed be c0 f7 e4 e5 dd 86 89 d0 55 5a ca 3f 46 d1 58 5d db 7c 80 f5 db dc ea b3 b5 d3 62 67 c8 37 3e c7 36 3c d3 5f 64 e6 a3 a6 fb f0 f1 d4 62 67 c5 2d 34 c4 2c 33 d3 60 65 f8 e4 e5 de 86 8a c8 37 3e c7 35 3b d9 74 79 d3 60 65 d4 64 69 d2 5c 62 d3 61 66 dd 86 8a c8 39 3f c7 36 3c d9 77 7b fd f8 f8 d5 68 6d c5 2e 35 c5 2c 33 d3 5f 64 f8 e7 e7 ea b4 b7 d6 6a 6f Data Ascii: PNGIHDR DgAMAasRGB cHRMz&u0`:pQ<PLTEUZ?FX]\|bg7>6<_dbg-4,3`e7>5;ty`edi\baf9?6<w{hm.5,3_djo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49806	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:00 UTC	869	OUT	GET /x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:00 UTC	512	IN	HTTP/1.1 301 Moved Permanently Cache-Control: private Location: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:00 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49807	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:00 UTC	869	OUT	GET /x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:01 UTC	812	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /x/UnsubscribeDone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 Set-Cookie: GMassUniqueID=c2003c92-49a1-4c6f-8663-4f5864564e88; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure Set-Cookie: GMassAffiliateID=; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:00 GMT Connection: close Content-Length: 204
2024-12-19 20:31:01 UTC	204	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 78 2f 55 6e 73 75 62 73 63 72 69 62 65 44 6f 6e 65 3f 75 3d 65 62 65 35 32 38 62 63 2d 61 33 63 31 2d 34 36 32 34 2d 61 66 66 31 2d 63 37 30 34 32 66 32 37 33 65 62 30 26 61 6d 70 3b 61 6c 72 65 61 64 79 55 6e 73 75 62 73 63 72 69 62 65 64 3d 46 61 6c 73 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/x/UnsubscribeDone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49813	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:02 UTC	882	OUT	GET /x/UnsubscribeDone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:03 UTC	525	IN	HTTP/1.1 301 Moved Permanently Cache-Control: private Location: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:02 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49817	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 70 56 6b 4e 58 33 6a 35 30 32 44 51 51 65 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 65 35 37 30 62 62 38 30 66 36 61 63 32 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: upVkNX3j502DQQeD.1Context: e1e570bb80f6ac25
2024-12-19 20:31:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 20:31:04 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 70 56 6b 4e 58 33 6a 35 30 32 44 51 51 65 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 65 35 37 30 62 62 38 30 66 36 61 63 32 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: upVkNX3j502DQQeD.2Context: e1e570bb80f6ac25<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-19 20:31:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 70 56 6b 4e 58 33 6a 35 30 32 44 51 51 65 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 65 35 37 30 62 62 38 30 66 36 61 63 32 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: upVkNX3j502DQQeD.3Context: e1e570bb80f6ac25<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 20:31:04 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 20:31:04 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 42 47 4c 32 73 71 61 51 45 32 66 71 67 79 59 53 5a 59 55 46 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: iBGL2sqaQE2fqgyYSZYUFg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49820	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:04 UTC	882	OUT	GET /x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:04 UTC	715	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 Set-Cookie: GMassUniqueID=3874df22-5bbd-4b6f-bf10-e450b86bbeba; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure Set-Cookie: GMassAffiliateID=; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:04 GMT Connection: close Content-Length: 4684
2024-12-19 20:31:04 UTC	4684	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 73 75 62 73 63 72 69 62 65 20 44 6f 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 38 5d 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 6a 73 2f 69 65 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d Data Ascii: <html><head> <title>Unsubscribe Done</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ...[if lte IE 8]><script src="/assets/js/ie/html5shiv.js"></script><![endif]--> <link rel=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49843	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:14 UTC	792	OUT	POST /x/Resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://samsupports-com.jmailroute.net Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:14 UTC	720	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: application/json; charset=utf-8 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 Set-Cookie: GMassUniqueID=95877d4c-de9a-45a3-9639-68d878ad2036; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure Set-Cookie: GMassAffiliateID=; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:14 GMT Connection: close Content-Length: 16
2024-12-19 20:31:14 UTC	16	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 7d Data Ascii: {"success":true}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49849	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:16 UTC	421	OUT	GET /x/Resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:16 UTC	510	IN	HTTP/1.1 301 Moved Permanently Cache-Control: private Location: https://samsupports-com.jmailroute.net/x/resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:15 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49853	35.90.200.159	443	6792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:18 UTC	421	OUT	GET /x/resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1 Host: samsupports-com.jmailroute.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 20:31:18 UTC	720	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: application/json; charset=utf-8 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 Set-Cookie: GMassUniqueID=f3afb6b5-9981-4c49-a4b4-1cf10b073da8; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure Set-Cookie: GMassAffiliateID=; expires=Sun, 21-Sep-2026 03:40:10 GMT; Domain=gmass.co; path=/; SameSite=None; Secure X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true Date: Thu, 19 Dec 2024 20:31:17 GMT Connection: close Content-Length: 16
2024-12-19 20:31:18 UTC	16	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 7d Data Ascii: {"success":true}

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49875	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:27 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 68 6a 47 56 4e 53 53 30 71 45 79 74 69 4d 6d 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 64 30 33 62 33 30 33 36 39 64 66 33 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: hjGVNSS0qEytiMmC.1Context: e1d03b30369df3e
2024-12-19 20:31:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 20:31:27 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 68 6a 47 56 4e 53 53 30 71 45 79 74 69 4d 6d 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 64 30 33 62 33 30 33 36 39 64 66 33 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 4e Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: hjGVNSS0qEytiMmC.2Context: e1d03b30369df3e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0bN
2024-12-19 20:31:27 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 68 6a 47 56 4e 53 53 30 71 45 79 74 69 4d 6d 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 64 30 33 62 33 30 33 36 39 64 66 33 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: hjGVNSS0qEytiMmC.3Context: e1d03b30369df3e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 20:31:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 20:31:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 5a 51 44 4b 4f 5a 77 36 6b 2b 43 63 34 65 4e 2f 55 76 53 50 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5ZQDKOZw6k+Cc4eN/UvSPA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49931	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 20:31:51 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 51 30 69 46 43 30 34 59 45 75 32 78 38 61 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 38 31 64 30 64 31 37 65 61 31 64 38 35 39 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: jQ0iFC04YEu2x8av.1Context: 381d0d17ea1d8594
2024-12-19 20:31:51 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 20:31:51 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 51 30 69 46 43 30 34 59 45 75 32 78 38 61 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 38 31 64 30 64 31 37 65 61 31 64 38 35 39 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: jQ0iFC04YEu2x8av.2Context: 381d0d17ea1d8594<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-19 20:31:51 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 51 30 69 46 43 30 34 59 45 75 32 78 38 61 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 38 31 64 30 64 31 37 65 61 31 64 38 35 39 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: jQ0iFC04YEu2x8av.3Context: 381d0d17ea1d8594<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 20:31:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 20:31:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 37 45 77 52 77 6a 64 41 34 45 4f 52 66 2f 4f 35 56 34 79 4e 44 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 7EwRwjdA4EORf/O5V4yNDw.0Payload parsing failed.

Target ID:	1
Start time:	15:30:25
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	15:30:28
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=2536,i,6187232916633203488,5412401990464861850,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	15:30:35
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://samsupports-com.jmailroute.net/x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False	Joe Sandbox AI: Page contains button: 'MADE A MISTAKE? CLICK HERE TO RE-SUBSCRIBE' Source: '2.1.pages.csv'
Source: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False	Joe Sandbox AI: Page contains button: 'CONFIRM UNSUBSCRIBE' Source: '0.0.pages.csv'

Source: Email	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://track.samsupport.jmsend.com
Source: Email	Joe Sandbox AI: AI detected Typosquatting in URL: https://track.samsupport.jmsend.com

Source: global traffic	HTTP traffic detected: GET /z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655 HTTP/1.1Host: track.samsupport.jmsend.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/u?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=False HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/main2.css HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/font-awesome.min.css HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://samsupports-com.jmailroute.net/assets/css/main2.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /manifest.json HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/Unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=True HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/UnsubscribeDone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/unsubscribedone?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&alreadyUnsubscribed=False HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://samsupports-com.jmailroute.net/x/unsubscribe?u=ebe528bc-a3c1-4624-aff1-c7042f273eb0&unsubscribe=FalseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/Resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x/resubscribe?outboundUniqueId=ebe528bc-a3c1-4624-aff1-c7042f273eb0 HTTP/1.1Host: samsupports-com.jmailroute.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: track.samsupport.jmsend.com
Source: global traffic	DNS traffic detected: DNS query: samsupports-com.jmailroute.net

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4864, Parent PID: 716

General

Chronological Activities

Windows Analysis Report
https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655