Create Interactive Tour

Windows Analysis Report
http://login.fidelityrewards.com

Overview

General Information

Sample URL:	http://login.fidelityrewards.com
Analysis ID:	1347502
Infos:

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on logo match)

HTML body contains password input but no form action

HTML body with high number of embedded images detected

Found iframes

HTML title does not match URL

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2336 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2200,i,7781794517973731080,12002024015811380435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6344 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://login.fidelityrewards.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	HTTPS traffic detected: 23.197.45.167:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.45.167:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:50035 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_2336_120140740

Jump to behavior

Source: classification engine

Classification label: sus22.phis.win@24/135@138/40

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2200,i,7781794517973731080,12002024015811380435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://login.fidelityrewards.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2200,i,7781794517973731080,12002024015811380435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://login.fidelityrewards.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://fast.fonts.net/t/1.css?apiType=css&projectid=cd38605f-0a87-40cc-9870-8bd4d2826839	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-array.prototype.toreversed	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#typedarray-species-create	0%	Avira URL Cloud	safe
https://reactrouter.com/utils/resolve-path	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-newpromisecapability	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-reflect.set	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-string.prototype.italics	0%	Avira URL Cloud	safe
https://reactrouter.com/utils/match-path	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-math.imul	0%	Avira URL Cloud	safe
https://tc39.es/proposal-change-array-by-copy/#sec-%typedarray%.prototype.with	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-math.hypot	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-symbol.iterator	0%	Avira URL Cloud	safe
https://tc39.es/proposal-change-array-by-copy/#sec-array.prototype.toReversed	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-object.issealed	0%	Avira URL Cloud	safe
https://mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-%typedarray%.prototype.slice	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-%typedarray%.of	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-string.prototype.includes	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-array.prototype.reduceright	0%	Avira URL Cloud	safe
https://pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=NO_KEY&msg=M291%20%7C%20Ajax%20%7C%20ReferenceError%3A%20signOnSessionId%20is%20not%20defined&stack=ReferenceError%3A%20signOnSessionId%20is%20not%20defined%0A%20%20%20%20at%20setUserData%20(%3Canonymous%3E%3A21%3A27)%0A%20%20%20%20at%20Ajax%20(%3Canonymous%3E%3A33%3A24)%0A%20%20%20%20at%20f.Rl%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A74%3A182)%0A%20%20%20%20at%20a.D%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A72%3A304)%0A%20%20%20%20at%20e.D%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A111%3A295)%0A%20%20%20%20at%20h%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A122%3A12)%0A%20%20%20%20at%20g.reportEvent%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A122%3A151)%0A%20%20%20%20at%20g.reportEvent%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A124%3A91)%0A%20%20%20%20at%20c.processQ%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A34%3A484)%0A%20%20%20%20at%20c.submit%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A34%3A280)%0A%20%20%20%20at%20a.command%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A36%3A323)%0A%20%20%20%20at%20https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A166%3A343	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-array.prototype.map	0%	Avira URL Cloud	safe
https://uat02.partnercreditcard.com	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-symbol.for	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-set.prototype.add	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-string.prototype.small	0%	Avira URL Cloud	safe
https://storage.glancecdn.net/cobrowse/js/sockjs1.0.2.min.js	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-createunmappedargumentsobject	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-symbol.asynciterator	0%	Avira URL Cloud	safe
https://reactrouter.com/hooks/use-in-router-context	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-object.keys	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-string.prototype.matchall	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-map.prototype.has	0%	Avira URL Cloud	safe
https://reactrouter.com/router-components/router	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-object.seal	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-math.acosh	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-%typedarray%.prototype.at	0%	Avira URL Cloud	safe
https://it1.partnercreditcard.com	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-get-map-	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-toprimitive	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-symbol.tostringtag	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-arraybuffer-constructor	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-object.getownpropertynames	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-object.create	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-math.clz32	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-%typedarray%.prototype.reduceright	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-array.prototype.findlastindex	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn.quantummetric.com	104.22.52.252	true	false	high
col.eum-appdynamics.com	52.38.220.132	true	false	unknown
wdpthird-pr-0d2f5ae6feef9df0.elb.us-east-1.amazonaws.com	52.6.11.66	true	false	high
dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	54.209.241.40	true	false	high
idsync.rlcdn.com	35.244.154.8	true	false	high
rl.quantummetric.com	34.66.3.160	true	false	high
glancecdn.net	44.197.18.238	true	false	unknown
cm.g.doubleclick.net	142.251.16.157	true	false	high
www.google.com	142.251.163.99	true	false	high
p0017.glance.net	44.206.2.112	true	false	high
match.adsrvr.org	35.71.131.137	true	false	high
dualstack.presence1-alb-836453116.us-east-1.elb.amazonaws.com	52.86.105.195	true	false	high
usbank-sync.quantummetric.com	35.226.68.60	true	false	high
glance.net	52.73.27.42	true	false	high
accounts.google.com	142.251.163.84	true	false	high
s.twitter.com	104.244.42.3	true	false	high
dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com	52.43.230.64	true	false	high
cdn.appdynamics.com	13.249.190.114	true	false	high
usbank-app.quantummetric.com	34.170.150.109	true	false	high
fast.fonts.net	104.16.250.67	true	false	unknown
partnercreditcard.com	170.135.184.105	true	false	unknown
clients.l.google.com	172.253.63.113	true	false	high
sdcvisit.com.ssl.d2.sc.omtrdc.net	63.140.38.15	true	false	unknown
d10lse0r9n7r80.cloudfront.net	52.85.132.56	true	false	high
dzfq4ouujrxm8.cloudfront.net	99.84.208.105	true	false	high
mid.rkdms.com	52.205.109.117	true	false	unknown
dummysrv.dummyserver.com.nowhere	unknown	unknown	false	unknown
pdx-col.eum-appdynamics.com	unknown	unknown	false	unknown
siteintercept.qualtrics.com	unknown	unknown	false	high
onlinebanking.usbank.com	unknown	unknown	false	high
www.glancecdn.net	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high
www.partnercreditcard.com	unknown	unknown	false	unknown
dpm.demdex.net	unknown	unknown	false	high
login.fidelityrewards.com	unknown	unknown	false	high
smetrics.sdcvisit.com	unknown	unknown	false	unknown
apip.usbank.com	unknown	unknown	false	high
zn3df7rqdpd4iiene-usbank.siteintercept.qualtrics.com	unknown	unknown	false	high
p0017-3.glance.net	unknown	unknown	false	high
usbank.demdex.net	unknown	unknown	false	high
storage.glancecdn.net	unknown	unknown	false	unknown
analytics.twitter.com	unknown	unknown	false	high
presence.glance.net	unknown	unknown	false	high
ww2.glancecdn.net	unknown	unknown	false	unknown
www.glance.net	unknown	unknown	false	high
mpsnare.iesnare.com	unknown	unknown	false	unknown
tags.tiqcdn.com	unknown	unknown	false	high
content.usbank.com	unknown	unknown	false	high
api.usbank.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fast.fonts.net/t/1.css?apiType=css&projectid=cd38605f-0a87-40cc-9870-8bd4d2826839	false	Avira URL Cloud: safe	unknown
https://p0017-3.glance.net/visitor/287/gp4o0ikn/eventsource	false		high
https://p0017-3.glance.net/visitor/info?t=1700841143804	false		high
https://usbank-app.quantummetric.com/?T=B&u=https%3A%2F%2Flogin.fidelityrewards.com%2FonlineCard%2Flogin.do&t=1700841074540&v=1700841096485&H=316039ec670df168c057a7b6&s=ba0a19575c9f67883894dc19309009c1&z=1&Q=2&S=2336&N=3	false		high
https://login.fidelityrewards.com/onlineCard/login.do	false		high
https://p0017-3.glance.net/visitor/iframe.html#eterigie	false		high
https://p0017-3.glance.net/visitor/info?t=1700841116644	false		high
https://usbank-app.quantummetric.com/?s=ba0a19575c9f67883894dc19309009c1&H=8e0d7aee2b957882fe8f5b55&Q=3	false		high
https://pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=NO_KEY&msg=M291%20%7C%20Ajax%20%7C%20ReferenceError%3A%20signOnSessionId%20is%20not%20defined&stack=ReferenceError%3A%20signOnSessionId%20is%20not%20defined%0A%20%20%20%20at%20setUserData%20(%3Canonymous%3E%3A21%3A27)%0A%20%20%20%20at%20Ajax%20(%3Canonymous%3E%3A33%3A24)%0A%20%20%20%20at%20f.Rl%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A74%3A182)%0A%20%20%20%20at%20a.D%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A72%3A304)%0A%20%20%20%20at%20e.D%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A111%3A295)%0A%20%20%20%20at%20h%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A122%3A12)%0A%20%20%20%20at%20g.reportEvent%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A122%3A151)%0A%20%20%20%20at%20g.reportEvent%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum-ext.a57fe9a4dfa0e1d6b2dc001466e4e21d.js%3A124%3A91)%0A%20%20%20%20at%20c.processQ%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A34%3A484)%0A%20%20%20%20at%20c.submit%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A34%3A280)%0A%20%20%20%20at%20a.command%20(https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A36%3A323)%0A%20%20%20%20at%20https%3A%2F%2Fcdn.appdynamics.com%2Fadrum%2Fadrum-latest.js%3A166%3A343	false	Avira URL Cloud: safe	unknown
https://usbank-app.quantummetric.com/?s=ba0a19575c9f67883894dc19309009c1&H=316039ec670df168c057a7b6&Q=3	false		high
https://usbank-app.quantummetric.com/?T=B&u=https%3A%2F%2Flogin.fidelityrewards.com%2Fdigital%2Fservicing%2Frpcfooter%2Fsystem-requirements&t=1700841113290&v=1700841113520&s=ba0a19575c9f67883894dc19309009c1&U=39b781b48cb6dd375b4750899ef3b0c9&z=1&S=0&N=0&P=0	false		high
https://mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false	false	Avira URL Cloud: safe	unknown
https://p0017-3.glance.net/visitor/927/j4oeorcq/websocket	false		high
https://usbank-app.quantummetric.com/?T=B&u=https%3A%2F%2Flogin.fidelityrewards.com%2Fdigital%2Fservicing%2Frpcfooter%2Fsystem-requirements&t=1700841134447&v=1700841141368&H=b095ceefbe1decf95862b443&s=ba0a19575c9f67883894dc19309009c1&z=1&Q=2&S=1024&N=1	false		high
https://p0017-3.glance.net/visitor/iframe.html#4vnuqhdo	false		high
https://storage.glancecdn.net/cobrowse/js/sockjs1.0.2.min.js	false	Avira URL Cloud: safe	unknown
https://p0017-3.glance.net/visitor/146/0i450jk0/eventsource	false		high
https://cdn.quantummetric.com/qscripts/quantum-usbank.js	false		high
https://p0017-3.glance.net/visitor/287/14wgd3is/xhr_streaming?t=1700841115307	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://p0017-3.glance.net/visitor/797/y3epb53n/websocket	false		high
https://usbank-app.quantummetric.com/?T=B&u=https%3A%2F%2Flogin.fidelityrewards.com%2FonlineCard%2Flogin.do&t=1700841074540&v=1700841080724&H=316039ec670df168c057a7b6&s=ba0a19575c9f67883894dc19309009c1&z=1&S=6781&N=19&P=2	false		high
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=675616D751E567410A490D4C%40AdobeOrg&d_nsid=0&ts=1700841073618	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mozilla/rhino/issues/346	chromecache_191.2.dr, chromecache_250.2.dr	false		high
https://reactrouter.com/utils/resolve-path	chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/reactjs/react-transition-group/pull/749	chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-string.prototype.italics	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.toreversed	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#concept-ipv6-parser	chromecache_250.2.dr	false		high
https://bugs.chromium.org/p/v8/issues/detail?id=12681	chromecache_250.2.dr	false		high
https://webidl.spec.whatwg.org/#es-DOMException-specialness	chromecache_250.2.dr	false		high
https://tc39.es/proposal-change-array-by-copy/#sec-%typedarray%.prototype.with	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://it-api.usbank.com/	chromecache_257.2.dr, chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-math.imul	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-newpromisecapability	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#typedarray-species-create	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-reflect.set	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/es-shims/es5-shim/issues/150	chromecache_191.2.dr, chromecache_250.2.dr	false		high
https://caniuse.com/#feat=indexeddb	chromecache_257.2.dr, chromecache_191.2.dr, chromecache_250.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/URL/revokeObjectURL	chromecache_250.2.dr	false		high
https://reactrouter.com/utils/match-path	chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://www.ftc.gov/	chromecache_243.2.dr	false		high
https://tc39.es/ecma262/#sec-math.hypot	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/1265	chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-symbol.iterator	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://siteintercept.qualtrics.com	chromecache_290.2.dr	false		high
https://tc39.es/proposal-change-array-by-copy/#sec-array.prototype.toReversed	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#dom-url-hostname	chromecache_250.2.dr	false		high
https://uat02.partnercreditcard.com	chromecache_243.2.dr	false	Avira URL Cloud: safe	unknown
https://api.usbank.com/	chromecache_257.2.dr, chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-string.prototype.includes	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://zn3df7rqdpd4iiene-usbank.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3dF7RQDPD4iIENE	chromecache_168.2.dr	false		high
https://onlinebanking.usbank.com/auth/login/wmf/latest/854-908b733adaa86f51407f.js	chromecache_179.2.dr, chromecache_210.2.dr	false		high
https://tc39.es/ecma262/#sec-array.prototype.map	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-object.issealed	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.reduceright	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-%typedarray%.prototype.slice	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-%typedarray%.of	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-symbol.for	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://dev-api.usbank.com/partner-services/graphql/v1	chromecache_191.2.dr	false		high
https://url.spec.whatwg.org/#dom-url-host	chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-string.prototype.matchall	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/Modernizr/Modernizr/blob/master/feature-detects/history.js	chromecache_177.2.dr, chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-createunmappedargumentsobject	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#include-credentials	chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-string.prototype.small	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-set.prototype.add	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#dom-urlsearchparams-get	chromecache_250.2.dr	false		high
https://github.com/zloirock/core-js/issues/1008	chromecache_250.2.dr	false		high
http://code.google.com/p/episodes/	chromecache_171.2.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=200829	chromecache_191.2.dr, chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-symbol.asynciterator	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map)	chromecache_250.2.dr	false		high
https://reactrouter.com/hooks/use-in-router-context	chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#windows-drive-letter	chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-object.keys	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-map.prototype.has	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://dev-api.usbank.com/customer-management/graphql/v1	chromecache_243.2.dr, chromecache_219.2.dr, chromecache_191.2.dr	false		high
https://reactrouter.com/router-components/router	chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-object.seal	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-%typedarray%.prototype.at	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-math.acosh	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://it1.partnercreditcard.com	chromecache_243.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/nodejs/node/blob/master/lib/path.js	chromecache_257.2.dr, chromecache_191.2.dr, chromecache_160.2.dr	false		high
https://tc39.es/ecma262/#sec-get-map-	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-toprimitive	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1777321	chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-symbol.tostringtag	chromecache_191.2.dr, chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://onlinebanking.usbank.com/auth/login/wmf/latest/332-9b27f35d315a9d01d297.js	chromecache_179.2.dr, chromecache_210.2.dr	false		high
https://github.com/inikulin/parse5/blob/9c683e1/packages/parse5/lib/parser/index.js#L371	chromecache_257.2.dr, chromecache_191.2.dr, chromecache_250.2.dr	false		high
https://alpha-api.usbank.com/partner-services/graphql/v1	chromecache_191.2.dr	false		high
https://stackoverflow.com/a/26193516/3443137	chromecache_257.2.dr, chromecache_191.2.dr, chromecache_250.2.dr	false		high
https://tc39.es/ecma262/#sec-arraybuffer-constructor	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://api.usbank.com/partner-services/graphql/v1	chromecache_191.2.dr	false		high
https://tc39.es/ecma262/#sec-object.getownpropertynames	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-object.create	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-math.clz32	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://onlinebanking.usbank.com/auth/login/wmf/latest/182-78acf0df285383143137.js	chromecache_179.2.dr, chromecache_210.2.dr	false		high
https://tc39.es/ecma262/#sec-%typedarray%.prototype.reduceright	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.findlastindex	chromecache_250.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
44.206.2.112	p0017.glance.net	United States	14618	AMAZON-AESUS	false
35.226.68.60	usbank-sync.quantummetric.com	United States	15169	GOOGLEUS	false
170.135.184.105	partnercreditcard.com	United States	3147	US-BANCORPUS	false
35.244.154.8	idsync.rlcdn.com	United States	15169	GOOGLEUS	false
172.253.63.113	clients.l.google.com	United States	15169	GOOGLEUS	false
3.219.101.186	unknown	United States	14618	AMAZON-AESUS	false
63.140.38.20	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
99.84.208.105	dzfq4ouujrxm8.cloudfront.net	United States	16509	AMAZON-02US	false
34.66.3.160	rl.quantummetric.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
35.71.131.137	match.adsrvr.org	United States	237	MERIT-AS-14US	false
54.209.241.40	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
44.197.18.238	glancecdn.net	United States	14618	AMAZON-AESUS	false
104.22.53.252	unknown	United States	13335	CLOUDFLARENETUS	false
52.6.11.66	wdpthird-pr-0d2f5ae6feef9df0.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
52.85.132.72	unknown	United States	16509	AMAZON-02US	false
44.198.218.84	unknown	United States	14618	AMAZON-AESUS	false
52.205.109.117	mid.rkdms.com	United States	14618	AMAZON-AESUS	false
34.170.150.109	usbank-app.quantummetric.com	United States	2686	ATGS-MMD-ASUS	false
35.238.24.177	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.22.52.252	cdn.quantummetric.com	United States	13335	CLOUDFLARENETUS	false
142.251.163.84	accounts.google.com	United States	15169	GOOGLEUS	false
63.140.38.15	sdcvisit.com.ssl.d2.sc.omtrdc.net	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
52.38.220.132	col.eum-appdynamics.com	United States	16509	AMAZON-02US	false
52.43.230.64	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
142.251.16.157	cm.g.doubleclick.net	United States	15169	GOOGLEUS	false
34.226.97.8	unknown	United States	14618	AMAZON-AESUS	false
52.86.105.195	dualstack.presence1-alb-836453116.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
142.251.163.99	www.google.com	United States	15169	GOOGLEUS	false
34.195.172.45	unknown	United States	14618	AMAZON-AESUS	false
52.85.132.56	d10lse0r9n7r80.cloudfront.net	United States	16509	AMAZON-02US	false
104.16.250.67	fast.fonts.net	United States	13335	CLOUDFLARENETUS	false
3.219.179.50	unknown	United States	14618	AMAZON-AESUS	false
104.244.42.3	s.twitter.com	United States	13414	TWITTERUS	false
104.244.42.195	unknown	United States	13414	TWITTERUS	false
3.228.148.160	unknown	United States	14618	AMAZON-AESUS	false
52.73.27.42	glance.net	United States	14618	AMAZON-AESUS	false
13.32.208.77	unknown	United States	16509	AMAZON-02US	false
13.249.190.114	cdn.appdynamics.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1347502
Start date and time:	2023-11-24 16:50:06 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://login.fidelityrewards.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus22.phis.win@24/135@138/40
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://login.fidelityrewards.com/digital/servicing/rpcfooter/creditcard-contact-us Browse: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements Browse: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.16.94, 34.104.35.123, 23.73.253.42, 23.50.75.195, 23.48.104.12, 23.48.104.7, 23.50.78.231, 23.205.106.27, 23.205.106.16, 72.21.81.240, 104.17.208.240, 104.17.209.240, 192.229.211.108, 184.28.187.153, 13.107.21.200, 204.79.197.200, 172.253.122.95, 142.251.163.95, 172.253.63.95, 172.253.62.95, 142.251.16.95, 142.251.167.95, 142.251.111.95, 172.253.115.95, 142.251.111.94, 184.28.190.35, 184.28.190.72
Excluded domains from analysis (whitelisted): e35667.a.akamaiedge.net, fs.microsoft.com, e12427.a.akamaiedge.net, content-autofill.googleapis.com, slscr.update.microsoft.com, c-bing-com.a-0001.a-msedge.net, dual-a-0001.a-msedge.net, e14832.dsca.akamaiedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, login.fidelityrewards.com.edgekey.net, content.usbank.com.edgekey.net, fe3cr.delivery.mp.microsoft.com, apip.usbank.com.edgekey.net, ocsp.digicert.com, edgedl.me.gvt1.com, c.bing.com, prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net, e3644.a.akamaiedge.net, update.googleapis.com, onlinebanking.usbank.com.edgekey.net, api.usbank.com.edgekey.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://login.fidelityrewards.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.1898980954642875
Encrypted:	false
SSDEEP:	3:YWR4b5C:YWyb5C
MD5:	28EC1EEE5F4049E3C4F2135069C1D2C8
SHA1:	3505519507CA1C2A089C46E100B80408CA278421
SHA-256:	EDC48CD3B0BC4FA7BA23AAD40B8508A17D370CA38BE174BAE2A2F64634E65A2B
SHA-512:	F71618E40EBAA14AB6D523A2341258C0DA264B545388F8FFFD14C31C64B35F94B21EB633316C4D77AFCD864AADE1DB588EF6387EE0C4787E6F7770DB0ABC1183
Malicious:	false
Reputation:	low
Preview:	{"status":true}

Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://usbank.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Flogin.fidelityrewards.com
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://cdn.appdynamics.com/adrum-xd.a57fe9a4dfa0e1d6b2dc001466e4e21d.html#https%3A%2F%2Flogin.fidelityrewards.com%2FonlineCard%2Flogin.do
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://p0017-3.glance.net/visitor/iframe.html#ndqybwuv
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://p0017-3.glance.net/visitor/iframe.html#e3nnwua1
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://cdn.quantummetric.com/helpers/blank
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://usbank.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Flogin.fidelityrewards.com
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://cdn.appdynamics.com/adrum-xd.a57fe9a4dfa0e1d6b2dc001466e4e21d.html#https%3A%2F%2Flogin.fidelityrewards.com%2FonlineCard%2Flogin.do
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://p0017-3.glance.net/visitor/iframe.html#ndqybwuv
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: Iframe src: https://cdn.quantummetric.com/helpers/blank

Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No <meta name="author".. found
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No <meta name="author".. found

Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No favicon
Source: https://p0017-3.glance.net/visitor/iframe.html#ndqybwuv	HTTP Parser: No favicon
Source: https://p0017-3.glance.net/visitor/iframe.html#e3nnwua1	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/creditcard-contact-us	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/creditcard-contact-us	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/creditcard-contact-us	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/creditcard-contact-us	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/creditcard-contact-us	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://login.fidelityrewards.com/digital/servicing/rpcfooter/system-requirements	HTTP Parser: No favicon
Source: https://p0017-3.glance.net/visitor/iframe.html#to5ydntk	HTTP Parser: No favicon
Source: https://p0017-3.glance.net/visitor/iframe.html#blrhujah	HTTP Parser: No favicon
Source: https://p0017-3.glance.net/visitor/iframe.html#4vnuqhdo	HTTP Parser: No favicon

Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://login.fidelityrewards.com/onlineCard/login.do	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.45.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 8.253.132.121
Source: unknown	TCP traffic detected without corresponding DNS query: 8.253.132.121
Source: unknown	TCP traffic detected without corresponding DNS query: 8.253.132.121

Source: chromecache_243.2.dr	String found in binary or memory: ), trust has always been the foundation of our relationship with customers. We recognize that you trust us with your personal and financial information.</p><p> The Policy (the \\"Policy\\") describes the treatment of information that is provided by you or collected through any of our online interfaces to which a copy of the Policy is posted, including <a href=\\"https://www.elanfinancialservices.com/index.htm\\">elanfinancialservices.com</a> (the \\"Website\\"), Applications we have placed on third party sites such as Facebook equals www.facebook.com (Facebook)
Source: chromecache_243.2.dr	String found in binary or memory: Use of information \\n\\n The provisions and explanations in the \'Questions About Our Use Of Information\' section apply only to individuals or \\"consumer customers\\", and to U.S. Bank Dealer Financial Services customers who are residents of California, North Dakota or Vermont and leased or purchased a vehicle and obtained U.S. Bank financing directly through an automotive dealership. These provisions and explanations supersede all previous notices or statements with respect to the subject matter described in this Use of Information section. We reserve the right to change the provisions and explanations in this Use of Information section at any time. \\n\\n","onlinePrivacyHeading":"Online privacy and security","onlinePrivacyFederalTradeLink":"https://www.ftc.gov/","onlinePrivacyText1":"This Online Privacy Policy (the \\"Policy\\") applies to the U.S. Bancorp family of financial service providers . Trust has always been the foundation of our relationship with customers. We recognize that you trust us with your personal and financial information. \\n\\n The Policy describes the treatment of information that is provided by you or collected through any of our online interfaces to which a copy of the Policy is posted, including www.usbank.com (the \\"Website\\"), Applications we have placed on third party sites such as Facebook equals www.facebook.com (Facebook)
Source: chromecache_243.2.dr	String found in binary or memory: s privacy","onlinePrivacyAnswer10":"<p>We do not use the Services to knowingly solicit personal information from or market to children under the age of thirteen (13) without parental consent. We request that such individuals do not provide personal information through the Services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should promptly contact us and we will delete such information from our files. For additional information regarding the Children\'s Online Privacy Protection Act (COPPA), please visit the <a href=\\"https://www.ftc.gov/\\">Federal Trade Commission website</a>.</p>","onlinePrivacyQuestion11":"11. External aggregation services","onlinePrivacyAnswer11":"You have the responsibility to help us protect your accounts. Consider the risk of revealing your user name, password, or other credentials to any person or third party. By providing your user name, password or other credentials to any person or third party (including an aggregation service) you authorize that person or third party to initiate transfers to or from your account. \\n\\n Some third-party companies offer aggregation services that allow you to consolidate your financial account information from a variety of sources, such that you can view all your account information at a single online location. For example, an aggregation service might collect and consolidate your checking and savings account balances at your bank, the value of your stocks and bonds in your brokerage account and your frequent flier mileage information from an airline. In order to do so, the aggregator may request access to personal information - including identification information, account information, personal IDs and passwords - from you for each individual website. \\n\\nPlease use caution when providing personal information to an aggregation service. By providing your user name, password or other credentials to an aggregation service you authorize that person or third party to initiate transfers to or from your account. \\n\\n Should you decide to revoke the authority you have given to an aggregation service, you should notify the aggregation service in addition to contacting us, in which case we may need to block your account until we issue new access codes. \\n\\n","onlinePrivacyQuestion12":"12. Social media platforms","onlinePrivacyAnswer12":"Elan may interact with registered users of various social media platforms, including Facebook equals www.facebook.com (Facebook)
Source: chromecache_243.2.dr	String found in binary or memory: s privacy","onlinePrivacyAnswer10":"<p>We do not use the Services to knowingly solicit personal information from or market to children under the age of thirteen (13) without parental consent. We request that such individuals do not provide personal information through the Services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should promptly contact us and we will delete such information from our files. For additional information regarding the Children\'s Online Privacy Protection Act (COPPA), please visit the <a href=\\"https://www.ftc.gov/\\">Federal Trade Commission website</a>.</p>","onlinePrivacyQuestion11":"11. External aggregation services","onlinePrivacyAnswer11":"You have the responsibility to help us protect your accounts. Consider the risk of revealing your user name, password, or other credentials to any person or third party. By providing your user name, password or other credentials to any person or third party (including an aggregation service) you authorize that person or third party to initiate transfers to or from your account. \\n\\n Some third-party companies offer aggregation services that allow you to consolidate your financial account information from a variety of sources, such that you can view all your account information at a single online location. For example, an aggregation service might collect and consolidate your checking and savings account balances at your bank, the value of your stocks and bonds in your brokerage account and your frequent flier mileage information from an airline. In order to do so, the aggregator may request access to personal information - including identification information, account information, personal IDs and passwords - from you for each individual website. \\n\\nPlease use caution when providing personal information to an aggregation service. By providing your user name, password or other credentials to an aggregation service you authorize that person or third party to initiate transfers to or from your account. \\n\\n Should you decide to revoke the authority you have given to an aggregation service, you should notify the aggregation service in addition to contacting us, in which case we may need to block your account until we issue new access codes. \\n\\n","onlinePrivacyQuestion12":"12. Social media platforms","onlinePrivacyAnswer12":"U.S. Bank may interact with registered users of various social media platforms, including Facebook equals www.facebook.com (Facebook)

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2023 16:50:59.103610039 CET	49653	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:50:59.103907108 CET	56036	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:50:59.104475021 CET	57798	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:50:59.104746103 CET	61126	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:50:59.222322941 CET	53	64813	1.1.1.1	192.168.2.4
Nov 24, 2023 16:50:59.227680922 CET	53	56036	1.1.1.1	192.168.2.4
Nov 24, 2023 16:50:59.228060007 CET	53	57798	1.1.1.1	192.168.2.4
Nov 24, 2023 16:50:59.228358030 CET	53	49653	1.1.1.1	192.168.2.4
Nov 24, 2023 16:50:59.230051041 CET	53	61126	1.1.1.1	192.168.2.4
Nov 24, 2023 16:50:59.854872942 CET	53	65183	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:00.172262907 CET	53914	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:00.174520016 CET	58031	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:00.512084007 CET	63630	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:00.512193918 CET	49287	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:01.904541969 CET	50050	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:01.905066967 CET	61122	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:02.030237913 CET	53	50050	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:02.030746937 CET	53	61122	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:02.107703924 CET	59799	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:02.108053923 CET	52042	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:02.233752012 CET	53	52042	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:02.233982086 CET	53	59799	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:05.926752090 CET	50690	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:05.927151918 CET	65159	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:06.050904036 CET	53	50690	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:06.051937103 CET	56136	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:06.054403067 CET	53	65159	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:06.054903984 CET	58824	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:06.178560019 CET	53	56136	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:06.180741072 CET	53	58824	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:06.547558069 CET	63625	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:06.547981024 CET	53134	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:06.671983004 CET	53	63625	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:06.673994064 CET	53	53134	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:07.023102999 CET	56921	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:07.023684978 CET	59151	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:12.532618046 CET	54071	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:12.533140898 CET	63412	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:12.657032967 CET	53	54071	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:12.657624006 CET	53	63412	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:12.909933090 CET	63922	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:12.910422087 CET	54750	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:12.926142931 CET	62965	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:12.928405046 CET	53948	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:13.049664974 CET	53	62965	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:13.053014040 CET	53	53948	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:13.827549934 CET	64245	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:13.827904940 CET	60039	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:13.830233097 CET	57669	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:13.830550909 CET	52617	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:13.951982021 CET	53	60039	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:13.953804016 CET	53	64245	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:13.955187082 CET	53	57669	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:13.955296040 CET	53	52617	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:14.362592936 CET	60327	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.363138914 CET	54275	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.457113028 CET	52049	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.457602024 CET	62710	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.458199978 CET	61671	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.458529949 CET	61798	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.488015890 CET	53	60327	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:14.488028049 CET	53	54275	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:14.516575098 CET	61814	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.517232895 CET	50088	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:14.581907034 CET	53	61671	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:14.582571983 CET	53	61798	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:15.288316965 CET	61136	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.288706064 CET	55872	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.768408060 CET	52337	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.768697023 CET	58103	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.769565105 CET	56864	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.769812107 CET	64407	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.892476082 CET	60041	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.892919064 CET	51876	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:15.892944098 CET	53	58103	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:15.893177032 CET	53	52337	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:15.895200968 CET	53	64407	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:15.895391941 CET	53	56864	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.016232014 CET	53	60041	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.017707109 CET	53	51876	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.091984987 CET	56928	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.092165947 CET	59511	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.216736078 CET	53	59511	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.342474937 CET	61734	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.342869043 CET	54582	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.469454050 CET	53	61734	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.512944937 CET	53	54582	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.560524940 CET	55881	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.560903072 CET	58552	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.564986944 CET	58202	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.565289021 CET	51674	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.678522110 CET	64300	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.678771973 CET	52968	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.685925961 CET	53	58552	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.688288927 CET	53	55881	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.690541029 CET	53	58202	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.691169977 CET	53	51674	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.780194998 CET	53341	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.780390978 CET	56911	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.802571058 CET	53	64300	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.803563118 CET	53	52968	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.894912004 CET	52195	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.895126104 CET	55911	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.905025959 CET	53	53341	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.905277014 CET	53	56911	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:16.936929941 CET	54805	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:16.937329054 CET	54732	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.019897938 CET	53	52195	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.020622015 CET	53	55911	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.130297899 CET	60156	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.130583048 CET	55496	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.237926960 CET	53	49584	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.254131079 CET	53	55496	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.254745960 CET	53	60156	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.435689926 CET	56812	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.436016083 CET	55010	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.446072102 CET	60279	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.446362019 CET	49972	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.561722994 CET	53	55010	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.562637091 CET	53	56812	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.570784092 CET	53	49972	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.572025061 CET	52718	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.572344065 CET	56511	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.572662115 CET	53	60279	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.615451097 CET	58699	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.615648985 CET	51643	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.641117096 CET	55626	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.641354084 CET	60969	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.651233912 CET	62929	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.651459932 CET	52946	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.739140987 CET	53	58699	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.739336967 CET	53	51643	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.757989883 CET	62374	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.758435965 CET	55127	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.765094042 CET	53	55626	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.766952991 CET	53	60969	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.775002956 CET	51598	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.775398016 CET	54393	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.775434017 CET	53	62929	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.776307106 CET	53	52946	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.782730103 CET	53	52718	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.880666018 CET	50476	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.880954027 CET	49276	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:17.900167942 CET	53	51598	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:17.901365995 CET	53	54393	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.006298065 CET	53	50476	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.006313086 CET	53	49276	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.242605925 CET	53	56511	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.414994001 CET	50947	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.415344000 CET	59246	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.607820034 CET	53	59246	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.608459949 CET	53	50947	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.684386969 CET	56621	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.684582949 CET	64032	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.688503981 CET	60541	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.688715935 CET	64573	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.768663883 CET	54907	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.768857956 CET	62999	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.811105013 CET	53	56621	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.811541080 CET	53	64032	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.814182043 CET	53	64573	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.837641001 CET	53	60541	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:18.866955996 CET	58359	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.867131948 CET	50306	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:18.894577980 CET	53	62999	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:19.069674015 CET	61004	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:19.069799900 CET	56956	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:19.194406033 CET	53	61004	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:19.194444895 CET	53	56956	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:19.476303101 CET	138	138	192.168.2.4	192.168.2.255
Nov 24, 2023 16:51:19.884618998 CET	63565	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:19.885179043 CET	54430	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.010090113 CET	53	63565	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.010612011 CET	53	54430	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.033462048 CET	54162	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.033795118 CET	52354	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.034702063 CET	50621	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.035039902 CET	55229	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.157985926 CET	53	54162	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.158406019 CET	53	52354	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.159096003 CET	53	50621	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.163940907 CET	53	55229	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.222904921 CET	57023	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.223156929 CET	49173	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.348800898 CET	53	49173	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.841104031 CET	53408	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.841427088 CET	59786	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:20.903034925 CET	53	49448	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.966344118 CET	53	53408	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:20.966469049 CET	53	59786	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:21.430521965 CET	50517	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:21.430697918 CET	52059	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:21.555696964 CET	53	50517	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:21.556368113 CET	53	52059	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:21.861571074 CET	56263	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:21.861757040 CET	56264	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:21.986538887 CET	53	56264	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:21.987006903 CET	53	56263	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:22.791734934 CET	61531	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:22.792088032 CET	55334	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:22.918015003 CET	53	61531	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:22.918601036 CET	53	55334	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:24.702275991 CET	56527	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:24.702990055 CET	54728	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:24.828686953 CET	53	56527	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:24.842133999 CET	53	54728	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:28.422832966 CET	56379	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:28.423057079 CET	49283	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:28.548526049 CET	53	49283	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:28.551110983 CET	53	56379	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:28.955023050 CET	58231	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:28.955266953 CET	49759	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:29.084435940 CET	53	58231	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:29.084600925 CET	53	49759	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:29.477329969 CET	59606	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:29.477648020 CET	56328	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:29.602624893 CET	53	59606	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:29.603615999 CET	53	56328	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:29.995059013 CET	54626	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:29.995364904 CET	56173	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:30.119555950 CET	53	56173	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:30.121424913 CET	53	54626	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:36.403325081 CET	53	62615	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:44.633711100 CET	57205	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:44.634541988 CET	64597	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:51:44.758970976 CET	53	57205	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:44.759525061 CET	53	64597	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:57.556446075 CET	53	52532	1.1.1.1	192.168.2.4
Nov 24, 2023 16:51:58.990051985 CET	53	53049	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:11.479146957 CET	56103	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:11.479408979 CET	64166	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:11.754895926 CET	60575	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:11.755129099 CET	56173	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:11.879645109 CET	53	60575	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:11.879797935 CET	53	56173	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:15.102370024 CET	58935	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:15.102694988 CET	62296	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:15.104397058 CET	59708	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:15.104779005 CET	63802	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:23.894325018 CET	55493	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:23.894501925 CET	52701	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:23.943841934 CET	54182	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:23.944313049 CET	63783	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:24.018024921 CET	53	55493	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:24.019717932 CET	53	52701	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:24.088305950 CET	53	54182	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:24.089641094 CET	53	63783	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:24.634898901 CET	56182	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:24.634998083 CET	59154	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:24.761215925 CET	53	59154	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:24.761502981 CET	53	56182	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:24.979892015 CET	63215	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:24.979983091 CET	49517	53	192.168.2.4	1.1.1.1
Nov 24, 2023 16:52:25.104796886 CET	53	49517	1.1.1.1	192.168.2.4
Nov 24, 2023 16:52:25.107798100 CET	53	63215	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 24, 2023 16:51:13.192202091 CET	192.168.2.4	1.1.1.1	c26a	(Port unreachable)	Destination Unreachable
Nov 24, 2023 16:51:14.975900888 CET	192.168.2.4	1.1.1.1	c26a	(Port unreachable)	Destination Unreachable
Nov 24, 2023 16:51:16.513032913 CET	192.168.2.4	1.1.1.1	c25b	(Port unreachable)	Destination Unreachable
Nov 24, 2023 16:51:17.143420935 CET	192.168.2.4	1.1.1.1	c276	(Port unreachable)	Destination Unreachable
Nov 24, 2023 16:51:18.242701054 CET	192.168.2.4	1.1.1.1	c238	(Port unreachable)	Destination Unreachable
Nov 24, 2023 16:52:11.664299965 CET	192.168.2.4	1.1.1.1	c27e	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:50:59 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-11-24 15:50:59 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-11-24 15:50:59 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-11-24 15:50:59 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-24 15:50:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:50:59 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:50:59 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 45 32 33 4d 63 2d 73 48 34 6f 56 32 52 44 4a 63 74 78 32 30 67 51 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-E23Mc-sH4oV2RDJctx20gQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-11-24 15:50:59 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 38 32 35 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6171" elapsed_seconds="28259"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-24 15:50:59 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-24 15:50:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 10480, version 0.0
Category:	downloaded
Size (bytes):	10480
Entropy (8bit):	7.978241854639667
Encrypted:	false
SSDEEP:	192:M/9fiVYDb50uTxesUEsDXNKixyJuB35axTdduLQVfCP5Tb8vui6MW8Jm8g1mp:MFfcYBdOFDXNKixcypaBd7kP5Tb8vtW4
MD5:	9321078447AA3FE1052FD2DD17D6EB95
SHA1:	836A28B1BD369A01135E0B8A270E43FD5F3EFE58
SHA-256:	28BB7F3132D071F1E5E0C2654297A1F646CB5E9547E204401A99110949219AAF
SHA-512:	56541E2C049668B703FD5BF0FA5B1F7CE15ABF75839F12DAC68DB49AD761BCF21A4DB3A2C83F6E16406008B6D178F8BF8D46D37F09AEDB7F3F24D34453D0CEA6
Malicious:	false
Reputation:	low
URL:	https://content.usbank.com/content/dam/onlinebanking/common/static/fonts/08b57253-2e0d-4c12-9c57-107f6c67bc49.woff2
Preview:	wOF2......(.......g\..(..........................`..b...H.y.6.$........ ..y. .OU3.u....gb......?...f. ...A.....#..w....y...5..Fp...5.h..,m..A.@...'7....F4.q..f.....................a...f..4...+.3.;.c.g..pf...;.LC..R..H..d)-}'.%>..p....N.x+...._[....+......!g.=}'].....5]....\|..d.[...U...t.....VD.Xe}...5........iE..V.Br9....!m.PX'....nh..p..Z...T..iSW./.<..I.m.j.......X)..].%.._.J.z.....R=.4{....!.W+S.\|,.).....a...9....w\|.K.z....}>.I..Ts..1....t.%7...{..^.(....<>.O........2J.z....:.p._...c.)..e...h...l...[h.E.Ya..V[c..6.d.m..n.}...n.n.i...c...z.k.=....N8.yn8.k.8.>..m.!F.c.Q&...f.e...-.i!.....'...:.m...O\|..?.{`..7...B..6t...$oR8)..L.%..S.._.}RO?.......E...f.S..C..*t.#...')..M..a...z@A....?..,.{..r8.Z..O.....O.?..4....T-..M.lt.n...a..<.....a...W.z.sk..p...Y8.;`),...<....ux.Z....M.....#...>..../.+.....!..?..^..o..X..Y.m....x..........?.=X.....~...s...O.._.].....Ra.@..s.-%..umg.:..m.L...r..)u..TBn.b.......[rm.4.2...3..4Xd..$.Kt...]..b....

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:02 UTC	568	OUT	GET /adrum/adrum-20.12.0.3360.js?ver=23.11.69 HTTP/1.1 Host: cdn.appdynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:02 UTC	361	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 30 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 0d 0a 58 2d 43 61 63 68 65 3a 20 45 72 72 6f 72 20 66 72 6f 6d 20 63 6c 6f 75 64 66 72 6f 6e 74 0d 0a 56 69 61 3a 20 31 2e 31 20 34 37 37 39 33 38 66 34 32 66 65 61 65 64 31 31 39 37 66 62 66 37 37 31 36 62 39 31 61 38 35 65 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 20 28 43 6c 6f 75 Data Ascii: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 24 Nov 2023 15:51:02 GMTServer: nginx/1.16.1X-Cache: Error from cloudfrontVia: 1.1 477938f42feaed1197fbf7716b91a85e.cloudfront.net (Clou
2023-11-24 15:51:02 UTC	249	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 39 36 48 44 51 59 48 57 34 48 31 4e 33 52 4d 41 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 6d 49 53 6a 35 53 63 4a 43 31 71 50 69 50 42 4e 4a 6a 4f 42 6a 50 4d 61 79 53 49 49 32 4e 33 54 4d 37 37 2b 33 73 74 52 65 45 4b 76 52 57 4f 79 39 4d 64 41 46 77 67 37 6b 50 6f 2f 73 4a 58 41 32 69 53 55 47 61 32 66 68 6a 41 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>96HDQYHW4H1N3RMA</RequestId><HostId>mISj5ScJC1qPiPBNJjOBjPMaySII2N3TM77+3stReEKvRWOy9MdAFwg7kPo/sJXA2iSUGa2fhjA=</HostId></Error>
2023-11-24 15:51:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:04 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-24 15:51:04 UTC	435	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:04 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-24 15:51:05 UTC	530	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 Data Ascii: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
2023-11-24 15:51:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:12 UTC	603	OUT	GET /t/1.css?apiType=css&projectid=cd38605f-0a87-40cc-9870-8bd4d2826839 HTTP/1.1 Host: fast.fonts.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:13 UTC	835	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 63 73 73 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 78 2d 61 6d 7a 2d 69 64 2d 32 3a 20 72 62 73 42 73 43 4e 47 7a 6a 4d 67 73 56 4d 65 6c 34 53 39 48 62 41 6a 57 59 56 79 49 6a 38 50 50 63 6a 33 6c 62 43 69 62 4d 6a 5a 48 44 38 4e 79 6b 6e 58 54 4d 31 58 6a 5a 5a 54 6e 51 4e 5a 63 78 33 73 46 70 2f 69 64 77 38 4e 59 6a 44 79 6c 64 77 6c 6e 41 3d 3d 0d 0a 78 2d 61 6d 7a 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 35 51 39 30 Data Ascii: HTTP/1.1 200 OKDate: Fri, 24 Nov 2023 15:51:13 GMTContent-Type: text/css; charset=utf-8Content-Length: 0Connection: closex-amz-id-2: rbsBsCNGzjMgsVMel4S9HbAjWYVyIj8PPcj3lbCibMjZHD8NyknXTM1XjZZTnQNZcx3sFp/idw8NYjDyldwlnA==x-amz-request-id: 5Q90

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:13 UTC	561	OUT	GET /utag/usbank/partnercards/prod/utag.js HTTP/1.1 Host: tags.tiqcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:13 UTC	609	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 30 35 30 30 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 31 36 20 4e 6f 76 20 32 30 32 33 20 31 36 3a 35 37 3a 32 31 20 47 4d 54 0d 0a 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 3a 20 41 45 53 32 35 36 0d 0a 78 2d 61 6d 7a 2d 76 65 72 73 69 6f 6e 2d 69 64 3a 20 34 6e 49 54 57 76 76 57 36 32 79 55 30 74 4f 37 75 6a 37 57 6d 65 6d 32 4d 66 7a 78 46 43 65 69 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d Data Ascii: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Length: 305004Connection: closeLast-Modified: Thu, 16 Nov 2023 16:57:21 GMTx-amz-server-side-encryption: AES256x-amz-version-id: 4nITWvvW62yU0tO7uj7Wmem2MfzxFCeiAccept-Ranges: bytes
2023-11-24 15:51:13 UTC	16384	IN	Data Raw: 2f 2f 74 65 61 6c 69 75 6d 20 75 6e 69 76 65 72 73 61 6c 20 74 61 67 20 2d 20 75 74 61 67 2e 6c 6f 61 64 65 72 20 75 74 34 2e 30 2e 32 30 32 33 31 31 31 36 31 36 35 37 2c 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 33 20 54 65 61 6c 69 75 6d 2e 63 6f 6d 20 49 6e 63 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 0a 76 61 72 20 75 74 61 67 5f 63 6f 6e 64 6c 6f 61 64 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 5f 74 65 61 6c 69 75 6d 5f 74 77 63 5f 73 77 69 74 63 68 3d 66 61 6c 73 65 3b 74 72 79 7b 74 72 79 7b 74 72 79 7b 77 69 6e 64 6f 77 2e 64 61 65 50 72 69 76 61 63 79 3d 77 69 6e 64 6f 77 2e 64 61 65 50 72 69 76 61 63 79 7c 7c 7b 61 64 6f 62 65 3a 7b 6f 70 74 4f 75 74 45 76 65 6e 74 3a 27 65 76 65 6e 74 38 33 38 27 2c 6f 70 74 4f 75 74 Data Ascii: //tealium universal tag - utag.loader ut4.0.202311161657, Copyright 2023 Tealium.com Inc. All Rights Reserved.var utag_condload=false;window.__tealium_twc_switch=false;try{try{try{window.daePrivacy=window.daePrivacy\|\|{adobe:{optOutEvent:'event838',optOut
2023-11-24 15:51:13 UTC	16384	IN	Data Raw: 6d 3f 64 2e 73 69 74 65 50 6c 61 74 66 6f 72 6d 3a 22 22 2c 70 72 6f 70 36 30 3a 64 2e 63 61 72 64 41 63 74 69 76 61 74 69 6f 6e 41 74 74 65 6d 70 74 53 74 61 74 75 73 3f 64 2e 63 61 72 64 41 63 74 69 76 61 74 69 6f 6e 41 74 74 65 6d 70 74 53 74 61 74 75 73 3a 22 22 2c 70 72 6f 70 36 39 3a 64 2e 63 68 61 6c 6c 65 6e 67 65 50 6f 6c 69 63 79 3f 64 2e 63 68 61 6c 6c 65 6e 67 65 50 6f 6c 69 63 79 3a 22 22 2c 65 56 61 72 39 38 3a 64 2e 6c 70 69 64 3f 64 2e 6c 70 69 64 3a 22 22 2c 65 56 61 72 31 31 37 3a 64 2e 63 75 73 74 6f 6d 65 72 41 63 63 6f 75 6e 74 73 52 65 6c 61 74 69 6f 6e 54 79 70 65 3f 64 2e 63 75 73 74 6f 6d 65 72 41 63 63 6f 75 6e 74 73 52 65 6c 61 74 69 6f 6e 54 79 70 65 3a 22 77 68 69 74 65 6c 61 62 65 6c 20 63 75 73 74 6f 6d 65 72 20 6f 6e 6c 79 Data Ascii: m?d.sitePlatform:"",prop60:d.cardActivationAttemptStatus?d.cardActivationAttemptStatus:"",prop69:d.challengePolicy?d.challengePolicy:"",eVar98:d.lpid?d.lpid:"",eVar117:d.customerAccountsRelationType?d.customerAccountsRelationType:"whitelabel customer only
2023-11-24 15:51:13 UTC	16384	IN	Data Raw: 72 6f 70 35 33 22 3a 22 65 6e 74 65 72 20 70 65 72 73 6f 6e 61 6c 20 69 64 20 74 65 78 74 20 66 69 65 6c 64 20 72 65 6d 6f 76 65 20 66 6f 63 75 73 22 2c 22 70 72 6f 70 36 37 22 3a 22 6c 6f 67 69 6e 20 77 69 64 67 65 74 22 2c 22 65 56 61 72 36 37 22 3a 22 6c 6f 67 69 6e 20 77 69 64 67 65 74 22 2c 22 70 72 6f 70 34 30 22 3a 22 6f 6e 6c 69 6e 65 20 62 61 6e 6b 69 6e 67 22 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 50 65 72 73 6f 6e 61 6c 49 64 49 64 65 6e 74 69 66 69 65 72 22 5d 3d 7b 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 50 65 72 73 6f 6e 61 6c 49 64 49 64 65 Data Ascii: rop53":"enter personal id text field remove focus","prop67":"login widget","eVar67":"login widget","prop40":"online banking"};window.OmnitureNew.constants["LoginWidget"]["PersonalIdIdentifier"]={};window.OmnitureNew.constants["LoginWidget"]["PersonalIdIde
2023-11-24 15:51:13 UTC	16331	IN	Data Raw: 74 61 74 75 73 22 3a 22 6c 6f 67 69 6e 20 70 61 73 73 77 64 22 2c 22 65 76 65 6e 74 6e 61 6d 65 22 3a 22 73 65 63 75 72 69 74 79 20 71 75 65 73 74 69 6f 6e 20 66 61 69 6c 75 72 65 22 2c 22 70 72 6f 70 36 37 22 3a 22 6c 6f 67 69 6e 20 77 69 64 67 65 74 22 2c 22 65 56 61 72 36 37 22 3a 22 6c 6f 67 69 6e 20 77 69 64 67 65 74 22 2c 22 70 72 6f 70 34 30 22 3a 22 6f 6e 6c 69 6e 65 20 62 61 6e 6b 69 6e 67 22 2c 22 70 72 6f 70 35 33 22 3a 22 73 65 63 75 72 69 74 79 20 71 75 65 73 74 69 6f 6e 20 66 61 69 6c 75 72 65 22 2c 22 75 78 4e 61 6d 65 46 6f 72 53 69 74 65 43 61 74 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 61 70 70 4e 61 6d 65 46 6f 72 53 69 74 65 43 61 74 22 3a 22 6f 6c 62 22 2c 22 6c 6f 67 69 6e 54 79 70 65 22 3a 22 6c 6f 67 69 6e 20 77 69 64 67 65 74 20 6e Data Ascii: tatus":"login passwd","eventname":"security question failure","prop67":"login widget","eVar67":"login widget","prop40":"online banking","prop53":"security question failure","uxNameForSiteCat":"desktop","appNameForSiteCat":"olb","loginType":"login widget n
2023-11-24 15:51:13 UTC	16384	IN	Data Raw: 6e 74 65 72 20 74 65 6d 70 20 61 63 63 65 73 73 20 63 6f 64 65 20 6f 61 6d 20 65 72 72 6f 72 22 2c 22 75 78 4e 61 6d 65 46 6f 72 53 69 74 65 43 61 74 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 61 70 70 4e 61 6d 65 46 6f 72 53 69 74 65 43 61 74 22 3a 22 6f 6c 62 22 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 54 65 6d 70 41 63 63 65 73 73 43 6f 64 65 4f 41 4d 45 72 72 22 5d 3d 7b 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 54 65 6d 70 41 63 63 65 73 73 43 6f 64 65 4f 41 4d 45 72 72 22 5d 3d 7b 22 65 76 65 6e 74 6e 61 6d 65 22 3a 22 65 6e 74 65 72 20 74 65 6d 70 20 61 63 Data Ascii: nter temp access code oam error","uxNameForSiteCat":"desktop","appNameForSiteCat":"olb"};window.OmnitureNew.constants["LoginWidget"]["TempAccessCodeOAMErr"]={};window.OmnitureNew.constants["LoginWidget"]["TempAccessCodeOAMErr"]={"eventname":"enter temp ac
2023-11-24 15:51:13 UTC	16384	IN	Data Raw: 67 65 41 75 74 68 51 41 4c 69 6e 6b 22 5d 3d 7b 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 53 74 61 6e 64 61 6c 6f 6e 65 43 68 61 6e 67 65 41 75 74 68 51 41 4c 69 6e 6b 22 5d 3d 7b 22 70 72 6f 70 35 33 22 3a 22 73 74 65 70 20 75 70 20 73 65 6c 65 63 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6d 65 74 68 6f 64 20 69 64 20 73 68 69 65 6c 64 20 73 65 6c 65 63 74 65 64 22 2c 22 6c 6f 67 69 6e 4d 65 74 68 6f 64 22 3a 22 74 72 61 6e 73 6d 69 74 20 6c 6f 67 69 6e 22 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4d 6f 62 69 6c 65 22 5d 5b 22 43 68 61 6e 67 65 41 75 74 68 51 41 4c 69 6e 6b 22 5d 3d 7b 7d 3b 77 Data Ascii: geAuthQALink"]={};window.OmnitureNew.constants["LoginWidget"]["StandaloneChangeAuthQALink"]={"prop53":"step up select authentication method id shield selected","loginMethod":"transmit login"};window.OmnitureNew.constants["Mobile"]["ChangeAuthQALink"]={};w
2023-11-24 15:51:13 UTC	16384	IN	Data Raw: 6c 6f 67 69 6e 20 73 74 65 70 75 70 20 73 65 6c 65 63 74 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 64 65 76 69 63 65 22 2c 22 6c 6f 67 69 6e 4d 65 74 68 6f 64 22 3a 22 74 72 61 6e 73 6d 69 74 20 6c 6f 67 69 6e 22 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 53 74 65 70 75 70 4d 6f 62 41 70 70 72 6f 76 65 50 65 6e 64 69 6e 67 22 5d 3d 7b 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 53 74 65 70 75 70 4d 6f 62 41 70 70 72 6f 76 65 50 65 6e 64 69 6e 67 22 5d 3d 7b 22 65 76 65 6e 74 6e 61 6d 65 22 3a 22 73 74 65 70 20 75 70 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f Data Ascii: login stepup select authentication device","loginMethod":"transmit login"};window.OmnitureNew.constants["LoginWidget"]["StepupMobApprovePending"]={};window.OmnitureNew.constants["LoginWidget"]["StepupMobApprovePending"]={"eventname":"step up authenticatio
2023-11-24 15:51:13 UTC	16331	IN	Data Raw: 65 6c 65 63 74 65 64 e2 80 99 2c 6e 75 6c 6c 2c 27 6e 61 76 69 67 61 74 65 27 22 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 53 74 61 6e 64 61 6c 6f 6e 65 50 65 72 73 6f 6e 61 6c 49 64 49 6e 63 6f 72 72 65 63 74 46 6f 72 6d 61 74 22 5d 3d 7b 7d 3b 77 69 6e 64 6f 77 2e 4f 6d 6e 69 74 75 72 65 4e 65 77 2e 63 6f 6e 73 74 61 6e 74 73 5b 22 4c 6f 67 69 6e 57 69 64 67 65 74 22 5d 5b 22 53 74 61 6e 64 61 6c 6f 6e 65 50 65 72 73 6f 6e 61 6c 49 64 49 6e 63 6f 72 72 65 63 74 46 6f 72 6d 61 74 22 5d 3d 7b 22 65 76 65 6e 74 6e 61 6d 65 22 3a 22 65 6e 74 65 72 20 75 73 65 72 6e 61 6d 65 20 70 61 73 73 77 6f 72 64 20 70 65 72 73 6f 6e 61 6c 20 69 64 20 66 6f 72 6d 61 74 20 Data Ascii: elected,null,'navigate'"};window.OmnitureNew.constants["LoginWidget"]["StandalonePersonalIdIncorrectFormat"]={};window.OmnitureNew.constants["LoginWidget"]["StandalonePersonalIdIncorrectFormat"]={"eventname":"enter username password personal id format
2023-11-24 15:51:13 UTC	3180	IN	Data Raw: 28 29 29 2e 73 72 63 3d 61 2e 73 72 63 2b 27 3f 75 74 76 3d 27 2b 75 74 61 67 2e 63 66 67 2e 76 2b 27 26 75 74 69 64 3d 27 2b 75 74 61 67 2e 63 66 67 2e 75 74 69 64 2b 27 26 27 2b 28 62 2e 6a 6f 69 6e 28 27 26 27 29 29 29 7d 7d 2c 76 69 65 77 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 72 61 63 6b 28 7b 65 76 65 6e 74 3a 27 76 69 65 77 27 2c 64 61 74 61 3a 61 7c 7c 7b 7d 2c 63 66 67 3a 7b 63 62 3a 63 2c 75 69 64 73 3a 64 7d 7d 29 7d 2c 6c 69 6e 6b 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 72 61 63 6b 28 7b 65 76 65 6e 74 3a 27 6c 69 6e 6b 27 2c 64 61 74 61 3a 61 7c 7c 7b 7d 2c 63 66 67 3a 7b 63 62 3a 63 2c 75 69 64 73 3a 64 7d 7d 29 7d 2c 74 72 61 63 6b 3a 66 75 Data Ascii: ()).src=a.src+'?utv='+utag.cfg.v+'&utid='+utag.cfg.utid+'&'+(b.join('&')))}},view:function(a,c,d){return this.track({event:'view',data:a\|\|{},cfg:{cb:c,uids:d}})},link:function(a,c,d){return this.track({event:'link',data:a\|\|{},cfg:{cb:c,uids:d}})},track:fu

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:14 UTC	597	OUT	GET /utag/tiqapp/utag.v.js?a=usbank/partnercards/202311161656&cb=1700841072992 HTTP/1.1 Host: tags.tiqcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:14 UTC	607	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 61 74 2c 20 31 31 20 4d 61 72 20 32 30 32 33 20 30 36 3a 35 37 3a 34 36 20 47 4d 54 0d 0a 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 3a 20 41 45 53 32 35 36 0d 0a 78 2d 61 6d 7a 2d 76 65 72 73 69 6f 6e 2d 69 64 3a 20 32 58 55 58 30 34 58 35 51 45 77 30 2e 78 46 79 61 36 34 6b 68 55 2e 5f 73 48 54 52 6c 5f 50 7a 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 53 65 72 76 Data Ascii: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Length: 2Connection: closeLast-Modified: Sat, 11 Mar 2023 06:57:46 GMTx-amz-server-side-encryption: AES256x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_PzAccept-Ranges: bytesServ
2023-11-24 15:51:14 UTC	2	IN	Data Raw: 2f 2f Data Ascii: //

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:14 UTC	556	OUT	GET /qscripts/quantum-usbank.js HTTP/1.1 Host: cdn.quantummetric.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:14 UTC	620	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 65 74 61 67 3a 20 57 2f 22 31 37 30 30 36 38 32 31 35 33 38 37 37 31 36 39 35 39 32 38 30 30 35 31 31 30 31 36 39 31 37 34 30 38 30 34 34 36 34 22 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 30 30 2c 20 73 74 61 6c 65 2d 77 68 69 6c 65 2d 72 Data Ascii: HTTP/1.1 200 OKDate: Fri, 24 Nov 2023 15:51:14 GMTContent-Type: text/javascriptTransfer-Encoding: chunkedConnection: closevary: Accept-Encodingetag: W/"170068215387716959280051101691740804464"Cache-Control: public, max-age=300, stale-while-r
2023-11-24 15:51:14 UTC	749	IN	Data Raw: 37 64 34 35 0d 0a 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 35 2d 32 30 32 33 20 51 75 61 6e 74 75 6d 20 4d 65 74 72 69 63 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 46 6f 72 20 55 53 20 70 61 74 65 6e 74 73 20 73 65 65 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 71 75 61 6e 74 75 6d 6d 65 74 72 69 63 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 70 61 74 65 6e 74 73 2f 2e 20 46 6f 72 20 45 55 4c 41 20 73 65 65 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 71 75 61 6e 74 75 6d 6d 65 74 72 69 63 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 65 75 6c 61 20 75 73 62 61 6e 6b 20 38 35 30 61 33 31 39 63 64 30 38 61 38 36 64 37 61 36 63 63 66 63 38 38 65 65 34 61 64 39 61 64 34 31 66 61 39 61 34 30 20 2a 2f 0a 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 50 Data Ascii: 7d45/* Copyright 2015-2023 Quantum Metric, Inc. All rights reserved. For US patents see https://www.quantummetric.com/legal/patents/. For EULA see https://www.quantummetric.com/legal/eula usbank 850a319cd08a86d7a6ccfc88ee4ad9ad41fa9a40 // Copyright P
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 6f 6e 65 5f 73 79 6d 62 6f 6c 5f 5f 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 27 5d 20 7c 7c 20 77 69 6e 64 6f 77 2e 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 3b 0a 76 61 72 20 71 75 65 75 65 4d 69 63 72 6f 74 61 73 6b 20 3d 20 77 69 6e 64 6f 77 5b 27 5f 5f 7a 6f 6e 65 5f 73 79 6d 62 6f 6c 5f 5f 71 75 65 75 65 4d 69 63 72 6f 74 61 73 6b 27 5d 20 7c 7c 20 77 69 6e 64 6f 77 2e 71 75 65 75 65 4d 69 63 72 6f 74 61 73 6b 3b 0a 76 61 72 20 50 72 6f 6d 69 73 65 20 3d 20 77 69 6e 64 6f 77 5b 27 5f 5f 7a 6f 6e 65 5f 73 79 6d 62 6f 6c 5f 5f 50 72 6f 6d 69 73 65 27 5d 20 7c 7c 20 77 69 6e 64 6f 77 2e 50 72 6f 6d 69 73 65 3b 20 76 61 72 20 78 3b 66 75 6e 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f Data Ascii: one_symbol__MutationObserver'] \|\| window.MutationObserver;var queueMicrotask = window['__zone_symbol__queueMicrotask'] \|\| window.queueMicrotask;var Promise = window['__zone_symbol__Promise'] \|\| window.Promise; var x;function aa(a){var b=0;return functio
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 67 6c 6f 62 61 6c 20 6f 62 6a 65 63 74 22 29 3b 7d 76 61 72 20 70 61 3d 6f 61 28 74 68 69 73 29 2c 71 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 Data Ascii: or(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var pa=oa(this),qa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)retu
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 20 62 29 74 68 69 73 2e 42 61 28 67 29 3b 65 6c 73 65 7b 61 3a 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 67 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 76 61 72 20 68 3d 6e 75 6c 6c 21 3d 67 3b 62 72 65 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 77 61 28 67 29 3a 0a 74 68 69 73 2e 64 61 28 67 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 77 61 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 4f 28 6b 29 3b 72 65 74 75 72 6e 7d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 68 3f 74 68 69 73 2e 45 61 28 68 2c 67 29 Data Ascii: b)this.Ba(g);else{a:switch(typeof g){case "object":var h=null!=g;break a;case "function":h=!0;break a;default:h=!1}h?this.wa(g):this.da(g)}};b.prototype.wa=function(g){var h=void 0;try{h=g.then}catch(k){this.O(k);return}"function"==typeof h?this.Ea(h,g)
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 21 6e 2e 64 6f 6e 65 3b 6e 3d 6c 2e 6e 65 78 74 28 29 29 64 28 6e 2e 76 61 6c 75 65 29 2e 55 63 28 68 2c 6b 29 7d 29 7d 3b 62 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 7a 28 67 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6b 2e 64 6f 6e 65 3f 64 28 5b 5d 29 3a 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 6c 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 6d 28 72 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 71 5b 72 5d 3d 74 3b 70 2d 2d 3b 30 3d 3d 70 26 26 6c 28 71 29 7d 7d 76 61 72 20 71 3d 5b 5d 2c 70 3d 30 3b 64 6f 20 71 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 70 2b 2b 2c 64 28 6b 2e 76 61 6c 75 65 29 2e 55 63 28 6d 28 71 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 77 Data Ascii: !n.done;n=l.next())d(n.value).Uc(h,k)})};b.all=function(g){var h=z(g),k=h.next();return k.done?d([]):new b(function(l,n){function m(r){return function(t){q[r]=t;p--;0==p&&l(q)}}var q=[],p=0;do q.push(void 0),p++,d(k.value).Uc(m(q.length-1),n),k=h.next();w
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 72 6e 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 52 3d 7b 22 72 65 74 75 72 6e 22 3a 61 7d 3b 74 68 69 73 2e 67 3d 74 68 69 73 2e 69 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 46 28 61 2c 62 2c 63 29 7b 61 2e 67 3d 63 3b 72 65 74 75 72 6e 7b 76 61 6c 75 65 3a 62 7d 7d 66 75 6e 63 74 69 6f 6e 20 47 28 61 29 7b 61 2e 67 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 43 61 28 61 2c 62 2c 63 29 7b 61 2e 67 3d 62 3b 61 2e 4a 3d 63 7c 7c 30 7d 66 75 6e 63 74 69 6f 6e 20 44 61 28 61 2c 62 29 7b 61 2e 4a 3d 62 7c 7c 30 3b 76 61 72 20 63 3d 61 2e 52 2e 6b 67 3b 61 2e 52 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 63 7d 66 75 6e 63 74 69 6f 6e 20 45 61 28 61 29 7b 74 68 69 73 2e 67 3d 6e 65 77 20 7a 61 3b 74 68 69 73 2e 42 3d 61 7d 0a 66 75 6e 63 74 69 6f 6e 20 46 61 28 Data Ascii: rn"]=function(a){this.R={"return":a};this.g=this.ia};function F(a,b,c){a.g=c;return{value:b}}function G(a){a.g=0}function Ca(a,b,c){a.g=b;a.J=c\|\|0}function Da(a,b){a.J=b\|\|0;var c=a.R.kg;a.R=null;return c}function Ea(a){this.g=new za;this.B=a}function Fa(
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 28 67 2e 76 61 6c 75 65 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 67 2e 76 61 6c 75 65 29 2e 74 68 65 6e 28 62 2c 63 29 2e 74 68 65 6e 28 66 2c 65 29 7d 66 28 61 2e 6e 65 78 74 28 29 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 49 28 61 29 7b 72 65 74 75 72 6e 20 4a 61 28 6e 65 77 20 49 61 28 6e 65 77 20 45 61 28 61 29 29 29 7d 76 61 72 20 4d 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3f 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 31 3b 63 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 69 66 28 64 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 Data Ascii: (g.value):Promise.resolve(g.value).then(b,c).then(f,e)}f(a.next())})}function I(a){return Ja(new Ia(new Ea(a)))}var Ma="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 72 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 2d 31 21 3d 3d 4e 61 28 74 68 69 73 2c 62 2c 22 69 6e 63 6c 75 64 65 73 22 29 2e 69 6e 64 65 78 4f 66 28 62 2c 63 7c 7c 30 29 7d 7d 29 3b 0a 72 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 64 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 4e 61 28 74 68 69 73 2c 62 2c 22 65 6e 64 73 57 69 74 68 22 Data Ascii: t be a regular expression");return a+""}ra("String.prototype.includes",function(a){return a?a:function(b,c){return-1!==Na(this,b,"includes").indexOf(b,c\|\|0)}});ra("String.prototype.endsWith",function(a){return a?a:function(b,c){var d=Na(this,b,"endsWith"
2023-11-24 15:51:14 UTC	1369	IN	Data Raw: 33 2c 36 35 2c 34 35 2c 37 39 2c 36 35 2c 36 39 2c 38 30 5d 29 2c 53 61 3d 4f 61 28 5b 38 32 2c 38 33 2c 36 35 2c 34 35 2c 37 39 2c 36 35 2c 36 39 2c 38 30 2c 34 35 2c 35 30 2c 35 33 2c 35 34 5d 29 2c 54 61 3d 4f 61 28 5b 36 35 2c 35 30 2c 35 33 2c 35 34 2c 36 37 2c 36 36 2c 36 37 5d 29 2c 55 61 3d 2f 5c 73 2a 2c 5c 73 2a 2f 2c 56 61 3d 7b 75 74 6d 5f 73 6f 75 72 63 65 3a 2d 35 36 2c 75 74 6d 5f 6d 65 64 69 75 6d 3a 2d 35 37 2c 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3a 2d 35 38 2c 75 74 6d 5f 74 65 72 6d 3a 2d 35 39 2c 75 74 6d 5f 63 6f 6e 74 65 6e 74 3a 2d 36 30 2c 75 74 6d 5f 69 64 3a 2d 36 31 7d 2c 57 61 3d 2f 71 75 61 6e 74 75 6d 2f 69 2c 58 61 3d 2f 63 76 76 7c 63 76 63 7c 6d 6f 6e 74 68 7c 79 65 61 72 7c 62 69 72 74 68 7c 63 69 64 7c 63 73 63 7c 63 76 Data Ascii: 3,65,45,79,65,69,80]),Sa=Oa([82,83,65,45,79,65,69,80,45,50,53,54]),Ta=Oa([65,50,53,54,67,66,67]),Ua=/\s,\s/,Va={utm_source:-56,utm_medium:-57,utm_campaign:-58,utm_term:-59,utm_content:-60,utm_id:-61},Wa=/quantum/i,Xa=/cvv\|cvc\|month\|year\|birth\|cid\|csc\|cv

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:14 UTC	578	OUT	GET /cobrowse/CobrowseJS.ashx?group=19921&site=production HTTP/1.1 Host: www.glancecdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:14 UTC	335	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 38 39 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 36 30 30 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2e 67 6c 61 6e 63 65 63 64 6e 2e 6e 65 74 2f 63 6f 62 72 6f 77 73 65 2f 6a 73 2f 47 6c 61 6e 63 65 43 6f 62 72 6f 77 73 65 4c 6f 61 64 65 72 5f 35 2e 38 2e 37 4d 2e 6a 73 0d 0a 53 65 72 76 65 Data Ascii: HTTP/1.1 302 FoundDate: Fri, 24 Nov 2023 15:51:14 GMTContent-Type: text/html; charset=utf-8Content-Length: 189Connection: closeCache-Control: max-age=3600Location: https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.8.7M.jsServe
2023-11-24 15:51:14 UTC	189	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2e 67 6c 61 6e 63 65 63 64 6e 2e 6e 65 74 2f 63 6f 62 72 6f 77 73 65 2f 6a 73 2f 47 6c 61 6e 63 65 43 6f 62 72 6f 77 73 65 4c 6f 61 64 65 72 5f 35 2e 38 2e 37 4d 2e 6a 73 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.8.7M.js">here</a>.</h2></body></html>

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:15 UTC	572	OUT	GET /cobrowse/js/GlanceCobrowseLoader_5.8.7M.js HTTP/1.1 Host: storage.glancecdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:15 UTC	731	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 38 33 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 37 20 4e 6f 76 20 32 30 32 33 20 30 31 3a 34 36 3a 31 30 20 47 4d 54 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4d 65 74 68 6f 64 73 3a 20 47 45 54 0d 0a 78 2d 61 6d 7a 2d 72 65 70 6c 69 63 61 74 69 6f 6e 2d 73 74 61 74 75 73 3a 20 43 4f 4d 50 4c 45 54 45 44 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Length: 11832Connection: closeDate: Fri, 17 Nov 2023 01:46:10 GMTAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: GETx-amz-replication-status: COMPLETEDLast-Modified: Fr
2023-11-24 15:51:15 UTC	11832	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 27 75 73 65 20 73 74 72 69 63 74 27 3b 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 32 32 20 47 6c 61 6e 63 65 20 4e 65 74 77 6f 72 6b 73 2c 20 49 6e 63 2e 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 47 6c 61 6e 63 65 20 4e 65 74 77 6f 72 6b 73 2c 20 49 6e 63 2e 0a 2a 2f 0a 77 69 6e 64 6f 77 2e 47 4c 41 4e 43 45 3d 77 69 6e 64 6f 77 2e 47 4c 41 4e 43 45 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 47 4c 41 4e 43 45 2e 56 45 52 53 49 4f 4e 3d 22 35 2e 38 2e Data Ascii: (function() {/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0/'use strict';/ Copyright (c) 2022 Glance Networks, Inc. Copyright 2022 Glance Networks, Inc.*/window.GLANCE=window.GLANCE\|\|{};window.GLANCE.VERSION="5.8.

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:15 UTC	748	OUT	GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=675616D751E567410A490D4C%40AdobeOrg&d_nsid=0&ts=1700841073618 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://login.fidelityrewards.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:15 UTC	958	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 58 2d 54 49 44 3a 20 44 36 68 75 53 6b 67 35 54 4e 34 3d 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 6e 6f 2d 73 74 6f 72 65 2c 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 6d 61 78 2d 61 67 65 3d 30 2c 70 72 6f 78 79 2d 72 65 76 61 6c 69 64 61 74 65 Data Ascii: HTTP/1.1 302 FoundDate: Fri, 24 Nov 2023 15:51:15 GMTContent-Length: 0Connection: closeX-TID: D6huSkg5TN4=Strict-Transport-Security: max-age=31536000; includeSubDomainsCache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://login.fidelityrewards.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Windows Analysis Report
http://login.fidelityrewards.com

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=beGpV3txKvdRD3L&MD=w+NOnx1Y HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-24 15:51:15 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 65 38 64 32 64 34 33 38 2d 32 37 39 30 2d 34 37 63 32 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: e8d2d438-2790-47c2-
2023-11-24 15:51:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-24 15:51:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:15 UTC	806	OUT	GET /id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=675616D751E567410A490D4C%40AdobeOrg&d_nsid=0&ts=1700841073618 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://login.fidelityrewards.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: demdex=42246799747197346091620842628688037227
2023-11-24 15:51:15 UTC	829	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 33 34 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 58 2d 54 49 44 3a 20 52 71 6b 74 6f 71 58 33 53 4f 4d 3d 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 6e 6f 2d 73 74 Data Ascii: HTTP/1.1 200 OKDate: Fri, 24 Nov 2023 15:51:15 GMTContent-Type: application/json;charset=utf-8Content-Length: 1348Connection: closeX-TID: RqktoqX3SOM=Strict-Transport-Security: max-age=31536000; includeSubDomainsCache-Control: no-cache,no-st
2023-11-24 15:51:15 UTC	1348	IN	Data Raw: 7b 22 64 5f 6d 69 64 22 3a 22 34 32 33 36 39 33 30 33 38 32 33 32 39 39 37 32 31 30 35 31 35 39 30 38 37 37 33 30 30 32 33 38 35 38 32 37 30 37 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 52 4b 68 70 52 7a 38 6b 72 67 32 74 4c 4f 36 70 67 75 58 57 70 35 6f 6c 6b 41 63 55 6e 69 51 59 50 48 61 4d 57 57 67 64 4a 33 78 7a 50 57 51 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 37 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 7b 22 69 64 22 3a 22 36 30 22 2c 22 74 74 6c 22 3a 31 34 34 30 30 2c 22 74 61 67 22 3a 22 69 6d 67 22 2c 22 66 69 72 65 55 52 4c 53 79 6e 63 22 3a 30 2c 22 73 79 6e 63 4f 6e 50 61 67 65 22 3a 30 2c 22 75 72 6c 22 3a 5b 22 2f 2f 69 64 73 79 6e 63 2e 72 Data Ascii: {"d_mid":"42369303823299721051590877300238582707","id_sync_ttl":604800,"d_blob":"RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y","dcs_region":7,"d_ottl":7200,"ibs":[{"id":"60","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.r

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:16 UTC	757	OUT	GET /id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=675616D751E567410A490D4C%40AdobeOrg&mid=42369303823299721051590877300238582707&ts=1700841074858 HTTP/1.1 Host: smetrics.sdcvisit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://login.fidelityrewards.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:16 UTC	683	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 61 63 63 65 73 73 2d 63 6f 6e 74 72 6f 6c 2d 61 6c 6c 6f 77 2d 6f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 66 69 64 65 6c 69 74 79 72 65 77 61 72 64 73 2e 63 6f 6d 0d 0a 61 63 63 65 73 73 2d 63 6f 6e 74 72 6f 6c 2d 61 6c 6c 6f 77 2d 63 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 64 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 36 20 47 4d 54 0d 0a 70 33 70 3a 20 43 50 3d 22 54 68 69 73 20 69 73 20 6e 6f 74 20 61 20 50 33 50 20 70 6f 6c 69 63 79 22 0d 0a 73 65 72 76 65 72 3a 20 6a 61 67 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 73 5f 65 63 69 64 3d 4d 43 4d 49 44 25 37 43 34 32 33 36 39 33 30 33 38 32 33 32 39 39 37 32 31 30 35 31 35 Data Ascii: HTTP/1.1 200 OKaccess-control-allow-origin: https://login.fidelityrewards.comaccess-control-allow-credentials: truedate: Fri, 24 Nov 2023 15:51:16 GMTp3p: CP="This is not a P3P policy"server: jagset-cookie: s_ecid=MCMID%7C423693038232997210515
2023-11-24 15:51:16 UTC	48	IN	Data Raw: 7b 22 6d 69 64 22 3a 22 34 32 33 36 39 33 30 33 38 32 33 32 39 39 37 32 31 30 35 31 35 39 30 38 37 37 33 30 30 32 33 38 35 38 32 37 30 37 22 7d Data Ascii: {"mid":"42369303823299721051590877300238582707"}

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:16 UTC	763	OUT	GET /dest5.html?d_nsid=0 HTTP/1.1 Host: usbank.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: demdex=42246799747197346091620842628688037227
2023-11-24 15:51:16 UTC	607	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 39 38 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 58 2d 54 49 44 3a 20 34 73 38 42 7a 34 30 4f 53 50 67 3d 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 6e 6f 2d 73 74 6f 72 65 2c 6d 75 73 Data Ascii: HTTP/1.1 200 OKDate: Fri, 24 Nov 2023 15:51:16 GMTContent-Type: text/html;charset=UTF-8Content-Length: 6983Connection: closeX-TID: 4s8Bz40OSPg=Strict-Transport-Security: max-age=31536000; includeSubDomainsCache-Control: no-cache,no-store,mus
2023-11-24 15:51:16 UTC	6983	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 41 64 6f 62 65 20 41 75 64 69 65 6e 63 65 4d 61 6e 61 67 65 72 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Adobe AudienceManager</title><script type="text/javas

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:16 UTC	569	OUT	GET /cobrowse/js/GlancePresenceVisitor_5.8.7M.js HTTP/1.1 Host: www.glancecdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:16 UTC	319	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2e 67 6c 61 6e 63 65 63 64 6e 2e 6e 65 74 2f 63 6f 62 72 6f 77 73 65 2f 6a 73 2f 47 6c 61 6e 63 65 50 72 65 73 65 6e 63 65 56 69 73 69 74 6f 72 5f 35 2e 38 2e 37 4d 2e 6a 73 0d 0a 53 65 72 76 65 72 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 49 49 53 Data Ascii: HTTP/1.1 301 Moved PermanentlyDate: Fri, 24 Nov 2023 15:51:16 GMTContent-Type: text/html; charset=UTF-8Content-Length: 196Connection: closeLocation: https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.8.7M.jsServer: Microsoft-IIS
2023-11-24 15:51:16 UTC	196	IN	Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2e 67 6c 61 6e 63 65 63 64 6e 2e 6e 65 74 2f 63 6f 62 72 6f 77 73 65 2f 6a 73 2f 47 6c 61 6e 63 65 50 72 65 73 65 6e 63 65 56 69 73 69 74 6f 72 5f 35 2e 38 2e 37 4d 2e 6a 73 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.8.7M.js">here</a></body>

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:16 UTC	573	OUT	GET /cobrowse/js/GlancePresenceVisitor_5.8.7M.js HTTP/1.1 Host: storage.glancecdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.fidelityrewards.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:17 UTC	731	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 38 38 35 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 35 34 20 47 4d 54 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4d 65 74 68 6f 64 73 3a 20 47 45 54 0d 0a 78 2d 61 6d 7a 2d 72 65 70 6c 69 63 61 74 69 6f 6e 2d 73 74 61 74 75 73 3a 20 43 4f 4d 50 4c 45 54 45 44 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Length: 18854Connection: closeDate: Wed, 22 Nov 2023 15:51:54 GMTAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: GETx-amz-replication-status: COMPLETEDLast-Modified: Fr
2023-11-24 15:51:17 UTC	15653	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 61 61 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 47 6c 61 6e 63 65 20 4e 65 74 77 6f 72 6b 73 2c 20 49 6e 63 2e 0a 2a 2f 0a 76 61 72 20 68 3d 5b 22 35 22 2c 22 38 22 2c 22 37 22 2c 22 30 22 5d 2e 73 6c 69 63 65 28 30 2c 33 29 2e 6a 6f 69 6e 28 22 2e 22 29 3b 55 69 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 7c 7c 28 55 69 6e 74 38 41 72 72 61 Data Ascii: (function() {/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0/'use strict';var aa=this\|\|self;/ Copyright 2022 Glance Networks, Inc.*/var h=["5","8","7","0"].slice(0,3).join(".");Uint8Array.prototype.slice\|\|(Uint8Arra
2023-11-24 15:51:17 UTC	3201	IN	Data Raw: 65 63 74 28 29 2c 50 28 74 68 69 73 29 29 7d 3b 74 68 69 73 2e 6f 6e 73 65 72 76 65 72 63 6c 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 3b 69 66 28 61 2e 6f 6e 63 6c 6f 73 65 29 61 2e 6f 6e 63 6c 6f 73 65 28 29 7d 3b 0a 74 68 69 73 2e 63 3f 4f 28 74 68 69 73 29 3a 74 68 69 73 2e 43 28 7b 6f 6e 73 75 63 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 28 22 66 6f 75 6e 64 20 76 69 73 69 74 6f 72 2c 20 63 6f 6e 6e 65 63 74 22 29 3b 4f 28 61 29 7d 2c 6f 6e 66 61 69 6c 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 61 2e 66 3d 4c 3b 51 28 61 2c 7b 65 72 72 6f 72 3a 22 63 6f 6e 6e 66 61 69 6c 22 2c 64 65 74 61 69 6c 3a 62 7d 29 7d 7d 29 7d 65 6c 73 65 20 6d 28 22 43 4f 4e 4e 5f 4e 4f 56 49 53 49 54 4f 52 49 44 22 29 7d 3b Data Ascii: ect(),P(this))};this.onserverclose=function(){a.disconnect();if(a.onclose)a.onclose()};this.c?O(this):this.C({onsuccess:function(){m("found visitor, connect");O(a)},onfail:function(b){a.f=L;Q(a,{error:"connfail",detail:b})}})}else m("CONN_NOVISITORID")};

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:17 UTC	638	OUT	GET /365868.gif?partner_uid=42246799747197346091620842628688037227 HTTP/1.1 Host: idsync.rlcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://usbank.demdex.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:17 UTC	736	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 69 64 73 79 6e 63 2e 72 6c 63 64 6e 2e 63 6f 6d 2f 31 30 30 30 2e 67 69 66 3f 6d 65 6d 6f 3d 43 4b 79 71 46 68 49 78 43 69 30 49 41 52 43 59 45 68 6f 6d 4e 44 49 79 4e 44 59 33 4f 54 6b 33 4e 44 63 78 4f 54 63 7a 4e 44 59 77 4f 54 45 32 4d 6a 41 34 4e 44 49 32 4d 6a 67 32 4f 44 67 77 4d 7a 63 79 4d 6a 63 51 41 42 6f 4e 43 50 57 4d 67 36 73 47 45 67 55 49 36 41 63 51 41 45 49 41 53 67 41 0d 0a 50 33 70 3a 20 43 50 3d 22 4e 4f 49 20 44 53 50 20 43 4f 52 20 4e 49 44 20 43 55 52 61 20 41 44 4d 61 20 44 45 Data Ascii: HTTP/1.1 307 Temporary RedirectCache-Control: no-cache, no-storeLocation: https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNDIyNDY3OTk3NDcxOTczNDYwOTE2MjA4NDI2Mjg2ODgwMzcyMjcQABoNCPWMg6sGEgUI6AcQAEIASgAP3p: CP="NOI DSP COR NID CURa ADMa DE

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:17 UTC	798	OUT	GET /pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDIyNDY3OTk3NDcxOTczNDYwOTE2MjA4NDI2Mjg2ODgwMzcyMjc= HTTP/1.1 Host: cm.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://usbank.demdex.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:17 UTC	880	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 50 33 50 3a 20 70 6f 6c 69 63 79 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 6f 67 6c 65 61 64 73 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 61 67 65 61 64 2f 67 63 6e 5f 70 33 70 5f 2e 78 6d 6c 22 2c 20 43 50 3d 22 43 55 52 61 20 41 44 4d 61 20 44 45 56 61 20 54 41 49 6f 20 50 53 41 6f 20 50 53 44 6f 20 4f 55 52 20 49 4e 44 20 55 4e 49 20 50 55 52 20 49 4e 54 20 44 45 4d 20 53 54 41 20 50 52 45 20 43 4f 4d 20 4e 41 56 20 4f 54 43 20 4e 4f 49 20 44 53 50 20 43 4f 52 22 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 65 6c 3f 67 6f 6f 67 6c 65 5f 6e 69 64 3d 61 64 6f 62 65 5f 64 6d 70 26 67 6f 6f Data Ascii: HTTP/1.1 302 FoundP3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"Location: https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&goo
2023-11-24 15:51:17 UTC	372	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 65 6c 3f 67 6f 6f 67 6c 65 5f 6e 69 64 3d 61 64 6f 62 65 5f 64 6d 70 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 63 6d 3d 26 61 6d 70 3b 67 64 70 72 3d 30 26 61 6d 70 3b 67 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&g
2023-11-24 15:51:17 UTC	6	IN	Data Raw: 54 4d 4c 3e 0d 0a Data Ascii: TML>

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:17 UTC	697	OUT	POST /?T=B&u=https%3A%2F%2Flogin.fidelityrewards.com%2FonlineCard%2Flogin.do&t=1700841074540&v=1700841075722&z=1&S=0&N=0&P=0 HTTP/1.1 Host: usbank-app.quantummetric.com Connection: keep-alive Content-Length: 776 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://login.fidelityrewards.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:17 UTC	776	OUT	Data Raw: 78 01 8d 54 5d 73 a2 48 14 fd 2b 5b fd b6 25 9b 34 d0 40 37 55 f3 e0 68 88 71 a2 46 49 30 ba b5 0f 08 34 f2 8d 7c a8 98 ca 7f 9f db 12 e7 69 6a 6a 5f e4 da 7d cf b9 a7 cf 69 f8 f7 03 35 c8 44 35 92 50 81 4c 59 42 27 f8 55 28 96 d0 1e 99 0c 1b 12 3a df 16 3a 28 b0 42 24 f4 37 00 70 c0 34 4f 53 0c 4d 67 32 61 06 a7 aa aa 60 43 21 1a f6 38 dd 51 0e 7c 35 32 0d 1d 33 09 95 62 82 1d a4 fc 2f 3b a8 8e 91 17 c0 66 5b a5 b0 b8 6f 9a b2 36 ef ef d3 22 8c f2 3b 1e f9 41 1a 35 5d 15 9c dc ca af ef bc 22 bb 2f f2 34 ca 83 11 fc ff 6a f2 0b 40 03 85 89 d4 50 54 fe 55 b5 57 21 53 c5 a0 ba 44 e6 07 72 91 a9 4b 68 07 3b 4c 83 16 64 12 46 15 09 41 2b 61 98 4a 08 d0 84 c9 70 58 7e 5b 09 af 08 38 32 e0 22 58 94 50 2c b6 04 2a b9 16 aa 84 40 70 de a6 a9 84 b2 5b 91 8b 09 80 Data Ascii: xT]sH+[%4@7UhqFI04\|ijj_}i5D5PLYB'U(::(B$7p4OSMg2a`C!8Q\|523b/;f[o6";A5]"/4j@PTUW!SDrKh;LdFA+aJpX~[82"XP,*@p[
2023-11-24 15:51:17 UTC	997	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 39 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 66 69 64 65 6c 69 74 79 72 65 77 61 72 64 73 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 24 Nov 2023 15:51:17 GMTContent-Type: application/jsonContent-Length: 90Connection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: https://login.fidelityrewards.comAccess-Control-Allow-Credent
2023-11-24 15:51:17 UTC	90	IN	Data Raw: 62 61 30 61 31 39 35 37 35 63 39 66 36 37 38 38 33 38 39 34 64 63 31 39 33 30 39 30 30 39 63 31 2f 33 39 62 37 38 31 62 34 38 63 62 36 64 64 33 37 35 62 34 37 35 30 38 39 39 65 66 33 62 30 63 39 2f 33 31 36 30 33 39 65 63 36 37 30 64 66 31 36 38 63 30 35 37 61 37 62 36 Data Ascii: ba0a19575c9f67883894dc19309009c1/39b781b48cb6dd375b4750899ef3b0c9/316039ec670df168c057a7b6

Timestamp	Bytes transferred	Direction	Data
2023-11-24 15:51:17 UTC	649	OUT	GET /i/adsct?p_user_id=42246799747197346091620842628688037227&p_id=38594 HTTP/1.1 Host: analytics.twitter.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://usbank.demdex.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-24 15:51:17 UTC	571	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 64 61 74 65 3a 20 46 72 69 2c 20 32 34 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 35 31 3a 31 36 20 47 4d 54 0d 0a 70 65 72 66 3a 20 37 36 32 36 31 34 33 39 32 38 0d 0a 73 65 72 76 65 72 3a 20 74 73 61 5f 62 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 70 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 5f 69 64 3d 22 76 31 5f 43 71 62 43 52 79 4a 71 6e 6e 46 4f 73 32 6d 2f 75 51 66 78 57 41 3d 3d 22 3b 20 4d 61 78 2d 41 67 65 3d 36 33 30 37 32 30 30 30 3b 20 45 78 70 69 72 65 73 3d 53 75 6e 2c 20 32 33 20 4e 6f 76 20 32 30 32 35 20 31 35 3a 35 31 3a 31 37 20 47 4d 54 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 2e 74 77 69 74 74 65 72 2e 63 6f 6d 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e Data Ascii: HTTP/1.1 200 OKdate: Fri, 24 Nov 2023 15:51:16 GMTperf: 7626143928server: tsa_bset-cookie: personalization_id="v1_CqbCRyJqnnFOs2m/uQfxWA=="; Max-Age=63072000; Expires=Sun, 23 Nov 2025 15:51:17 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=Non
2023-11-24 15:51:17 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 09 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;