Edit tour

Windows Analysis Report
https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842

Overview

General Information

Sample URL:	https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842
Analysis ID:	1350225
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on logo match)

Phishing site detected (based on image similarity)

Creates files inside the system directory

Stores files to the Windows start menu directory

HTML body contains low number of good links

HTML title does not match URL

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1600 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6380 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3812 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/24-small_2b123d90ad518a70d48d8a8e219064d6.jpg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/24_be8959e35a7f0fe45bdcee972c541fc2.jpg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/24-small_2b123d90ad518a70d48d8a8e219064d6.jpg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/24_be8959e35a7f0fe45bdcee972c541fc2.jpg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkFoxLmAV+HUe+V&MD=M3e3nPrB HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Resources/css/cfc/education-styles.css?v=1.0 HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /Resources/cfc/logo.svg HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /Resources/cfc/section-1-image.png HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /Resources/cfc/google-quiz.png HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /Resources/cfc/logo.svg HTTP/1.1Host: www.365-authentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /Resources/cfc/section-1-image.png HTTP/1.1Host: www.365-authentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /Resources/cfc/google-quiz.png HTTP/1.1Host: www.365-authentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.365-authentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.365-authentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/theme/styles.css HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app_bundle__en.js HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/logo-jigsaw.svg HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/logo-google.svg HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/intro.gif HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/logo-jigsaw.svg HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/logo-google.svg HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/favicon.ico HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/intro.gif HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /static/favicon.ico HTTP/1.1Host: phishingquiz.withgoogle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkFoxLmAV+HUe+V&MD=M3e3nPrB HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /technologies/cookies?hl=en HTTP/1.1Host: policies.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_74x24dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://policies.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1 HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://policies.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_74x24dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /s/player/bebe2ae7/www-player.css HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/player/bebe2ae7/player_ias.vflset/en_US/embed.js HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/player/bebe2ae7/www-embed-player.vflset/www-embed-player.js HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/player/bebe2ae7/player_ias.vflset/en_US/base.js HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vi_webp/TBR-xtJVq7E/sddefault.webp HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube-nocookie.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/player/bebe2ae7/player_ias.vflset/en_US/remote.js HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube-nocookie.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
Source: global traffic	HTTP traffic detected: GET /ytc/APkrFKbHPhTPy_7aipV901WcH1BoHqGs6QfYZAPuycoa9kA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1Host: yt3.ggpht.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube-nocookie.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vi_webp/TBR-xtJVq7E/sddefault.webp HTTP/1.1Host: i.ytimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ytc/APkrFKbHPhTPy_7aipV901WcH1BoHqGs6QfYZAPuycoa9kA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1Host: yt3.ggpht.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /generate_204?3Grf2A HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/IdentityPoliciesUi/manifest.json HTTP/1.1Host: policies.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://policies.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /_/IdentityPoliciesUi/browserinfo?f.sid=-1114090067532608203&bl=boq_identitypoliciesserver_20231128.03_p0&hl=en&_reqid=724&rt=j HTTP/1.1Host: policies.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /static/compiled/index.min.css?cache=6938a65 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /TWDaDhaYV9cNaieAOf8lr83Z2ZzHknRyjjEJ1OKexEJBCeEC_qtnwikVckvH-k7AeUpz2YOv_roqraE-6BRfjzB3JixxxRJny58N2zP_xIXMtkSy1Q=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iKWskP71GqflssrKf0wqImr1VkHXd0YfZDm4e5SyObR1O9TwoaVxXQlI1xoUmo8IS4UWfNNKHQgXrgKToyJzaAdRjHZ0xmEwB2Cx_p4=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Ai8w7NbQXpUMldTgbEIZa2qGlPWXn4WcMjA2byCCWrSB-ggAmYkjWXHNdtsbTHyqMr8zJe0crYs-DXASgTlBVVaZBpmk_0iJmmfEhw=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /TWDaDhaYV9cNaieAOf8lr83Z2ZzHknRyjjEJ1OKexEJBCeEC_qtnwikVckvH-k7AeUpz2YOv_roqraE-6BRfjzB3JixxxRJny58N2zP_xIXMtkSy1Q=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /VOsi18lJmyqb5HjL9n1j52XmwyiqkHvQ1vQ6OMrKM2BM1xrs0Qde_MQ5hAu6sZKNjJtDTXg9RMl3n1EUKSGbe-gIy_A1tkjdIwgZiw=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iKWskP71GqflssrKf0wqImr1VkHXd0YfZDm4e5SyObR1O9TwoaVxXQlI1xoUmo8IS4UWfNNKHQgXrgKToyJzaAdRjHZ0xmEwB2Cx_p4=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s8vc8SqhxSuvbL9XvMbsAT4yodOKMwAgscgycPGoZu13cDZE2TycSR7oOPiFTH4SYj0d1PZmuxzOD7d04f9vtmEA0eLatZ9kk7d9TQ HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/fonts/JigsawSans-Regular.woff2 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://jigsaw.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://jigsaw.google.com/static/compiled/index.min.css?cache=6938a65Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /5ccGfXSKePmmYvxwD-gAMei3h6y2s0Z0cHMu_6h0l8FPobouAq2bLPSXxq7MKjon63JDK-Fq8np_t4vLFu1CWEwMxmm4shuYgR8xdpw HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ED1zTGTPMVhc3EXLQINa092BTbRxrg-RhBrzWpYGYxJA00MdyMtF61Rkya_PJPYOTDxLN3t4k-p7UP3Cq8S79GxZEu3uERKbLEjFsrU HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /DlRcQ9NxL0ztf9hMwu42j1FA7v0hIs-KiENFI9EPEDHdYVx2E5P5C9_DJqqnioJsXfT6rHMBcyDytLGvv1agI6IOc2GwpOZKAMHL HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iframe_api HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/fonts/JigsawSans-Medium.woff2 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://jigsaw.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://jigsaw.google.com/static/compiled/index.min.css?cache=6938a65Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /static/fonts/GT-Sectra-Fine-Book-Italic.woff2 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://jigsaw.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://jigsaw.google.com/static/compiled/index.min.css?cache=6938a65Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /static/fonts/JigsawSans-Light.woff2 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://jigsaw.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://jigsaw.google.com/static/compiled/index.min.css?cache=6938a65Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /static/fonts/JigsawSans-Italic.woff2 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://jigsaw.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://jigsaw.google.com/static/compiled/index.min.css?cache=6938a65Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /static/compiled/index.min.js?cache=b05ddc5 HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /VOsi18lJmyqb5HjL9n1j52XmwyiqkHvQ1vQ6OMrKM2BM1xrs0Qde_MQ5hAu6sZKNjJtDTXg9RMl3n1EUKSGbe-gIy_A1tkjdIwgZiw=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Ai8w7NbQXpUMldTgbEIZa2qGlPWXn4WcMjA2byCCWrSB-ggAmYkjWXHNdtsbTHyqMr8zJe0crYs-DXASgTlBVVaZBpmk_0iJmmfEhw=s1100 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1Host: www.youtube-nocookie.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s8vc8SqhxSuvbL9XvMbsAT4yodOKMwAgscgycPGoZu13cDZE2TycSR7oOPiFTH4SYj0d1PZmuxzOD7d04f9vtmEA0eLatZ9kk7d9TQ HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /5ccGfXSKePmmYvxwD-gAMei3h6y2s0Z0cHMu_6h0l8FPobouAq2bLPSXxq7MKjon63JDK-Fq8np_t4vLFu1CWEwMxmm4shuYgR8xdpw HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ED1zTGTPMVhc3EXLQINa092BTbRxrg-RhBrzWpYGYxJA00MdyMtF61Rkya_PJPYOTDxLN3t4k-p7UP3Cq8S79GxZEu3uERKbLEjFsrU HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /DlRcQ9NxL0ztf9hMwu42j1FA7v0hIs-KiENFI9EPEDHdYVx2E5P5C9_DJqqnioJsXfT6rHMBcyDytLGvv1agI6IOc2GwpOZKAMHL HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/player/5753e790/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DYch4yPEAfs; VISITOR_INFO1_LIVE=zztmo9O9eCk
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/disinformation.json HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/censorship.json HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/harassment.json HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/extremism.json HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529
Source: global traffic	HTTP traffic detected: GET /static/images/favicon-black.png?cache=0598b9b HTTP/1.1Host: jigsaw.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529; _ga_PE5Y4KXCYE=GS1.1.1701299529.1.0.1701299529.0.0.0
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/disinformation.json HTTP/1.1Host: jigsaw.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529; _ga_PE5Y4KXCYE=GS1.1.1701299529.1.0.1701299529.0.0.0
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/censorship.json HTTP/1.1Host: jigsaw.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529; _ga_PE5Y4KXCYE=GS1.1.1701299529.1.0.1701299529.0.0.0
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/harassment.json HTTP/1.1Host: jigsaw.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529; _ga_PE5Y4KXCYE=GS1.1.1701299529.1.0.1701299529.0.0.0
Source: global traffic	HTTP traffic detected: GET /static/images/home/lottie/extremism.json HTTP/1.1Host: jigsaw.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529; _ga_PE5Y4KXCYE=GS1.1.1701299529.1.0.1701299529.0.0.0
Source: global traffic	HTTP traffic detected: GET /static/images/favicon-black.png?cache=0598b9b HTTP/1.1Host: jigsaw.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; _ga_DJD1WE7GZ1=GS1.1.1701299528.1.0.1701299528.0.0.0; _ga=GA1.1.1303153279.1701299529; _ga_PE5Y4KXCYE=GS1.1.1701299529.1.0.1701299529.0.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4; __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=1/ed=1/dg=2/br=1/rs=ACT90oFHTBarRMuvYtziq4Ns4RuNyjnCUw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;yGxLoc:FmAr0c;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /widget/callout?prid=19037050&pgid=19037049&puid=f564582f878719e3&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=TMVnZbuJIe-u5NoP2sS-oAU.1701299533082&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=1/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ifl,ms4mZb,mu,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIpr
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1280&bih=907&dpr=1&ei=TMVnZbuJIe-u5NoP2sS-oAU&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=TMVnZbuJIe-u5NoP2sS-oAU.1701299533082&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ogs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y
Source: global traffic	HTTP traffic detected: GET /gen_204?use_corp=on&atyp=i&zx=1701299533914&ogsr=1&ei=TMVnZZDNIvmxiLMPhcy42Ao&ct=7&cad=i&id=19037050&loc=webhp&prid=538&ogd=com&ogprm=up&ap=1&vis=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=1/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=0/dg=2/br=1/ujg=1/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg/m=sy7c,syrg,syri,syrj,WlNQGd,syxf,syxh,nabPbb,symx,symy,symz,syn0,syn1,syn3,DPreE,syl0,syrf,syrh,CnSW2d,syxg,fXO0xe?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwi736zSquqCAxVvF1kFHVqiD1QQj-0KCBs..i&ei=TMVnZbuJIe-u5NoP2sS-oAU&opi=89978449&yv=3&cs=0&async=_ck:xjs.hd.8VN14R_oAUs.L.W.O,_k:xjs.hd.en.OOEUMmsIAKU.O,_am:AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI,_csss:ACT90oFEZrwxk7treqXrS0P9I3OiCOcvJQ,_fmt:prog,_id:a3JU5b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=0/dg=2/br=1/ujg=1/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg/m=syed,aLUfP?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; NID=511=XzmQfiTEwIkVaGaPfZNgqPhvu5Tze8L485cIJDchYEQLPNPbVxe8ZGAO7oSX_9Y4KOMXoqeQ9aRbiqGjNefAMKYjcv5L2eemnn8t_hprzP_-NEUiOIWRavVMv3qFAo01nZSkXonPzkIHsKJQ5DzaH5gjg91AGJT8x6b_hwslV3Y; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwi736zSquqCAxVvF1kFHVqiD1QQj-0KCBs..i&ei=TMVnZbuJIe-u5NoP2sS-oAU&opi=89978449&yv=3&cs=0&async=_ck:xjs.hd.8VN14R_oAUs.L.W.O,_k:xjs.hd.en.OOEUMmsIAKU.O,_am:AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI,_csss:ACT90oFEZrwxk7treqXrS0P9I3OiCOcvJQ,_fmt:prog,_id:a3JU5b HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=p6xWhGCJULJk1A2p46iAvKiB_MPiz6IIl5mwGPSsHaplGi1LvNEpCvqUyzpde3km4u2Jv0ZydVSk3wDcPJgZnk94sca1CNGYOwePiEuJCs_xr1zRGyc4_sXJ00eV7-JPrxiYEN7aXAj9bW4H-Re-nCbxhFwJiN7hVryktOKBJet_d-Ze3BWg8Xo
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=TMVnZbuJIe-u5NoP2sS-oAU&zx=1701299535759&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=p6xWhGCJULJk1A2p46iAvKiB_MPiz6IIl5mwGPSsHaplGi1LvNEpCvqUyzpde3km4u2Jv0ZydVSk3wDcPJgZnk94sca1CNGYOwePiEuJCs_xr1zRGyc4_sXJ00eV7-JPrxiYEN7aXAj9bW4H-Re-nCbxhFwJiN7hVryktOKBJet_d-Ze3BWg8Xo
Source: global traffic	HTTP traffic detected: GET /adsid/google/ui HTTP/1.1Host: adservice.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=p6xWhGCJULJk1A2p46iAvKiB_MPiz6IIl5mwGPSsHaplGi1LvNEpCvqUyzpde3km4u2Jv0ZydVSk3wDcPJgZnk94sca1CNGYOwePiEuJCs_xr1zRGyc4_sXJ00eV7-JPrxiYEN7aXAj9bW4H-Re-nCbxhFwJiN7hVryktOKBJet_d-Ze3BWg8Xo
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=p6xWhGCJULJk1A2p46iAvKiB_MPiz6IIl5mwGPSsHaplGi1LvNEpCvqUyzpde3km4u2Jv0ZydVSk3wDcPJgZnk94sca1CNGYOwePiEuJCs_xr1zRGyc4_sXJ00eV7-JPrxiYEN7aXAj9bW4H-Re-nCbxhFwJiN7hVryktOKBJet_d-Ze3BWg8Xo
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=p6xWhGCJULJk1A2p46iAvKiB_MPiz6IIl5mwGPSsHaplGi1LvNEpCvqUyzpde3km4u2Jv0ZydVSk3wDcPJgZnk94sca1CNGYOwePiEuJCs_xr1zRGyc4_sXJ00eV7-JPrxiYEN7aXAj9bW4H-Re-nCbxhFwJiN7hVryktOKBJet_d-Ze3BWg8Xo
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=p6xWhGCJULJk1A2p46iAvKiB_MPiz6IIl5mwGPSsHaplGi1LvNEpCvqUyzpde3km4u2Jv0ZydVSk3wDcPJgZnk94sca1CNGYOwePiEuJCs_xr1zRGyc4_sXJ00eV7-JPrxiYEN7aXAj9bW4H-Re-nCbxhFwJiN7hVryktOKBJet_d-Ze3BWg8Xo
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000075622B9CDE HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=ktpplgolnV4S-u19masMc1ffIJj66N1MMJw9FiytcUXSbWCMhAhhx2Wjz2ejgRxomd0-30fsENOMrVRqqV5pR9gdKPfmabN8e3tYFWn_jFxllMj36zTA-NSXf4q75FXa7WcBfsshy6JJAFuZOh-oUciJdLRUoecIAXubzi3aMaSDYaPb-X1NzH_nvwuXEYesvi5D-wPmki4d
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=ktpplgolnV4S-u19masMc1ffIJj66N1MMJw9FiytcUXSbWCMhAhhx2Wjz2ejgRxomd0-30fsENOMrVRqqV5pR9gdKPfmabN8e3tYFWn_jFxllMj36zTA-NSXf4q75FXa7WcBfsshy6JJAFuZOh-oUciJdLRUoecIAXubzi3aMaSDYaPb-X1NzH_nvwuXEYesvi5D-wPmki4d
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=ktpplgolnV4S-u19masMc1ffIJj66N1MMJw9FiytcUXSbWCMhAhhx2Wjz2ejgRxomd0-30fsENOMrVRqqV5pR9gdKPfmabN8e3tYFWn_jFxllMj36zTA-NSXf4q75FXa7WcBfsshy6JJAFuZOh-oUciJdLRUoecIAXubzi3aMaSDYaPb-X1NzH_nvwuXEYesvi5D-wPmki4d
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=ifl&cad=1:artistic&ei=TMVnZbuJIe-u5NoP2sS-oAU&ved=0ahUKEwi736zSquqCAxVvF1kFHVqiD1QQnRsIEg&ictx=1&zx=1701299573552&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=16.SE=b7ISo4ZdBN52uGcf1WEKcfAF7Bi4n1W7R6-rzG5UOz5YMbgXZbcytGsM5-AWskXzfu4xau0HNje3JyrEle6njYEvperL5Uy9P4fZW_5MHSvz-wzgQnx9jU8FA5CbMtxRa2277Qytgov2qmt6jOku1I8r-VpvZWBxCRRHXOMR-Qo; CONSENT=PENDING+441; 1P_JAR=2023-11-29-23; AEC=Ackid1RMLKhtVfd1yv85F6jPC0G7uVOJiprsNmmakr_sOY6MzUzcI8MeHqc; OGPC=19037049-1:; NID=511=ktpplgolnV4S-u19masMc1ffIJj66N1MMJw9FiytcUXSbWCMhAhhx2Wjz2ejgRxomd0-30fsENOMrVRqqV5pR9gdKPfmabN8e3tYFWn_jFxllMj36zTA-NSXf4q75FXa7WcBfsshy6JJAFuZOh-oUciJdLRUoecIAXubzi3aMaSDYaPb-X1NzH_nvwuXEYesvi5D-wPmki4d

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49804 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_1600_1806723418

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6380 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6380 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=2024,i,1247963690673123118,7347682078922471822,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@28/198@66/27

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	0%	Avira URL Cloud	safe
https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers	0%	URL Reputation	safe
https://redux.js.org/tutorials/fundamentals/part-4-store#middleware	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
http://hammerjs.github.io/	0%	URL Reputation	safe
https://www.365-authentication.com/favicon.ico	0%	Avira URL Cloud	safe
https://www.google.com"	0%	Avira URL Cloud	safe
https://www.365-authentication.com/Resources/cfc/section-1-image.png	0%	Avira URL Cloud	safe
https://phishingquiz.withgoogle.com/static/share-7e4bdf41.jpg	0%	Avira URL Cloud	safe
https://phishingquiz.withgoogle.com/static/logo-google.svg	0%	Avira URL Cloud	safe
https://phishingquiz.withgoogle.com/static/logo-jigsaw.svg	0%	Avira URL Cloud	safe
https://phishingquiz.withgoogle.com/common/theme/styles.css	0%	Avira URL Cloud	safe
https://phishingquiz.withgoogle.com/app_bundle__en.js	0%	Avira URL Cloud	safe
https://drive.google.com.download-photo.sytez.net/AONh1e0hVP	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.251.167.84	true	false	high
plus.l.google.com	172.253.63.138	true	false	high
i.ytimg.com	142.251.167.119	true	false	high
part-0043.t-0009.t-msedge.net	13.107.246.71	true	false	unknown
policies.google.com	172.253.62.113	true	false	high
phishingquiz.withgoogle.com	142.251.163.141	true	false	unknown
jigsaw.google.com	142.251.167.102	true	false	high
adservice.google.com	142.251.163.154	true	false	high
youtube-ui.l.google.com	172.253.63.91	true	false	high
www3.l.google.com	142.251.167.100	true	false	high
play.google.com	172.253.115.100	true	false	high
photos-ugc.l.googleusercontent.com	142.251.16.132	true	false	high
www.google.com	172.253.122.147	true	false	high
part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	unknown
clients.l.google.com	172.253.115.100	true	false	high
googlehosted.l.googleusercontent.com	142.251.16.132	true	false	high
clients1.google.com	unknown	unknown	false	high
yt3.ggpht.com	unknown	unknown	false	high
ogs.google.com	unknown	unknown	false	high
www.365-authentication.com	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	high
lh3.googleusercontent.com	unknown	unknown	false	high
passwordreset.microsoftonline.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.youtube-nocookie.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://phishingquiz.withgoogle.com/static/logo-google.svg	false	Avira URL Cloud: safe	unknown
https://policies.google.com/_/IdentityPoliciesUi/browserinfo?f.sid=-1114090067532608203&bl=boq_identitypoliciesserver_20231128.03_p0&hl=en&_reqid=724&rt=j	false		high
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=TMVnZbuJIe-u5NoP2sS-oAU.1701299533082&dpr=1&nolsbt=1	false		high
https://phishingquiz.withgoogle.com/app_bundle__en.js	false	Avira URL Cloud: safe	unknown
https://jigsaw.google.com/static/images/home/lottie/harassment.json	false		high
https://www.google.com/gen_204?atyp=i&ei=TMVnZbuJIe-u5NoP2sS-oAU&ct=slh&v=t1&im=M&pv=0.25546304690447896&me=12:1701299540986,V,0,0,0,0:1,V,0,0,1280,907:2,V,0,0,0,0:1,V,0,0,1280,907:2259,e,B&zx=1701299543249&opi=89978449	false		high
https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	true		unknown
https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=f564582f878719e3&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=1/ed=1/dg=2/br=1/rs=ACT90oFHTBarRMuvYtziq4Ns4RuNyjnCUw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;yGxLoc:FmAr0c;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl	false		high
https://lh3.googleusercontent.com/iKWskP71GqflssrKf0wqImr1VkHXd0YfZDm4e5SyObR1O9TwoaVxXQlI1xoUmo8IS4UWfNNKHQgXrgKToyJzaAdRjHZ0xmEwB2Cx_p4=s1100	false		high
https://www.google.com/gen_204?atyp=i&ei=TMVnZbuJIe-u5NoP2sS-oAU&ct=slh&v=t1&m=HV&pv=0.25546304690447896&me=1:1701299532258,V,0,0,1280,907:0,B,907:0,N,1,TMVnZbuJIe-u5NoP2sS-oAU:0,R,1,1,0,0,1280,907:2046,x:1560,e,B&zx=1701299535865&opi=89978449	false		high
https://www.google.com/gen_204?atyp=csi&ei=TMVnZbuJIe-u5NoP2sS-oAU&s=promo&rt=hpbas.2403&zx=1701299534301&opi=89978449	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ifl,ms4mZb,mu,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1	false		high
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_74x24dp.png	false		high
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=TMVnZbuJIe-u5NoP2sS-oAU&zx=1701299535759&opi=89978449	false		high
https://jigsaw.google.com/static/images/favicon-black.png?cache=0598b9b	false		high
https://www.google.com/xjs/_/js/md=1/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg	false		high
https://www.youtube-nocookie.com/s/player/bebe2ae7/player_ias.vflset/en_US/base.js	false		high
https://www.google.com/favicon.ico	false		high
https://lh3.googleusercontent.com/s8vc8SqhxSuvbL9XvMbsAT4yodOKMwAgscgycPGoZu13cDZE2TycSR7oOPiFTH4SYj0d1PZmuxzOD7d04f9vtmEA0eLatZ9kk7d9TQ	false		high
https://lh3.googleusercontent.com/DlRcQ9NxL0ztf9hMwu42j1FA7v0hIs-KiENFI9EPEDHdYVx2E5P5C9_DJqqnioJsXfT6rHMBcyDytLGvv1agI6IOc2GwpOZKAMHL	false		high
https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=f564582f878719e3&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en	false		high
https://jigsaw.google.com/static/fonts/JigsawSans-Regular.woff2	false		high
https://www.365-authentication.com/Resources/cfc/section-1-image.png	false	Avira URL Cloud: safe	unknown
https://www.365-authentication.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://phishingquiz.withgoogle.com/static/logo-jigsaw.svg	false	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?atyp=csi&ei=T8VnZdiBKMmk5NoP8LW06AY&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.1f5114df-4101-4627-b619-bc8319be1e92&hp=&rt=ttfb.624,st.625,bs.27,aaft.627,acrt.627,art.627&zx=1701299534929&opi=89978449	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en.OOEUMmsIAKU.O/ck=xjs.hd.8VN14R_oAUs.L.W.O/am=AAAAAAAAAAAAAAAAAAAAAAQAAAAAEPUTDgFsgACAABBggAAgAICACFIIggEAEPBQJgAAACZAYAhYCogKvEUBAJBAFQAAAAAAIBhEAAAACAAAoAMAACCgEdAAhIAqIAAAAAB5ABAcAAwiCAAAAAAAAAAAAEAAEwSDCxIABQEEAAAAAAAAAAAAgJQ0uRhI/d=0/dg=2/br=1/ujg=1/rs=ACT90oHbH546Zhml_CW4e7_B7CiFR8dtCg/m=sy7c,syrg,syri,syrj,WlNQGd,syxf,syxh,nabPbb,symx,symy,symz,syn0,syn1,syn3,DPreE,syl0,syrf,syrh,CnSW2d,syxg,fXO0xe?xjs=s3	false		high
https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	false		unknown
https://phishingquiz.withgoogle.com/common/theme/styles.css	false	Avira URL Cloud: safe	unknown
https://jigsaw.google.com/static/images/home/lottie/extremism.json	false		high
https://lh3.googleusercontent.com/VOsi18lJmyqb5HjL9n1j52XmwyiqkHvQ1vQ6OMrKM2BM1xrs0Qde_MQ5hAu6sZKNjJtDTXg9RMl3n1EUKSGbe-gIy_A1tkjdIwgZiw=s1100	false		high
https://www.google.com/gen_204?atyp=csi&ei=TMVnZbuJIe-u5NoP2sS-oAU&s=promo&rt=hpbas.2403,hpbarr.629&zx=1701299534930&opi=89978449	false		high
https://www.youtube-nocookie.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8	false		high
https://www.google.com/gen_204?use_corp=on&atyp=i&zx=1701299533914&ogsr=1&ei=TMVnZZDNIvmxiLMPhcy42Ao&ct=7&cad=i&id=19037050&loc=webhp&prid=538&ogd=com&ogprm=up&ap=1&vis=1	false		high
https://lh3.googleusercontent.com/TWDaDhaYV9cNaieAOf8lr83Z2ZzHknRyjjEJ1OKexEJBCeEC_qtnwikVckvH-k7AeUpz2YOv_roqraE-6BRfjzB3JixxxRJny58N2zP_xIXMtkSy1Q=s1100	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://yt3.ggpht.com/ytc/APkrFKbHPhTPy_7aipV901WcH1BoHqGs6QfYZAPuycoa9kA=s68-c-k-c0x00ffffff-no-rj	false		high
https://jigsaw.google.com/static/fonts/JigsawSans-Medium.woff2	false		high
https://play.google.com/log?format=json&hasfast=true&authuser=0	false		high
https://www.youtube-nocookie.com/s/player/bebe2ae7/www-player.css	false		high
https://www.google.com/client_204?cs=1&opi=89978449	false		high
https://play.google.com/log?hasfast=true&authuser=0&format=json	false		high
https://phishingquiz.withgoogle.com/	false		unknown
https://policies.google.com/technologies/cookies?hl=en	false		high
https://www.google.com/gen_204?atyp=i&ei=TMVnZbuJIe-u5NoP2sS-oAU&dt19=2&zx=1701299534299&opi=89978449	false		high
https://www.google.com/gen_204?atyp=csi&ei=TMVnZbuJIe-u5NoP2sS-oAU&s=webhp&t=all&wh=907&imn=5&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=907&adh=&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.1f5114df-4101-4627-b619-bc8319be1e92&net=dl.10000,ect.4g,rtt.200&hp=&p=bs.true&sys=hc.4&rt=hst.105,aft.737,afti.737,prt.360,aftqf.738,xjses.1114,xjsee.1152,xjs.1152,lcp.743,fcp.308,wsrt.275,cst.0,dnst.0,rqst.569,rspt.358,rqstt.64,unt.3,cstt.3,dit.637&zx=1701299533055&opi=89978449	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.tripit.com/uhp/privacyPolicy	chromecache_191.2.dr	false		high
https://ogs.google.com/	chromecache_336.2.dr	false		high
https://www.dropbox.com/buy	chromecache_191.2.dr	false		high
https://stats.g.doubleclick.net/g/collect	chromecache_257.2.dr, chromecache_210.2.dr, chromecache_165.2.dr, chromecache_208.2.dr	false		high
https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers	chromecache_229.2.dr	false	URL Reputation: safe	unknown
https://ogs.google.com/widget/callout	chromecache_336.2.dr	false		high
https://jigsaw.google.com/static/images/social-share.jpg?cache=df11f5c	chromecache_238.2.dr	false		high
https://lh3.googleusercontent.com/TWDaDhaYV9cNaieAOf8lr83Z2ZzHknRyjjEJ1OKexEJBCeEC_qtnwikVckvH-k7AeU	chromecache_238.2.dr	false		high
https://www.youtube.com	chromecache_213.2.dr, chromecache_300.2.dr	false		high
https://admin.youtube.com	chromecache_229.2.dr	false		high
https://www.tripit.com	chromecache_191.2.dr	false		high
https://redux.js.org/tutorials/fundamentals/part-4-store#middleware	chromecache_229.2.dr	false	URL Reputation: safe	unknown
https://drive.google.com.download-photo.sytez.net/AONh1e0hVP	chromecache_191.2.dr	false	Avira URL Cloud: phishing	unknown
https://account.live.com/resetpassword.aspx	chromecache_169.2.dr	false		high
https://security.google.com/settings/security/permissions	chromecache_191.2.dr	false		high
https://yurt.corp.google.com	chromecache_229.2.dr	false		high
https://www.google.com/tools/feedback	chromecache_191.2.dr	false		high
https://lh3.googleusercontent.com/5ccGfXSKePmmYvxwD-gAMei3h6y2s0Z0cHMu_6h0l8FPobouAq2bLPSXxq7MKjon63	chromecache_238.2.dr	false		high
https://lh3.googleusercontent.com/s8vc8SqhxSuvbL9XvMbsAT4yodOKMwAgscgycPGoZu13cDZE2TycSR7oOPiFTH4SYj	chromecache_238.2.dr	false		high
https://www.youtube.com/generate_204?cpn=	chromecache_229.2.dr	false		high
https://about.google/	chromecache_238.2.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/api.js	chromecache_176.2.dr, chromecache_273.2.dr	false		high
https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s	chromecache_226.2.dr, chromecache_336.2.dr	false		high
https://plus.google.com	chromecache_318.2.dr	false		high
http://tools.ietf.org/html/rfc1950	chromecache_213.2.dr, chromecache_256.2.dr, chromecache_229.2.dr	false		high
https://g.co/2SV	chromecache_191.2.dr	false		high
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_257.2.dr, chromecache_210.2.dr, chromecache_165.2.dr, chromecache_208.2.dr	false		high
https://policies.google.com/privacy	chromecache_238.2.dr	false		high
https://lh3.googleusercontent.com/iKWskP71GqflssrKf0wqImr1VkHXd0YfZDm4e5SyObR1O9TwoaVxXQlI1xoUmo8IS4	chromecache_238.2.dr	false		high
https://twitter.com/intent/tweet?text=	chromecache_191.2.dr	false		high
https://ogs.google.com/widget/app/so?awwd=1	chromecache_226.2.dr	false		high
https://www.google.com/log?format=json&hasfast=true	chromecache_276.2.dr, chromecache_316.2.dr, chromecache_256.2.dr, chromecache_273.2.dr, chromecache_229.2.dr, chromecache_308.2.dr	false		high
https://lens.google.com	chromecache_276.2.dr	false		high
https://support.google.com/youtube/?p=report_playback	chromecache_229.2.dr	false		high
https://developers.google.com/youtube/iframe_api_reference#Events	chromecache_213.2.dr	false		high
https://github.com/google/safevalues/issues	chromecache_191.2.dr	false		high
http://youtube.com/streaming/metadata/segment/102015	chromecache_229.2.dr	false		high
https://lens.google.com/gen204	chromecache_189.2.dr	false		high
https://youtu.be/	chromecache_229.2.dr	false		high
https://medium.com/jigsaw	chromecache_238.2.dr	false		high
https://lh3.googleusercontent.com/ED1zTGTPMVhc3EXLQINa092BTbRxrg-RhBrzWpYGYxJA00MdyMtF61Rkya_PJPYOTD	chromecache_238.2.dr	false		high
https://apis.google.com	chromecache_174.2.dr, chromecache_226.2.dr, chromecache_318.2.dr, chromecache_308.2.dr	false		high
https://domains.google.com/suggest/flow	chromecache_318.2.dr	false		high
https://www.dropbox.com/business	chromecache_191.2.dr	false		high
https://youtube.com/api/drm/fps?ek=uninitialized	chromecache_229.2.dr	false		high
http://hammerjs.github.io/	chromecache_320.2.dr	false	URL Reputation: safe	unknown
https://docs.google.com/get_video_info	chromecache_229.2.dr	false		high
https://phishingquiz.withgoogle.com/static/share-7e4bdf41.jpg	chromecache_295.2.dr	false	Avira URL Cloud: safe	unknown
https://www.tripit.com/uhp/userAgreement	chromecache_191.2.dr	false		high
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_176.2.dr, chromecache_276.2.dr, chromecache_273.2.dr	false		high
https://td.doubleclick.net	chromecache_257.2.dr, chromecache_210.2.dr, chromecache_165.2.dr, chromecache_208.2.dr	false		high
https://www.google.com"	chromecache_336.2.dr	false	Avira URL Cloud: safe	low
https://myaccount.google.com/	chromecache_291.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.16.132	photos-ugc.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.253.63.119	unknown	United States	15169	GOOGLEUS	false
172.253.122.132	unknown	United States	15169	GOOGLEUS	false
142.251.16.139	unknown	United States	15169	GOOGLEUS	false
142.251.163.141	phishingquiz.withgoogle.com	United States	15169	GOOGLEUS	false
172.253.115.100	play.google.com	United States	15169	GOOGLEUS	false
13.107.213.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.31.139	unknown	United States	15169	GOOGLEUS	false
142.251.163.154	adservice.google.com	United States	15169	GOOGLEUS	false
172.253.63.105	unknown	United States	15169	GOOGLEUS	false
172.253.63.91	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.71	part-0043.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.253.122.147	www.google.com	United States	15169	GOOGLEUS	false
172.253.122.100	unknown	United States	15169	GOOGLEUS	false
172.253.63.147	unknown	United States	15169	GOOGLEUS	false
142.251.167.84	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.62.113	policies.google.com	United States	15169	GOOGLEUS	false
142.251.179.139	unknown	United States	15169	GOOGLEUS	false
142.251.167.100	www3.l.google.com	United States	15169	GOOGLEUS	false
142.251.167.147	unknown	United States	15169	GOOGLEUS	false
142.251.167.102	jigsaw.google.com	United States	15169	GOOGLEUS	false
172.253.122.113	unknown	United States	15169	GOOGLEUS	false
142.250.31.190	unknown	United States	15169	GOOGLEUS	false
142.251.167.119	i.ytimg.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1350225
Start date and time:	2023-11-30 00:10:11 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@28/198@66/27
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fb0d469b2-1411-411a-a0e3-5d569c725b5d%2freprocess%3fctx%3drQQIARAAnZE9iNRAFMeT_fLu8GOxEkGw2NtCmSQzyUyShRS74t15iMqhHFfoMslMNmE3HySTXd3ORsRCrt5SC2ErsRDR5moFudrGyg8E4TgQrhJzBxZ2h_B48H883vu9979UhQrstAzbdi2DegDqCAIDmT6gFJoAEdOjxDaxaVvrDaxBAxvZ2aXm3od7n9eGd669e-Rd_0bufp3LRiBEmndUNU_zNEtYMcyhMs5LpYzDvKCjXBQsTBQvidR-Hg5izsL4jSzvyvJ3WZ5V6jwGq715pcV8zD3X1wBxDQsYNsbAdS0CiG543NQJZpx8qpy52S1EgA5TkoVTvl9Z9JMs6qdJLmbVl3LG6ShyGB8rdFpk_HBtO-Pp6EFfJM4R6rLeXUYrZfzTVGrP94qY8WyShSKMB2WlHQgHtaOhcI4g20HIHMQhMxHyAWHIBAbhFqAWcQGjnHONGdjCZjtOYo87x7loXm39fWBEYzrgEY9FCVRSTcKYJZNciblQX1Vbbjmc2C4C0IClVRBSQDWuA8wwsT0TYRez3Zr8o3ZSq3YWFpaa0jnponRQk5_VS-OE0tzpfHl948mF9vne8xfS-7qq0q376kr3dqpmgW3bm6uBro1CPdO06ZXLVzfE-njzltjwh6S35ZAO3G7I243GXkN-fEJ6u_hftu-ckg5Of9z_9fvh7OnPtT81&mkt=en-GB&hosted=0&device_platform=Windows+10 Browse: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 Browse: https://phishingquiz.withgoogle.com/ Browse: https://policies.google.com/technologies/cookies?hl=en Browse: https://jigsaw.google.com/ Browse: https://www.google.com/

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.163.94, 34.104.35.123, 142.251.179.95, 142.251.167.95, 172.253.62.95, 172.253.122.95, 142.251.16.95, 142.251.163.95, 172.253.115.95, 172.253.63.95, 20.190.151.72, 40.126.23.6, 40.126.23.8, 20.190.151.135, 20.190.151.136, 20.190.151.71, 40.126.23.9, 152.199.4.33, 20.190.151.0, 142.250.31.95, 142.251.111.95, 72.21.81.240, 192.229.211.108, 23.207.202.75, 172.253.62.94, 172.253.115.94, 172.253.122.94, 142.251.163.97, 142.251.16.94, 172.253.63.101, 172.253.63.113, 172.253.63.138, 172.253.63.102, 172.253.63.100, 172.253.63.139, 142.251.167.94, 172.253.62.97, 172.253.63.94, 142.251.163.101, 142.251.163.100, 142.251.163.138, 142.251.163.113, 142.251.163.139, 142.251.163.102, 104.97.85.51
Excluded domains from analysis (whitelisted): ssl.gstatic.com, slscr.update.microsoft.com, na.privatelink.msidentity.com, clientservices.googleapis.com, mscomajax.vo.msecnd.net, ocsp.digicert.com, star-azurefd-prod.trafficmanager.net, www.googletagmanager.com, update.googleapis.com, www.gstatic.com, client.ppe.repmap.microsoft.com, www.google-analytics.com, www.ppev6tm.aadg.akadns.net, fonts.googleapis.com, fs.microsoft.com, content-autofill.googleapis.com, prdf.aadg.msidentity.com, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, fonts.gstatic.com, www.tm.f.prd.aadg.akadns.net, ctldl.windowsupdate.com, aadcdn.msauth.net, jnn-pa.googleapis.com, passwordreset.mso.msidentity.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, ppe.v6.aadg.privatelink.msidentity.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
VT rate limit hit for: https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 29 22:11:03 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.974322198532123
Encrypted:	false
SSDEEP:	48:8XoddmTCSeHDidAKZdA19ehwiZUklqehJy+3:84WTqCy
MD5:	8506CE2B705DC5792FE5AFD331497CFB
SHA1:	93967CFBC3582214D251B1740F061553A96046F3
SHA-256:	2C0F8DC89E45E10321A81C839F316C26CFE65B60922A8C44AB5B5D0C61B682A8
SHA-512:	4BAA3526F9272FC7CA9BEFA8F78CBA79013BC76A95C3D612B5C6FE306182C665BE7AFA873D5C45FC85B57DF8CC518A547F0D4A837DEB6717EBC5F6CEF3324A8B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......'S.#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}W`.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}W`.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}W`.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}W`............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Wb............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............+bu.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	HTTP Parser: Number of links: 1
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fb0d469b2-1411-411a-a0e3-5d569c725b5d%2freprocess%3fctx%3drQQIARAAnZE9iNRAFMeT_fLu8GOxEkGw2NtCmSQzyUyShRS74t15iMqhHFfoMslMNmE3HySTXd3ORsRCrt5SC2ErsRDR5moFudrGyg8E4TgQrhJzBxZ2h_B48H883vu9979UhQrstAzbdi2DegDqCAIDmT6gFJoAEdOjxDaxaVvrDaxBAxvZ2aXm3od7n9eGd669e-Rd_0bufp3LRiBEmndUNU_zNEtYMcyhMs5LpYzDvKCjXBQsTBQvidR-Hg5izsL4jSzvyvJ3WZ5V6jwGq715pcV8zD3X1wBxDQsYNsbAdS0CiG543NQJZpx8qpy52S1EgA5TkoVTvl9Z9JMs6qdJLmbVl3LG6ShyGB8rdFpk_HBtO-Pp6EFfJM4R6rLeXUYrZfzTVGrP94qY8WyShSKMB2WlHQgHtaOhcI4g20HIHMQhMxHyAWHIBAbhFqAWcQGjnHONGdjCZjtOYo87x7loXm39fWBEYzrgEY9FCVRSTcKYJZNciblQX1Vbbjmc2C4C0IClVRBSQDWuA8wwsT0TYRez3Zr8o3ZSq3YWFpaa0jnponRQk5_VS-OE0tzpfHl948mF9vne8xfS-7qq0q376kr3dqpmgW3bm6uBro1CPdO06ZXLVzfE-njzltjwh6S35ZAO3G7I243GXkN-fEJ6u_hftu-ckg5Of9z_9fvh7OnPtT81&mkt=en-GB&hosted=0&device_platform=Windows+10	HTTP Parser: Number of links: 0

Source: https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fb0d469b2-1411-411a-a0e3-5d569c725b5d%2freprocess%3fctx%3drQQIARAAnZE9iNRAFMeT_fLu8GOxEkGw2NtCmSQzyUyShRS74t15iMqhHFfoMslMNmE3HySTXd3ORsRCrt5SC2ErsRDR5moFudrGyg8E4TgQrhJzBxZ2h_B48H883vu9979UhQrstAzbdi2DegDqCAIDmT6gFJoAEdOjxDaxaVvrDaxBAxvZ2aXm3od7n9eGd669e-Rd_0bufp3LRiBEmndUNU_zNEtYMcyhMs5LpYzDvKCjXBQsTBQvidR-Hg5izsL4jSzvyvJ3WZ5V6jwGq715pcV8zD3X1wBxDQsYNsbAdS0CiG543NQJZpx8qpy52S1EgA5TkoVTvl9Z9JMs6qdJLmbVl3LG6ShyGB8rdFpk_HBtO-Pp6EFfJM4R6rLeXUYrZfzTVGrP94qY8WyShSKMB2WlHQgHtaOhcI4g20HIHMQhMxHyAWHIBAbhFqAWcQGjnHONGdjCZjtOYo87x7loXm39fWBEYzrgEY9FCVRSTcKYJZNciblQX1Vbbjmc2C4C0IClVRBSQDWuA8wwsT0TYRez3Zr8o3ZSq3YWFpaa0jnponRQk5_VS-OE0tzpfHl948mF9vne8xfS-7qq0q376kr3dqpmgW3bm6uBro1CPdO06ZXLVzfE-njzltjwh6S35ZAO3G7I243GXkN-fEJ6u_hftu-ckg5Of9z_9fvh7OnPtT81&mkt=en-GB&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fb0d469b2-1411-411a-a0e3-5d569c725b5d%2freprocess%3fctx%3drQQIARAAnZE9iNRAFMeT_fLu8GOxEkGw2NtCmSQzyUyShRS74t15iMqhHFfoMslMNmE3HySTXd3ORsRCrt5SC2ErsRDR5moFudrGyg8E4TgQrhJzBxZ2h_B48H883vu9979UhQrstAzbdi2DegDqCAIDmT6gFJoAEdOjxDaxaVvrDaxBAxvZ2aXm3od7n9eGd669e-Rd_0bufp3LRiBEmndUNU_zNEtYMcyhMs5LpYzDvKCjXBQsTBQvidR-Hg5izsL4jSzvyvJ3WZ5V6jwGq715pcV8zD3X1wBxDQsYNsbAdS0CiG543NQJZpx8qpy52S1EgA5TkoVTvl9Z9JMs6qdJLmbVl3LG6ShyGB8rdFpk_HBtO-Pp6EFfJM4R6rLeXUYrZfzTVGrP94qY8WyShSKMB2WlHQgHtaOhcI4g20HIHMQhMxHyAWHIBAbhFqAWcQGjnHONGdjCZjtOYo87x7loXm39fWBEYzrgEY9FCVRSTcKYJZNciblQX1Vbbjmc2C4C0IClVRBSQDWuA8wwsT0TYRez3Zr8o3ZSq3YWFpaa0jnponRQk5_VS-OE0tzpfHl948mF9vne8xfS-7qq0q376kr3dqpmgW3bm6uBro1CPdO06ZXLVzfE-njzltjwh6S35ZAO3G7I243GXkN-fEJ6u_hftu-ckg5Of9z_9fvh7OnPtT81&mkt=en-GB&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found

Source: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	HTTP Parser: No favicon
Source: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=f564582f878719e3&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en	HTTP Parser: No favicon

Source: https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fb0d469b2-1411-411a-a0e3-5d569c725b5d%2freprocess%3fctx%3drQQIARAAnZE9iNRAFMeT_fLu8GOxEkGw2NtCmSQzyUyShRS74t15iMqhHFfoMslMNmE3HySTXd3ORsRCrt5SC2ErsRDR5moFudrGyg8E4TgQrhJzBxZ2h_B48H883vu9979UhQrstAzbdi2DegDqCAIDmT6gFJoAEdOjxDaxaVvrDaxBAxvZ2aXm3od7n9eGd669e-Rd_0bufp3LRiBEmndUNU_zNEtYMcyhMs5LpYzDvKCjXBQsTBQvidR-Hg5izsL4jSzvyvJ3WZ5V6jwGq715pcV8zD3X1wBxDQsYNsbAdS0CiG543NQJZpx8qpy52S1EgA5TkoVTvl9Z9JMs6qdJLmbVl3LG6ShyGB8rdFpk_HBtO-Pp6EFfJM4R6rLeXUYrZfzTVGrP94qY8WyShSKMB2WlHQgHtaOhcI4g20HIHMQhMxHyAWHIBAbhFqAWcQGjnHONGdjCZjtOYo87x7loXm39fWBEYzrgEY9FCVRSTcKYJZNciblQX1Vbbjmc2C4C0IClVRBSQDWuA8wwsT0TYRez3Zr8o3ZSq3YWFpaa0jnponRQk5_VS-OE0tzpfHl948mF9vne8xfS-7qq0q376kr3dqpmgW3bm6uBro1CPdO06ZXLVzfE-njzltjwh6S35ZAO3G7I243GXkN-fEJ6u_hftu-ckg5Of9z_9fvh7OnPtT81&mkt=en-GB&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fb0d469b2-1411-411a-a0e3-5d569c725b5d%2freprocess%3fctx%3drQQIARAAnZE9iNRAFMeT_fLu8GOxEkGw2NtCmSQzyUyShRS74t15iMqhHFfoMslMNmE3HySTXd3ORsRCrt5SC2ErsRDR5moFudrGyg8E4TgQrhJzBxZ2h_B48H883vu9979UhQrstAzbdi2DegDqCAIDmT6gFJoAEdOjxDaxaVvrDaxBAxvZ2aXm3od7n9eGd669e-Rd_0bufp3LRiBEmndUNU_zNEtYMcyhMs5LpYzDvKCjXBQsTBQvidR-Hg5izsL4jSzvyvJ3WZ5V6jwGq715pcV8zD3X1wBxDQsYNsbAdS0CiG543NQJZpx8qpy52S1EgA5TkoVTvl9Z9JMs6qdJLmbVl3LG6ShyGB8rdFpk_HBtO-Pp6EFfJM4R6rLeXUYrZfzTVGrP94qY8WyShSKMB2WlHQgHtaOhcI4g20HIHMQhMxHyAWHIBAbhFqAWcQGjnHONGdjCZjtOYo87x7loXm39fWBEYzrgEY9FCVRSTcKYJZNciblQX1Vbbjmc2C4C0IClVRBSQDWuA8wwsT0TYRez3Zr8o3ZSq3YWFpaa0jnponRQk5_VS-OE0tzpfHl948mF9vne8xfS-7qq0q376kr3dqpmgW3bm6uBro1CPdO06ZXLVzfE-njzltjwh6S35ZAO3G7I243GXkN-fEJ6u_hftu-ckg5Of9z_9fvh7OnPtT81&mkt=en-GB&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Source: chromecache_238.2.dr	String found in binary or memory: <a title="Youtube" class="footer__socials__item" href="https://www.youtube.com/jigsaw" equals www.youtube.com (Youtube)
Source: chromecache_238.2.dr	String found in binary or memory: <a title="facebook" class="footer__socials__item" href="https://www.facebook.com/JigsawTeam/" equals www.facebook.com (Facebook)
Source: chromecache_238.2.dr	String found in binary or memory: <script src="https://www.youtube.com/iframe_api" nonce="WWK1Ik5k86rxEZwg5Ducfg"></script> equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: !1:h;this.Wo=TJ(UJ(d,BPa),d,h,"Trusted Ad Domain URL");this.Bc=pC(!1,a.privembed);this.protocol=0===this.Se.indexOf("http:")?"http":"https";this.Ea=Nza((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|Nza(this.Se)\|\|this.protocol+"://www.youtube.com/";h=b?b.eventLabel:a.el;d="detailpage";"adunit"===h?d=this.D?"embedded":"detailpage":"embedded"===h\|\|this.K?d=qC(d,h,CPa):h&&(d="embedded");this.Sa=d;Ksa();h=null;d=b?b.playerStyle:a.ps;f=g.Bb(DPa,d);!d\|\|f&&!this.K\|\|(h=d);this.playerStyle=h;this.qa=(this.N= equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: (g.po(c,"redirector.googlevideo.com"),d=c.toString()):c.j.match("rr?[1-9].*\\.c\\.youtube\\.com$")?(g.po(c,"www.youtube.com"),d=c.toString()):(c=Wza(d),VJ(c)&&(d=c));c=new g.TP(d);c.set("cmo=pf","1");e&&c.set("cmo=td","a1.googlevideo.com");return c}; equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: DOa=function(a,b){if(!a.j["0"]){var c=new VK("0","fakesb",{video:new SK(0,0,0,void 0,void 0,"auto")});a.j["0"]=b?new XQ(new g.TP("http://www.youtube.com/videoplayback"),c,"fake"):new hR(new g.TP("http://www.youtube.com/videoplayback"),c,new GQ(0,0),new GQ(0,0))}}; equals www.youtube.com (Youtube)
Source: chromecache_191.2.dr	String found in binary or memory: ["href","https://g.co/2SV"],"Share the quiz:",[1,"share-list"],["href","https://www.facebook.com/sharer/sharer.php?u=g.co/phishingquiz","target","_blank",1,"facebook",3,"click"],["height","3rem","viewBox","0 0 26 26"],"Share to Facebook","d;M13 26C5.82 26 0 20.18 0 13S5.82 0 13 0s13 5.82 13 13-5.82 13-13 13zm1.056-5v-6.843h2.298l.344-2.667h-2.642V9.787c0-.772.215-1.298 1.325-1.298h1.41V6.105A18.898 18.898 0 0 0 14.733 6c-2.036 0-3.43 1.243-3.43 3.525v1.967H9v2.667h2.303V21h2.753z;fill;#4087D7;fill-rule;nonzero;stroke;none".split(";"), equals www.facebook.com (Facebook)
Source: chromecache_229.2.dr	String found in binary or memory: a))):this.ke(g.$V(a.errorMessage)):this.ke(bW(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c=g.Nl(c,{hl:a})),this.ke(bW(this,"GENERIC_WITH_LINK_AND_CPN",c,!0)),d.hc&&!d.D&&HWa(this,function(e){if(g.NU(e,b.api,!pS(b.api.U()))){e={as3:!1,html5:!0,player:!0,cpn:b.api.getVideoData().clientPlaybackNonce};var f=b.api;f.Fd("onFeedbackArticleRequest",{articleId:3037019,helpContext:"player_error", equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: a.severity,e,GK(a.details),f)}else this.ra.oa("nonfatalerror",a),d=/^pp/.test(this.videoData.clientPlaybackNonce),this.xe(a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.uD)(),xU(a,"manifest",function(h){b.G=!0;b.va("pathprobe",h)},function(h){b.xe(h.errorCode,h.details)}))}}; equals www.youtube.com (Youtube)
Source: chromecache_213.2.dr	String found in binary or memory: function Gr(a,b,c){this.o=this.g=this.h=null;this.i=0;this.G=!1;this.u=[];this.l=null;this.O={};if(!a)throw Error("YouTube player element ID required.");this.id=Oa(this);this.K=c;c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"===a.tagName.toLowerCase(),b.host\|\|(b.host=c?bc(a.src):"https://www.youtube.com"),this.h=new Ar(b),c\|\|(b=Hr(this,a),this.o=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.g=a,this.g.id\|\|(this.g.id="widget"+Oa(this.g)),ur[this.g.id]=this,window.postMessage){this.l= equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: g.Sa("Goog_AdSense_Lidar_getUrlSignalsList",ngb);var TKa={g1a:0,d1a:1,Z0a:2,a1a:3,b1a:4,f1a:5,e1a:6};var coa=(new Date).getTime();var Ska="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Tka=/\bocr\b/;var Vka=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;"undefined"!==typeof TextDecoder&&new TextDecoder;var ogb="undefined"!==typeof TextEncoder?new TextEncoder:null,Ira=ogb?function(a){return ogb.encode(a)}:function(a){a=g.pg(a); equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e,f){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.nS(this);e="www.youtube.com"===c;!f&&d&&e?f="https://youtu.be/"+a:g.gS(this)?(f="https://"+c+"/fire",b.v=a):(f&&e?(f=this.protocol+"://"+c+"/shorts/"+a,d&&(b.feature="share")):(f=this.protocol+"://"+c+"/watch",b.v=a),JD&&(a=Ona())&&(b.ebc=a));return g.Nl(f,b)}; equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: g.mS=function(a){a=HPa(a.Ea);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: g.yS=function(a){var b=g.nS(a);TPa.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: chromecache_208.2.dr	String found in binary or memory: return b}oC.F="internal.enableAutoEventOnTimer";var nc=da(["data-gtm-yt-inspected-"]),pC=["www.youtube.com","www.youtube-nocookie.com"],qC,rC=!1; equals www.youtube.com (Youtube)
Source: chromecache_257.2.dr, chromecache_210.2.dr, chromecache_165.2.dr	String found in binary or memory: return b}pC.F="internal.enableAutoEventOnTimer";var yc=da(["data-gtm-yt-inspected-"]),qC=["www.youtube.com","www.youtube-nocookie.com"],rC,sC=!1; equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: this.Oo=!this.Bc&&Math.random()<g.tJ(this.experiments,"web_player_api_logging_fraction");this.Za=!this.Bc;this.enabledEngageTypes=new Set;this.deviceIsAudioOnly=!(null==b\|\|!b.deviceIsAudioOnly);this.jd=rC(this.jd,a.ismb);this.Vo?(r=a.vss_host\|\|"s.youtube.com","s.youtube.com"===r&&(r=HPa(this.Ea)\|\|"www.youtube.com")):r="video.google.com";this.Um=r;IPa(this,a,!0);this.Ka=new IR;g.L(this,this.Ka);q=b?b.innertubeApiKey:sC("",a.innertube_api_key);p=b?b.innertubeApiVersion:sC("",a.innertube_api_version); equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: this.X.ma&&(a.authuser=this.X.ma);this.X.pageId&&(a.pageid=this.X.pageId);isNaN(this.cryptoPeriodIndex)\|\|(a.cpi=this.cryptoPeriodIndex.toString());var e=(e=/_(TV\|STB\|GAME\|OTT\|ATV\|BDP)_/.exec(g.mc()))?e[1]:"";"ATV"===e&&(a.cdt=e);this.G=a;this.G.session_id=d;this.ma=!0;"widevine"===this.B.flavor&&(this.G.hdr="1");"playready"===this.B.flavor&&(b=Number(GR(b.experiments,"playready_first_play_expiration")),!isNaN(b)&&0<=b&&(this.G.mfpe=""+b),this.ma=!1);b="";g.zR(this.B)?yR(this.B)?(d=c.B)&&(b="https://www.youtube.com/api/drm/fps?ek="+ equals www.youtube.com (Youtube)
Source: chromecache_229.2.dr	String found in binary or memory: var U3={};var rcb=/[&\?]action_proxy=1/,qcb=/[&\?]token=([\w-])/,scb=/[&\?]video_id=([\w-])/,tcb=/[&\?]index=([\d-])/,ucb=/[&\?]m_pos_ms=([\d-])/,xcb=/[&\?]vvt=([\w-]*)/,kcb="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),vcb="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),ncb={android:"ANDROID", equals www.youtube.com (Youtube)
Source: chromecache_300.2.dr	String found in binary or memory: var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/5753e790\/www-widgetapi.vflset\/www-widgetapi.js';try{var ttPolicy=window.trustedTypes.createPolicy("youtube-widget-api",{createScriptURL:function(x){return x}});scriptUrl=ttPolicy.createScriptURL(scriptUrl)}catch(e){}var YT;if(!window["YT"])YT={loading:0,loaded:0};var YTConfig;if(!window["YTConfig"])YTConfig={"host":"https://www.youtube.com"}; equals www.youtube.com (Youtube)

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 30, 2023 00:11:02.247472048 CET	192.168.2.5	1.1.1.1	0x69f7	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:02.247569084 CET	192.168.2.5	1.1.1.1	0x4fad	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:02.247988939 CET	192.168.2.5	1.1.1.1	0x63fe	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:02.248186111 CET	192.168.2.5	1.1.1.1	0x6982	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:03.611476898 CET	192.168.2.5	1.1.1.1	0x9d02	Standard query (0)	www.365-authentication.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:03.613756895 CET	192.168.2.5	1.1.1.1	0x9f6c	Standard query (0)	www.365-authentication.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:06.114612103 CET	192.168.2.5	1.1.1.1	0xc631	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:06.114856005 CET	192.168.2.5	1.1.1.1	0xbff2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:16.466651917 CET	192.168.2.5	1.1.1.1	0xfd8c	Standard query (0)	passwordreset.microsoftonline.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:16.468767881 CET	192.168.2.5	1.1.1.1	0x60b8	Standard query (0)	passwordreset.microsoftonline.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:17.427196980 CET	192.168.2.5	1.1.1.1	0xe149	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:17.427887917 CET	192.168.2.5	1.1.1.1	0x6668	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:18.354123116 CET	192.168.2.5	1.1.1.1	0x208e	Standard query (0)	passwordreset.microsoftonline.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:18.354537010 CET	192.168.2.5	1.1.1.1	0xf2a1	Standard query (0)	passwordreset.microsoftonline.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:22.132107019 CET	192.168.2.5	1.1.1.1	0xd47	Standard query (0)	www.365-authentication.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:22.132487059 CET	192.168.2.5	1.1.1.1	0x3899	Standard query (0)	www.365-authentication.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:38.460139036 CET	192.168.2.5	1.1.1.1	0x880	Standard query (0)	phishingquiz.withgoogle.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:38.463696003 CET	192.168.2.5	1.1.1.1	0xf2bd	Standard query (0)	phishingquiz.withgoogle.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:41.326476097 CET	192.168.2.5	1.1.1.1	0x30f6	Standard query (0)	phishingquiz.withgoogle.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:41.326756001 CET	192.168.2.5	1.1.1.1	0xa96b	Standard query (0)	phishingquiz.withgoogle.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:58.539750099 CET	192.168.2.5	1.1.1.1	0xaf2b	Standard query (0)	policies.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:58.540062904 CET	192.168.2.5	1.1.1.1	0x56b0	Standard query (0)	policies.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:59.588479042 CET	192.168.2.5	1.1.1.1	0xbdb8	Standard query (0)	www.youtube-nocookie.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:59.588716984 CET	192.168.2.5	1.1.1.1	0xcdfa	Standard query (0)	www.youtube-nocookie.com	65	IN (0x0001)	false
Nov 30, 2023 00:11:59.930924892 CET	192.168.2.5	1.1.1.1	0x19fd	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:11:59.931207895 CET	192.168.2.5	1.1.1.1	0xea12	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:00.465615034 CET	192.168.2.5	1.1.1.1	0xec6f	Standard query (0)	i.ytimg.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:00.465986013 CET	192.168.2.5	1.1.1.1	0xddce	Standard query (0)	i.ytimg.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:00.571001053 CET	192.168.2.5	1.1.1.1	0xe6a5	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:00.571104050 CET	192.168.2.5	1.1.1.1	0x921	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:01.745832920 CET	192.168.2.5	1.1.1.1	0x9e28	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:01.746162891 CET	192.168.2.5	1.1.1.1	0xfc9d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:01.795955896 CET	192.168.2.5	1.1.1.1	0x3302	Standard query (0)	yt3.ggpht.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:01.796327114 CET	192.168.2.5	1.1.1.1	0x923e	Standard query (0)	yt3.ggpht.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:02.001255989 CET	192.168.2.5	1.1.1.1	0x1af	Standard query (0)	i.ytimg.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:02.001904964 CET	192.168.2.5	1.1.1.1	0x8967	Standard query (0)	i.ytimg.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:02.511483908 CET	192.168.2.5	1.1.1.1	0xf333	Standard query (0)	yt3.ggpht.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:02.511996984 CET	192.168.2.5	1.1.1.1	0x65f3	Standard query (0)	yt3.ggpht.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:04.856937885 CET	192.168.2.5	1.1.1.1	0xacc7	Standard query (0)	www.youtube-nocookie.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:04.857512951 CET	192.168.2.5	1.1.1.1	0x9058	Standard query (0)	www.youtube-nocookie.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:04.858831882 CET	192.168.2.5	1.1.1.1	0x5f76	Standard query (0)	policies.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:04.859200954 CET	192.168.2.5	1.1.1.1	0x38d3	Standard query (0)	policies.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:06.471295118 CET	192.168.2.5	1.1.1.1	0x1ff7	Standard query (0)	jigsaw.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:06.471771002 CET	192.168.2.5	1.1.1.1	0xd25d	Standard query (0)	jigsaw.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:07.401626110 CET	192.168.2.5	1.1.1.1	0x604a	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:07.402451038 CET	192.168.2.5	1.1.1.1	0x101b	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:08.296256065 CET	192.168.2.5	1.1.1.1	0x3d23	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:08.296720982 CET	192.168.2.5	1.1.1.1	0x38b	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:08.882358074 CET	192.168.2.5	1.1.1.1	0x5b15	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:08.882647991 CET	192.168.2.5	1.1.1.1	0xc3af	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:10.791059971 CET	192.168.2.5	1.1.1.1	0xeb42	Standard query (0)	jigsaw.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:10.791204929 CET	192.168.2.5	1.1.1.1	0xd4d1	Standard query (0)	jigsaw.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:13.927896976 CET	192.168.2.5	1.1.1.1	0xeb34	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:13.928225040 CET	192.168.2.5	1.1.1.1	0xc298	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:14.923677921 CET	192.168.2.5	1.1.1.1	0xa520	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:14.923841953 CET	192.168.2.5	1.1.1.1	0x2183	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:15.450225115 CET	192.168.2.5	1.1.1.1	0xb6ca	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:15.450393915 CET	192.168.2.5	1.1.1.1	0xbfd5	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:16.573817015 CET	192.168.2.5	1.1.1.1	0xc560	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:16.579056978 CET	192.168.2.5	1.1.1.1	0xc252	Standard query (0)	adservice.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:21.800928116 CET	192.168.2.5	1.1.1.1	0x7b47	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:21.801059961 CET	192.168.2.5	1.1.1.1	0x4221	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:31.124233961 CET	192.168.2.5	1.1.1.1	0x22ae	Standard query (0)	clients1.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:31.124957085 CET	192.168.2.5	1.1.1.1	0xb59	Standard query (0)	clients1.google.com	65	IN (0x0001)	false
Nov 30, 2023 00:12:32.659825087 CET	192.168.2.5	1.1.1.1	0xd980	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 00:12:32.660341978 CET	192.168.2.5	1.1.1.1	0x8815	Standard query (0)	play.google.com	65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:02 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:02 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 72 65 71 6b 59 64 65 79 6c 53 33 53 53 4a 37 74 78 77 75 51 37 77 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-reqkYdeylS3SSJ7txwuQ7w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-11-29 23:11:02 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 34 36 36 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6176" elapsed_seconds="54662"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-29 23:11:02 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-29 23:11:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:02 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
2023-11-29 23:11:02 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-11-29 23:11:02 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-11-29 23:11:02 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-29 23:11:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:04 UTC	716	OUT	GET //Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:04 UTC	1063	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 30 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 2e 41 73 70 4e 65 74 43 6f 72 65 2e 41 6e 74 69 66 6f 72 67 65 72 79 2e 39 66 58 6f 4e 35 6a 48 43 58 73 3d 43 66 44 4a 38 41 53 61 2d 6d 2d 48 72 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-storePragma: no-cacheSet-Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-Hr
2023-11-29 23:11:04 UTC	13293	IN	Data Raw: 33 33 65 35 0d 0a 0a 0a 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e 74 Data Ascii: 33e5... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <link rel="shortcut icon" href="https://aadcdn.msauth.net/shared/1.0/cont
2023-11-29 23:11:04 UTC	16384	IN	Data Raw: 36 66 66 61 0d 0a 6f 72 65 2c 0a 09 2e 72 6f 77 3a 61 66 74 65 72 20 7b 0a 09 09 63 6f 6e 74 65 6e 74 3a 20 22 20 22 3b 0a 09 09 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 0a 09 7d 0a 0a 09 2e 72 6f 77 3a 61 66 74 65 72 20 7b 0a 09 09 63 6c 65 61 72 3a 20 62 6f 74 68 0a 09 7d 0a 0a 2e 63 6f 6c 2d 78 73 2d 31 2c 0a 2e 63 6f 6c 2d 73 6d 2d 31 2c 0a 2e 63 6f 6c 2d 6d 64 2d 31 2c 0a 2e 63 6f 6c 2d 6c 67 2d 31 2c 0a 2e 63 6f 6c 2d 78 73 2d 32 2c 0a 2e 63 6f 6c 2d 73 6d 2d 32 2c 0a 2e 63 6f 6c 2d 6d 64 2d 32 2c 0a 2e 63 6f 6c 2d 6c 67 2d 32 2c 0a 2e 63 6f 6c 2d 78 73 2d 33 2c 0a 2e 63 6f 6c 2d 73 6d 2d 33 2c 0a 2e 63 6f 6c 2d 6d 64 2d 33 2c 0a 2e 63 6f 6c 2d 6c 67 2d 33 2c 0a 2e 63 6f 6c 2d 78 73 2d 34 2c 0a 2e 63 6f 6c 2d 73 6d 2d 34 2c 0a 2e 63 6f 6c 2d 6d 64 Data Ascii: 6ffaore,.row:after {content: " ";display: table}.row:after {clear: both}.col-xs-1,.col-sm-1,.col-md-1,.col-lg-1,.col-xs-2,.col-sm-2,.col-md-2,.col-lg-2,.col-xs-3,.col-sm-3,.col-md-3,.col-lg-3,.col-xs-4,.col-sm-4,.col-md
2023-11-29 23:11:04 UTC	12290	IN	Data Raw: 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 36 20 7b 0a 09 09 6c 65 66 74 3a 20 32 35 25 0a 09 7d 0a 0a 09 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 37 20 7b 0a 09 09 6c 65 66 74 3a 20 32 39 2e 31 36 36 36 37 25 0a 09 7d 0a 0a 09 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 38 20 7b 0a 09 09 6c 65 66 74 3a 20 33 33 2e 33 33 33 33 33 25 0a 09 7d 0a 0a 09 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 39 20 7b 0a 09 09 6c 65 66 74 3a 20 33 37 2e 35 25 0a 09 7d 0a 0a 09 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 31 30 20 7b 0a 09 09 6c 65 66 74 3a 20 34 31 2e 36 36 36 36 37 25 0a 09 7d 0a 0a 09 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 31 31 20 7b 0a 09 09 6c 65 66 74 3a 20 34 35 2e 38 33 33 33 33 25 0a 09 7d 0a 0a 09 2e 63 6f 6c 2d 6c 67 2d 70 75 73 68 2d 31 32 20 7b 0a 09 09 6c 65 66 Data Ascii: .col-lg-push-6 {left: 25%}.col-lg-push-7 {left: 29.16667%}.col-lg-push-8 {left: 33.33333%}.col-lg-push-9 {left: 37.5%}.col-lg-push-10 {left: 41.66667%}.col-lg-push-11 {left: 45.83333%}.col-lg-push-12 {lef
2023-11-29 23:11:04 UTC	4104	IN	Data Raw: 31 30 30 30 0d 0a 6c 79 5d 2c 0a 09 09 66 69 65 6c 64 73 65 74 5b 64 69 73 61 62 6c 65 64 5d 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 2c 0a 09 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 6d 6f 6e 74 68 22 5d 5b 64 69 73 61 62 6c 65 64 5d 2c 0a 09 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 6d 6f 6e 74 68 22 5d 5b 72 65 61 64 6f 6e 6c 79 5d 2c 0a 09 09 66 69 65 6c 64 73 65 74 5b 64 69 73 61 62 6c 65 64 5d 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 6d 6f 6e 74 68 22 5d 2c 0a 09 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 5b 64 69 73 61 62 6c 65 64 5d 2c 0a 09 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 5b 72 65 61 64 6f 6e 6c 79 5d 2c 0a 09 09 66 69 65 6c 64 73 65 74 5b 64 69 73 61 62 6c 65 64 5d 20 69 6e 70 75 74 Data Ascii: 1000ly],fieldset[disabled] input[type="email"],input[type="month"][disabled],input[type="month"][readonly],fieldset[disabled] input[type="month"],input[type="number"][disabled],input[type="number"][readonly],fieldset[disabled] input
2023-11-29 23:11:04 UTC	16384	IN	Data Raw: 38 64 32 30 0d 0a 22 5d 3a 63 68 65 63 6b 65 64 3a 3a 2d 6d 73 2d 63 68 65 63 6b 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 20 21 69 6d 70 6f 72 74 61 6e 74 0a 09 7d 0a 0a 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 7b 0a 09 77 69 64 74 68 3a 20 32 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 32 30 70 78 0a 7d 0a 0a 09 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 3a 3a 2d 6d 73 2d 63 68 65 63 6b 20 7b 0a 09 09 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 09 09 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 32 70 78 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 09 09 63 6f 6c 6f 72 3a 20 23 30 30 Data Ascii: 8d20"]:checked::-ms-check {color: rgba(0, 0, 0, 0.2) !important}input[type="checkbox"] {width: 20px;height: 20px}input[type="checkbox"]::-ms-check {border-style: solid;border-width: 2px;background-color: transparent;color: #00
2023-11-29 23:11:04 UTC	16384	IN	Data Raw: 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 3b 0a 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 0a 7d 0a 0a 2e 64 72 6f 70 64 6f 77 6e 2d 62 61 63 6b 64 72 6f 70 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 09 6c 65 66 74 3a 20 30 3b 0a 09 72 69 67 68 74 3a 20 30 3b 0a 09 62 6f 74 74 6f 6d 3a 20 30 3b 0a 09 74 6f 70 3a 20 30 3b 0a 09 7a 2d 69 6e 64 65 78 3a 20 39 39 30 0a 7d 0a 0a 2e 70 75 6c 6c 2d 72 69 67 68 74 20 3e 20 2e 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 7b 0a 09 72 69 67 68 74 3a 20 30 3b 0a 09 6c 65 66 74 3a 20 61 75 74 6f 0a 7d 0a 0a 2e 64 72 6f 70 75 70 20 2e 63 61 72 65 74 2c 0a 2e 6e 61 76 62 61 Data Ascii: font-size: 12px;line-height: 1.42857;color: #777;white-space: nowrap}.dropdown-backdrop {position: fixed;left: 0;right: 0;bottom: 0;top: 0;z-index: 990}.pull-right > .dropdown-menu {right: 0;left: auto}.dropup .caret,.navba
2023-11-29 23:11:04 UTC	3368	IN	Data Raw: 20 35 70 78 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 36 37 62 38 3b 0a 09 09 7a 2d 69 6e 64 65 78 3a 20 31 30 30 3b 0a 09 09 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0a 09 09 6f 70 61 63 69 74 79 3a 20 30 0a 09 7d 0a 0a 09 2e 70 72 6f 67 72 65 73 73 20 3e 20 69 6d 67 20 7b 0a 09 09 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 0a 09 7d 0a 0a 2e 70 72 6f 67 72 65 73 73 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 38 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 34 70 78 3b 0a 09 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 Data Ascii: 5px;background-color: #0067b8;z-index: 100;border-radius: 50%;opacity: 0}.progress > img {position: absolute}.progress-container {width: 100%;position: relative;margin-top: 48px;margin-bottom: 24px;outline-color: transpa
2023-11-29 23:11:04 UTC	12296	IN	Data Raw: 33 30 30 30 0d 0a 70 61 63 69 74 79 3a 20 31 0a 09 7d 0a 7d 0a 0a 40 2d 6f 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 49 6e 20 7b 0a 09 66 72 6f 6d 20 7b 0a 09 09 6f 70 61 63 69 74 79 3a 20 30 0a 09 7d 0a 0a 09 74 6f 20 7b 0a 09 09 6f 70 61 63 69 74 79 3a 20 31 0a 09 7d 0a 7d 0a 0a 40 2d 6d 6f 7a 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 49 6e 20 7b 0a 09 66 72 6f 6d 20 7b 0a 09 09 6f 70 61 63 69 74 79 3a 20 30 0a 09 7d 0a 0a 09 74 6f 20 7b 0a 09 09 6f 70 61 63 69 74 79 3a 20 31 0a 09 7d 0a 7d 0a 0a 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 49 6e 20 7b 0a 09 66 72 6f 6d 20 7b 0a 09 09 6f 70 61 63 69 74 79 3a 20 30 0a 09 7d 0a 0a 09 74 6f 20 7b 0a 09 09 6f 70 61 63 69 74 79 3a 20 31 0a 09 7d 0a 7d 0a 0a 64 69 76 2e 6c 69 6e Data Ascii: 3000pacity: 1}}@-o-keyframes fadeIn {from {opacity: 0}to {opacity: 1}}@-moz-keyframes fadeIn {from {opacity: 0}to {opacity: 1}}@-webkit-keyframes fadeIn {from {opacity: 0}to {opacity: 1}}div.lin
2023-11-29 23:11:04 UTC	16384	IN	Data Raw: 38 30 30 30 0d 0a 32 62 32 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 0a 09 7d 0a 0a 09 2e 62 75 74 74 6f 6e 2e 73 65 63 6f 6e 64 61 72 79 3a 66 6f 63 75 73 20 7b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 62 32 62 32 62 32 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 0a 09 7d 0a 0a 09 2e 62 75 74 74 6f 6e 2e 73 65 63 6f 6e 64 61 72 79 3a 61 63 74 69 76 65 20 7b 0a 09 09 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a Data Ascii: 80002b2;background-color: rgba(0, 0, 0, 0.3)}.button.secondary:focus {background-color: #b2b2b2;background-color: rgba(0, 0, 0, 0.3);text-decoration: underline;outline: 2px solid #000}.button.secondary:active {outline: none;

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:05 UTC	664	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:05 UTC	753	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 34 33 35 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69 70 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 31 37 20 4a 61 6e 20 32 30 32 30 20 31 39 3a 32 38 3a 33 38 20 47 4d 54 0d 0a 45 54 61 67 3a 20 30 78 38 44 37 39 42 38 33 37 33 43 42 32 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:05 GMTContent-Type: image/svg+xmlContent-Length: 1435Connection: closeCache-Control: public, max-age=31536000Content-Encoding: gzipLast-Modified: Fri, 17 Jan 2020 19:28:38 GMTETag: 0x8D79B8373CB2
2023-11-29 23:11:05 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:05 UTC	673	OUT	GET /shared/1.0/content/images/appbackgrounds/24-small_2b123d90ad518a70d48d8a8e219064d6.jpg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:05 UTC	710	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 6a 70 65 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 35 39 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 31 37 20 4a 61 6e 20 32 30 32 30 20 31 39 3a 32 38 3a 32 38 20 47 4d 54 0d 0a 45 54 61 67 3a 20 30 78 38 44 37 39 42 38 33 36 45 33 31 45 38 41 46 0d 0a 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 62 63 30 31 66 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:05 GMTContent-Type: image/jpegContent-Length: 1594Connection: closeCache-Control: public, max-age=31536000Last-Modified: Fri, 17 Jan 2020 19:28:28 GMTETag: 0x8D79B836E31E8AFx-ms-request-id: bc01f
2023-11-29 23:11:05 UTC	1594	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 1e 00 00 ff e1 03 f8 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*Duckyhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xm

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:05 UTC	667	OUT	GET /shared/1.0/content/images/appbackgrounds/24_be8959e35a7f0fe45bdcee972c541fc2.jpg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:06 UTC	712	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 30 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 6a 70 65 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 38 33 30 35 35 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 31 37 20 4a 61 6e 20 32 30 32 30 20 31 39 3a 32 38 3a 32 39 20 47 4d 54 0d 0a 45 54 61 67 3a 20 30 78 38 44 37 39 42 38 33 36 45 38 42 39 30 33 35 0d 0a 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 33 36 39 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:06 GMTContent-Type: image/jpegContent-Length: 183055Connection: closeCache-Control: public, max-age=31536000Last-Modified: Fri, 17 Jan 2020 19:28:29 GMTETag: 0x8D79B836E8B9035x-ms-request-id: 369
2023-11-29 23:11:06 UTC	15672	IN	Data Raw: ff d8 ff e1 05 ef 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 0c 00 00 01 03 00 01 00 00 00 80 07 00 00 01 01 03 00 01 00 00 00 38 04 00 00 02 01 03 00 03 00 00 00 9e 00 00 00 06 01 03 00 01 00 00 00 02 00 00 00 12 01 03 00 01 00 00 00 01 00 00 00 15 01 03 00 01 00 00 00 03 00 00 00 1a 01 05 00 01 00 00 00 a4 00 00 00 1b 01 05 00 01 00 00 00 ac 00 00 00 28 01 03 00 01 00 00 00 02 00 00 00 31 01 02 00 24 00 00 00 b4 00 00 00 32 01 02 00 14 00 00 00 d8 00 00 00 69 87 04 00 01 00 00 00 ec 00 00 00 24 01 00 00 08 00 08 00 08 00 80 fc 0a 00 10 27 00 00 80 fc 0a 00 10 27 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 43 20 32 30 31 38 20 28 4d 61 63 69 6e 74 6f 73 68 29 00 32 30 31 38 3a 30 38 3a 32 32 20 31 34 3a 33 35 3a 33 38 00 04 00 00 90 07 00 04 Data Ascii: ExifII*8(1$2i$''Adobe Photoshop CC 2018 (Macintosh)2018:08:22 14:35:38
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: d4 df 03 df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e Data Ascii: ^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: 72 b4 39 ac 5d 4e 9b 6a 10 d7 e3 a4 92 26 22 e2 e0 35 c7 e7 d9 14 f6 f3 db 48 61 b9 46 8d c7 15 60 54 8f c8 d0 f4 57 2c 32 c0 e6 39 94 a3 0f 26 04 1f d8 7a 7e f6 d7 4d f5 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee Data Ascii: r9]Nj&"5HaF`TW,29&z~M~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:06 UTC	16384	IN	Data Raw: f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af ff d6 df 03 df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e Data Ascii: u{{^u{{^u{{^u{{^u{{^u{{^u{{^u{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:07 UTC	650	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:07 UTC	712	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 30 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 37 31 37 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 75 6e 2c 20 31 38 20 4f 63 74 20 32 30 32 30 20 30 33 3a 30 32 3a 30 33 20 47 4d 54 0d 0a 45 54 61 67 3a 20 30 78 38 44 38 37 33 31 32 33 30 43 38 35 31 41 36 0d 0a 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 35 37 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:07 GMTContent-Type: image/x-iconContent-Length: 17174Connection: closeCache-Control: public, max-age=31536000Last-Modified: Sun, 18 Oct 2020 03:02:03 GMTETag: 0x8D8731230C851A6x-ms-request-id: 57
2023-11-29 23:11:07 UTC	15672	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2023-11-29 23:11:07 UTC	1502	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: {L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:07 UTC	421	OUT	GET /shared/1.0/content/images/appbackgrounds/24_be8959e35a7f0fe45bdcee972c541fc2.jpg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:08 UTC	711	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 30 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 6a 70 65 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 38 33 30 35 35 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 31 37 20 4a 61 6e 20 32 30 32 30 20 31 39 3a 32 38 3a 32 39 20 47 4d 54 0d 0a 45 54 61 67 3a 20 30 78 38 44 37 39 42 38 33 36 45 38 42 39 30 33 35 0d 0a 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 33 36 39 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:07 GMTContent-Type: image/jpegContent-Length: 183055Connection: closeCache-Control: public, max-age=31536000Last-Modified: Fri, 17 Jan 2020 19:28:29 GMTETag: 0x8D79B836E8B9035x-ms-request-id: 369
2023-11-29 23:11:08 UTC	15673	IN	Data Raw: ff d8 ff e1 05 ef 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 0c 00 00 01 03 00 01 00 00 00 80 07 00 00 01 01 03 00 01 00 00 00 38 04 00 00 02 01 03 00 03 00 00 00 9e 00 00 00 06 01 03 00 01 00 00 00 02 00 00 00 12 01 03 00 01 00 00 00 01 00 00 00 15 01 03 00 01 00 00 00 03 00 00 00 1a 01 05 00 01 00 00 00 a4 00 00 00 1b 01 05 00 01 00 00 00 ac 00 00 00 28 01 03 00 01 00 00 00 02 00 00 00 31 01 02 00 24 00 00 00 b4 00 00 00 32 01 02 00 14 00 00 00 d8 00 00 00 69 87 04 00 01 00 00 00 ec 00 00 00 24 01 00 00 08 00 08 00 08 00 80 fc 0a 00 10 27 00 00 80 fc 0a 00 10 27 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 43 20 32 30 31 38 20 28 4d 61 63 69 6e 74 6f 73 68 29 00 32 30 31 38 3a 30 38 3a 32 32 20 31 34 3a 33 35 3a 33 38 00 04 00 00 90 07 00 04 Data Ascii: ExifII*8(1$2i$''Adobe Photoshop CC 2018 (Macintosh)2018:08:22 14:35:38
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 Data Ascii: u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: df 03 df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb Data Ascii: ^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: b4 39 ac 5d 4e 9b 6a 10 d7 e3 a4 92 26 22 e2 e0 35 c7 e7 d9 14 f6 f3 db 48 61 b9 46 8d c7 15 60 54 8f c8 d0 f4 57 2c 32 c0 e6 39 94 a3 0f 26 04 1f d8 7a 7e f6 d7 4d f5 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd Data Ascii: 9]Nj&"5HaF`TW,29&z~M~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^
2023-11-29 23:11:08 UTC	16384	IN	Data Raw: bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af ff d6 df 03 df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 Data Ascii: u{{^u{{^u{{^u{{^u{{^u{{^u{{^u{^u~{^u~{^u~{^u~{^u~{^u~{^u~{^

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:07 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-29 23:11:08 UTC	436	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-29 23:11:08 UTC	805	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 53 65 72 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modified: Tue, 16 May 2017 22:58:00 GMTSer
2023-11-29 23:11:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:20 UTC	902	OUT	GET /Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:21 UTC	758	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 30 30 32 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 31 65 36 36 39 39 65 32 63 61 36 38 31 33 36 66 33 34 65 63 63 34 31 32 36 38 30 39 3b 50 61 74 68 3d 2f 3b 48 74 74 70 4f 6e 6c 79 3b 53 65 63 75 72 65 3b 44 6f 6d 61 69 6e 3d Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 10027Connection: closeSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a81e6699e2ca68136f34ecc4126809;Path=/;HttpOnly;Secure;Domain=
2023-11-29 23:11:21 UTC	10027	IN	Data Raw: 0a 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6f 70 73 20 2d 20 59 6f 75 20 68 61 76 65 20 62 65 65 6e 20 70 68 69 73 68 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 Data Ascii: <html lang="en"><head> <title>Oops - You have been phished</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex"> <link rel="preconnect" href="htt

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:20 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkFoxLmAV+HUe+V&MD=M3e3nPrB HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-29 23:11:21 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 64 61 38 30 38 33 33 35 2d 32 33 35 64 2d 34 32 32 38 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: da808335-235d-4228-
2023-11-29 23:11:21 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-29 23:11:21 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:21 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2483 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1701299449031&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2023-11-29 23:11:21 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2023-11-29 23:11:21 UTC	2482	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2023-11-29 23:11:21 UTC	476	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 34 20 4e 6f 20 43 6f 6e 74 65 6e 74 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 70 74 2d 43 48 3a 20 53 65 63 2d 43 48 2d 55 41 2d 41 72 63 68 2c 20 53 65 63 2d 43 48 2d 55 41 2d 42 69 74 6e 65 73 73 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2d 4c 69 73 74 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 62 69 6c 65 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 64 65 6c 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2d 56 65 72 73 69 6f 6e 0d 0a 58 2d 4d 53 45 64 67 65 2d 52 65 66 3a 20 52 65 Data Ascii: HTTP/1.1 204 No ContentAccess-Control-Allow-Origin: *Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Re

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Windows Analysis Report
https://www.365-authentication.com//Login/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:21 UTC	848	OUT	GET /Resources/css/cfc/education-styles.css?v=1.0 HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:21 UTC	813	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 63 73 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 32 30 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 31 64 39 66 38 31 66 31 31 32 64 37 30 63 32 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 36 3a 33 33 3a 35 30 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 31 65 36 36 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:21 GMTContent-Type: text/cssContent-Length: 11202Connection: closeETag: "1d9f81f112d70c2"Last-Modified: Fri, 06 Oct 2023 06:33:50 GMTSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a81e66
2023-11-29 23:11:21 UTC	11202	IN	Data Raw: ef bb bf 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 2d 2d 64 65 66 61 75 6c 74 2d 66 6f 6e 74 2d 63 6f 6c 6f 72 3a 20 23 30 31 34 31 36 64 3b 0a 20 20 20 20 2d 2d 62 72 61 6e 64 2d 73 75 62 2d 74 69 74 6c 65 2d 63 6f 6c 6f 75 72 3a 20 23 31 34 39 62 64 37 3b 0a 20 20 20 20 2d 2d 64 65 66 61 75 6c 74 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4d 6f 6e 74 73 65 72 72 61 74 27 3b 0a 20 20 20 20 2d 2d 62 72 61 6e 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 61 72 28 2d 2d 64 65 66 61 75 6c 74 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 29 3b 0a 20 20 20 20 2d 2d 62 72 61 6e 64 2d 6e 6f 6e 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 61 72 28 2d 2d 64 65 66 61 75 6c 74 Data Ascii: :root { --white: #ffffff; --default-font-color: #01416d; --brand-sub-title-colour: #149bd7; --default-font-family: 'Montserrat'; --brand-title-font-family: var(--default-font-family); --brand-non-title-font-family: var(--default

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:21 UTC	872	OUT	GET /Resources/cfc/logo.svg HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:22 UTC	817	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 38 37 39 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 31 64 39 66 38 31 66 31 31 32 64 35 30 33 66 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 36 3a 33 33 3a 35 30 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:22 GMTContent-Type: image/svg+xmlContent-Length: 2879Connection: closeETag: "1d9f81f112d503f"Last-Modified: Fri, 06 Oct 2023 06:33:50 GMTSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a8
2023-11-29 23:11:22 UTC	2879	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 31 33 34 22 20 68 65 69 67 68 74 3d 22 35 33 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 33 34 20 35 33 22 3e 3c 64 65 66 73 3e 3c 70 61 74 68 20 69 64 3d 22 63 22 20 64 3d 22 4d 34 32 36 2e 35 37 20 37 31 2e 38 63 32 2e 34 2d 37 2e 34 33 2d 2e 38 35 2d 31 35 2e 36 39 2d 36 2e 37 39 2d 32 30 2e 32 35 2d 2e 31 38 20 31 2e 31 34 2d 2e 34 20 32 2e 32 36 2d 2e 36 34 20 33 2e 33 37 2d 32 2e 33 20 31 30 2e 34 33 2d 38 2e 37 36 20 32 32 2e 30 38 2d 32 30 2e 35 36 20 32 32 2e 37 36 61 31 36 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="134" height="53" viewBox="0 0 134 53"><defs><path id="c" d="M426.57 71.8c2.4-7.43-.85-15.69-6.79-20.25-.18 1.14-.4 2.26-.64 3.37-2.3 10.43-8.76 22.08-20.56 22.76a16.

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:21 UTC	883	OUT	GET /Resources/cfc/section-1-image.png HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:22 UTC	814	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 70 6e 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 35 35 38 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 31 64 39 66 38 31 66 31 31 32 64 64 31 66 65 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 36 3a 33 33 3a 35 30 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 31 65 36 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:22 GMTContent-Type: image/pngContent-Length: 35582Connection: closeETag: "1d9f81f112dd1fe"Last-Modified: Fri, 06 Oct 2023 06:33:50 GMTSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a81e6
2023-11-29 23:11:22 UTC	7901	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 00 dc 08 06 00 00 00 1b 5a cf 81 00 00 01 84 69 43 43 50 49 43 43 20 70 72 6f 66 69 6c 65 00 00 28 91 7d 91 3d 48 c3 40 1c c5 5f 53 a5 52 2a 22 76 10 71 c8 50 9d 2c 88 8a e8 26 55 2c 82 85 d2 56 68 d5 c1 e4 d2 2f 68 d2 90 a4 b8 38 0a ae 05 07 3f 16 ab 0e 2e ce ba 3a b8 0a 82 e0 07 88 9b 9b 93 a2 8b 94 f8 bf a4 d0 22 c6 83 e3 7e bc bb f7 b8 7b 07 08 8d 0a 53 cd ae 71 40 d5 2c 23 15 8f 89 d9 dc aa 18 78 45 00 21 04 d1 8f 59 89 99 7a 22 bd 98 81 e7 f8 ba 87 8f af 77 51 9e e5 7d ee cf d1 ab e4 4d 06 f8 44 e2 39 a6 1b 16 f1 06 f1 f4 a6 a5 73 de 27 0e b3 92 a4 10 9f 13 8f 19 74 41 e2 47 ae cb 2e bf 71 2e 3a 2c f0 cc b0 91 49 cd 13 87 89 c5 62 07 cb 1d cc 4a 86 4a 3c 45 1c 51 54 8d f2 85 ac cb 0a Data Ascii: PNGIHDRZiCCPICC profile(}=H@_SR*"vqP,&U,Vh/h8?.:"~{Sq@,#xE!Yz"wQ}MD9s'tAG.q.:,IbJJ<EQT
2023-11-29 23:11:22 UTC	8192	IN	Data Raw: f7 c5 3a 32 45 75 e7 51 85 3c 49 c1 c3 da e4 fa 32 97 02 90 16 7d 62 9a ea d3 bb f0 d6 39 0a 5f 64 53 97 8a 9c bf 76 1f 3a 6c 52 7b ff 79 4c 14 ad 08 12 6b 34 b5 da 3c 42 78 4b f2 e9 19 15 d0 93 2d 92 18 4d a5 5e 03 63 49 ce d6 98 fe c9 6e fc 91 12 5e 29 47 d0 fb fb 4f e7 59 d5 16 2e 99 98 a7 fa ca db cc ff f0 57 34 5f 3e 81 be d0 70 47 44 28 f0 1e 1c a5 f8 ef bf 45 ee a1 1d 78 83 3d c4 93 73 54 9e de 45 f5 27 af 12 ef 1e 5b 71 e0 df e7 e6 05 9b 04 79 5b 3f a9 3b 36 b8 19 da 1d fd 8c 21 3a 7d 01 7d 7c d2 0d 6c ec 4b e1 f5 f5 a1 fa 8a ae 31 b3 c3 53 36 99 9c 23 7e e7 8c a3 ca 01 02 c8 fe 9b 9d e4 ee b9 1d af b7 d8 d9 7d 11 6e c6 38 ca 0d 8f 64 35 d4 73 4b 81 2d c7 c4 07 ce 50 7b 66 0f ad 53 e7 2e 1d 42 52 e0 0d f5 90 bb ff 0e 32 7f fd 20 e4 3e 99 1c 4b e2 Data Ascii: :2EuQ<I2}b9_dSv:lR{yLk4<BxK-M^cIn^)GOY.W4_>pGD(Ex=sTE'[qy[?;6!:}}\|lK1S6#~}n8d5sK-P{fS.BR2 >K
2023-11-29 23:11:22 UTC	15376	IN	Data Raw: f0 5e ee c5 2b b7 6e 3d 8f 91 0a b9 ba 66 1d 08 f4 f6 5f 20 1c 07 c7 6f 6c a7 60 0d 83 f6 56 30 91 2a c6 f4 09 ca 03 fd b8 fe f6 a8 61 df 80 53 71 4c fd c2 0d d4 c4 1a 14 c0 a9 fa 78 83 d9 ee ed 0a e2 e9 bb a4 9f 4c c1 93 04 9c 23 6c 5e 52 f0 20 cc 1e 2d 96 d6 37 3e d1 fb fb 98 59 45 d0 3f 3b 82 9b 2f ee 6a 6e 00 64 34 ac e9 25 d4 e2 aa 1d b4 68 c0 3f 3f 80 df dd b1 3b 77 af ad 9c 44 13 4f ce a0 be 5c 84 a2 03 1b 06 a7 a7 4c 70 72 08 a7 94 db f5 09 27 04 a8 6a 95 f8 e2 6d 58 df 6c fc 3a 78 e3 3d f8 43 5d 0d 1c 86 1b 9c b6 95 c8 ce 42 58 5a b3 55 e7 82 35 2f b2 65 3e 1b 9e e1 3a f6 9f 39 8e fd 7b 21 76 7e de cd 01 19 da 58 0f 4d 9d 79 a3 68 63 1f cb 98 4d 6d cc 2e 5f 96 c1 3b dd 6f c7 3d 6f ca 71 a2 14 b9 be 8e fc 64 09 da d8 e1 84 f3 b7 57 27 8d b6 60 db Data Ascii: ^+n=f_ ol`V0*aSqLxL#l^R -7>YE?;/jnd4%h??;wDO\Lpr'jmXl:x=C]BXZU5/e>:9{!v~XMyhcMm._;o=oqdW'`
2023-11-29 23:11:22 UTC	4113	IN	Data Raw: 4d ee e2 d7 1a 6c 06 51 c8 91 fb 6f 9f a5 f8 ce 79 c2 23 03 b6 0a 99 f1 56 d5 f2 3a f5 4f ae 53 fb dd 67 24 1f de c6 cc d7 76 34 df fd 0a 17 b2 41 23 1b 20 c9 ca fd f5 8c 9e f5 d8 8d 6c a3 88 5b 2b 14 ff e6 04 47 7f fe 1e ff 7f 7b 67 d6 23 c7 75 9e e1 e7 2c 55 bd cd ce 65 86 9c a1 24 2e 16 4d da 91 44 c9 a2 25 81 12 45 6d 96 0c 33 41 02 23 17 c9 45 ee f3 6b 8c 04 f9 03 b9 ca 5d e0 40 09 12 49 80 11 44 80 60 21 b2 42 50 9b 4d 71 d1 0c 67 e1 cc f4 5e d5 b5 9f 93 8b 53 3d dc 66 14 c7 1c 59 14 d9 05 b4 9a 84 2e 9a 3d 3d 4f 7f 5f 7d df 7b de 77 fe 89 27 19 df 3f eb 5a c8 87 ec fa 46 b6 89 42 2b 2a 8f 1e 20 79 62 9e fc 7a 0b 3b 9c ee 16 86 f4 bf af 30 98 1c a7 56 18 d4 d4 18 b2 e6 2c 0b d8 ca f1 b6 5b 1a 40 39 56 85 32 7c 7d eb ca 72 4c 94 62 a3 04 13 25 98 38 Data Ascii: MlQoy#V:OSg$v4A# l[+G{g#u,Ue$.MD%Em3A#Ek]@ID`!BPMqg^S=fY.==O_}{w'?ZFB+* ybz;0V,[@9V2\|}rLb%8

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:21 UTC	879	OUT	GET /Resources/cfc/google-quiz.png HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:22 UTC	814	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 70 6e 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 38 32 32 34 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 31 64 39 66 38 31 66 31 31 32 63 31 61 34 31 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 36 3a 33 33 3a 35 30 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 31 65 36 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:22 GMTContent-Type: image/pngContent-Length: 82241Connection: closeETag: "1d9f81f112c1a41"Last-Modified: Fri, 06 Oct 2023 06:33:50 GMTSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a81e6
2023-11-29 23:11:22 UTC	15570	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 53 00 00 01 ea 08 06 00 00 00 20 6c cb c8 00 00 01 84 69 43 43 50 49 43 43 20 70 72 6f 66 69 6c 65 00 00 28 91 7d 91 3d 48 c3 40 1c c5 5f 53 a5 22 2d 0e 46 10 71 c8 50 9d 2c 88 8a e8 26 55 2c 82 85 d2 56 68 d5 c1 e4 d2 2f 68 d2 90 b4 b8 38 0a ae 05 07 3f 16 ab 0e 2e ce ba 3a b8 0a 82 e0 07 88 9b 9b 93 a2 8b 94 f8 bf a4 d0 22 c6 83 e3 7e bc bb f7 b8 7b 07 08 8d 32 d3 ac ae 71 40 d3 ab 66 32 16 95 32 d9 55 29 f0 8a 00 42 18 80 88 59 99 59 46 3c b5 98 86 e7 f8 ba 87 8f af 77 11 9e e5 7d ee cf 11 52 73 16 03 7c 12 f1 1c 33 cc 2a f1 06 f1 f4 66 d5 e0 bc 4f 2c b2 a2 ac 12 9f 13 8f 99 74 41 e2 47 ae 2b 2e bf 71 2e 38 2c f0 4c d1 4c 27 e7 89 45 62 a9 d0 c1 4a 07 b3 a2 a9 11 4f 11 87 55 4d a7 7c 21 e3 b2 ca Data Ascii: PNGIHDRS liCCPICC profile(}=H@_S"-FqP,&U,Vh/h8?.:"~{2q@f22U)BYYF<w}Rs\|3*fO,tAG+.q.8,LL'EbJOUM\|!
2023-11-29 23:11:22 UTC	814	IN	Data Raw: b0 a2 ba 9b 89 7b 22 46 75 c2 d0 49 93 9f 06 30 4f 1b 2c c4 8d 23 4c 7a 2a 47 e5 fa 38 59 39 39 86 3c 01 d9 16 17 cb 32 73 a8 ee 3c 11 47 1f c2 52 22 24 29 1b c1 19 f0 32 26 48 37 48 c0 10 94 ed b4 9f 84 17 2a 87 97 78 c2 6d 4e f2 7e 4a c8 0f 95 52 15 0a 3c 3d cd a1 76 99 4e f3 4d da aa a3 b2 93 bc e8 14 06 88 e2 02 ad 69 b7 3f ad 3a 39 61 93 81 8e 82 f2 05 d6 07 9d dd 9f 2e 20 e3 09 f4 8b 27 20 4f 3c c3 7a 9c 35 9f e3 d4 e9 99 d4 69 c1 24 72 37 76 8d 20 c0 32 00 29 33 3a cc 95 d5 9c 4a 9a 7c 52 cd dd 97 a4 7a 7b 12 e0 a5 13 46 92 34 cc 66 e4 1e b7 8f a3 bc 62 c7 e9 86 89 8f 96 93 99 4e 00 7a 9a f5 4f e2 4e 5e d3 9e 44 39 a5 7e 67 1d 30 4c 33 c6 9f 49 2c e2 17 0d 74 ab 06 99 ea e8 03 4d 98 1f 49 eb 8e cc f2 98 5d 96 cd 1b a5 78 7d 54 0d 9a 94 02 a0 19 80 Data Ascii: {"FuI0O,#LzG8Y99<2s<GR"$)2&H7HxmN~JR<=vNMi?:9a. ' O<z5i$r7v 2)3:J\|Rz{F4fbNzON^D9~g0L3I,tMI]x}T
2023-11-29 23:11:22 UTC	16384	IN	Data Raw: 60 5b 12 13 77 d0 0e 41 27 4e 24 cd 60 f5 b4 dc 04 d3 5c bc 92 ee 1a 54 77 0c 69 ef fa d3 9e b4 a7 99 d5 3b ed b2 0b 69 65 3b 4f 2a 1f 34 a1 f1 c8 22 4b f9 65 29 88 3c 6b 7d c8 22 49 e8 18 a0 20 02 2c 29 00 f2 31 46 84 6d ba b3 4a 60 aa ba 06 4d 2b 37 57 d0 c2 1d c5 a3 34 92 6f 26 d1 c5 08 b7 fa 29 be e5 cc 32 a0 0f dc 7c 62 aa 0a a5 c3 58 0a 41 fa e3 c9 e7 92 ee b8 a3 52 e8 ab 80 bb 59 a4 a8 a3 e4 17 75 77 8e 88 71 9f f6 ae 85 53 d2 07 55 4b 0c 21 3d 6b 67 58 20 31 cd a8 2c 5c 44 10 42 19 c8 6b da fa 40 33 c0 57 45 d0 3c 08 3c 57 de fc 45 6d 4e 74 36 ed 49 f4 22 28 cd 09 c5 d0 57 15 7e 87 59 82 54 b3 ce 4f 62 1e 88 99 07 8d 27 a0 cb ae eb 4e 06 4c b9 83 7e 24 8d ad d1 49 95 1f 35 e9 c7 cd d7 c4 0a 02 98 d5 a4 94 86 cb 83 03 26 8f 34 4f a2 4d 0a 68 fb ed Data Ascii: `[wA'N$`\Twi;ie;O*4"Ke)<k}"I ,)1FmJ`M+7W4o&)2\|bXARYuwqSUK!=kgX 1,\DBk@3WE<<WEmNt6I"(W~YTOb'NL~$I5&4OMh
2023-11-29 23:11:22 UTC	12288	IN	Data Raw: cc ac d6 1e c6 26 4e cd 5c e2 c7 2a 3c 76 7b 92 6e 86 fb 36 f3 9a 3c b4 f2 51 da c3 8a 03 35 62 53 a1 c7 9d fa 2f ca 31 74 16 a7 f1 e7 aa 03 d5 d6 62 7a dc c1 be 55 65 a8 02 36 13 e2 d5 56 75 b5 da c6 0e 4a c8 50 61 ca bf ce 78 df 3d 9e 49 de e2 5e f3 45 6e 46 df e2 76 f3 65 d6 cd 14 0d 5b 70 30 f9 a0 aa 91 56 34 d8 f6 7e 67 5b b8 8d 83 c6 a6 ed c2 3a 20 c7 64 d2 76 a9 5a c8 d7 dc 9b 0f 8e 17 df fd 7d d6 3d eb 24 6c d3 2e db d3 ad 49 fe 49 01 ca 76 d9 b2 c3 c6 0d 07 2c f6 dd 30 a3 6d 15 00 49 87 ef 45 ab 06 b3 bd 04 ed dd d0 93 ea 14 78 1d 27 74 dd ad 71 7f d4 73 6a 37 ac d1 ce 02 d2 71 3f b9 6a da ac 57 65 58 cf 33 e8 2d 31 14 2c 31 a2 67 f9 eb 77 16 18 2b ac f2 17 3f d8 a0 df 2f d2 a7 8b 0c f9 ab 64 3c c3 e7 77 36 78 ff e7 86 5c d4 c7 bf f9 97 17 f9 de Data Ascii: &N\*<v{n6<Q5bS/1tbzUe6VuJPax=I^EnFve[p0V4~g[: dvZ}=$l.IIv,0mIEx'tqsj7q?jWeX3-1,1gw+?/d<w6x\
2023-11-29 23:11:22 UTC	16384	IN	Data Raw: 2a a3 e7 88 4a 4d e2 ea a8 4d e7 69 43 50 aa 61 54 4e da 6d 51 1b 39 87 1f 55 41 08 c2 72 03 2f 29 83 d1 38 6e 84 90 82 91 73 af 22 5d 9f ac dc c4 8b ca 64 9d 16 06 8d 1f 5a ed bd f6 c6 02 7e 54 21 4c 2a b4 56 1f 30 7a e1 6b 24 d5 61 84 e7 93 d4 27 08 92 0a 5e 18 15 9c 2b 1a 29 1d c6 2e be c9 e6 f2 3d 82 a4 61 d3 9f 9d 0d 94 36 b8 42 32 7e f9 9b e8 bc 83 33 ea d3 6b af b3 55 a9 53 6a 4c 10 24 0d c2 b8 82 56 8a d6 e2 5d c2 f2 10 d5 89 8b 84 49 9d e1 f3 af 63 74 0f 2f aa e3 b8 2e 61 a5 61 bd 5f d7 47 38 0e d2 f1 b7 c5 2a 84 24 2a 37 28 0f 4f e3 f9 11 ae 9f 58 92 4f a3 71 fc 98 e1 e9 97 91 5e 68 25 64 9a 13 54 86 a7 f1 e2 84 ac d3 46 ab 2e 35 2f c6 f1 23 fc d0 8a 1e 37 a7 ae da 14 69 da 46 20 2d 79 aa 74 90 4e 00 48 ab c7 57 68 e9 09 69 d9 e0 3d 3f 62 f4 fc Data Ascii: JMMiCPaTNmQ9UAr/)8ns"]dZ~T!LV0zk$a'^+).=a6B2~3kUSjL$V]Ict/.aa_G8$7(OXOq^h%dTF.5/#7iF -ytNHWhi=?b
2023-11-29 23:11:22 UTC	16384	IN	Data Raw: 0a 5c 50 80 0e 69 cb ee 21 a5 3d 91 ca 8e 96 0c 6f 64 9d 29 8e 44 fa 92 03 c5 07 41 4b ee 86 9b 02 40 b5 14 2f 09 99 8a 23 84 86 57 7c b3 2d 98 d6 a7 56 4b 4c 3a ad cf ba fa 16 f8 63 0f 61 a7 4c 02 de 74 30 69 83 d8 b6 36 23 31 3d 78 42 c1 98 cf 3c 49 20 0f 5a 85 06 7d fb d0 b5 fd 86 02 c7 46 0d 73 d7 2c f8 16 63 a4 b5 f5 66 5c ba 3e 25 5c 39 00 37 31 33 23 de eb c1 42 63 ab 29 6c 62 99 de 97 f4 6b 94 ca 2b 23 9d e7 3a a4 e5 84 76 5c 60 ec 3b b5 6b 7d ad 3d 98 d2 8e 83 92 16 f0 93 82 a6 90 6f c4 6c b6 94 c9 43 18 ce 77 dd 7d ba 99 37 81 62 4e 20 80 21 cd 40 43 ac 7f 16 ae 49 ac e5 23 1d 73 8a 8c 56 6e 59 47 9f fd 5b 16 f8 2a 69 08 a9 b5 47 92 71 6a 66 f0 c6 ea 36 0e fc 76 13 50 51 1a ab 43 0b 58 f0 05 c8 2d df 64 00 75 3d 45 3d d9 6f 7f 47 8a 96 2c b1 b5 Data Ascii: \Pi!=od)DAK@/#W\|-VKL:caLt0i6#1=xB<I Z}Fs,cf\>%\9713#Bc)lbk+#:v\`;k}=olCw}7bN !@CI#sVnYG[*iGqjf6vPQCX-du=E=oG,
2023-11-29 23:11:22 UTC	4417	IN	Data Raw: cb 57 ae da 62 18 19 19 98 32 32 32 d2 a4 cb 97 2f 63 f7 f6 3e c6 e3 3d d4 cc e6 9d da 50 2a 9c 03 39 87 cb 97 2e d9 62 18 19 19 98 32 32 32 d2 a4 0f 3e b8 84 bd fd db 18 4f 26 e0 8a c1 a8 e7 ce 29 c3 54 9b 41 8b 46 c7 e4 0a 14 05 e1 c6 cd 5b b8 7c e5 ca 6f 3e fc d0 43 ff c2 16 c7 c8 c8 c0 94 91 91 51 24 bd ff fe fb fc db ff fa f7 b0 bf b7 87 69 55 81 ab 0a 8c 79 39 a2 1a 56 93 68 13 c8 c1 cd bb c9 38 87 c2 39 ec 0f f6 70 e9 e2 95 7f 0e c0 c0 94 91 91 81 29 23 23 a3 58 ba 76 ed 06 66 93 29 66 cc e0 aa 42 55 57 a8 2b be 7b dd 67 2e aa f5 26 22 10 11 9c 23 14 ec 00 2a 31 9e 4c 71 f1 d2 05 5b 1b 23 23 03 53 46 46 46 1a 74 f1 ca 15 00 80 03 a1 c6 1c 44 55 5c a3 ae 19 a8 eb 3b 17 7e 46 6b 4a 0e 04 38 07 c6 1c 50 81 19 00 e3 f2 55 0b 42 37 32 32 30 65 64 64 a4 Data Ascii: Wb222/c>=P9.b222>O&)TAF[\|o>CQ$iUy9Vh89p)##Xvf)fBUW+{g.&"#1Lq[##SFFFtDU\;~FkJ8PUB7220edd

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:22 UTC	573	OUT	GET /Resources/cfc/logo.svg HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:23 UTC	817	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 38 37 39 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 31 64 39 66 38 31 66 31 31 32 64 35 30 33 66 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 36 3a 33 33 3a 35 30 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:23 GMTContent-Type: image/svg+xmlContent-Length: 2879Connection: closeETag: "1d9f81f112d503f"Last-Modified: Fri, 06 Oct 2023 06:33:50 GMTSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a8
2023-11-29 23:11:23 UTC	2879	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 31 33 34 22 20 68 65 69 67 68 74 3d 22 35 33 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 33 34 20 35 33 22 3e 3c 64 65 66 73 3e 3c 70 61 74 68 20 69 64 3d 22 63 22 20 64 3d 22 4d 34 32 36 2e 35 37 20 37 31 2e 38 63 32 2e 34 2d 37 2e 34 33 2d 2e 38 35 2d 31 35 2e 36 39 2d 36 2e 37 39 2d 32 30 2e 32 35 2d 2e 31 38 20 31 2e 31 34 2d 2e 34 20 32 2e 32 36 2d 2e 36 34 20 33 2e 33 37 2d 32 2e 33 20 31 30 2e 34 33 2d 38 2e 37 36 20 32 32 2e 30 38 2d 32 30 2e 35 36 20 32 32 2e 37 36 61 31 36 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="134" height="53" viewBox="0 0 134 53"><defs><path id="c" d="M426.57 71.8c2.4-7.43-.85-15.69-6.79-20.25-.18 1.14-.4 2.26-.64 3.37-2.3 10.43-8.76 22.08-20.56 22.76a16.

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:22 UTC	861	OUT	GET /favicon.ico HTTP/1.1 Host: www.365-authentication.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.365-authentication.com/Educational/c?c=80500d85-189c-4c2b-b755-3fc2a76c9842 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8ASa-m-HrrBNma7aZqKSb7DHDkjvJODwK27N2JZGRKsLAITPByRClzkRQlpdc3Y80ATDcnZ22M9198-4MhndMM-k6zLOxLrrvlFv1D1DOlSDcrhqefmqNluqFfivCRwJFt8YmedDv4JJ-jaMFuC8x2w
2023-11-29 23:11:23 UTC	816	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 32 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 34 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 31 64 39 66 38 31 66 31 31 32 64 35 32 39 65 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 36 3a 33 33 3a 35 30 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 41 52 52 41 66 66 69 6e 69 74 79 3d 64 64 38 30 30 39 36 35 62 61 37 39 64 63 62 34 63 30 31 63 62 37 61 64 35 36 63 32 39 36 34 34 62 35 61 38 31 Data Ascii: HTTP/1.1 200 OKDate: Wed, 29 Nov 2023 23:11:23 GMTContent-Type: image/x-iconContent-Length: 2462Connection: closeETag: "1d9f81f112d529e"Last-Modified: Fri, 06 Oct 2023 06:33:50 GMTSet-Cookie: ARRAffinity=dd800965ba79dcb4c01cb7ad56c29644b5a81
2023-11-29 23:11:23 UTC	2462	IN	Data Raw: 00 00 01 00 01 00 18 18 00 00 01 00 20 00 88 09 00 00 16 00 00 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 20 00 00 00 00 00 00 09 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 df c7 70 20 e1 c6 6d 8f e2 c6 6d bf e1 c5 6e df e1 c5 6e df e2 c6 6d bf e1 c5 6d 9f e1 c6 6c 6f df c5 6a 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e2 c5 6e 4f e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c5 6d ff e1 c4 6d ef e1 c6 6d 8f df c3 6c 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: (0 p mmnnmmloj0nOmmmmmmmmmmml@

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:38 UTC	650	OUT	GET / HTTP/1.1 Host: phishingquiz.withgoogle.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:39 UTC	439	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 69 6e 6c 69 6e 65 3b 20 66 69 6c 65 6e 61 6d 65 3d 69 6e 64 65 78 5f 5f 65 6e 2e 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 32 34 20 41 75 67 20 32 30 32 33 20 31 33 3a 31 30 3a 35 38 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 45 54 61 67 3a 20 22 31 36 39 32 38 38 32 36 35 38 2e 30 2d 33 36 31 36 2d 31 34 37 36 39 32 37 36 32 30 22 0d 0a 58 2d 43 6c 6f 75 64 2d 54 72 61 63 65 2d 43 6f 6e 74 65 78 74 3a 20 37 35 31 34 34 65 62 62 64 63 35 37 Data Ascii: HTTP/1.1 200 OKContent-Disposition: inline; filename=index__en.htmlContent-Type: text/html; charset=utf-8Last-Modified: Thu, 24 Aug 2023 13:10:58 GMTCache-Control: no-cacheETag: "1692882658.0-3616-1476927620"X-Cloud-Trace-Context: 75144ebbdc57
2023-11-29 23:11:39 UTC	813	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 54 61 6b 65 20 4a 69 67 73 61 77 26 23 33 39 3b 73 20 50 68 69 73 68 69 6e 67 20 51 75 69 7a 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="no-referrer"><meta name="viewport" content="width=device-width, initial-scale=1"><meta property="og:title" content="Take Jigsaw's Phishing Quiz"><meta property="
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 61 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 47 42 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 3a 61 6c 74 65 72 6e 61 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 3a 61 6c 74 65 72 6e 61 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 73 5f 45 53 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 3a 61 6c 74 65 72 6e 61 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 73 5f 4c 41 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 3a 61 6c 74 65 72 6e 61 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 66 61 5f 49 52 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 Data Ascii: ate" content="en_GB"><meta property="og:locale:alternate" content="en_US"><meta property="og:locale:alternate" content="es_ES"><meta property="og:locale:alternate" content="es_LA"><meta property="og:locale:alternate" content="fa_IR"><meta property="og:loc
2023-11-29 23:11:39 UTC	1039	IN	Data Raw: 65 66 3d 22 2f 22 3e 3c 74 69 74 6c 65 3e 4a 69 67 73 61 77 20 7c 20 50 68 69 73 68 69 6e 67 20 51 75 69 7a 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 6c 75 65 2f 63 6f 6f 6b 69 65 6e 6f 74 69 66 69 63 61 74 69 6f 6e 62 61 72 2f 63 6f 6f 6b 69 65 6e 6f 74 69 66 69 63 61 74 69 6f 6e 62 61 72 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 20 53 61 6e 73 3a 34 30 30 2c 35 30 30 7c 4f 76 65 72 70 61 73 73 2b 4d 6f 6e 6f 3a 33 30 30 2c 34 30 30 7c 52 6f 62 6f 74 6f 3a 33 Data Ascii: ef="/"><title>Jigsaw \| Phishing Quiz</title><link href="https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css" rel="stylesheet"><link href="https://fonts.googleapis.com/css?family=Open Sans:400,500\|Overpass+Mono:300,400\|Roboto:3
2023-11-29 23:11:39 UTC	512	IN	Data Raw: 61 64 69 6e 67 2e 2e 2e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 2f 61 70 70 2d 72 6f 6f 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 61 70 70 5f 62 75 6e 64 6c 65 5f 5f 65 6e 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 70 20 63 6c 61 73 73 3d 22 69 6e 63 6f 6d 70 61 74 69 62 6c 65 22 3e 49 74 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 79 6f 75 20 68 61 76 65 20 4a 61 76 61 53 63 72 69 70 74 20 64 69 73 61 62 6c 65 64 2e 20 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 74 74 69 6e 67 73 2e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 67 6c 75 65 2d 63 6f 6f Data Ascii: ading...</h1></div></app-root><script src="/app_bundle__en.js" async defer></script><noscript><p class="incompatible">It looks like you have JavaScript disabled. Please enable JavaScript in your browser settings.</p></noscript></body><script data-glue-coo

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:39 UTC	529	OUT	GET /common/theme/styles.css HTTP/1.1 Host: phishingquiz.withgoogle.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:39 UTC	307	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 63 73 73 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 32 34 20 41 75 67 20 32 30 32 33 20 31 33 3a 31 30 3a 35 38 20 47 4d 54 0d 0a 58 2d 43 6c 6f 75 64 2d 54 72 61 63 65 2d 43 6f 6e 74 65 78 74 3a 20 36 36 39 66 30 35 36 61 35 35 36 61 64 36 34 34 30 31 63 39 64 34 36 31 33 33 62 37 34 65 61 34 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 33 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 47 6f 6f 67 6c 65 20 46 72 6f 6e 74 65 6e 64 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 38 32 33 36 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 Data Ascii: HTTP/1.1 200 OKContent-Type: text/cssLast-Modified: Thu, 24 Aug 2023 13:10:58 GMTX-Cloud-Trace-Context: 669f056a556ad64401c9d46133b74ea4Date: Wed, 29 Nov 2023 23:11:39 GMTServer: Google FrontendContent-Length: 48236Alt-Svc: h3=":443"; ma=259
2023-11-29 23:11:39 UTC	945	IN	Data Raw: 2e 6d 61 74 2d 68 31 2c 2e 6d 61 74 2d 68 65 61 64 6c 69 6e 65 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 2e 6d 61 74 2d 68 31 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 2e 6d 61 74 2d 68 65 61 64 6c 69 6e 65 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 32 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 76 65 72 70 61 73 73 20 4d 6f 6e 6f 22 2c 20 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 36 70 78 7d 2e 6d 61 74 2d 68 32 2c 2e 6d 61 74 2d 74 69 74 6c 65 2c 2e Data Ascii: .mat-h1,.mat-headline,.mat-typography .mat-h1,.mat-typography .mat-headline,.mat-typography h1{font-size:24px;font-weight:300;line-height:32px;font-family:"Overpass Mono", "Courier New", monospace;letter-spacing:normal;margin:0 0 16px}.mat-h2,.mat-title,.
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 36 70 78 7d 2e 6d 61 74 2d 68 35 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 2e 6d 61 74 2d 68 35 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 68 35 7b 66 6f 6e 74 3a 34 30 30 20 63 61 6c 63 28 31 34 70 78 20 2a 20 30 2e 38 33 29 2f 32 30 70 78 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 32 70 78 7d 2e 6d 61 74 2d 68 36 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 2e 6d 61 74 2d 68 36 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 68 36 7b 66 6f 6e 74 3a 34 30 30 20 63 61 6c 63 28 31 34 70 78 20 2a 20 30 2e 36 37 29 2f 32 30 70 78 20 52 6f 62 6f 74 6f 2c Data Ascii: acing:normal;margin:0 0 16px}.mat-h5,.mat-typography .mat-h5,.mat-typography h5{font:400 calc(14px * 0.83)/20px Roboto, "Helvetica Neue", sans-serif;margin:0 0 12px}.mat-h6,.mat-typography .mat-h6,.mat-typography h6{font:400 calc(14px * 0.67)/20px Roboto,
2023-11-29 23:11:39 UTC	1044	IN	Data Raw: 79 70 6f 67 72 61 70 68 79 20 2e 6d 61 74 2d 64 69 73 70 6c 61 79 2d 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 35 36 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 35 36 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 76 65 72 70 61 73 73 20 4d 6f 6e 6f 22 2c 20 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 6d 61 72 67 69 6e 3a 30 20 30 20 36 34 70 78 7d 2e 6d 61 74 2d 64 69 73 70 6c 61 79 2d 32 2c 2e 6d 61 74 2d 74 79 70 6f 67 72 61 70 68 79 20 2e 6d 61 74 2d 64 69 73 70 6c 61 79 2d 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 Data Ascii: ypography .mat-display-3{font-size:56px;font-weight:300;line-height:56px;font-family:"Overpass Mono", "Courier New", monospace;letter-spacing:normal;margin:0 0 64px}.mat-display-2,.mat-typography .mat-display-2{font-size:45px;font-weight:300;line-height:4
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 74 2d 66 6f 6e 74 3a 22 4f 76 65 72 70 61 73 73 20 4d 6f 6e 6f 22 2c 20 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 2d 2d 6d 61 74 2d 73 74 61 6e 64 61 72 64 2d 62 75 74 74 6f 6e 2d 74 6f 67 67 6c 65 2d 74 65 78 74 2d 66 6f 6e 74 3a 22 4f 76 65 72 70 61 73 73 20 4d 6f 6e 6f 22 2c 20 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 20 6d 6f 6e 6f 73 70 61 63 65 7d 68 74 6d 6c 7b 2d 2d 6d 61 74 2d 64 61 74 65 70 69 63 6b 65 72 2d 63 61 6c 65 6e 64 61 72 2d 74 65 78 74 2d 66 6f 6e 74 3a 22 4f 76 65 72 70 61 73 73 20 4d 6f 6e 6f 22 2c 20 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 2d 2d 6d 61 74 2d 64 61 74 65 70 69 63 6b 65 72 2d 63 61 6c 65 6e 64 61 72 2d 74 65 78 74 2d 73 69 7a 65 3a 31 33 70 78 3b 2d Data Ascii: t-font:"Overpass Mono", "Courier New", monospace;--mat-standard-button-toggle-text-font:"Overpass Mono", "Courier New", monospace}html{--mat-datepicker-calendar-text-font:"Overpass Mono", "Courier New", monospace;--mat-datepicker-calendar-text-size:13px;-
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 69 73 74 2d 74 69 6c 65 2d 66 6f 6f 74 65 72 2d 73 65 63 6f 6e 64 61 72 79 2d 74 65 78 74 2d 73 69 7a 65 3a 31 34 70 78 7d 68 74 6d 6c 7b 2d 2d 6d 61 74 2d 73 74 65 70 70 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2d 74 65 78 74 2d 66 6f 6e 74 3a 22 4f 76 65 72 70 61 73 73 20 4d 6f 6e 6f 22 2c 20 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 2d 2d 6d 61 74 2d 73 74 65 70 70 65 72 2d 68 65 61 64 65 72 2d 6c 61 62 65 6c 2d 74 65 78 74 2d 66 6f 6e 74 3a 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 2d 2d 6d 61 74 2d 73 74 65 70 70 65 72 2d 68 65 61 64 65 72 2d 6c 61 62 65 6c 2d 74 65 78 74 2d 73 69 7a 65 3a 31 34 70 78 3b 2d 2d 6d 61 74 2d 73 74 65 70 70 65 72 2d 68 65 61 Data Ascii: ist-tile-footer-secondary-text-size:14px}html{--mat-stepper-container-text-font:"Overpass Mono", "Courier New", monospace;--mat-stepper-header-label-text-font:Roboto, "Helvetica Neue", sans-serif;--mat-stepper-header-label-text-size:14px;--mat-stepper-hea
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 6e 74 20 2e 6d 64 63 2d 62 75 74 74 6f 6e 7b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 6d 64 63 2d 74 79 70 6f 67 72 61 70 68 79 2d 62 75 74 74 6f 6e 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2c 20 76 61 72 28 2d 2d 6d 64 63 2d 74 79 70 6f 67 72 61 70 68 79 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 29 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 6d 64 63 2d 74 79 70 6f 67 72 61 70 68 79 2d 62 75 74 74 6f 6e 2d 66 6f 6e 74 2d 73 69 Data Ascii: nt .mdc-button{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;font-family:var(--mdc-typography-button-font-family, var(--mdc-typography-font-family, Roboto, "Helvetica Neue", sans-serif));font-size:var(--mdc-typography-button-font-si
2023-11-29 23:11:39 UTC	340	IN	Data Raw: 20 2e 6d 61 74 2d 69 63 6f 6e 2c 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 73 75 66 66 69 78 20 2e 6d 61 74 2d 69 63 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 32 35 7d 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 70 72 65 66 69 78 20 2e 6d 61 74 2d 69 63 6f 6e 2d 62 75 74 74 6f 6e 2c 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 73 75 66 66 69 78 20 2e 6d 61 74 2d 69 63 6f 6e 2d 62 75 74 74 6f 6e 7b 68 65 69 67 68 74 3a 31 2e 35 65 6d 3b 77 69 64 74 68 3a 31 2e 35 65 6d 7d 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 70 72 65 66 69 78 20 2e 6d 61 74 2d 69 63 6f 6e 2d 62 75 74 74 6f 6e 20 2e 6d 61 74 2d 69 63 6f 6e 2c 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 73 75 66 66 69 78 20 Data Ascii: .mat-icon,.mat-form-field-suffix .mat-icon{font-size:150%;line-height:1.125}.mat-form-field-prefix .mat-icon-button,.mat-form-field-suffix .mat-icon-button{height:1.5em;width:1.5em}.mat-form-field-prefix .mat-icon-button .mat-icon,.mat-form-field-suffix
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 64 69 6e 67 3a 2e 35 65 6d 20 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 2e 38 34 33 37 35 65 6d 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 7d 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 63 61 6e 2d 66 6c 6f 61 74 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 73 68 6f 75 6c 64 2d 66 6c 6f 61 74 20 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 6c 61 62 65 6c 2c 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 63 61 6e 2d 66 6c 6f 61 74 20 2e 6d 61 74 2d 69 6e 70 75 74 2d 73 65 72 76 65 72 3a 66 6f 63 75 73 2b 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 6c 61 62 65 6c 2d 77 72 61 70 70 65 72 20 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 6c 61 62 65 6c 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 31 2e 33 Data Ascii: ding:.5em 0;border-top:.84375em solid rgba(0,0,0,0)}.mat-form-field-can-float.mat-form-field-should-float .mat-form-field-label,.mat-form-field-can-float .mat-input-server:focus+.mat-form-field-label-wrapper .mat-form-field-label{transform:translateY(-1.3
2023-11-29 23:11:39 UTC	1252	IN	Data Raw: 63 79 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 63 61 6e 2d 66 6c 6f 61 74 20 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 61 75 74 6f 66 69 6c 6c 2d 63 6f 6e 74 72 6f 6c 3a 2d 77 65 62 6b 69 74 2d 61 75 74 6f 66 69 6c 6c 2b 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 6c 61 62 65 6c 2d 77 72 61 70 70 65 72 20 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 6c 61 62 65 6c 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 31 2e 32 38 31 32 35 65 6d 29 20 73 63 61 6c 65 28 30 2e 37 35 29 20 70 65 72 73 70 65 63 74 69 76 65 28 31 30 30 70 78 29 20 74 72 61 6e 73 6c 61 74 65 5a 28 30 2e 30 30 31 30 31 70 78 29 3b 77 69 64 74 68 3a 31 33 33 2e 33 33 33 33 34 33 33 33 33 33 25 7d 2e 6d 61 74 2d 66 6f 72 6d 2d 66 69 65 6c 64 2d 61 Data Ascii: cy.mat-form-field-can-float .mat-form-field-autofill-control:-webkit-autofill+.mat-form-field-label-wrapper .mat-form-field-label{transform:translateY(-1.28125em) scale(0.75) perspective(100px) translateZ(0.00101px);width:133.3333433333%}.mat-form-field-a

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:39 UTC	509	OUT	GET /app_bundle__en.js HTTP/1.1 Host: phishingquiz.withgoogle.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 23:11:40 UTC	322	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 32 34 20 41 75 67 20 32 30 32 33 20 31 33 3a 31 30 3a 35 38 20 47 4d 54 0d 0a 58 2d 43 6c 6f 75 64 2d 54 72 61 63 65 2d 43 6f 6e 74 65 78 74 3a 20 66 30 66 64 62 34 64 62 62 34 66 33 30 33 62 39 63 63 31 61 38 66 31 62 63 30 39 61 35 65 31 39 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 47 6f 6f 67 6c 65 20 46 72 6f 6e 74 65 6e 64 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 38 35 35 34 30 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 Data Ascii: HTTP/1.1 200 OKContent-Type: application/javascriptLast-Modified: Thu, 24 Aug 2023 13:10:58 GMTX-Cloud-Trace-Context: f0fdb4dbb4f303b9cc1a8f1bc09a5e19Date: Wed, 29 Nov 2023 23:11:40 GMTServer: Google FrontendContent-Length: 685540Alt-Svc: h3
2023-11-29 23:11:40 UTC	930	IN	Data Raw: 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 6c 2c 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 2c 62 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e Data Ascii: /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var l,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:fun
2023-11-29 23:11:40 UTC	1252	IN	Data Raw: 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 67 7d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6e 45 7d 3b 76 61 72 20 63 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 31 45 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3e 3e 3e 30 29 2b 22 5f 22 2c 64 3d 30 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 66 29 7b 69 66 28 74 68 69 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 79 6d 62 6f 6c 20 69 73 20 6e 6f 74 20 61 20 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 28 63 2b 28 66 7c 7c 22 22 29 2b 22 5f 22 2b 64 2b 2b 2c 66 29 7d 3b 72 65 Data Ascii: le:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.nE};var c="jscomp_symbol_"+(1E9*Math.random()>>>0)+"_",d=0,e=function(f){if(this instanceof e)throw new TypeError("Symbol is not a constructor");return new b(c+(f\|\|"")+"_"+d++,f)};re
2023-11-29 23:11:40 UTC	1042	IN	Data Raw: 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 0a 62 29 7d 2c 6f 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3f 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 31 3b 63 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 69 66 28 64 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 6e 61 28 64 2c 65 29 26 26 28 61 5b 65 5d 3d 64 5b 65 5d 29 7d 72 65 74 75 72 6e 20 61 7d 3b 66 61 28 22 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c Data Ascii: Object.prototype.hasOwnProperty.call(a,b)},oa="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)na(d,e)&&(a[e]=d[e])}return a};fa("Object.assign",function(a){return a\|\|
2023-11-29 23:11:40 UTC	1252	IN	Data Raw: 6e 6f 74 20 65 78 74 65 6e 73 69 62 6c 65 22 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 0a 76 61 72 20 76 61 3d 72 61 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 70 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 69 66 28 76 61 29 76 61 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 22 70 72 6f 74 6f 74 79 70 65 22 21 3d 63 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f Data Ascii: not extensible");return a}:null}var va=ra,B=function(a,b){a.prototype=pa(b.prototype);a.prototype.constructor=a;if(va)va(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.definePro
2023-11-29 23:11:40 UTC	1252	IN	Data Raw: 74 79 70 65 2e 6d 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 7a 61 28 74 68 69 73 2e 71 61 29 3b 69 66 28 74 68 69 73 2e 71 61 2e 65 67 29 72 65 74 75 72 6e 20 45 61 28 74 68 69 73 2c 74 68 69 73 2e 71 61 2e 65 67 5b 22 74 68 72 6f 77 22 5d 2c 61 2c 74 68 69 73 2e 71 61 2e 48 6c 29 3b 74 68 69 73 2e 71 61 2e 6d 6d 28 61 29 3b 72 65 74 75 72 6e 20 47 61 28 74 68 69 73 29 7d 3b 0a 76 61 72 20 45 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 76 61 72 20 65 3d 62 2e 63 61 6c 6c 28 61 2e 71 61 2e 65 67 2c 63 29 3b 69 66 28 21 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 4f 62 6a 65 63 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 49 74 65 72 61 74 6f 72 20 72 65 73 75 6c 74 20 22 2b 65 2b 22 20 69 73 20 6e 6f 74 Data Ascii: type.mm=function(a){za(this.qa);if(this.qa.eg)return Ea(this,this.qa.eg["throw"],a,this.qa.Hl);this.qa.mm(a);return Ga(this)};var Ea=function(a,b,c,d){try{var e=b.call(a.qa.eg,c);if(!(e instanceof Object))throw new TypeError("Iterator result "+e+" is not
2023-11-29 23:11:40 UTC	1252	IN	Data Raw: 7d 3b 76 6f 69 64 20 30 21 3d 3d 61 5b 22 74 68 72 6f 77 22 5d 26 26 28 74 68 69 73 5b 22 74 68 72 6f 77 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 61 5b 22 74 68 72 6f 77 22 5d 28 62 29 29 7d 29 3b 76 6f 69 64 20 30 21 3d 3d 61 5b 22 72 65 74 75 72 6e 22 5d 26 26 28 74 68 69 73 5b 22 72 65 74 75 72 6e 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 61 5b 22 72 65 74 75 72 6e 22 5d 28 62 29 29 7d 29 7d 2c 4e 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 4e 75 6d 62 65 72 28 74 68 69 73 29 2c 62 3d 5b 5d 2c 63 3d 61 3b 63 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 62 5b 63 2d Data Ascii: };void 0!==a["throw"]&&(this["throw"]=function(b){return Promise.resolve(a["throw"](b))});void 0!==a["return"]&&(this["return"]=function(b){return Promise.resolve(a["return"](b))})},Na=function(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-
2023-11-29 23:11:40 UTC	340	IN	Data Raw: 73 6f 6c 76 65 3a 67 28 74 68 69 73 2e 63 4d 29 2c 72 65 6a 65 63 74 3a 67 28 74 68 69 73 2e 76 76 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 63 4d 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 69 66 28 67 3d 3d 3d 74 68 69 73 29 74 68 69 73 2e 76 76 28 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 41 20 50 72 6f 6d 69 73 65 20 63 61 6e 6e 6f 74 20 72 65 73 6f 6c 76 65 20 74 6f 20 69 74 73 65 6c 66 22 29 29 3b 65 6c 73 65 20 69 66 28 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 29 74 68 69 73 2e 6b 4d 28 67 29 3b 65 6c 73 65 7b 61 3a 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 67 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 76 61 72 20 68 3d 6e 75 6c 6c 21 3d 67 3b 62 72 65 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 Data Ascii: solve:g(this.cM),reject:g(this.vv)}};e.prototype.cM=function(g){if(g===this)this.vv(new TypeError("A Promise cannot resolve to itself"));else if(g instanceof e)this.kM(g);else{a:switch(typeof g){case "object":var h=null!=g;break a;case "function":h=!0;bre
2023-11-29 23:11:40 UTC	1252	IN	Data Raw: 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 76 76 28 6b 29 3b 72 65 74 75 72 6e 7d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 68 3f 74 68 69 73 2e 6c 4d 28 68 2c 67 29 3a 74 68 69 73 2e 7a 42 28 67 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 76 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 42 44 28 32 2c 67 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 42 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 42 44 28 31 2c 67 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 42 44 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 68 29 7b 69 66 28 30 21 3d 74 68 69 73 2e 41 6a 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 73 65 74 74 6c 65 28 22 2b 67 2b 22 2c 20 22 2b 68 2b 22 29 3a 20 50 72 Data Ascii: try{h=g.then}catch(k){this.vv(k);return}"function"==typeof h?this.lM(h,g):this.zB(g)};e.prototype.vv=function(g){this.BD(2,g)};e.prototype.zB=function(g){this.BD(1,g)};e.prototype.BD=function(g,h){if(0!=this.Aj)throw Error("Cannot settle("+g+", "+h+"): Pr
2023-11-29 23:11:40 UTC	1252	IN	Data Raw: 79 7b 6d 28 71 28 74 29 29 7d 63 61 74 63 68 28 79 29 7b 6e 28 79 29 7d 7d 3a 72 7d 76 61 72 20 6d 2c 6e 2c 70 3d 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 71 2c 72 29 7b 6d 3d 71 3b 6e 3d 72 7d 29 3b 74 68 69 73 2e 76 6f 28 6b 28 67 2c 6d 29 2c 6b 28 68 2c 6e 29 29 3b 72 65 74 75 72 6e 20 70 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 67 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 6f 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 0a 68 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6d 2e 41 6a 29 7b 63 61 73 65 20 31 3a 67 28 6d 2e 58 6c 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 68 28 6d 2e 58 6c 29 3b 62 72 65 61 Data Ascii: y{m(q(t))}catch(y){n(y)}}:r}var m,n,p=new e(function(q,r){m=q;n=r});this.vo(k(g,m),k(h,n));return p};e.prototype.catch=function(g){return this.then(void 0,g)};e.prototype.vo=function(g,h){function k(){switch(m.Aj){case 1:g(m.Xl);break;case 2:h(m.Xl);brea

Timestamp	Bytes transferred	Direction	Data
2023-11-29 23:11:41 UTC	669	OUT	GET /static/logo-jigsaw.svg HTTP/1.1 Host: phishingquiz.withgoogle.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga_TT77HXLX2B=GS1.1.1701299499.1.0.1701299499.0.0.0; _ga=GA1.1.1828581073.1701299500
2023-11-29 23:11:41 UTC	311	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 32 34 20 41 75 67 20 32 30 32 33 20 31 33 3a 31 30 3a 35 38 20 47 4d 54 0d 0a 58 2d 43 6c 6f 75 64 2d 54 72 61 63 65 2d 43 6f 6e 74 65 78 74 3a 20 35 30 33 30 39 32 30 61 33 39 38 62 35 61 65 38 38 37 31 31 36 61 39 39 35 66 39 32 39 64 36 65 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 31 31 3a 34 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 47 6f 6f 67 6c 65 20 46 72 6f 6e 74 65 6e 64 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 38 37 38 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 Data Ascii: HTTP/1.1 200 OKContent-Type: image/svg+xmlLast-Modified: Thu, 24 Aug 2023 13:10:58 GMTX-Cloud-Trace-Context: 5030920a398b5ae887116a995f929d6eDate: Wed, 29 Nov 2023 23:11:41 GMTServer: Google FrontendContent-Length: 1878Alt-Svc: h3=":443"; ma
2023-11-29 23:11:41 UTC	941	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 6e 6f 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 33 2e 31 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 0a 3c 73 76 67 0a 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 0a 20 20 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 0a 20 20 20 78 3d 22 30 70 78 22 0a 20 20 20 79 3d 22 30 70 78 22 0a 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 37 36 2e 36 20 32 35 30 22 0a 20 20 20 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 Data Ascii: <?xml version="1.0" encoding="UTF-8" standalone="no"?>... Generator: Adobe Illustrator 23.1.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 876.6 250" xml:space="pre
2023-11-29 23:11:41 UTC	937	IN	Data Raw: 2d 31 37 2e 34 2c 32 33 2e 32 20 2d 31 30 2e 36 2c 30 20 2d 31 37 2e 32 2c 2d 37 2e 36 20 2d 31 37 2e 34 2c 2d 32 32 2e 33 20 48 20 32 31 36 20 63 20 30 2e 33 2c 32 35 2e 36 20 31 35 2e 38 2c 34 31 20 34 30 2e 36 2c 34 31 20 32 35 2c 30 20 34 30 2e 39 2c 2d 31 34 2e 37 20 34 30 2e 39 2c 2d 34 32 2e 36 20 56 20 37 31 20 48 20 32 34 37 2e 31 20 5a 20 4d 20 38 35 33 2c 37 31 20 38 32 34 2e 36 2c 31 35 34 2e 38 20 38 30 34 2e 32 2c 37 31 20 48 20 37 37 34 2e 38 20 4c 20 37 35 34 2e 34 2c 31 35 34 2e 38 20 37 32 36 2c 37 31 20 68 20 2d 32 34 2e 38 20 6c 20 33 37 2e 39 2c 31 30 38 20 68 20 33 31 2e 33 20 6c 20 31 38 2e 34 2c 2d 37 36 2e 32 20 31 38 2e 36 2c 37 36 2e 33 20 68 20 33 31 2e 34 20 4c 20 38 37 36 2e 36 2c 37 31 20 5a 20 6d 20 2d 32 38 33 2e 36 2c 34 Data Ascii: -17.4,23.2 -10.6,0 -17.2,-7.6 -17.4,-22.3 H 216 c 0.3,25.6 15.8,41 40.6,41 25,0 40.9,-14.7 40.9,-42.6 V 71 H 247.1 Z M 853,71 824.6,154.8 804.2,71 H 774.8 L 754.4,154.8 726,71 h -24.8 l 37.9,108 h 31.3 l 18.4,-76.2 18.6,76.3 h 31.4 L 876.6,71 Z m -283.6,4