Windows Analysis Report
https://walli.shanga.co/image/view/?id=1375

Overview

General Information

Sample URL: https://walli.shanga.co/image/view/?id=1375
Analysis ID: 1281736
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
HTML page contains hidden URLs or javascript code

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://walli.shanga.co/image/view/?id=1375 Avira URL Cloud: detection malicious, Label: phishing
Multi AV Scanner detection for submitted file
Source: https://walli.shanga.co/image/view/?id=1375 Virustotal: Detection: 11% Perma Link
Antivirus detection for URL or domain
Source: http://ww7.shanga.co/_fd?id=1375 Avira URL Cloud: Label: phishing
Source: http://ww7.shanga.co/js/parking.2.106.5.js Avira URL Cloud: Label: phishing
Source: http://ww7.shanga.co/favicon.ico Avira URL Cloud: Label: phishing
Source: http://ww7.shanga.co/px.gif?ch=1&rn=6.816132124620463 Avira URL Cloud: Label: phishing
Source: http://ww7.shanga.co/px.gif?ch=2&rn=6.816132124620463 Avira URL Cloud: Label: phishing
Source: http://ww7.shanga.co/_tr Avira URL Cloud: Label: phishing
Source: http://iyfbodn.com/px.js?ch=1 Avira URL Cloud: Label: phishing
HTML page contains hidden URLs or javascript code
Source: http://ww7.shanga.co/image/view/?id=1375 HTTP Parser: Base64 decoded: {"uuid":"8d517d42-6c27-4620-b650-115e2dac72fd","page_time":1690535351,"page_url":"http://ww7.shanga.co/image/view/?id=1375","page_method":"GET","page_request":{"id":"1375"},"page_headers":{"referer":[""]},"host":"ww7.shanga.co","ip":"84.17.52.43"}
Source: http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3Dtrue HTTP Parser: No favicon
Source: http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3Dtrue HTTP Parser: No favicon
Source: http://ww7.shanga.co/terms HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 28 Jul 2023 09:09:12 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2043cache-control: no-cachex-version: 2.107.3expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd; expires=Fri, 28 Jul 2023 09:24:12 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 57 49 97 a2 48 17 fd 41 b5 68 06 b5 93 a5 82 4c 2d 98 a2 32 c4 0e 02 4b c0 00 3d a5 c8 f0 eb fb 06 9a 6a e6 57 79 ea 7c 9b 5e 78 aa 92 18 de 7d f7 dd 37 c4 b6 d5 53 df 69 5c dd 6d 5c a1 e9 97 da bc 4b fc 5d 67 97 44 57 7a 12 da 12 09 ad 7c 99 db 27 aa 0a ad a3 0a 9d a3 cd 2f ce 26 c2 8f 36 8b d2 2f 9c 7c 7c 4a 2a 8f d1 72 9c 25 aa 75 b6 4a 72 08 65 97 d1 8a 30 ca 94 43 14 7a 2c 35 d8 85 ac ad 09 ce 8d 1d 6d db bb 1b 47 74 f2 26 a7 86 5e 91 ad d2 60 fd 9a 54 4e be ac ce 39 35 fd 7c 1d ac b8 cd 03 55 c5 3c 91 bc 13 ed 9d 36 ec dd 26 1e ee f7 ae 49 a0 9f 12 66 33 22 b1 3e 35 ed 2c a9 86 fd 19 ed c4 03 2d d9 61 b1 b1 64 47 db 37 cb 8d 33 76 0b ab 5d 6e a8 e4 6e f6 f9 42 b5 1b f8 d4 27 12 b0 1a 6c 42 02 6f 46 4c d8 2d 49 96 98 2e c3 7a 47 42 57 4c 4c af df 0e d8 ec 8c 4a be 4f cb 86 e3 39 a6 a6 d7 2c 59 73 0d 55 45 4e 7b 5a 53 29 cb 92 32 cd 16 a5 7b b5 e0 0f 70 8d 7c c3 ef 92 6d cb f0 5d 00 de 89 bb 99 82 13 f7 18 05 e3 9a 04 c3 3d 4d 1c ac 2e 51 a9 1c e2 d0 b9 10 c9 85 ef 5e 97 48 4d eb 16 ab 33 35 80 3f b0 af c4 60 fd 22 48 0b 60 15 68 a9 9c e1 c3 b7 6b 4e 3f 1d 2f cc d9 89 7c f0 d5 89 55 24 29 35 b8 b9 26 da 1c 5c b7 df d9 14 9c 3e e2 bc fc 4a 3b 6b 62 e5 88 df 10 4b b1 b7 8a 23 fc 51 f2 38 68 99 65 e8 0d 05 4f d8 97 11 13 b1 96 07 be af a4 1c ce 22 06 ec 4c b6 ec c0 cf 38 fd bc 05 1e d1 ed 23 c1 19 e2 75 f3 05 bc 5c a8 d1 66 a9 e1 cf 12 a3 bd a6 b2 1b 47 b0 09 8c 22 09 05 70 64 9f 13 c9 fd 45 f1 2d 90 cf 39 ee 6c b8 66 ac ca 66 89 a1 0b 88 55 4f 02 bd 8b a4 21 8e 03 2f 51 c0 ea bb 3e 3b 9c 03 76 ff b4 91 67 42 1c 88 a7 5d b9 7d 8d 6b 9d 06 62 3e ec 2d 5c 65 61 be dc 5f ea 87 e1 2c 62 88 38 64 71 30 66 34 87 5d 7c 5f 6c e6 dc 67 31 be 69 f4 12 87 27 66 15 a7 32 0a da 9e ac 11 ef ca 47 1c fd 0e 7e f7 3f 7d f8 50 b9 c2 0e 7c 71 1f b0 0f 31 55 04 cb bc d0 24 9f ee 17 6b b1 a3 72 7a 02 7f c7 65 3e 85 3e 67 cd 4e c3 5a 25 d2 84 b5 35 d7 c3 6e dd ec 63 d3 bb 24 ea ec ef d0 18 ed 2d 75 ba 27 25 e2 a8 8a b0 29 9e 12 f3 30 b1 4c 17 7a 77 2e d0 65 17 07 d1 d9 52 d3 19 34 8f dc a3 8f 33 b1 e1 9f 88 94 09 b0 d3 3a da 94 2d c5 b6 e6 77 59 86 9d 45 d2 a5 82 9e c4 a4 84 06 25 e5 9c c8 c0 aa 3a Data Ascii: WIHAhL-2K=jWy|^x}7Si\m\K]gDWz|'/&6/||J*r%uJre0Cz,5mGt&^`TN95|U<6&If3">5,-adG73v]nnB'lBoFL-I.zGBWLLJO9,YsUEN{ZS)2{p|m]=M.Q^HM
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 28 Jul 2023 09:09:16 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 22cache-control: no-cachex-version: 2.107.3expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd; expires=Fri, 28 Jul 2023 09:24:17 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 cb cf 06 00 47 dd dc 79 02 00 00 00 Data Ascii: Gy
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /image/view/?id=1375 HTTP/1.1Host: walli.shanga.coConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adsense/domains/caf.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJW2yQEIo7bJAQjEtskBCKmdygEIlaHLAQiQvMwBCOK8zAEIssHMAQjFwcwBCNbBzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://ww7.shanga.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol164%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol436&client=dp-bodis31_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww7.shanga.co%3Fcaf%26id%3D1375&terms=mobile%20apps&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2708093962197658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301293&format=r3&nocache=9751690535352713&num=0&output=afd_ads&domain_name=ww7.shanga.co&v=3&bsl=8&pac=0&u_his=1&u_tz=120&dt=1690535352714&u_w=1280&u_h=1024&biw=1280&bih=913&psw=1264&psh=76&frm=0&cl=550993488&uio=-&cont=rs&jsid=caf&jsv=550993488&rurl=http%3A%2F%2Fww7.shanga.co%2Fimage%2Fview%2F%3Fid%3D1375&adbw=master-1%3A1264 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CJW2yQEIo7bJAQjEtskBCKmdygEIlaHLAQiQvMwBCOK8zAEIssHMAQjFwcwBCNbBzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://ww7.shanga.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol164%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol309%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol436%26client%3Ddp-bodis31_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww7.shanga.co%253Fcaf%2526id%253D1375%26terms%3Dmobile%2520apps%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2708093962197658%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300003%252C17301293%26format%3Dr3%26nocache%3D9751690535352713%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww7.shanga.co%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D120%26dt%3D1690535352714%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D913%26psw%3D1264%26psh%3D76%26frm%3D0%26cl%3D550993488%26uio%3D-%26cont%3Drs%26jsid%3Dcaf%26jsv%3D550993488%26rurl%3Dhttp%253A%252F%252Fww7.shanga.co%252Fimage%252Fview%252F%253Fid%253D1375%26adbw%3Dmaster-1%253A1264&hl=en&q=EgRUETQrGLmLjqYGIjAXdR8b9kk_p6V9YyE040N6zgrG7TNDWtXJ1qK7rbP_FThyo-K577fEquNgRYEtVBwyAXJaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CJW2yQEIo7bJAQjEtskBCKmdygEIlaHLAQiQvMwBCOK8zAEIssHMAQjFwcwBCNbBzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://ww7.shanga.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJW2yQEIo7bJAQjEtskBCKmdygEIlaHLAQiQvMwBCOK8zAEIssHMAQjFwcwBCNbBzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/sorry/index?continue=https://www.google.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol164%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol309%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol436%26client%3Ddp-bodis31_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww7.shanga.co%253Fcaf%2526id%253D1375%26terms%3Dmobile%2520apps%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2708093962197658%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300003%252C17301293%26format%3Dr3%26nocache%3D9751690535352713%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww7.shanga.co%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D120%26dt%3D1690535352714%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D913%26psw%3D1264%26psh%3D76%26frm%3D0%26cl%3D550993488%26uio%3D-%26cont%3Drs%26jsid%3Dcaf%26jsv%3D550993488%26rurl%3Dhttp%253A%252F%252Fww7.shanga.co%252Fimage%252Fview%252F%253Fid%253D1375%26adbw%3Dmaster-1%253A1264&hl=en&q=EgRUETQrGLmLjqYGIjAXdR8b9kk_p6V9YyE040N6zgrG7TNDWtXJ1qK7rbP_FThyo-K577fEquNgRYEtVBwyAXJaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=iRvKkcsnpNcOYYwhqaQxPITz&size=normal&s=lHTP8emeKdCZpeJG76mtd64IWvHf1gOLypcspC4ghMkih0n12vP7QmFZs8Rdsw6JzOjYgxVIU8PkhRwL3sL_7gsd8VVol-1No4402uCS_1y3GRfkv4IVkhc27gQdBCSxq-TesgCaHfZDmlJn6eYCeLMkYTurc5WjctTXzOmaXaMB_ub2ipTWtQ6ZgvneGjfmE_CptqnVqm7GognRwEc6rIue0v8LccXc3Bq-e2NrQkQ4QS6ySf-IjqNTL_cpYZYxv8m9BcHU4uGtWUa2IRIo-222iTO1crU&cb=uepxbdotpfvs HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CJW2yQEIo7bJAQjEtskBCKmdygEIlaHLAQiQvMwBCOK8zAEIssHMAQjFwcwBCNbBzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol164%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol309%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol436%26client%3Ddp-bodis31_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww7.shanga.co%253Fcaf%2526id%253D1375%26terms%3Dmobile%2520apps%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2708093962197658%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300003%252C17301293%26format%3Dr3%26nocache%3D9751690535352713%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww7.shanga.co%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D120%26dt%3D1690535352714%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D913%26psw%3D1264%26psh%3D76%26frm%3D0%26cl%3D550993488%26uio%3D-%26cont%3Drs%26jsid%3Dcaf%26jsv%3D550993488%26rurl%3Dhttp%253A%252F%252Fww7.shanga.co%252Fimage%252Fview%252F%253Fid%253D1375%26adbw%3Dmaster-1%253A1264&hl=en&q=EgRUETQrGLmLjqYGIjAXdR8b9kk_p6V9YyE040N6zgrG7TNDWtXJ1qK7rbP_FThyo-K577fEquNgRYEtVBwyAXJaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /delivery/js/cmp_en.min.js HTTP/1.1Host: cdn.consentmanager.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://iyfbodn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26pid%3D9POT3387I%26pbsubid%3D8d517d42-6c27-4620-b650-115e2dac72fd%26noads%3Dhttp%253A%252F%252Fiyfbodn.com%252F%253Fdn%253Dshanga.co%2526skipskenzo%253Dtrue&&l=en&o=1690535361028 HTTP/1.1Host: a.delivery.consentmanager.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://iyfbodn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /takedown-request HTTP/1.1Host: www.bodis.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /css/app.css?id=275eca52e243c9cf6069 HTTP/1.1Host: www.bodis.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.bodis.com/takedown-requestAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6InBoYlh1akNoVmRhV0tXbWdSSkdLUFE9PSIsInZhbHVlIjoiVCtIV3psR2wvcGFLQkNhYjBEQ1RrZmFSeXhtQjdqZitOaE45YVpYVUpOSTVMc3FqbkJMd3FiYXk2cmJqWlVnWjhXQjBlZE14L0JSVXBOZUJBRjdvS2l4REV0d1ltTFp3V09YejhWYmxkc0FvZzNuaWhIK2FRVXljcW4wWGZXZksiLCJtYWMiOiIxNzk3MGMyMDNlOTA2N2JkNWFkNTE4ZWU1YTMxNzFjYTEzNDYwZTQ3YzIwNmY1ZTBlOTM1ZjNmNzAwNDA3NzU4IiwidGFnIjoiIn0%3D; bodis_session=eyJpdiI6InptSzI0WEloQ0FpQ2lUNWNINjZhcWc9PSIsInZhbHVlIjoiMll4VHJSSFNyUkJMN0tSRkNEL25rQm8xaWliZDlFOWlnQkNseWVoVndaTDdOVEZ5UGJ6YlJDdytkcHN6WFNXclJ0MVArNDh6bjR5WWMxby9oYWxxaDRSN0pCVzR2QTFhc2tJeVFlTlF6cS9tZjBmMUc5aDlRbWdqRmY3RzAzQkMiLCJtYWMiOiI1Y2FkYjA2NzkzM2Y0OTgzZDJkZjFkY2I4YzM0ZmMwN2FiNDNmMWZmZjFhOWRhZDMzNGVkNTQyZTg1Mjk0OGZiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /js/app.js?id=01347d430ade04479eaf HTTP/1.1Host: www.bodis.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.bodis.com/takedown-requestAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6InBoYlh1akNoVmRhV0tXbWdSSkdLUFE9PSIsInZhbHVlIjoiVCtIV3psR2wvcGFLQkNhYjBEQ1RrZmFSeXhtQjdqZitOaE45YVpYVUpOSTVMc3FqbkJMd3FiYXk2cmJqWlVnWjhXQjBlZE14L0JSVXBOZUJBRjdvS2l4REV0d1ltTFp3V09YejhWYmxkc0FvZzNuaWhIK2FRVXljcW4wWGZXZksiLCJtYWMiOiIxNzk3MGMyMDNlOTA2N2JkNWFkNTE4ZWU1YTMxNzFjYTEzNDYwZTQ3YzIwNmY1ZTBlOTM1ZjNmNzAwNDA3NzU4IiwidGFnIjoiIn0%3D; bodis_session=eyJpdiI6InptSzI0WEloQ0FpQ2lUNWNINjZhcWc9PSIsInZhbHVlIjoiMll4VHJSSFNyUkJMN0tSRkNEL25rQm8xaWliZDlFOWlnQkNseWVoVndaTDdOVEZ5UGJ6YlJDdytkcHN6WFNXclJ0MVArNDh6bjR5WWMxby9oYWxxaDRSN0pCVzR2QTFhc2tJeVFlTlF6cS9tZjBmMUc5aDlRbWdqRmY3RzAzQkMiLCJtYWMiOiI1Y2FkYjA2NzkzM2Y0OTgzZDJkZjFkY2I4YzM0ZmMwN2FiNDNmMWZmZjFhOWRhZDMzNGVkNTQyZTg1Mjk0OGZiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /delivery/cmp.php?__cmpcc=1&id=68884&o=1690535380&h=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26pid%3D9POT3387I%26pbsubid%3D8d517d42-6c27-4620-b650-115e2dac72fd%26noads%3Dhttp%253A%252F%252Fiyfbodn.com%252F%253Fdn%253Dshanga.co%2526skipskenzo%253Dtrue&&l=en&odw=0&dlt=1&l=en HTTP/1.1Host: a.delivery.consentmanager.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://iyfbodn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /dfp.js HTTP/1.1Host: www.bodis.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.bodis.com/takedown-requestAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6InBoYlh1akNoVmRhV0tXbWdSSkdLUFE9PSIsInZhbHVlIjoiVCtIV3psR2wvcGFLQkNhYjBEQ1RrZmFSeXhtQjdqZitOaE45YVpYVUpOSTVMc3FqbkJMd3FiYXk2cmJqWlVnWjhXQjBlZE14L0JSVXBOZUJBRjdvS2l4REV0d1ltTFp3V09YejhWYmxkc0FvZzNuaWhIK2FRVXljcW4wWGZXZksiLCJtYWMiOiIxNzk3MGMyMDNlOTA2N2JkNWFkNTE4ZWU1YTMxNzFjYTEzNDYwZTQ3YzIwNmY1ZTBlOTM1ZjNmNzAwNDA3NzU4IiwidGFnIjoiIn0%3D; bodis_session=eyJpdiI6InptSzI0WEloQ0FpQ2lUNWNINjZhcWc9PSIsInZhbHVlIjoiMll4VHJSSFNyUkJMN0tSRkNEL25rQm8xaWliZDlFOWlnQkNseWVoVndaTDdOVEZ5UGJ6YlJDdytkcHN6WFNXclJ0MVArNDh6bjR5WWMxby9oYWxxaDRSN0pCVzR2QTFhc2tJeVFlTlF6cS9tZjBmMUc5aDlRbWdqRmY3RzAzQkMiLCJtYWMiOiI1Y2FkYjA2NzkzM2Y0OTgzZDJkZjFkY2I4YzM0ZmMwN2FiNDNmMWZmZjFhOWRhZDMzNGVkNTQyZTg1Mjk0OGZiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /api/account HTTP/1.1Host: www.bodis.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: application/json, text/plain, */*X-XSRF-TOKEN: eyJpdiI6InBoYlh1akNoVmRhV0tXbWdSSkdLUFE9PSIsInZhbHVlIjoiVCtIV3psR2wvcGFLQkNhYjBEQ1RrZmFSeXhtQjdqZitOaE45YVpYVUpOSTVMc3FqbkJMd3FiYXk2cmJqWlVnWjhXQjBlZE14L0JSVXBOZUJBRjdvS2l4REV0d1ltTFp3V09YejhWYmxkc0FvZzNuaWhIK2FRVXljcW4wWGZXZksiLCJtYWMiOiIxNzk3MGMyMDNlOTA2N2JkNWFkNTE4ZWU1YTMxNzFjYTEzNDYwZTQ3YzIwNmY1ZTBlOTM1ZjNmNzAwNDA3NzU4IiwidGFnIjoiIn0=X-CSRF-TOKEN: MxWxN2MKJtvFgVdmHgdg4OuTUAjIeelzYUB1QwDLsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.bodis.com/takedown-requestAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6InBoYlh1akNoVmRhV0tXbWdSSkdLUFE9PSIsInZhbHVlIjoiVCtIV3psR2wvcGFLQkNhYjBEQ1RrZmFSeXhtQjdqZitOaE45YVpYVUpOSTVMc3FqbkJMd3FiYXk2cmJqWlVnWjhXQjBlZE14L0JSVXBOZUJBRjdvS2l4REV0d1ltTFp3V09YejhWYmxkc0FvZzNuaWhIK2FRVXljcW4wWGZXZksiLCJtYWMiOiIxNzk3MGMyMDNlOTA2N2JkNWFkNTE4ZWU1YTMxNzFjYTEzNDYwZTQ3YzIwNmY1ZTBlOTM1ZjNmNzAwNDA3NzU4IiwidGFnIjoiIn0%3D; bodis_session=eyJpdiI6InptSzI0WEloQ0FpQ2lUNWNINjZhcWc9PSIsInZhbHVlIjoiMll4VHJSSFNyUkJMN0tSRkNEL25rQm8xaWliZDlFOWlnQkNseWVoVndaTDdOVEZ5UGJ6YlJDdytkcHN6WFNXclJ0MVArNDh6bjR5WWMxby9oYWxxaDRSN0pCVzR2QTFhc2tJeVFlTlF6cS9tZjBmMUc5aDlRbWdqRmY3RzAzQkMiLCJtYWMiOiI1Y2FkYjA2NzkzM2Y0OTgzZDJkZjFkY2I4YzM0ZmMwN2FiNDNmMWZmZjFhOWRhZDMzNGVkNTQyZTg1Mjk0OGZiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /assets/reamaze.js HTTP/1.1Host: cdn.reamaze.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.bodis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /client_data/3155f51cab94cfafe4b265a7/script.js HTTP/1.1Host: cdn-cookieyes.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.bodis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /svg/logo.svg HTTP/1.1Host: www.bodis.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bodis.com/takedown-requestAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6InBoYlh1akNoVmRhV0tXbWdSSkdLUFE9PSIsInZhbHVlIjoiVCtIV3psR2wvcGFLQkNhYjBEQ1RrZmFSeXhtQjdqZitOaE45YVpYVUpOSTVMc3FqbkJMd3FiYXk2cmJqWlVnWjhXQjBlZE14L0JSVXBOZUJBRjdvS2l4REV0d1ltTFp3V09YejhWYmxkc0FvZzNuaWhIK2FRVXljcW4wWGZXZksiLCJtYWMiOiIxNzk3MGMyMDNlOTA2N2JkNWFkNTE4ZWU1YTMxNzFjYTEzNDYwZTQ3YzIwNmY1ZTBlOTM1ZjNmNzAwNDA3NzU4IiwidGFnIjoiIn0%3D; bodis_session=eyJpdiI6InptSzI0WEloQ0FpQ2lUNWNINjZhcWc9PSIsInZhbHVlIjoiMll4VHJSSFNyUkJMN0tSRkNEL25rQm8xaWliZDlFOWlnQkNseWVoVndaTDdOVEZ5UGJ6YlJDdytkcHN6WFNXclJ0MVArNDh6bjR5WWMxby9oYWxxaDRSN0pCVzR2QTFhc2tJeVFlTlF6cS9tZjBmMUc5aDlRbWdqRmY3RzAzQkMiLCJtYWMiOiI1Y2FkYjA2NzkzM2Y0OTgzZDJkZjFkY2I4YzM0ZmMwN2FiNDNmMWZmZjFhOWRhZDMzNGVkNTQyZTg1Mjk0OGZiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /svg/logo.svg HTTP/1.1Host: www.bodis.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6Inh3VHFEU3Y5cEdiSU9BZHFzVXdWSVE9PSIsInZhbHVlIjoiNngxYy9kMm9WWXdUd000dDdidkVVZmxLQkFUakVrc2oxVGxSdUhnWEZodFhxVjluSHNpckkrK2w3MGlwVXNkdlMzQ1JuMmtuNGNRV3hMUnV5QXNRN1hPaEV6eGtna0xGNlRpSHk0NElQWjJKL3BHVWRLbkpKc1hxd3ZUcnRyd0MiLCJtYWMiOiJhYjQ5OGUxMTE5MDJlM2U0ZGUwNmMzYzRmOTY1NTFlZjI2NTlmNjg0MzFhNDU4OGZmZGE5Y2E3ZmYxOGUyYTAwIiwidGFnIjoiIn0%3D; bodis_session=eyJpdiI6IlYvZkNHV2pMSjNMQ1NDWG9LaEZ1TVE9PSIsInZhbHVlIjoiWjVmemdaUVNtMVVQKy9HTGdGQVVaZWg3dHVyejkwbWR3SUJYei9pSFR2WGpPTnErM1NLelREb0tvSlhlQ28wbWQ2YjVhQitXS0V6TktIUGNKd24rNGF3SnRkaFJucGhsckEzeitmdzEvNnl2QjA0cld2TFV4ZHlMMy9xUTdQczAiLCJtYWMiOiI0MWE4NjBjZjFmNmViYWQ4MGEwMDQ5ZWFlZGUyOWMxMDkxZTMyNjI2YzMwYTQxOGMxYjcwZjgxMGI5ZTYwOWM1IiwidGFnIjoiIn0%3D; cookieyes-consent=consentid:aEd5U255eUtjT25FM2U2WjNncTZvT21ObUR1bTNsRVg,consent:,action:,necessary:,functional:,analytics:,performance:,advertisement:,other:
Source: global traffic HTTP traffic detected: GET /data/brands/bodis/ping HTTP/1.1Host: cdn.reamaze.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.bodis.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.bodis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /data/brands/bodis/ping HTTP/1.1Host: cdn.reamaze.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /image/view/?id=1375 HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /js/parking.2.106.5.js HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://ww7.shanga.co/image/view/?id=1375Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /js/parking.2.106.5.js HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://ww7.shanga.co/image/view/?id=1375Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /px.gif?ch=1&rn=6.816132124620463 HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww7.shanga.co/image/view/?id=1375Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /px.gif?ch=2&rn=6.816132124620463 HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww7.shanga.co/image/view/?id=1375Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /px.gif?ch=2&rn=6.816132124620463 HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /px.gif?ch=1&rn=6.816132124620463 HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww7.shanga.co/image/view/?id=1375Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /_fd?id=1375 HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd
Source: global traffic HTTP traffic detected: GET /_tr HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd; __gsas=ID=3a5f2bd72530b905:T=1690535354:RT=1690535354:S=ALNI_MarU_yw7TdOyKJJ1DsxSvYraCMamg
Source: global traffic HTTP traffic detected: GET /?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3Dtrue HTTP/1.1Host: iyfbodn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://ww7.shanga.co/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /px.js?ch=1 HTTP/1.1Host: iyfbodn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3DtrueAccept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: vsid=925vr438080959233473983
Source: global traffic HTTP traffic detected: GET /px.js?ch=2 HTTP/1.1Host: iyfbodn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3DtrueAccept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: vsid=925vr438080959233473983
Source: global traffic HTTP traffic detected: GET /__media__/js/min.js?v2.3 HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://iyfbodn.com/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /__media__/pics/29590/bg1.png HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://iyfbodn.com/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /__media__/pics/28905/arrrow.png HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://iyfbodn.com/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /__media__/fonts/montserrat-bold/montserrat-bold.woff HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveOrigin: http://iyfbodn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://iyfbodn.com/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /__media__/fonts/montserrat-regular/montserrat-regular.woff HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveOrigin: http://iyfbodn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Referer: http://iyfbodn.com/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /terms HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd; __gsas=ID=3a5f2bd72530b905:T=1690535354:RT=1690535354:S=ALNI_MarU_yw7TdOyKJJ1DsxSvYraCMamg
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww7.shanga.co/termsAccept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd; __gsas=ID=3a5f2bd72530b905:T=1690535354:RT=1690535354:S=ALNI_MarU_yw7TdOyKJJ1DsxSvYraCMamg
Source: global traffic HTTP traffic detected: GET /__media__/pics/29590/bg1.png HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /__media__/pics/28905/arrrow.png HTTP/1.1Host: i1.cdn-image.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww7.shanga.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: parking_session=8d517d42-6c27-4620-b650-115e2dac72fd; __gsas=ID=3a5f2bd72530b905:T=1690535354:RT=1690535354:S=ALNI_MarU_yw7TdOyKJJ1DsxSvYraCMamg
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iyfbodn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3DtrueAccept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: vsid=925vr438080959233473983; __cmpcc=1
Source: chromecache_163.2.dr String found in binary or memory: function ZA(a,b){var c=this;return b}ZA.I="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),$A=["www.youtube.com","www.youtube-nocookie.com"],aB,bB=!1; equals www.youtube.com (Youtube)
Source: global traffic HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Fri, 28 Jul 2023 09:09:49 GMTContent-Length: 299Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Jul 2023 09:09:52 GMTServer: ApacheContent-Length: 10Keep-Alive: timeout=5, max=128Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 4e 6f 20 66 61 76 69 63 6f 6e Data Ascii: No favicon
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
Source: chromecache_132.2.dr String found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
Source: chromecache_132.2.dr String found in binary or memory: http://iyfbodn.com/App_Design.cfm?domain=shanga.co&fp=X%2B1N01mEKU%2BFZoTC3ePtwqG9XvVbeTkbci5vlzzkiZ
Source: chromecache_132.2.dr String found in binary or memory: http://iyfbodn.com/App_Updates.cfm?domain=shanga.co&fp=X%2B1N01mEKU%2BFZoTC3ePtwqG9XvVbeTkbci5vlzzki
Source: chromecache_132.2.dr String found in binary or memory: http://iyfbodn.com/Wallpaper_Apps.cfm?domain=shanga.co&fp=X%2B1N01mEKU%2BFZoTC3ePtwqG9XvVbeTkbci5vlz
Source: chromecache_132.2.dr String found in binary or memory: http://iyfbodn.com/display.cfm
Source: chromecache_131.2.dr String found in binary or memory: http://www.domainname.com/page.html
Source: chromecache_143.2.dr String found in binary or memory: https://afs.googlesyndication.com
Source: chromecache_151.2.dr String found in binary or memory: https://bodis.medium.com/
Source: chromecache_163.2.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_138.2.dr String found in binary or memory: https://cdn.reamaze.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik
Source: chromecache_153.2.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_153.2.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_153.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_153.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_153.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_146.2.dr String found in binary or memory: https://easylist-downloads.adblockplus.org/easylist.txt
Source: chromecache_143.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_130.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: chromecache_161.2.dr, chromecache_138.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_159.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_160.2.dr String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_160.2.dr String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.22.5/LICENSE
Source: chromecache_163.2.dr, chromecache_143.2.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_143.2.dr String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_153.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_153.2.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_161.2.dr, chromecache_138.2.dr String found in binary or memory: https://secure.gravatar.com/avatar/624ae3edadb752200ea9a87c2b76f750?default=https%3A%2F%2Freamaze.co
Source: chromecache_163.2.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_163.2.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_153.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_153.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_153.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_153.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_163.2.dr String found in binary or memory: https://td.doubleclick.net
Source: chromecache_152.2.dr String found in binary or memory: https://www.bodis.com/dfp.js
Source: chromecache_152.2.dr String found in binary or memory: https://www.bodis.com/favicon-32x32.png
Source: chromecache_131.2.dr String found in binary or memory: https://www.bodis.com/takedown-request
Source: chromecache_131.2.dr String found in binary or memory: https://www.bodis.com/terms/infringement-notification-policy
Source: chromecache_153.2.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_135.2.dr, chromecache_153.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_163.2.dr String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: chromecache_153.2.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__.
Source: chromecache_135.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__en.js
Source: chromecache_163.2.dr String found in binary or memory: https://www.merchant-center-analytics.goog/mc/collect
Source: chromecache_161.2.dr, chromecache_138.2.dr String found in binary or memory: https://www2.bodis.com/svg/logo.svg
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: classification engine Classification label: mal64.win@29/34@30/14
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1412,i,5949522244269870934,927299211076352653,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://walli.shanga.co/image/view/?id=1375
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1412,i,5949522244269870934,927299211076352653,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1281736 URL: https://walli.shanga.co/ima... Startdate: 28/07/2023 Architecture: WINDOWS Score: 64 24 Antivirus detection for URL or domain 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 Multi AV Scanner detection for submitted file 2->28 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.1 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 a.delivery.consentmanager.net 87.230.98.74, 443, 49718, 49728 PLUSSERVER-ASN1DE Germany 11->18 20 shanga.co 67.225.218.6, 443, 49694, 49695 LIQUIDWEBUS United States 11->20 22 15 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.251.36.237
 accounts.google.com United States
15169 GOOGLEUS false
104.22.9.8
 cdn.reamaze.com United States
13335 CLOUDFLARENETUS false
208.91.196.46
 iyfbodn.com Virgin Islands (BRITISH)
40034 CONFLUENCE-NETWORK-INCVG false
208.91.196.253
 i1.cdn-image.com Virgin Islands (BRITISH)
40034 CONFLUENCE-NETWORK-INCVG false
199.59.243.224
 62971.bodis.com United States
395082 BODIS-NJUS false
87.230.98.74
 a.delivery.consentmanager.net Germany
61157 PLUSSERVER-ASN1DE false
172.67.68.214
 cdn-cookieyes.com United States
13335 CLOUDFLARENETUS false
142.251.37.4
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
156.146.33.141
 1376624012.rsc.cdn77.org United States
3743 ARCEL-2US false
199.59.243.50
 www.bodis.com United States
395082 BODIS-NJUS false
172.217.16.174
 clients.l.google.com United States
15169 GOOGLEUS false
67.225.218.6
 walli.shanga.co United States
32244 LIQUIDWEBUS false

Private

IP
192.168.2.1

Contacted Domains

Name IP Active
accounts.google.com 142.251.36.237 true
www.bodis.com 199.59.243.50 true
i1.cdn-image.com 208.91.196.253 true
cdn-cookieyes.com 172.67.68.214 true
1376624012.rsc.cdn77.org 156.146.33.141 true
walli.shanga.co 67.225.218.6 true
a.delivery.consentmanager.net 87.230.98.74 true
62971.bodis.com 199.59.243.224 true
iyfbodn.com 208.91.196.46 true
www.google.com 142.251.37.4 true
cdn.reamaze.com 104.22.9.8 true
clients.l.google.com 172.217.16.174 true
shanga.co 67.225.218.6 true
cdn.consentmanager.net unknown unknown
clients2.google.com unknown unknown
ww7.shanga.co unknown unknown
log.cookieyes.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cdn.reamaze.com/data/brands/bodis/ping false
    		high
    https://www.bodis.com/css/app.css?id=275eca52e243c9cf6069 false
      		high
      http://ww7.shanga.co/_fd?id=1375 true
      • Avira URL Cloud: phishing
      		 unknown
      https://a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1690535380&h=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26pid%3D9POT3387I%26pbsubid%3D8d517d42-6c27-4620-b650-115e2dac72fd%26noads%3Dhttp%253A%252F%252Fiyfbodn.com%252F%253Fdn%253Dshanga.co%2526skipskenzo%253Dtrue&&l=en&odw=0&dlt=1&l=en false
      • Avira URL Cloud: safe
      		 unknown
      https://www.bodis.com/ false
        		high
        https://www.bodis.com/dfp.js false
          		high
          http://ww7.shanga.co/js/parking.2.106.5.js false
          • Avira URL Cloud: phishing
          		 unknown
          https://www.bodis.com/svg/logo.svg false
            		high
            http://ww7.shanga.co/terms false
              		unknown
              http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3Dtrue false
                		unknown
                http://ww7.shanga.co/favicon.ico false
                • Avira URL Cloud: phishing
                		 unknown
                https://www.bodis.com/js/app.js?id=01347d430ade04479eaf false
                  		high
                  http://ww7.shanga.co/image/view/?id=1375 false
                    		unknown
                    https://www.google.com/recaptcha/api.js false
                      		high
                      https://walli.shanga.co/image/view/?id=1375 true
                        		unknown
                        https://cdn-cookieyes.com/client_data/3155f51cab94cfafe4b265a7/script.js false
                        • Avira URL Cloud: safe
                        		 unknown
                        https://www.bodis.com/api/account false
                          		high
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
                            		high
                            https://cdn.reamaze.com/assets/reamaze.js false
                              		high
                              http://i1.cdn-image.com/__media__/pics/28905/arrrow.png false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://ww7.shanga.co/image/view/?id=1375 false
                                		unknown
                                http://ww7.shanga.co/px.gif?ch=1&rn=6.816132124620463 false
                                • Avira URL Cloud: phishing
                                		 unknown
                                about:blank false
                                  		low
                                  https://a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26pid%3D9POT3387I%26pbsubid%3D8d517d42-6c27-4620-b650-115e2dac72fd%26noads%3Dhttp%253A%252F%252Fiyfbodn.com%252F%253Fdn%253Dshanga.co%2526skipskenzo%253Dtrue&&l=en&o=1690535361028 false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                                    		high
                                    https://www.bodis.com/takedown-request false
                                      		high
                                      http://ww7.shanga.co/px.gif?ch=2&rn=6.816132124620463 false
                                      • Avira URL Cloud: phishing
                                      		 unknown
                                      http://ww7.shanga.co/_tr false
                                      • Avira URL Cloud: phishing
                                      		 unknown
                                      http://i1.cdn-image.com/__media__/pics/29590/bg1.png false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      https://cdn.consentmanager.net/delivery/js/cmp_en.min.js false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://iyfbodn.com/?dn=shanga.co&pid=9POT3387I&pbsubid=8d517d42-6c27-4620-b650-115e2dac72fd&noads=http%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dshanga.co%26skipskenzo%3Dtrue false
                                        		unknown
                                        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff false
                                        • Avira URL Cloud: safe
                                        		 unknown
                                        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff false
                                        • Avira URL Cloud: safe
                                        		 unknown
                                        http://ww7.shanga.co/terms false
                                          		unknown
                                          https://www.google.com/adsense/domains/caf.js false
                                            		high
                                            http://iyfbodn.com/px.js?ch=2 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            http://iyfbodn.com/px.js?ch=1 false
                                            • Avira URL Cloud: phishing
                                            		 unknown
                                            http://iyfbodn.com/favicon.ico false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://www.bodis.com/takedown-request false
                                              		high
                                              http://i1.cdn-image.com/__media__/js/min.js?v2.3 false
                                              • URL Reputation: safe
                                              		 unknown