Edit tour

Windows Analysis Report
https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/

Overview

General Information

Sample URL:	https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/
Analysis ID:	1377823
Infos:

Detection

GRQ Scam

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected GRQ Scam

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5948 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2000,i,14316904190830729481,610904523097346633,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 --field-trial-handle=2000,i,14316904190830729481,610904523097346633,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6584 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_91	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_GRQScam	Yara detected GRQ Scam	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/	SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_1.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/google_play_card.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/style7.css	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/amazon_1000_summerwater.png	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_r.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/4.js	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_m.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_heart.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/u.js	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_2.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/mb/chrome58x58.png	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/mb/3.js	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/box.png	Avira URL Cloud: Label: phishing
Source: https://checking-browser.com?url=	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/0xES5Sl_v6oyT7dAKuoni4gp9Q8gbYrhqGlRav_IXfk.woff2	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_cat.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_4.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/2.js	Avira URL Cloud: Label: phishing
Source: https://checking-browser.com/?url=https%3A%2F%2Fmygiftaward.life%2F%3Fu%3D6w3kaew%26o%3Duvdg6dv%26cid%3Duomgcwv9%26t%3Dsweepstakesbbg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/1.js	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/flag-icon/flags/4x3/us.svg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/alert.mp3	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_cat2.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_3.jpg	Avira URL Cloud: Label: phishing
Source: https://mygiftaward.life/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_s.jpg	Avira URL Cloud: Label: phishing
Source: https://2041.awlivedose.live/media/mainstream/flag-icon/css/flag-icon.css	Avira URL Cloud: Label: phishing

Source: https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49785 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/ HTTP/1.1Host: cdnstat.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Fmygiftaward.life%2F%3Fu%3D6w3kaew%26o%3Duvdg6dv%26cid%3Duomgcwv9%26t%3Dsweepstakesbbg HTTP/1.1Host: checking-browser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes HTTP/1.1Host: mygiftaward.lifeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://checking-browser.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mygiftaward.lifeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakesAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid=t1~x0hgjdzxqkzaumrwysnznltv; p1=https://awlivedose.live/ubxplwqi/; s1=iw8r23clxymqvla7
Source: global traffic	HTTP traffic detected: GET /ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mygiftaward.life/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/style7.css HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/1.js HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/u.js HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/amazon_1000_summerwater.png HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/mb/3.js HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/0xES5Sl_v6oyT7dAKuoni4gp9Q8gbYrhqGlRav_IXfk.woff2 HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://2041.awlivedose.livesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2041.awlivedose.live/media/mainstream/all/cf/style7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/mb/chrome58x58.png HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/box.png HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/google_play_card.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/2.js HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/4.js HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/amazon_1000_summerwater.png HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_2.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_initial_s.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/mb/chrome58x58.png HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_cat.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/google_play_card.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_1.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_initial_m.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_3.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/box.png HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://2041.awlivedose.liveSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2041.awlivedose.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/4x3/us.svg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/media/mainstream/flag-icon/css/flag-icon.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_cat2.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_heart.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_2.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_cat.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_initial_s.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_4.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_initial_m.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_1.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_initial_r.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_3.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/4x3/us.svg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_heart.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_cat2.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_4.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/cf/winner_initial_r.jpg HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: 2041.awlivedose.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie1=true

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: chromecache_77.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_77.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_91.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://awlivedose.live/ubxplwqi/
Source: chromecache_80.2.dr	String found in binary or memory: https://checking-browser.com?url=
Source: chromecache_124.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_124.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Open
Source: chromecache_124.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_126.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_112.2.dr, chromecache_129.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_112.2.dr, chromecache_129.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_129.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_80.2.dr	String found in binary or memory: https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49785 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected GRQ Scam

Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_91, type: DROPPED

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5948_600872534

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@21/88@20/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2000,i,14316904190830729481,610904523097346633,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 --field-trial-handle=2000,i,14316904190830729481,610904523097346633,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2000,i,14316904190830729481,610904523097346633,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 --field-trial-handle=2000,i,14316904190830729481,610904523097346633,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/	100%	Avira URL Cloud	phishing
https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/	100%	SlashNext	Scareware type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://2041.awlivedose.live/media/mainstream/all/cf/winner_1.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/google_play_card.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/style7.css	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/amazon_1000_summerwater.png	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_r.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/4.js	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_m.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_heart.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/u.js	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_2.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/mb/chrome58x58.png	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/mb/3.js	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/box.png	100%	Avira URL Cloud	phishing
https://checking-browser.com?url=	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/0xES5Sl_v6oyT7dAKuoni4gp9Q8gbYrhqGlRav_IXfk.woff2	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_cat.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_4.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/2.js	100%	Avira URL Cloud	phishing
https://jsontdsexit2.com/ExtService.svc/getextparams	0%	Avira URL Cloud	safe
https://checking-browser.com/?url=https%3A%2F%2Fmygiftaward.life%2F%3Fu%3D6w3kaew%26o%3Duvdg6dv%26cid%3Duomgcwv9%26t%3Dsweepstakesbbg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/1.js	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/flag-icon/flags/4x3/us.svg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/alert.mp3	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_cat2.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_3.jpg	100%	Avira URL Cloud	phishing
https://mygiftaward.life/favicon.ico	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_s.jpg	100%	Avira URL Cloud	phishing
https://2041.awlivedose.live/media/mainstream/flag-icon/css/flag-icon.css	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdnstat.net	104.21.56.41	true	false	unknown
2041.awlivedose.live	185.155.186.25	true	false	unknown
accounts.google.com	108.177.122.84	true	false	high
checking-browser.com	104.21.6.39	true	false	unknown
mygiftaward.life	185.155.184.32	true	false	unknown
jsontdsexit2.com	136.243.216.235	true	false	unknown
www.google.com	74.125.136.106	true	false	high
clients.l.google.com	172.253.124.139	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://2041.awlivedose.live/media/mainstream/all/cf/winner_heart.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/style7.css	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/google_play_card.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_1.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/amazon_1000_summerwater.png	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_m.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_r.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/4.js	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_2.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/u.js	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/mb/3.js	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/0xES5Sl_v6oyT7dAKuoni4gp9Q8gbYrhqGlRav_IXfk.woff2	false	Avira URL Cloud: phishing	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://2041.awlivedose.live/media/mainstream/all/mb/chrome58x58.png	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/box.png	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/2.js	false	Avira URL Cloud: phishing	unknown
https://checking-browser.com/?url=https%3A%2F%2Fmygiftaward.life%2F%3Fu%3D6w3kaew%26o%3Duvdg6dv%26cid%3Duomgcwv9%26t%3Dsweepstakesbbg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_cat.jpg	false	Avira URL Cloud: phishing	unknown
https://jsontdsexit2.com/ExtService.svc/getextparams	false	Avira URL Cloud: safe	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_4.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_cat2.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/alert.mp3	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/flag-icon/flags/4x3/us.svg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/1.js	false	Avira URL Cloud: phishing	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://2041.awlivedose.live/media/mainstream/all/cf/winner_3.jpg	false	Avira URL Cloud: phishing	unknown
https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes	false		unknown
https://mygiftaward.life/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_s.jpg	false	Avira URL Cloud: phishing	unknown
https://2041.awlivedose.live/media/mainstream/flag-icon/css/flag-icon.css	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_77.2.dr	false		high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_112.2.dr, chromecache_129.2.dr	false		high
https://checking-browser.com?url=	chromecache_80.2.dr	false	Avira URL Cloud: phishing	unknown
https://getbootstrap.com/)	chromecache_112.2.dr, chromecache_129.2.dr	false		high
http://fontawesome.io/license	chromecache_77.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_129.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.155.184.32	mygiftaward.life	Switzerland	44160	INTERNETONEInternetServicesProviderIT	false
185.155.186.25	2041.awlivedose.live	Switzerland	6898	INTERNETONE_CH	false
185.155.184.55	unknown	Switzerland	44160	INTERNETONEInternetServicesProviderIT	false
74.125.136.106	www.google.com	United States	15169	GOOGLEUS	false
136.243.216.235	jsontdsexit2.com	Germany	24940	HETZNER-ASDE	false
172.253.124.139	clients.l.google.com	United States	15169	GOOGLEUS	false
104.21.6.39	checking-browser.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
108.177.122.84	accounts.google.com	United States	15169	GOOGLEUS	false
104.21.56.41	cdnstat.net	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1377823
Start date and time:	2024-01-20 00:40:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@21/88@20/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 108.177.122.94, 34.104.35.123, 20.60.62.1, 74.125.138.95, 64.233.176.94, 13.85.23.86, 72.21.81.240, 192.229.211.108, 13.95.31.18, 52.165.164.15, 173.194.219.94
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3533), with no line terminators
Category:	downloaded
Size (bytes):	3533
Entropy (8bit):	5.183663053282523
Encrypted:	false
SSDEEP:	48:7PeyWaXCT+FkuZbwkrXv868p9DTXgTN/CEGMKZJ81RCtV7:7PHPS6FkuphrkP/XgTN/CKKZS1RU7
MD5:	116C9460F5E882A7FCF4E837F7EFC72A
SHA1:	13A88E74735D05985E5D07E8CBFF716329F5D81C
SHA-256:	651141C8290087AF54C66793AA063EE5697661FB914925F56BD09390A2895CE4
SHA-512:	D5662E0448831AFE87EED4DF65145CAED94FF5D2AF2372999FEAB11266E62589754FF9D9345B25A2B5CAD4B73C09FBEE58FAF283BA92B353A228FFF758032EF4
Malicious:	false
Reputation:	low
URL:	https://2041.awlivedose.live/media/mainstream/all/cf/4.js
Preview:	var canvas1,ctx,W,H;if(screen.width>=988)var mp=150;else mp=75;var deactivationTimerHandler,reactivationTimerHandler,animationHandler,particles=[],angle=0,tiltAngle=0,confettiActive=!0,animationComplete=!0,particleColors={colorOptions:["DodgerBlue","OliveDrab","Gold","pink","SlateBlue","lightblue","Violet","PaleGreen","SteelBlue","SandyBrown","Chocolate","Crimson"],colorIndex:0,colorIncrementer:0,colorThreshold:10,getColor:function(){return this.colorIncrementer>=10&&(this.colorIncrementer=0,this.colorIndex++,this.colorIndex>=this.colorOptions.length&&(this.colorIndex=0)),this.colorIncrementer++,this.colorOptions[this.colorIndex]}};function confettiParticle(t){this.x=Math.random()W,this.y=Math.random()H-H,this.r=RandomFromTo(10,30),this.d=Math.random()mp+10,this.color=t,this.tilt=Math.floor(10Math.random())-10,this.tiltAngleIncremental=.07*Math.random()+.05,this.tiltAngle=0,this.draw=function(){return ctx.beginPath(),ctx.lineWidth=this.r/2,ctx.strokeStyle=this.color,ctx.moveTo(this

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 20, 2024 00:41:11.086924076 CET	50586	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:11.087563992 CET	60670	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:11.088479996 CET	64350	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:11.088823080 CET	62747	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:11.143897057 CET	53	60632	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:11.205941916 CET	53	50586	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:11.206181049 CET	53	60670	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:11.207169056 CET	53	64350	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:11.207849026 CET	53	62747	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:11.887458086 CET	53	56299	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:13.545778036 CET	53	58369	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:13.548182011 CET	53	56065	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:15.530159950 CET	63018	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:15.530498981 CET	56111	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:15.650621891 CET	53	63018	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:15.651492119 CET	53	56111	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:15.728341103 CET	49641	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:15.729113102 CET	49905	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:15.846652985 CET	53	49641	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:15.847855091 CET	53	49905	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:16.754894018 CET	56105	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:16.768052101 CET	61241	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:16.876300097 CET	53	56105	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:16.888501883 CET	53	61241	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:17.974083900 CET	50433	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:17.974299908 CET	54303	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:18.094068050 CET	53	54303	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:18.119895935 CET	53	50433	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:20.661636114 CET	58684	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:20.662066936 CET	62420	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:20.843553066 CET	53	62420	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:20.850148916 CET	53	58684	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:23.827192068 CET	62861	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:23.827616930 CET	57240	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:23.930675983 CET	53	57709	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:24.015125036 CET	53	57240	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:24.016253948 CET	53	62861	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:24.846700907 CET	57119	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:24.847178936 CET	65414	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:24.966140985 CET	53	57119	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:24.966392994 CET	53	65414	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:25.832813978 CET	58512	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:25.833173037 CET	62846	53	192.168.2.4	1.1.1.1
Jan 20, 2024 00:41:25.952626944 CET	53	62846	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:25.954739094 CET	53	58512	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:28.898468018 CET	53	63595	1.1.1.1	192.168.2.4
Jan 20, 2024 00:41:30.824994087 CET	138	138	192.168.2.4	192.168.2.255
Jan 20, 2024 00:41:48.251945019 CET	53	62371	1.1.1.1	192.168.2.4
Jan 20, 2024 00:42:11.139288902 CET	53	62204	1.1.1.1	192.168.2.4
Jan 20, 2024 00:42:12.112642050 CET	53	53266	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:11 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:11 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-FAak-JYfXwC-XkZ5qNPfhw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 19 Jan 2024 23:41:11 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6227 X-Daystart: 56471 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-19 23:41:11 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 32 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 36 34 37 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6227" elapsed_seconds="56471"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-01-19 23:41:11 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-01-19 23:41:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:11 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-01-19 23:41:11 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-01-19 23:41:11 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 19 Jan 2024 23:41:11 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-zx4Rtn4Atn4xQvpSZ5T64Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6O6RPXrGUTOHBw-QEmALL-F04" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-19 23:41:11 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-01-19 23:41:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:15 UTC	623	OUT	GET /get/script.js?referrer=https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/ HTTP/1.1 Host: cdnstat.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:16 UTC	820	IN	HTTP/1.1 200 OK Date: Fri, 19 Jan 2024 23:41:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eDnZy5I8gzYeGp35W81JmOfUs4dbnt5EF%2BCwQpsc3kv6IeGT1u6AW6jgRwQgTcqk2Zo5lJt3Be01qiLp1WcVu1rzCgEekS5xAzbPBVgJd2uQtNIObeKqqOP39bBVag%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8482ed6fb9156750-ATL alt-svc: h3=":443"; ma=86400
2024-01-19 23:41:16 UTC	522	IN	Data Raw: 32 30 33 0d 0a 74 72 79 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 28 29 3d 3e 7b 77 69 6e 64 6f 77 2e 59 61 3d 77 69 6e 64 6f 77 2e 59 61 7c 7c 7b 7d 2c 59 61 2e 5f 6d 65 74 72 69 6b 61 3d 59 61 2e 5f 6d 65 74 72 69 6b 61 7c 7c 7b 7d 2c 59 61 2e 5f 6d 65 74 72 69 6b 61 2e 6f 6f 3d 21 30 2c 2f 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2f 69 2e 74 65 73 74 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 29 26 26 28 77 69 6e 64 6f 77 2e 5f 67 61 55 73 65 72 50 72 65 66 73 3d 7b 69 6f 6f 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 30 7d 7d 29 3b 76 61 72 20 65 3d 22 68 74 74 70 73 3a 2f 2f 63 68 65 63 6b 69 6e 67 2d 62 72 6f 77 73 65 72 2e 63 6f 6d 3f 75 72 6c 3d 22 2b 65 6e 63 6f 64 65 Data Ascii: 203try{setTimeout((()=>{window.Ya=window.Ya\|\|{},Ya._metrika=Ya._metrika\|\|{},Ya._metrika.oo=!0,/googletagmanager/i.test(document.documentElement.innerHTML)&&(window._gaUserPrefs={ioo:function(){return!0}});var e="https://checking-browser.com?url="+encode
2024-01-19 23:41:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:17 UTC	819	OUT	GET /?url=https%3A%2F%2Fmygiftaward.life%2F%3Fu%3D6w3kaew%26o%3Duvdg6dv%26cid%3Duomgcwv9%26t%3Dsweepstakesbbg HTTP/1.1 Host: checking-browser.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:17 UTC	654	IN	HTTP/1.1 200 OK Date: Fri, 19 Jan 2024 23:41:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Last-Modified: Sat, 06 Jan 2024 07:57:46 GMT Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGkSkdWzQNFHEnuW4eQBeBPMKi9COnzgBfaLJeutD1GKEgSJAs3KIiWOLGfvI6p74b4CZjEdNMYEhH1Wz%2F6I%2FpBFWdfNOWHTDkSD8cYdvoO%2F4mSK8HYoWhrZhqtsxtjydXUOsZ%2FYvg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8482ed779b3c4575-ATL alt-svc: h3=":443"; ma=86400
2024-01-19 23:41:17 UTC	472	IN	Data Raw: 31 64 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 2f 68 65 61 64 3e 0a 20 20 09 3c 73 63 72 69 70 74 3e 0a 09 09 76 61 72 20 73 65 61 72 63 68 50 61 72 61 6d 73 20 3d 20 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 29 3b 0a 09 09 76 61 72 20 75 72 6c 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 73 65 61 72 63 68 50 61 72 61 6d 73 2e Data Ascii: 1d1<!DOCTYPE html><html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head> <script>var searchParams = new URLSearchParams(window.location.search);var url = decodeURIComponent(searchParams.
2024-01-19 23:41:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:17 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-01-19 23:41:17 UTC	532	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: 124ACC55E2B647A7955FEB1A9F40BE53 Ref B: ASHEDGE1417 Ref C: 2024-01-19T03:20:37Z Cache-Control: public, max-age=185972 Date: Fri, 19 Jan 2024 23:41:17 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-01-19 23:41:18 UTC	662	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 77D3A374A575439792C03F9D3B3E5A6A Ref B: CH1AA2040903034 Ref C: 2023-07-19T16:59:25Z X-MSEdge-Ref: Ref A: 268FB40D90624D4B909B4269BE9DB868 Ref B: CHI30EDGE0106 Ref C: 2023-07-19T17:02:00Z Cache-Control: public, max-age=131209 Date: Fri, 19 Jan 2024 23:41:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-01-19 23:41:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:19 UTC	732	OUT	GET /?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes HTTP/1.1 Host: mygiftaward.life Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://checking-browser.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:19 UTC	396	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 19 Jan 2024 23:41:19 GMT Content-Type: text/html Content-Length: 38190 Connection: close cache-control: private set-cookie: sid=t1~x0hgjdzxqkzaumrwysnznltv; path=/ set-cookie: sid=t1~x0hgjdzxqkzaumrwysnznltv; path=/ set-cookie: p1=https://awlivedose.live/ubxplwqi/; path=/ set-cookie: s1=iw8r23clxymqvla7; path=/ Cache-Control: no-transform
2024-01-19 23:41:19 UTC	2544	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 72 65 71 75 65 73 74 4c 69 6e 6b 28 29 7b 72 65 74 75 72 6e 20 7b 73 65 73 73 69 6f 6e 49 64 3a 5b 27 73 69 64 27 2c 27 74 31 7e 78 30 68 67 6a 64 7a 78 71 6b 7a 61 75 6d 72 77 79 73 6e 7a 6e 6c 74 76 27 5d 2c 70 31 3a 5b 27 27 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><script>function requestLink(){return {sessionId:['sid','t1~x0hgjdzxqkzaumrwysnznltv'],p1:[''
2024-01-19 23:41:19 UTC	2896	IN	Data Raw: 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 30 25 7d 2e 61 6c 6c 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 33 62 35 39 39 39 7d 0d 0a 2e 63 6c 69 63 6b 20 7b 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 0d 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 72 65 64 69 72 65 63 74 69 6e 67 22 3e 3c 64 69 76 20 69 64 3d 27 72 31 27 3e 3c 2f 64 69 76 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 72 65 64 69 72 65 63 74 69 6e 67 22 3e 0d 0a 09 3c 68 31 3e 4c 6f Data Ascii: ff;font-size:120%}.all:hover{background:#fff;text-decoration:none;border-color:transparent;color:#3b5999}.click { color: white; display:none; }</style></head><body class="redirecting"><div id='r1'></div><section class="redirecting"><h1>Lo
2024-01-19 23:41:19 UTC	1448	IN	Data Raw: 6f 66 20 74 26 26 28 74 3d 61 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 66 2e 63 65 69 6c 28 73 29 3a 66 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 61 3d 66 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 Data Ascii: of t&&(t=a.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?f.ceil(s):f.max((0\|s)-this._minBufferSize,0))o,a=f.min(4*c,n);if(c){for(var h=0;h<c;h
2024-01-19 23:41:19 UTC	1448	IN	Data Raw: 3d 74 5b 65 2b 31 32 5d 2c 42 3d 74 5b 65 2b 31 33 5d 2c 6d 3d 74 5b 65 2b 31 34 5d 2c 6b 3d 74 5b 65 2b 31 35 5d 2c 53 3d 6f 5b 30 5d 2c 78 3d 6f 5b 31 5d 2c 43 3d 6f 5b 32 5d 2c 7a 3d 6f 5b 33 5d 3b 78 3d 62 28 78 3d 62 28 78 3d 62 28 78 3d 62 28 78 3d 45 28 78 3d 45 28 78 3d 45 28 78 3d 45 28 78 3d 44 28 78 3d 44 28 78 3d 44 28 78 3d 44 28 78 3d 4d 28 78 3d 4d 28 78 3d 4d 28 78 3d 4d 28 78 2c 43 3d 4d 28 43 2c 7a 3d 4d 28 7a 2c 53 3d 4d 28 53 2c 78 2c 43 2c 7a 2c 73 2c 37 2c 77 5b 30 5d 29 2c 78 2c 43 2c 63 2c 31 32 2c 77 5b 31 5d 29 2c 53 2c 78 2c 61 2c 31 37 2c 77 5b 32 5d 29 2c 7a 2c 53 2c 68 2c 32 32 2c 77 5b 33 5d 29 2c 43 3d 4d 28 43 2c 7a 3d 4d 28 7a 2c 53 3d 4d 28 53 2c 78 2c 43 2c 7a 2c 66 2c 37 2c 77 5b 34 5d 29 2c 78 2c 43 2c 75 2c 31 32 2c Data Ascii: =t[e+12],B=t[e+13],m=t[e+14],k=t[e+15],S=o[0],x=o[1],C=o[2],z=o[3];x=b(x=b(x=b(x=b(x=E(x=E(x=E(x=E(x=D(x=D(x=D(x=D(x=M(x=M(x=M(x=M(x,C=M(C,z=M(z,S=M(S,x,C,z,s,7,w[0]),x,C,c,12,w[1]),S,x,a,17,w[2]),z,S,h,22,w[3]),C=M(C,z=M(z,S=M(S,x,C,z,f,7,w[4]),x,C,u,12,
2024-01-19 23:41:19 UTC	2896	IN	Data Raw: 5b 30 5d 3d 6f 5b 30 5d 2b 53 7c 30 2c 6f 5b 31 5d 3d 6f 5b 31 5d 2b 78 7c 30 2c 6f 5b 32 5d 3d 6f 5b 32 5d 2b 43 7c 30 2c 6f 5b 33 5d 3d 6f 5b 33 5d 2b 7a 7c 30 7d 2c 5f 64 6f 46 69 6e 61 6c 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 5f 64 61 74 61 2c 65 3d 74 2e 77 6f 72 64 73 2c 72 3d 38 2a 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2c 69 3d 38 2a 74 2e 73 69 67 42 79 74 65 73 3b 65 5b 69 3e 3e 3e 35 5d 7c 3d 31 32 38 3c 3c 32 34 2d 69 25 33 32 3b 76 61 72 20 6e 3d 66 2e 66 6c 6f 6f 72 28 72 2f 34 32 39 34 39 36 37 32 39 36 29 2c 6f 3d 72 3b 65 5b 31 35 2b 28 36 34 2b 69 3e 3e 3e 39 3c 3c 34 29 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c Data Ascii: [0]=o[0]+S\|0,o[1]=o[1]+x\|0,o[2]=o[2]+C\|0,o[3]=o[3]+z\|0},_doFinalize:function(){var t=this._data,e=t.words,r=8this._nDataBytes,i=8t.sigBytes;e[i>>>5]\|=128<<24-i%32;var n=f.floor(r/4294967296),o=r;e[15+(64+i>>>9<<4)]=16711935&(n<<8\|n>>>24)\|4278255360&(n<<
2024-01-19 23:41:19 UTC	1448	IN	Data Raw: 29 7d 2c 6b 65 79 53 69 7a 65 3a 34 2c 69 76 53 69 7a 65 3a 34 2c 5f 45 4e 43 5f 58 46 4f 52 4d 5f 4d 4f 44 45 3a 31 2c 5f 44 45 43 5f 58 46 4f 52 4d 5f 4d 4f 44 45 3a 32 2c 5f 63 72 65 61 74 65 48 65 6c 70 65 72 3a 66 75 6e 63 74 69 6f 6e 28 69 29 7b 72 65 74 75 72 6e 7b 65 6e 63 72 79 70 74 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 72 65 74 75 72 6e 20 68 28 65 29 2e 65 6e 63 72 79 70 74 28 69 2c 74 2c 65 2c 72 29 7d 2c 64 65 63 72 79 70 74 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 72 65 74 75 72 6e 20 68 28 65 29 2e 64 65 63 72 79 70 74 28 69 2c 74 2c 65 2c 72 29 7d 7d 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 68 28 74 29 7b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 3f 6d 3a 67 7d 65 2e 53 74 72 65 61 6d 43 Data Ascii: )},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(i){return{encrypt:function(t,e,r){return h(e).encrypt(i,t,e,r)},decrypt:function(t,e,r){return h(e).decrypt(i,t,e,r)}}}});function h(t){return"string"==typeof t?m:g}e.StreamC
2024-01-19 23:41:19 UTC	1448	IN	Data Raw: 72 2c 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 3d 31 29 2c 74 68 69 73 2e 5f 6d 6f 64 65 26 26 74 68 69 73 2e 5f 6d 6f 64 65 2e 5f 5f 63 72 65 61 74 6f 72 3d 3d 74 3f 74 68 69 73 2e 5f 6d 6f 64 65 2e 69 6e 69 74 28 74 68 69 73 2c 72 26 26 72 2e 77 6f 72 64 73 29 3a 28 74 68 69 73 2e 5f 6d 6f 64 65 3d 74 2e 63 61 6c 6c 28 69 2c 74 68 69 73 2c 72 26 26 72 2e 77 6f 72 64 73 29 2c 74 68 69 73 2e 5f 6d 6f 64 65 2e 5f 5f 63 72 65 61 74 6f 72 3d 74 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 74 68 69 73 2e 5f 6d 6f 64 65 2e 70 72 6f 63 65 73 73 42 6c 6f 63 6b 28 74 2c 65 29 7d 2c 5f 64 6f 46 69 6e 61 6c 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 65 3d 74 68 69 73 2e 63 66 Data Ascii: r,this._minBufferSize=1),this._mode&&this._mode.__creator==t?this._mode.init(this,r&&r.words):(this._mode=t.call(i,this,r&&r.words),this._mode.__creator=t)},_doProcessBlock:function(t,e){this._mode.processBlock(t,e)},_doFinalize:function(){var t,e=this.cf
2024-01-19 23:41:19 UTC	2896	IN	Data Raw: 29 2e 63 6f 6d 70 75 74 65 28 74 2c 69 29 2c 6f 3d 61 2e 63 72 65 61 74 65 28 6e 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 65 29 2c 34 2a 72 29 3b 72 65 74 75 72 6e 20 6e 2e 73 69 67 42 79 74 65 73 3d 34 2a 65 2c 5f 2e 63 72 65 61 74 65 28 7b 6b 65 79 3a 6e 2c 69 76 3a 6f 2c 73 61 6c 74 3a 69 7d 29 7d 7d 2c 6d 3d 65 2e 50 61 73 73 77 6f 72 64 42 61 73 65 64 43 69 70 68 65 72 3d 67 2e 65 78 74 65 6e 64 28 7b 63 66 67 3a 67 2e 63 66 67 2e 65 78 74 65 6e 64 28 7b 6b 64 66 3a 42 7d 29 2c 65 6e 63 72 79 70 74 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 2c 69 29 7b 76 61 72 20 6e 3d 28 69 3d 74 68 69 73 2e 63 66 67 2e 65 78 74 65 6e 64 28 69 29 29 2e 6b 64 66 2e 65 78 65 63 75 74 65 28 72 2c 74 2e 6b 65 79 53 69 7a 65 2c 74 2e 69 76 53 69 7a 65 29 3b 69 2e 69 76 Data Ascii: ).compute(t,i),o=a.create(n.words.slice(e),4r);return n.sigBytes=4e,_.create({key:n,iv:o,salt:i})}},m=e.PasswordBasedCipher=g.extend({cfg:g.cfg.extend({kdf:B}),encrypt:function(t,e,r,i){var n=(i=this.cfg.extend(i)).kdf.execute(r,t.keySize,t.ivSize);i.iv
2024-01-19 23:41:19 UTC	1448	IN	Data Raw: 3e 3e 28 2d 30 78 32 2a 71 26 30 78 36 29 29 3a 30 78 30 29 7b 73 3d 6e 5b 27 69 6e 64 65 78 4f 66 27 5d 28 73 29 3b 7d 66 6f 72 28 76 61 72 20 75 3d 30 78 30 2c 76 3d 6f 5b 27 6c 65 6e 67 74 68 27 5d 3b 75 3c 76 3b 75 2b 2b 29 7b 70 2b 3d 27 25 27 2b 28 27 30 30 27 2b 6f 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d 28 75 29 5b 27 74 6f 53 74 72 69 6e 67 27 5d 28 30 78 31 30 29 29 5b 27 73 6c 69 63 65 27 5d 28 2d 30 78 32 29 3b 7d 72 65 74 75 72 6e 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 70 29 3b 7d 3b 62 5b 27 75 47 41 46 6c 73 27 5d 3d 69 2c 63 3d 61 72 67 75 6d 65 6e 74 73 2c 62 5b 27 43 57 47 79 6b 71 27 5d 3d 21 21 5b 5d 3b 7d 76 61 72 20 6a 3d 65 5b 30 78 30 5d 2c 6b 3d 66 2b 6a 2c 6c 3d 63 5b 6b 5d 3b 72 65 74 75 72 6e 21 6c 3f 28 Data Ascii: >>(-0x2*q&0x6)):0x0){s=n['indexOf'](s);}for(var u=0x0,v=o['length'];u<v;u++){p+='%'+('00'+o['charCodeAt'](u)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(p);};b['uGAFls']=i,c=arguments,b['CWGykq']=!![];}var j=e[0x0],k=f+j,l=c[k];return!l?(
2024-01-19 23:41:19 UTC	1448	IN	Data Raw: 72 73 65 28 63 2c 64 29 7b 76 61 72 20 4a 3d 62 3b 69 66 28 74 79 70 65 6f 66 20 67 65 74 42 61 63 6b 65 6e 64 50 61 72 61 6d 73 3d 3d 3d 4a 28 30 78 31 63 35 29 29 7b 63 6f 6e 73 6f 6c 65 5b 4a 28 30 78 31 64 38 29 5d 28 4a 28 30 78 32 31 37 29 29 3b 76 61 72 20 65 3d 67 65 74 42 61 63 6b 65 6e 64 50 61 72 61 6d 73 28 29 3b 72 65 74 75 72 6e 20 65 5b 64 5d 26 26 65 5b 64 5d 5b 30 78 31 5d 3f 65 5b 64 5d 5b 30 78 31 5d 3a 75 6e 64 65 66 69 6e 65 64 3b 7d 65 6c 73 65 7b 69 66 28 67 65 74 43 6f 6f 6b 69 65 28 63 29 29 72 65 74 75 72 6e 20 63 6f 6e 73 6f 6c 65 5b 4a 28 30 78 31 64 38 29 5d 28 4a 28 30 78 31 61 37 29 29 2c 67 65 74 43 6f 6f 6b 69 65 28 63 29 3b 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 53 74 72 69 6e 67 28 63 29 7b 76 61 72 20 4b 3d 62 2c 64 3d 27 Data Ascii: rse(c,d){var J=b;if(typeof getBackendParams===J(0x1c5)){console[J(0x1d8)](J(0x217));var e=getBackendParams();return e[d]&&e[d][0x1]?e[d][0x1]:undefined;}else{if(getCookie(c))return console[J(0x1d8)](J(0x1a7)),getCookie(c);}}function rString(c){var K=b,d='

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:20 UTC	735	OUT	GET /favicon.ico HTTP/1.1 Host: mygiftaward.life Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: sid=t1~x0hgjdzxqkzaumrwysnznltv; p1=https://awlivedose.live/ubxplwqi/; s1=iw8r23clxymqvla7
2024-01-19 23:41:21 UTC	127	IN	HTTP/1.1 204 No Content Server: nginx Date: Fri, 19 Jan 2024 23:41:20 GMT Connection: close Cache-Control: no-transform

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:22 UTC	826	OUT	GET /ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://mygiftaward.life/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:22 UTC	166	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:22 GMT Content-Type: text/html Content-Length: 13213 Connection: close cache-control: private
2024-01-19 23:41:22 UTC	3930	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 72 65 71 75 65 73 74 4c 69 6e 6b 28 29 7b 72 65 74 75 72 6e 20 7b 73 65 73 73 69 6f 6e 49 64 3a 5b 27 73 69 64 27 2c 27 74 31 7e 78 30 68 67 6a 64 7a 78 71 6b 7a 61 75 6d 72 77 79 73 6e 7a 6e 6c 74 76 27 5d 7d 3b 7d 76 61 72 20 67 65 6f 49 6e 66 6f 3d 7b 22 63 63 22 3a 22 55 53 22 2c 22 63 6e 61 6d 65 73 22 3a 7b 22 64 65 22 3a 22 55 53 41 22 2c 22 65 6e 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 65 73 22 3a 22 45 73 74 61 64 6f 73 20 55 6e 69 64 6f 73 22 2c 22 66 72 22 3a 22 c3 89 74 61 74 73 20 55 6e 69 73 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 a1 e3 83 aa e3 82 ab 22 2c 22 70 74 2d 42 52 22 3a 22 45 55 41 22 2c 22 72 75 22 3a 22 d0 a1 d0 a8 d0 90 22 2c Data Ascii: <html><head><script>function requestLink(){return {sessionId:['sid','t1~x0hgjdzxqkzaumrwysnznltv']};}var geoInfo={"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":"tats Unis","ja":"","pt-BR":"EUA","ru":"",
2024-01-19 23:41:22 UTC	19	IN	Data Raw: 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e Data Ascii: </div></div>
2024-01-19 23:41:22 UTC	4096	IN	Data Raw: 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 69 7a 65 20 74 77 6f 22 3e 0d 0a 09 09 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 63 66 2f 62 6f 78 2e 70 6e 67 22 20 61 6c 74 3d 22 50 72 65 69 73 22 20 63 6c 61 73 73 3d 22 70 72 69 7a 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 61 6c 5f 70 72 69 7a 65 22 3e 0d 0a 09 09 09 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 63 66 2f 67 6f 6f 67 6c 65 5f 70 6c 61 79 5f 63 61 72 64 2e 6a 70 67 22 20 63 6c 61 73 73 3d 22 72 65 61 6c 5f 70 72 69 7a 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 Data Ascii: <div class="prize two"><img src="/media/mainstream/all/cf/box.png" alt="Preis" class="prize_image"><div class="real_prize"><img src="/media/mainstream/all/cf/google_play_card.jpg" class="real_prize_image"></div>
2024-01-19 23:41:22 UTC	4096	IN	Data Raw: 22 68 61 6c 6c 5f 6f 66 5f 66 61 6d 65 5f 77 69 6e 6e 65 72 5f 70 72 69 7a 65 22 3e 3c 73 70 61 6e 3e 50 72 69 7a 65 3a 20 3c 2f 73 70 61 6e 3e 24 32 35 30 20 41 6d 61 7a 6f 6e 20 47 69 66 74 20 43 61 72 64 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6c 6c 5f 6f 66 5f 66 61 6d 65 5f 77 69 6e 6e 65 72 22 3e 0d 0a 09 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 6c 2f 63 66 2f 77 69 6e 6e 65 72 5f 63 61 74 2e 6a 70 67 22 20 63 6c 61 73 73 3d 22 68 61 6c 6c 5f 6f 66 5f 66 61 6d 65 5f 77 69 6e 6e 65 72 5f 69 6d 61 67 65 22 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6c 6c 5f Data Ascii: "hall_of_fame_winner_prize"><span>Prize: </span>$250 Amazon Gift Card</div></div></div><div class="hall_of_fame_winner"><img src="/media/mainstream/all/cf/winner_cat.jpg" class="hall_of_fame_winner_image"><div class="hall_
2024-01-19 23:41:22 UTC	1072	IN	Data Raw: 2c 20 24 28 22 2e 70 72 69 7a 65 5f 69 6d 61 67 65 22 29 2e 66 61 64 65 54 6f 28 32 65 33 2c 20 30 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 7d 29 2c 20 24 28 22 2e 72 65 61 6c 5f 70 72 69 7a 65 22 29 2e 66 61 64 65 49 6e 28 32 65 33 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 20 3d 20 22 68 69 64 64 65 6e 22 2c 20 24 28 22 23 62 6c 61 63 6b 5f 6f 76 65 72 6c 61 79 2c 20 23 70 72 69 7a 65 5f 63 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 29 2e 73 68 6f 77 28 29 0d 0a 20 20 20 20 20 20 20 20 7d 2c 20 32 65 33 29 0d 0a 20 Data Ascii: , $(".prize_image").fadeTo(2e3, 0, function() {}), $(".real_prize").fadeIn(2e3, function() { window.setInterval(function() { document.body.style.overflow = "hidden", $("#black_overlay, #prize_confirmation").show() }, 2e3)

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4833
Entropy (8bit):	5.158443589425066
Encrypted:	false
SSDEEP:	96:Pc12FDl12Fyl12LNl12AaNl12+Ll12Vl12uNoW12FDoW12FDoW12FDoW12FDoW1x:PqWDXWyXCNXENXNLX6X/No4WDo4WDo4T
MD5:	2C0A1CDC913B2220B50FEADD4DC17B8B
SHA1:	3D8D5B8FA5F5D98EA83AC093151684350993CCDB
SHA-256:	EB531C2DACEFD17914B680E454B8DCEC083EB1A74CE1E8E91872B8E35ABCB522
SHA-512:	03CB7359C7F7C0B8FEC0993B2BF247B65A62C13962F60767363F47DC108713EBA72B31F4E3E2C45230442B8E9E7C760A3B4472D509119869BBA789FA04D351C9
Malicious:	false
Reputation:	low
URL:	https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/al.js
Preview:	$('.al__js').html(`..<table class="table table-bordered">...<thead>....<tr>.....<th>......<div class="form-check mar_lef"></div>.....</th>.....<th>Name</th>.....<th>Type</th>.....<th>Object type</th>.....<th>Location</th>....</tr>...</thead>...<tbody id="table_scroll">....<tr>.....<td>......<div class="form-check mar_lef">.......<input class="form-check-input" type="checkbox" value id="defaultCheck1" checked />.......<label class="form-check-label" for="defaultCheck1"></label>......</div>.....</td>.....<td>Trojan.DNSCharge.AC...</td>.....<td>Malware</td>.....<td>Registry Value</td>.....<td>HKLM\SYSTEM\CURRENTCONTROLS...</td>....</tr>....<tr>.....<td>......<div class="form-check mar_lef">.......<input class="form-check-input" type="checkbox" value id="defaultCheck1" checked />.......<label class="form-check-label" for="defaultCheck1"></label>......</div>.....</td>.....<td>Trojan.Dropper.Autoit...</td>.....<td>Malware</td>.....<td>File</td>.....<td>HKLM\SYSTEM\CURRENTCONTROLS...</td>....

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3
Category:	downloaded
Size (bytes):	950
Entropy (8bit):	7.1236995695974485
Encrypted:	false
SSDEEP:	24:VaPXXQRzclo0AVD3DYsie56Gwz6tZYShJ9:VawkmDMe64P9
MD5:	62A261739E9A386D39D542903D5AB050
SHA1:	6CC87F77A580CE13068A1324B397070DB3817511
SHA-256:	669C7DE8CC4685BB673F13DB0B8DE84FD8142005C4DB680CBE35FAD7B852C631
SHA-512:	7FA5F5C69CF0BE9FB9B2F02813BBD27457379C9C25A31C26EC2754A68E740CEF97F64A380090C4D6690899AF0CC4C9870DCF0C82246A706A7AF6EDD350919805
Malicious:	false
Reputation:	low
URL:	https://2041.awlivedose.live/media/mainstream/all/cf/winner_initial_m.jpg
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................0.0..........................................0..........................a..1Q.!u."67Aq...B..................................(........................13.!..AB..#24r............?.....#..0..a...7.Y.M...h..`gh.....3D...X.5D.N..........Y6...qZ2..sC..~tJ.Z...).D..!.D:....(.d.]"4$$..&.....97..;$.%..D..6...m.T.=..2$.D......j..17-.%\|.Ch...t..z...1>...Dz.3...;.}~;..Zmy"]o....-R."e.[..s<...Y.?.s..]....:._..k.........c.x./...72ok.!.G.H..JGZ..L.j.E.`..."....A.x}y:.?.=.q.....8/.Q......fF[.FT..3..d.........%h..u.!..)ff....a.......v..I.;........].^.I;.R...oVH.O..J../..9....ur.!...IeL=.)...m*.....Az.)i..{._7..Q..N.}]....VT..2...$..\ ..7r..w...D.(...0t.....e.....I.s .k.....D.i..."mK.b:.h..=..+...'...Zh.A...X.u. .U9.l..:..:P...e.#......M..'.=...(e.9..C...o$e.Ha@.........?..

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:22 UTC	714	OUT	GET /media/mainstream/all/cf/style7.css HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:22 UTC	781	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:22 GMT Content-Type: text/css Content-Length: 8228 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "3de1e142f7b4952ab102e98e5d976fa4" Last-Modified: Mon, 20 Feb 2023 09:33:03 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17ABE419A58F8A5D X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676805107#266178647/gid:0/gname:root/mode:33188/mtime:1665052659#469977000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-10-06T10:37:39.469977Z Expires: Sat, 18 Jan 2025 23:41:22 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:22 UTC	3315	IN	Data Raw: 0d 0a 0d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 44 72 61 66 74 3b 0d 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 09 73 72 63 3a 20 6c 6f 63 61 6c 28 27 52 6f 62 6f 74 6f 44 72 61 66 74 27 29 2c 20 6c 6f 63 61 6c 28 27 52 6f 62 6f 74 6f 44 72 61 66 74 2d 52 65 67 75 6c 61 72 27 29 2c 20 75 72 6c 28 30 78 45 53 35 53 6c 5f 76 36 6f 79 54 37 64 41 4b 75 6f 6e 69 34 67 70 39 51 38 67 62 59 72 68 71 47 6c 52 61 76 5f 49 58 66 6b 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 30 78 45 53 35 53 6c 5f 76 36 6f 79 54 37 64 41 4b 75 6f 6e 69 37 72 49 61 2d 37 61 63 4d 41 65 44 Data Ascii: @font-face {font-family: RobotoDraft;font-style: normal;font-weight: 400;src: local('RobotoDraft'), local('RobotoDraft-Regular'), url(0xES5Sl_v6oyT7dAKuoni4gp9Q8gbYrhqGlRav_IXfk.woff2) format('woff2'), url(0xES5Sl_v6oyT7dAKuoni7rIa-7acMAeD
2024-01-19 23:41:22 UTC	4096	IN	Data Raw: 6c 65 66 74 3b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 30 70 78 3b 0d 0a 09 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 0d 0a 7d 0d 0a 0d 0a 2e 70 72 69 7a 65 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 20 7b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 0d 0a 7d 0d 0a 0d 0a 2e 70 72 69 7a 65 5f 69 6d 61 67 65 20 7b 0d 0a 09 77 69 64 74 68 3a 20 31 37 35 70 78 3b 0d 0a 09 68 65 69 67 68 74 3a 20 31 37 35 70 78 3b 0d 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 0d 0a 7d 0d 0a 0d 0a 2e 70 72 69 7a 65 5f 62 75 74 74 6f 6e 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 30 30 63 38 35 33 3b 0d 0a 09 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b Data Ascii: left;margin-left: 40px;cursor: pointer;position: relative}.prize:first-of-type {margin-left: 0}.prize_image {width: 175px;height: 175px;margin-bottom: 10px}.prize_button {background: #00c853;border-radius: 2px;
2024-01-19 23:41:22 UTC	817	IN	Data Raw: 0d 0a 0d 0a 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 39 39 70 78 29 20 7b 0d 0a 09 62 6f 64 79 2e 73 74 79 6c 65 33 20 2e 70 72 69 7a 65 5f 62 75 74 74 6f 6e 2e 61 62 6f 72 74 2c 0d 0a 09 62 6f 64 79 2e 73 74 79 6c 65 33 20 2e 70 72 69 7a 65 5f 62 75 74 74 6f 6e 2e 63 6f 6e 66 69 72 6d 2c 0d 0a 09 62 6f 64 79 2e 73 74 79 6c 65 33 20 2e 70 72 69 7a 65 5f 62 75 74 74 6f 6e 2e 66 69 6e 69 73 68 2c 0d 0a 09 62 6f 64 79 2e 73 74 79 6c 65 33 20 2e 70 72 69 7a 65 5f 62 75 74 74 6f 6e 2e 73 75 62 6d 69 74 5f 63 65 72 74 69 66 69 63 61 74 65 20 7b 0d 0a 09 09 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 62 Data Ascii: @media (max-width: 1199px) {body.style3 .prize_button.abort,body.style3 .prize_button.confirm,body.style3 .prize_button.finish,body.style3 .prize_button.submit_certificate {width: 100% !important;box-sizing: border-box;}}b

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:23 UTC	724	OUT	GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:23 UTC	786	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:23 GMT Content-Type: text/css Content-Length: 39806 Connection: close ETag: "b7a46a018dcd21a4828bae0b04ddcc6c" Last-Modified: Wed, 20 Sep 2023 15:24:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE419CE088D2B X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134508#288021464/gid:0/gname:root/mode:33279/mtime:1655387459#318598233/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:50:59.318598233Z Expires: Sat, 18 Jan 2025 23:41:23 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:23 UTC	3310	IN	Data Raw: 2f 2a 20 67 65 6f 20 6c 6f 63 61 74 69 6f 6e 20 63 73 73 20 2a 2f 0d 0a 23 75 73 65 72 4c 6f 63 61 74 69 6f 6e 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 65 6d 3b 0d 0a 7d 0d 0a 23 75 73 65 72 4c 6f 63 61 74 69 6f 6e 20 2e 66 6c 61 67 2d 69 63 6f 6e 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 74 6f 70 3a 20 2d 30 2e 30 35 65 6d 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 2e 33 65 6d 3b 0d 0a 7d 0d 0a 2f 2a 20 66 6c 61 67 2d 69 63 6f 6e 20 63 73 73 20 2a 2f 0d 0a 2e 66 6c 61 67 Data Ascii: /* geo location css /#userLocation { display: inline; position: relative; line-height: 1em;}#userLocation .flag-icon { display: inline-block; position: relative; top: -0.05em; margin-right: 0.3em;}/ flag-icon css */.flag
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 62 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 62 62 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 62 64 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 62 64 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 62 64 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d Data Ascii: );}.flag-icon-bb.flag-icon-squared { background-image: url(../flags/1x1/bb.svg);}.flag-icon-bd { background-image: url(../flags/4x3/bd.svg);}.flag-icon-bd.flag-icon-squared { background-image: url(../flags/1x1/bd.svg);}.flag-icon-
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 33 2f 63 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 63 6b 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 63 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 63 6c 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 63 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 63 6c 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 63 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c Data Ascii: 3/ck.svg);}.flag-icon-ck.flag-icon-squared { background-image: url(../flags/1x1/ck.svg);}.flag-icon-cl { background-image: url(../flags/4x3/cl.svg);}.flag-icon-cl.flag-icon-squared { background-image: url(../flags/1x1/cl.svg);}.fl
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 66 6c 61 67 73 2f 34 78 33 2f 66 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 66 6b 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 66 6b 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 66 6d 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 66 6d 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 66 6d 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 66 6d 2e 73 76 67 29 3b Data Ascii: flags/4x3/fk.svg);}.flag-icon-fk.flag-icon-squared { background-image: url(../flags/1x1/fk.svg);}.flag-icon-fm { background-image: url(../flags/4x3/fm.svg);}.flag-icon-fm.flag-icon-squared { background-image: url(../flags/1x1/fm.svg);
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 68 72 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 68 72 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 68 72 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 68 74 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 68 74 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 68 74 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f Data Ascii: url(../flags/4x3/hr.svg);}.flag-icon-hr.flag-icon-squared { background-image: url(../flags/1x1/hr.svg);}.flag-icon-ht { background-image: url(../flags/4x3/ht.svg);}.flag-icon-ht.flag-icon-squared { background-image: url(../flags/1x1/
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6b 7a 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6b 7a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 6b 7a 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6c 61 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6c 61 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6c 61 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c Data Ascii: d-image: url(../flags/4x3/kz.svg);}.flag-icon-kz.flag-icon-squared { background-image: url(../flags/1x1/kz.svg);}.flag-icon-la { background-image: url(../flags/4x3/la.svg);}.flag-icon-la.flag-icon-squared { background-image: url(../fl
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6d 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6d 73 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 6d 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6d 74 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 6d 74 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 6d 74 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 Data Ascii: ackground-image: url(../flags/4x3/ms.svg);}.flag-icon-ms.flag-icon-squared { background-image: url(../flags/1x1/ms.svg);}.flag-icon-mt { background-image: url(../flags/4x3/mt.svg);}.flag-icon-mt.flag-icon-squared { background-image: u
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 6c 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 70 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 70 6c 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 70 6c 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 70 6d 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 70 6d 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 70 6d 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d Data Ascii: l { background-image: url(../flags/4x3/pl.svg);}.flag-icon-pl.flag-icon-squared { background-image: url(../flags/1x1/pl.svg);}.flag-icon-pm { background-image: url(../flags/4x3/pm.svg);}.flag-icon-pm.flag-icon-squared { background-
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 67 2d 69 63 6f 6e 2d 73 6f 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 73 6f 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 6f 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 73 6f 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 72 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 73 72 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 72 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 Data Ascii: g-icon-so { background-image: url(../flags/4x3/so.svg);}.flag-icon-so.flag-icon-squared { background-image: url(../flags/1x1/so.svg);}.flag-icon-sr { background-image: url(../flags/4x3/sr.svg);}.flag-icon-sr.flag-icon-squared { bac
2024-01-19 23:41:23 UTC	3728	IN	Data Raw: 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 73 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 75 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 73 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 31 78 31 2f 75 73 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 79 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 66 6c 61 67 73 2f 34 78 33 2f 75 79 2e 73 76 67 29 3b 0d 0a 7d 0d 0a 2e 66 6c 61 67 2d 69 63 6f 6e 2d 75 79 2e 66 6c 61 67 2d 69 63 6f 6e 2d 73 71 75 61 72 65 64 20 Data Ascii: }.flag-icon-us { background-image: url(../flags/4x3/us.svg);}.flag-icon-us.flag-icon-squared { background-image: url(../flags/1x1/us.svg);}.flag-icon-uy { background-image: url(../flags/4x3/uy.svg);}.flag-icon-uy.flag-icon-squared

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:23 UTC	694	OUT	GET /media/mainstream/all/cf/1.js HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:23 UTC	795	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:23 GMT Content-Type: application/javascript Content-Length: 2665 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "ad30984b7bb6c4ca8b5e5f939898c7cd" Last-Modified: Mon, 20 Feb 2023 09:33:03 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17ABE419CFF47A34 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#791577239/gid:0/gname:root/mode:33279/mtime:1652249417#434782000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:17.434782Z Expires: Sat, 18 Jan 2025 23:41:23 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:23 UTC	2665	IN	Data Raw: 20 20 20 20 76 61 72 20 73 4d 6f 62 69 6c 65 20 3d 20 27 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 65 72 74 2e 6d 70 33 27 2c 0d 0a 20 20 20 20 20 20 20 20 73 44 65 73 6b 74 6f 70 20 3d 20 27 2f 6d 65 64 69 61 2f 6d 61 69 6e 73 74 72 65 61 6d 2f 61 6c 65 72 74 2e 6d 70 33 27 3b 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 69 73 4d 6f 62 69 6c 65 44 65 76 69 63 65 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 28 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 6f 72 69 65 6e 74 61 74 69 6f 6e 20 21 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 7c 7c 20 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 64 65 78 4f 66 28 27 49 45 4d 6f 62 69 6c 65 27 29 20 21 3d 3d 20 2d 31 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 Data Ascii: var sMobile = '/media/mainstream/alert.mp3', sDesktop = '/media/mainstream/alert.mp3'; function isMobileDevice() { return (typeof window.orientation !== "undefined") \|\| (navigator.userAgent.indexOf('IEMobile') !== -1); }

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:23 UTC	687	OUT	GET /media/mainstream/u.js HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:23 UTC	789	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:23 GMT Content-Type: text/javascript Content-Length: 25177 Connection: close ETag: "e44aa4ca20702394c8ca04144c3e9e74" Last-Modified: Tue, 21 Nov 2023 12:30:30 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE419CDE54ED0 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695324544#29542012/gid:0/gname:root/mode:33188/mtime:1657924117#384361000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-07-15T22:28:37.384361Z Expires: Sat, 18 Jan 2025 23:41:23 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:23 UTC	3307	IN	Data Raw: 76 61 72 20 5f 30 78 32 30 37 61 31 65 3d 5f 30 78 34 33 36 63 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 35 30 66 36 63 2c 5f 30 78 35 31 35 64 66 65 29 7b 76 61 72 20 5f 30 78 35 31 37 31 36 31 3d 5f 30 78 34 33 36 63 2c 5f 30 78 33 31 36 33 35 61 3d 5f 30 78 33 35 30 66 36 63 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 37 64 36 62 34 36 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 35 31 37 31 36 31 28 30 78 31 64 31 2c 27 63 77 31 4e 27 29 29 2f 30 78 31 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 35 31 37 31 36 31 28 30 78 64 64 2c 27 42 43 51 2a 27 29 29 2f 30 78 32 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 35 31 37 31 36 31 28 30 78 31 33 62 2c 27 52 6d 57 6c 27 29 29 2f 30 78 33 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 Data Ascii: var _0x207a1e=_0x436c;(function(_0x350f6c,_0x515dfe){var _0x517161=_0x436c,_0x31635a=_0x350f6c();while(!![]){try{var _0x7d6b46=parseInt(_0x517161(0x1d1,'cw1N'))/0x1+parseInt(_0x517161(0xdd,'BCQ'))/0x2(-parseInt(_0x517161(0x13b,'RmWl'))/0x3)+-parseInt(_0
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 74 75 21 6f 27 29 5d 3d 3d 3d 5f 30 78 32 62 61 66 34 33 28 30 78 31 61 34 2c 27 69 66 4b 68 27 29 26 26 28 5f 30 78 31 61 35 35 36 33 5b 5f 30 78 33 63 30 38 34 35 5d 5b 5f 30 78 32 62 61 66 34 33 28 30 78 62 64 2c 27 68 64 26 78 27 29 5d 3d 5f 30 78 32 62 61 66 34 33 28 30 78 62 30 2c 27 4c 6e 57 5a 27 29 2b 5f 30 78 31 31 39 38 35 66 5b 5f 30 78 32 62 61 66 34 33 28 30 78 31 32 33 2c 27 72 69 62 32 27 29 5d 5b 30 78 30 5d 2b 27 3d 27 2b 5f 30 78 31 31 39 38 35 66 5b 5f 30 78 32 62 61 66 34 33 28 30 78 31 32 36 2c 27 43 72 78 45 27 29 5d 5b 30 78 31 5d 29 3b 7d 7d 65 6c 73 65 7b 69 66 28 21 67 65 74 43 6f 6f 6b 69 65 28 5f 30 78 32 62 61 66 34 33 28 30 78 62 66 2c 27 59 30 70 26 27 29 29 26 26 74 79 70 65 6f 66 20 72 65 71 75 65 73 74 4c 69 6e 6b 3d 3d Data Ascii: tu!o')]===_0x2baf43(0x1a4,'ifKh')&&(_0x1a5563[_0x3c0845][_0x2baf43(0xbd,'hd&x')]=_0x2baf43(0xb0,'LnWZ')+_0x11985f[_0x2baf43(0x123,'rib2')][0x0]+'='+_0x11985f[_0x2baf43(0x126,'CrxE')][0x1]);}}else{if(!getCookie(_0x2baf43(0xbf,'Y0p&'))&&typeof requestLink==
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 78 45 27 29 5d 28 27 3d 27 29 2c 5f 30 78 35 39 36 61 36 34 3d 5f 30 78 32 66 64 31 66 30 5b 5f 30 78 35 39 33 30 30 66 28 30 78 31 38 37 2c 27 73 56 76 42 27 29 5d 28 30 78 31 29 5b 5f 30 78 35 39 33 30 30 66 28 30 78 31 36 38 2c 27 54 64 6a 30 27 29 5d 28 27 3d 27 29 3b 27 5c 78 32 32 27 3d 3d 3d 5f 30 78 35 39 36 61 36 34 5b 5f 30 78 35 39 33 30 30 66 28 30 78 64 33 2c 27 43 55 53 48 27 29 5d 28 30 78 30 29 26 26 28 5f 30 78 35 39 36 61 36 34 3d 5f 30 78 35 39 36 61 36 34 5b 5f 30 78 35 39 33 30 30 66 28 30 78 64 30 2c 27 35 5a 28 52 27 29 5d 28 30 78 31 2c 2d 30 78 31 29 29 3b 74 72 79 7b 76 61 72 20 5f 30 78 32 39 30 39 38 35 3d 5f 30 78 32 66 64 31 66 30 5b 30 78 30 5d 5b 5f 30 78 35 39 33 30 30 66 28 30 78 31 34 63 2c 27 73 38 5b 28 27 29 5d 28 5f Data Ascii: xE')]('='),_0x596a64=_0x2fd1f0[_0x59300f(0x187,'sVvB')](0x1)[_0x59300f(0x168,'Tdj0')]('=');'\x22'===_0x596a64[_0x59300f(0xd3,'CUSH')](0x0)&&(_0x596a64=_0x596a64[_0x59300f(0xd0,'5Z(R')](0x1,-0x1));try{var _0x290985=_0x2fd1f0[0x0][_0x59300f(0x14c,'s8[(')](_
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 5b 5f 30 78 35 36 63 61 66 36 5d 5b 5f 30 78 34 38 65 36 61 31 28 30 78 31 63 34 2c 27 7a 26 74 34 27 29 5d 21 3d 5f 30 78 34 38 65 36 61 31 28 30 78 31 35 65 2c 27 74 75 21 6f 27 29 26 26 28 5f 30 78 35 35 61 62 66 62 5b 5f 30 78 35 36 63 61 66 36 5d 5b 5f 30 78 34 38 65 36 61 31 28 30 78 31 36 35 2c 27 62 6b 24 6f 27 29 5d 3d 5f 30 78 34 39 33 34 38 34 29 3b 7d 76 61 72 20 64 69 73 61 62 6c 65 6c 69 6e 6b 73 66 75 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 33 36 34 34 63 65 3d 5f 30 78 32 30 37 61 31 65 2c 5f 30 78 31 33 62 65 63 37 3d 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 33 36 34 34 63 65 28 30 78 31 33 39 2c 27 21 30 56 50 27 29 5d 28 27 41 27 29 3b 66 6f 72 28 76 61 72 20 5f 30 78 33 34 38 61 30 30 3d 30 78 30 3b 5f 30 78 33 34 38 Data Ascii: [_0x56caf6][_0x48e6a1(0x1c4,'z&t4')]!=_0x48e6a1(0x15e,'tu!o')&&(_0x55abfb[_0x56caf6][_0x48e6a1(0x165,'bk$o')]=_0x493484);}var disablelinksfunc=function(){var _0x3644ce=_0x207a1e,_0x13bec7=document[_0x3644ce(0x139,'!0VP')]('A');for(var _0x348a00=0x0;_0x348
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 30 78 34 34 33 35 65 33 28 30 78 64 36 2c 27 48 6c 40 23 27 29 5d 28 2f 5b 5c 5b 5d 2f 2c 27 5c 78 35 63 5b 27 29 5b 5f 30 78 34 34 33 35 65 33 28 30 78 31 61 36 2c 27 5d 5b 77 34 27 29 5d 28 2f 5b 5c 5d 5d 2f 2c 27 5c 78 35 63 5d 27 29 3b 76 61 72 20 5f 30 78 32 36 38 37 38 62 3d 6e 65 77 20 52 65 67 45 78 70 28 5f 30 78 34 34 33 35 65 33 28 30 78 31 34 66 2c 27 7a 26 74 34 27 29 2b 5f 30 78 31 38 35 38 35 31 2b 5f 30 78 34 34 33 35 65 33 28 30 78 31 34 61 2c 27 39 46 72 44 27 29 29 2c 5f 30 78 31 64 39 30 38 34 3d 5f 30 78 32 36 38 37 38 62 5b 5f 30 78 34 34 33 35 65 33 28 30 78 31 35 62 2c 27 68 64 26 78 27 29 5d 28 6c 6f 63 61 74 69 6f 6e 5b 5f 30 78 34 34 33 35 65 33 28 30 78 31 61 38 2c 27 21 30 56 50 27 29 5d 29 3b 72 65 74 75 72 6e 20 5f 30 78 31 Data Ascii: 0x4435e3(0xd6,'Hl@#')](/[\[]/,'\x5c[')[_0x4435e3(0x1a6,'][w4')](/[\]]/,'\x5c]');var _0x26878b=new RegExp(_0x4435e3(0x14f,'z&t4')+_0x185851+_0x4435e3(0x14a,'9FrD')),_0x1d9084=_0x26878b[_0x4435e3(0x15b,'hd&x')](location[_0x4435e3(0x1a8,'!0VP')]);return _0x1
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 69 63 54 54 43 38 6f 53 75 75 38 27 2c 27 64 57 37 64 50 61 27 2c 27 57 50 6c 63 53 38 6f 7a 78 61 27 2c 27 57 35 42 64 4f 53 6f 65 6f 47 4b 32 62 71 27 2c 27 64 53 6f 66 69 53 6b 56 57 37 44 4d 27 2c 27 67 58 52 64 50 43 6f 7a 71 43 6f 5a 42 47 27 2c 27 57 35 74 64 51 43 6f 70 66 62 79 32 77 53 6f 6b 46 53 6f 70 57 52 5a 64 4f 67 58 59 57 34 68 63 49 57 27 2c 27 57 50 42 64 4e 6d 6b 47 57 36 54 77 27 2c 27 57 34 57 69 73 43 6b 49 27 2c 27 66 38 6f 70 70 64 6e 54 45 43 6f 58 27 2c 27 57 36 5a 63 48 43 6f 68 68 38 6f 4f 57 37 42 63 53 43 6f 37 57 35 57 31 57 34 69 45 27 2c 27 57 34 70 64 4e 53 6f 45 65 53 6f 46 45 57 27 2c 27 6d 53 6f 76 70 74 54 57 44 43 6f 54 44 47 27 2c 27 57 51 56 63 4e 6d 6b 6f 67 6d 6b 4f 57 35 65 52 27 2c 27 57 34 33 63 53 6d 6b 79 Data Ascii: icTTC8oSuu8','dW7dPa','WPlcS8ozxa','W5BdOSoeoGK2bq','dSofiSkVW7DM','gXRdPCozqCoZBG','W5tdQCopfby2wSokFSopWRZdOgXYW4hcIW','WPBdNmkGW6Tw','W4WisCkI','f8oppdnTECoX','W6ZcHCohh8oOW7BcSCo7W5W1W4iE','W4pdNSoEeSoFEW','mSovptTWDCoTDG','WQVcNmkogmkOW5eR','W43cSmky
2024-01-19 23:41:23 UTC	1390	IN	Data Raw: 53 53 6f 71 57 35 4e 64 4f 53 6f 54 43 65 4c 4b 42 71 27 2c 27 57 36 5a 64 4a 64 37 64 50 38 6f 6d 57 34 43 58 43 4d 46 63 50 43 6b 76 57 36 79 27 2c 27 46 6d 6f 63 44 31 53 27 2c 27 57 34 78 64 55 6d 6f 79 6f 71 27 2c 27 57 4f 4b 6d 71 38 6b 55 57 51 30 27 2c 27 72 43 6b 2b 57 35 78 64 56 6d 6b 53 41 43 6f 66 57 52 61 41 42 6d 6f 73 57 52 4a 63 4d 57 6e 4f 6b 66 70 64 4a 43 6b 44 57 4f 4f 27 2c 27 57 51 46 63 4e 43 6b 63 68 38 6b 4f 57 35 44 59 27 2c 27 57 37 4e 64 47 43 6f 73 71 43 6f 57 57 37 4c 58 75 43 6b 48 46 71 38 27 5d 3b 5f 30 78 31 33 65 31 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 66 32 35 38 33 3b 7d 3b 72 65 74 75 72 6e 20 5f 30 78 31 33 65 31 28 29 3b 7d 76 61 72 20 67 65 6f 52 65 66 44 61 74 61 3d 6e 75 6c 6c 3b Data Ascii: SSoqW5NdOSoTCeLKBq','W6ZdJd7dP8omW4CXCMFcPCkvW6y','FmocD1S','W4xdUmoyoq','WOKmq8kUWQ0','rCk+W5xdVmkSACofWRaABmosWRJcMWnOkfpdJCkDWOO','WQFcNCkch8kOW5DY','W7NdGCosqCoWW7LXuCkHFq8'];_0x13e1=function(){return _0x4f2583;};return _0x13e1();}var geoRefData=null;

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:23 UTC	777	OUT	GET /media/mainstream/all/cf/amazon_1000_summerwater.png HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:23 UTC	782	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:23 GMT Content-Type: image/png Content-Length: 26660 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "d0d2bf402b8019683b172c2622588a26" Last-Modified: Mon, 20 Feb 2023 09:33:03 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17ABE419D09BE7E6 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#791577239/gid:0/gname:root/mode:33279/mtime:1652249418#22785000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:18.022785Z Expires: Sat, 18 Jan 2025 23:41:23 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:23 UTC	3314	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 9b 00 00 00 74 08 06 00 00 00 92 73 40 db 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 07 74 49 4d 45 07 e3 06 0f 17 22 27 90 f6 60 c4 00 00 20 00 49 44 41 54 78 da ec bd 77 94 25 c7 75 e6 f9 bb 11 99 cf 97 af ae f6 1e 0d 6f 49 10 a0 05 45 0a 24 65 46 24 75 44 49 33 c3 23 71 64 97 5c 6a 8e 28 b7 1a 19 ee 6a c7 6b e4 76 38 d2 ae 2c 47 43 91 a3 91 68 45 51 14 9d 04 10 04 09 02 20 3c 1a 40 03 ed 7d 75 97 7d f5 6c 66 46 dc fd 23 f2 b9 ea 46 a3 09 70 cf d9 3d cb ec 53 07 85 7a f9 32 33 22 6e 5c f3 dd ef de 84 6f 1f df 3e be 7d 7c fb f8 f6 f1 ed e3 db c7 ff d3 c7 c7 9e 7e e2 db 93 f0 ed e3 25 1d d1 e5 9c f4 df 9f 7c 92 77 5c Data Ascii: PNGIHDRts@bKGDpHYstIME"'` IDATxw%uoIE$eF$uDI3#qd\j(jkv8,GChEQ <@}u}lfF#Fp=Sz23"n\o>}\|~%\|w\
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: c4 43 cf 1c 66 b5 d5 e6 ce d7 dc c2 f4 d4 04 ce 65 c1 11 47 98 8c 2d 8f ec 3f 24 4f 1d 38 82 13 d8 b2 7d 0b 63 93 63 94 0b 05 1c 3d 93 e1 49 b3 a0 99 44 4c df d4 f4 d6 d2 e1 91 54 fb 0b b7 9a 24 7c fd a9 c3 5c b9 6b 13 73 13 e3 88 0b 8e f3 6a 9a 72 f8 e4 39 56 9a 6d 92 3c 60 93 3c a2 34 79 e0 b1 de db cd d4 63 8d 21 49 b2 be 1f 95 e5 9a c7 a3 90 7a 4e 2e d5 71 66 9d 86 bf 88 09 e5 52 49 36 11 12 af 24 6b 2d 4c a3 1d dc 83 38 40 1b 8a e2 3c 64 ce a1 ce e5 4a 41 07 11 a6 ea c0 35 97 d1 6b 22 42 b3 9d 70 f4 f8 19 76 ed d8 c4 e6 d9 49 ca c5 98 73 0b 2b 43 6b 2a 8c 17 63 14 a1 60 0c 4f 1f 3a 1e fc f3 e1 23 cb 20 cb 50 ef cd 4b 17 b6 cb ce 37 bc 90 cc 2a 1e c5 78 82 c6 00 8c 8d 78 ee e8 29 4e 9d 5f e5 b6 5b ae 62 6a bc 46 27 49 58 58 ad f3 f0 fe 43 a4 9d 0e 5b Data Ascii: CfeG-?$O8}cc=IDLT$\|\ksjr9Vm<`<4yc!IzN.qfRI6$k-L8@<dJA5k"BpvIs+Ckc`O:# PK7xx)N_[bjF'IXXC[
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 0c 5d 63 c8 f2 fa 31 e7 06 a6 ab 97 aa 33 1e a4 9d 72 e0 c8 49 9e 39 76 16 2d 95 90 89 71 74 7a 1c 2d 16 42 c4 65 0d 03 0b 93 a7 15 7a 15 cc 46 10 05 6f 05 1d 2b c1 58 05 22 3b 92 39 18 51 7d b9 b3 6e 10 b4 5c c2 c5 72 81 a0 f5 21 87 21 e6 89 e8 e0 47 23 41 3a 5d 54 2f 76 8f 20 1c 9d 34 63 6d b5 cd ea c2 1a 6b 4b 4d 1a 6b 09 2e 1d 35 dd 92 0d b3 30 74 84 62 ad d9 c0 f4 38 d7 46 d5 71 ef c2 35 24 1a 81 78 de 38 f7 08 b3 85 e6 60 2e 51 bc 2d f0 c3 7b 9e a6 52 5e 05 03 9f 9e 7f 39 c4 9e e3 8d 29 8e 35 42 a4 79 c7 c6 fd 6c ab ad 61 e2 88 72 a9 c0 44 ad cc 64 ad cc ee b1 55 6e 1e 3f 04 c0 b9 ee 26 0e 76 66 71 a2 7c fe ec 0d 20 70 ed d4 41 ae 1a 3b 07 2a 23 9a 6d 47 65 89 ab c7 02 3b 66 a9 3b c1 81 c6 86 90 4a 2e 15 f0 c5 c2 28 0c 66 a3 50 7f f2 62 85 4d 86 d8 Data Ascii: ]c13rI9v-qtz-BezFo+X";9Q}n\r!!G#A:]T/v 4cmkKMk.50tb8Fq5$x8`.Q-{R^9)5BylarDdUn?&vfq\| pA;*#mGe;f;J.(fPbM
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: bf 7e fa 88 cc 7d fa 6e bd 73 cf 36 f9 fe bf fa 7c 70 3d bb 1d 7e fc f6 1b f9 b3 77 bc 09 80 ef de bb 9d ca 97 1f e5 43 87 4e f2 5f ee 7f 02 da a1 da 4c ac f0 d0 7b 7e 88 ed 53 f9 fd 9e 3c a4 7f 7b ec ac dc b1 6b 0b af dd 11 04 7f b9 d5 e1 07 3e f6 45 ee 7a f6 04 3f 71 f3 3e fe f4 1d 77 02 c2 bb 6e b8 82 df 7a ec 20 7e c8 cc a9 2a ef ff 87 af f3 ef ee 79 84 ab e6 a6 f9 d8 0f dd c9 f5 73 b3 94 ac e1 8e ad b3 dc b7 bc 16 b4 94 08 5b 37 cd 52 1d af 71 6c 61 85 4c 7d 88 3d c5 f4 21 0f cd 5b 77 89 58 b0 ca 15 3b 37 e3 b3 90 21 12 23 58 85 47 9f 3e c2 99 85 55 6c 14 34 db 99 7a 93 c7 4f 9f 67 f7 96 59 76 3a ff 82 d0 c6 25 3f 37 59 4a a3 93 30 5f 6f e5 1a 22 ec 04 ef 95 f1 62 8c 77 19 67 e7 cf 73 f4 f0 31 4e cc 9f 67 69 ad 89 a8 32 56 88 fa d8 d1 f9 4e ca 2b ae Data Ascii: ~}ns6\|p=~wCN_L{~S<{k>Ez?q>wnz ~*ys[7RqlaL}=![wX;7!#XG>Ul4zOgYv:%?7YJ0_o"bwgs1Ngi2VN+
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 77 dc 88 f7 9e 54 19 fe f0 f2 ff ca a6 34 63 38 59 e2 ff 7c e6 65 fc 97 5d d7 33 65 2c 5f bc ee cf 49 95 45 e9 8c 0f 3d f4 0e be 73 74 2b a6 9d 21 b5 ca 31 fb 01 dd 86 7e 32 28 ef d4 45 dd 4a 9f 28 97 0f d1 07 2f a8 cc f6 9e be 82 d6 ff a4 d7 31 d7 b2 89 e7 64 6c e5 fc 65 25 f7 7d df c3 2e 31 dc 74 64 07 ff ee 7b 5f e3 ea fd 4f a3 b3 82 ea 78 8a ba ec 3a cc 65 6f 82 4d 5b d1 c3 a3 e1 bf fa b8 f6 26 50 b5 05 15 e7 f1 07 9f 65 f4 a9 1d 9c 77 cf 3d 5c 7f db d7 d5 3b be 79 3b 33 eb a6 f9 cb eb 5e c5 1f df f0 46 1a 49 0a 7d c4 c7 fd c6 86 ea 85 cd 40 42 a8 f0 3a ec 04 48 59 5c 60 f8 a3 cb bf 40 e6 34 1f ff fe bb 78 e7 05 77 47 a9 1d cd 59 f5 65 ae 59 b7 1b bc 21 d5 8a eb 27 76 71 d3 dd 9f c4 6b 61 47 7b 94 b6 87 df 7e ec 2d 7c e8 82 5b 19 4e 84 4f 3c fa 66 1a Data Ascii: wT4c8Y\|e]3e,_IE=st+!1~2(EJ(/1dle%}.1td{_Ox:eoM[&Pew=\;y;3^FI}@B:HY\`@4xwGYeY!'vqkaG{~-\|[NO<f
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: c9 a3 e7 17 d0 47 8e ea d3 36 b6 22 2a a7 58 e7 d0 46 53 fd d1 ff 85 d6 37 6f 83 e1 1a ee d1 fd 98 ad eb 51 b5 14 52 1d 88 45 fa 45 6c b5 ea 7d 1f 65 58 2d 39 74 0b 17 ba d5 02 cc ee 64 f9 d7 7f 8d d1 4f ff 1e 6a 78 38 36 5f 5d b8 72 44 b0 ce 23 d6 06 45 3d 11 da 9d 0e 79 51 84 96 c8 dc 0c ea 53 9f c6 ff d8 db f0 12 84 75 6d 1c c1 7b ad d9 7a 60 b7 24 2e e7 b8 0d 8f fe 13 a6 75 1f 04 cc 53 a9 a6 9c 75 d1 05 81 de 4b 84 7a b5 8a 75 0e ef 3d 9b cf dd cc 9e 1d bb d7 d4 46 57 4a 31 bd 7e 8a a9 33 d6 03 8a e5 a5 65 e6 0f 1e 1e f0 18 03 86 a3 d4 31 2a cb c7 8c c8 4e 36 dc 4a f4 62 dd 46 70 e9 f8 a3 0a 4e 8f 82 37 b0 b3 a7 f0 f2 1f ba 8e 4c 02 56 4d 29 85 d2 b0 b0 d0 e0 b1 07 9e a2 28 f2 c0 36 a9 56 df b2 ef c9 ac 1b 75 fa 61 54 c2 b2 88 f5 1e 55 58 92 ab 5e 0c Data Ascii: G6"XFS7oQREEl}eX-9tdOjx86_]rD#E=yQSum{z`$.uSuKzu=FWJ1~3e1N6JbFpN7LVM)(6VuaTUX^
2024-01-19 23:41:23 UTC	2866	IN	Data Raw: fc 3f 8b 0d 64 72 3c 9e b4 5e 28 25 4d 06 29 ad 56 1a 72 62 58 58 6e b2 d8 6c 61 76 ed a3 56 ab 32 b5 61 3d 43 e3 a3 4c 54 13 d2 34 a5 52 49 bb bd e7 a5 76 c6 52 2b 63 b1 d1 60 7e 7e 09 8f c6 2d 2d c3 72 3b 68 54 05 fd c8 5e 74 29 ab c9 55 5b 53 83 08 63 53 86 68 05 06 8f 45 a1 71 e5 66 1f 49 74 4f 76 7e 11 3d 35 19 f2 de e7 c3 d8 f4 1f fc 3e bc fe 8d c8 9b 7f 04 ef 42 23 55 c5 2b cb 39 8f b2 8a 24 09 74 4a de e7 68 ad b1 45 81 ce 72 dc cd ef a0 b2 7b 0f f5 db fe 01 1b f9 bf 64 45 65 2a 7d 79 5d 17 fa a2 7a c5 82 8f 1e ad cc f1 b2 f2 e4 b5 33 8a 6f 7f 9b f4 bc ad 51 9f 49 07 43 4b 0c 63 ad 26 b4 9b fc e9 65 af 08 17 43 5f 21 53 e6 63 dd d0 a4 4e 72 a7 b3 b0 f8 3c 43 8a 0e e2 5c e0 36 51 ea d8 c1 b4 f3 d0 6c c1 d0 50 f0 a4 c6 f4 68 f6 9d 3b 3e 5f 6d 9c d1 Data Ascii: ?dr<^(%M)VrbXXnlavV2a=CLT4RIvR+c`~~--r;hT^t)U[ScShEqfItOv~=5>B#U+9$tJhEr{dEe*}y]z3oQICKc&eC_!ScNr<C\6QlPh;>_m

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:23 UTC	694	OUT	GET /media/mainstream/all/mb/3.js HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:23 UTC	795	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:23 GMT Content-Type: application/javascript Content-Length: 15078 Connection: close ETag: "2cbd91425b89204f7429837a1b5f9ef1" Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE419D5FBF18E X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33188/mtime:1660078378#7349000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-08-09T20:52:58.007349Z Expires: Sat, 18 Jan 2025 23:41:23 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:23 UTC	3301	IN	Data Raw: 76 61 72 20 5f 30 78 33 64 30 38 65 31 3d 5f 30 78 63 63 61 38 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 63 63 61 38 28 5f 30 78 35 37 63 61 39 66 2c 5f 30 78 65 32 34 36 39 36 29 7b 76 61 72 20 5f 30 78 31 62 65 65 65 63 3d 5f 30 78 31 62 65 65 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 63 63 61 38 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 63 63 61 38 33 30 2c 5f 30 78 34 38 36 32 34 62 29 7b 5f 30 78 63 63 61 38 33 30 3d 5f 30 78 63 63 61 38 33 30 2d 30 78 31 64 37 3b 76 61 72 20 5f 30 78 31 61 39 63 34 64 3d 5f 30 78 31 62 65 65 65 63 5b 5f 30 78 63 63 61 38 33 30 5d 3b 69 66 28 5f 30 78 63 63 61 38 5b 27 4c 47 4a 44 65 54 27 5d 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 76 61 72 20 5f 30 78 35 31 65 33 32 65 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 35 63 62 Data Ascii: var _0x3d08e1=_0xcca8;function _0xcca8(_0x57ca9f,_0xe24696){var _0x1beeec=_0x1bee();return _0xcca8=function(_0xcca830,_0x48624b){_0xcca830=_0xcca830-0x1d7;var _0x1a9c4d=_0x1beeec[_0xcca830];if(_0xcca8['LGJDeT']===undefined){var _0x51e32e=function(_0x205cb
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 75 35 79 67 43 6f 49 27 2c 27 57 35 48 62 57 51 35 4f 69 47 27 2c 27 57 37 79 38 70 59 79 41 41 38 6f 75 57 50 62 77 57 35 4e 63 47 47 27 2c 27 63 38 6b 44 57 4f 71 77 57 37 46 63 4f 73 47 27 2c 27 74 43 6b 67 72 47 42 64 53 53 6f 39 6c 57 27 2c 27 77 74 2f 63 4d 6d 6b 59 57 35 6c 63 55 57 27 2c 27 61 59 52 63 49 43 6b 53 57 37 2f 63 4f 48 75 27 2c 27 74 38 6b 53 46 43 6f 64 57 50 52 63 56 38 6b 54 57 35 78 63 4c 66 46 64 4e 6d 6f 7a 57 36 37 63 56 61 27 2c 27 6a 59 2f 64 47 4b 6d 33 63 48 61 27 2c 27 57 34 74 64 55 53 6b 32 71 38 6f 58 6f 57 27 2c 27 76 53 6f 50 61 6d 6f 49 6c 30 2f 63 55 57 27 2c 27 57 51 4c 4a 77 38 6f 76 67 53 6f 37 57 36 5a 64 49 38 6f 49 7a 47 27 2c 27 72 63 34 78 27 2c 27 67 4d 34 6f 77 6d 6b 65 46 49 34 2f 57 34 42 63 55 6d 6f 79 Data Ascii: u5ygCoI','W5HbWQ5OiG','W7y8pYyAA8ouWPbwW5NcGG','c8kDWOqwW7FcOsG','tCkgrGBdSSo9lW','wt/cMmkYW5lcUW','aYRcICkSW7/cOHu','t8kSFCodWPRcV8kTW5xcLfFdNmozW67cVa','jY/dGKm3cHa','W4tdUSk2q8oXoW','vSoPamoIl0/cUW','WQLJw8ovgSo7W6ZdI8oIzG','rc4x','gM4owmkeFI4/W4BcUmoy
2024-01-19 23:41:23 UTC	4096	IN	Data Raw: 37 4f 2b 41 63 6a 64 57 35 47 57 6f 38 6b 58 6f 6d 6f 63 78 78 6d 30 6b 4c 50 78 43 53 6f 68 57 51 4e 64 53 67 4e 64 53 6d 6b 6e 66 65 56 63 56 38 6b 74 61 38 6b 65 57 52 46 63 53 43 6b 47 46 57 27 2c 27 57 35 5a 64 53 53 6f 72 27 2c 27 77 43 6f 33 57 36 33 64 47 71 5a 64 54 38 6f 44 27 5d 3b 5f 30 78 31 62 65 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 32 34 34 64 39 3b 7d 3b 72 65 74 75 72 6e 20 5f 30 78 31 62 65 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 39 36 34 30 32 2c 5f 30 78 35 64 31 38 62 33 29 7b 76 61 72 20 5f 30 78 35 64 35 62 36 31 3d 5f 30 78 63 63 61 38 2c 5f 30 78 63 32 66 37 30 38 3d 5f 30 78 33 39 36 34 30 32 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 62 36 61 Data Ascii: 7O+AcjdW5GWo8kXomocxxm0kLPxCSohWQNdSgNdSmknfeVcV8kta8keWRFcSCkGFW','W5ZdSSor','wCo3W63dGqZdT8oD'];_0x1bee=function(){return _0x4244d9;};return _0x1bee();}(function(_0x396402,_0x5d18b3){var _0x5d5b61=_0xcca8,_0xc2f708=_0x396402();while(!![]){try{var _0xb6a
2024-01-19 23:41:23 UTC	3585	IN	Data Raw: 61 2c 27 70 7a 68 4d 27 29 5d 28 5f 30 78 33 64 30 38 65 31 28 30 78 32 36 62 2c 27 6a 70 62 78 27 29 29 29 21 3d 2d 30 78 31 29 62 72 6f 77 73 65 72 4e 61 6d 65 3d 5f 30 78 33 64 30 38 65 31 28 30 78 31 66 35 2c 27 32 53 71 67 27 29 2c 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 33 64 30 38 65 31 28 30 78 31 64 37 2c 27 69 30 57 6c 27 29 5d 28 5f 30 78 33 64 30 38 65 31 28 30 78 32 35 39 2c 27 50 29 43 65 27 29 29 5b 5f 30 78 33 64 30 38 65 31 28 30 78 32 33 33 2c 27 43 5d 66 32 27 29 5d 3d 5f 30 78 33 64 30 38 65 31 28 30 78 32 38 63 2c 27 6d 67 49 50 27 29 3b 65 6c 73 65 7b 69 66 28 28 76 65 72 4f 66 66 73 65 74 3d 6e 41 67 74 5b 5f 30 78 33 64 30 38 65 31 28 30 78 32 31 66 2c 27 5e 6e 58 23 27 29 5d 28 5f 30 78 33 64 30 38 65 31 28 30 78 32 33 32 2c 27 4b 58 Data Ascii: a,'pzhM')](_0x3d08e1(0x26b,'jpbx')))!=-0x1)browserName=_0x3d08e1(0x1f5,'2Sqg'),document[_0x3d08e1(0x1d7,'i0Wl')](_0x3d08e1(0x259,'P)Ce'))[_0x3d08e1(0x233,'C]f2')]=_0x3d08e1(0x28c,'mgIP');else{if((verOffset=nAgt[_0x3d08e1(0x21f,'^nX#')](_0x3d08e1(0x232,'KX

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:24 UTC	665	OUT	GET /media/mainstream/all/cf/0xES5Sl_v6oyT7dAKuoni4gp9Q8gbYrhqGlRav_IXfk.woff2 HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://2041.awlivedose.live sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://2041.awlivedose.live/media/mainstream/all/cf/style7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:24 UTC	1156	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:24 GMT Content-Type: font/woff2 Content-Length: 11708 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://2041.awlivedose.live Access-Control-Expose-Headers: Date, Etag, Server, Connection, Accept-Ranges, Content-Range, Content-Encoding, Content-Length, Content-Type, Content-Disposition, Last-Modified, Content-Language, Cache-Control, Retry-After, X-Amz-Bucket-Region, Expires, X-Amz, X-Amz, * ETag: "719d1148dce08063b33810d095a48d12" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A19532B4A X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#240024442/gid:0/gname:root/mode:33279/mtime:1652249417#242782000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:17.242782Z Expires: Sat, 18 Jan 2025 23:41:24 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:24 UTC	2940	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 2d bc 00 0e 00 00 00 00 56 a4 00 00 2d 66 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 9a 3e 1c 50 06 60 00 82 4c 11 0c 0a fa 08 e9 2b 12 81 64 01 36 02 24 03 86 68 0b 83 36 00 04 20 05 85 48 07 20 1b 9e 4b 23 11 c1 c6 01 10 02 ed 61 28 8a f2 c1 e9 67 7f 75 60 9b 9a 0b fa 83 05 b1 69 84 38 34 e7 0d ce 46 1e 4e c6 37 d6 db cf 05 98 ec 61 21 d4 a3 c2 b6 85 37 87 12 24 51 fd 7e cf db 7b e0 dd 8f 1c 54 c0 24 53 91 40 a8 c9 83 65 63 e2 62 89 25 90 30 a4 80 de f8 5f 3a f3 ed df bf 60 7b 25 39 ca 5a 06 d2 91 42 8c 35 95 c8 25 00 76 cc d3 a7 68 32 a9 8a 94 97 1b 82 b9 75 84 80 8a 3c 2d f4 88 d1 1b 83 b1 04 56 c5 1a c6 1c b1 28 6a 63 30 62 48 b5 52 ad 80 91 58 a0 c8 2b 18 c0 2b e2 fb be 91 18 f9 c9 eb 67 Data Ascii: wOF2-V-f>P`L+d6$h6 H K#a(gu`i84FN7a!7$Q~{T$S@ecb%0_:`{%9ZB5%vh2u<-V(jc0bHRX++g
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: c0 3a d6 a7 ed 8a 69 2e a1 3d d0 c9 98 e3 7a fc 30 02 12 0a c9 ba 05 b5 ae b8 ec 85 1e 31 bd 3b 77 3e ec c8 7f ec d7 47 33 cb 66 36 e9 e1 4f 5e ef cb 07 45 8e c8 85 ca b2 b7 e2 7d f9 0b b3 9b c8 86 bf 19 d7 5a b0 bf e3 d4 37 e6 1c 22 7e 1f 44 a5 83 d1 0f f7 cb 84 8c 16 ba a1 b5 6c 39 00 0c 54 4a 6c ed ca 93 ce 71 2e 7a f7 d7 15 3f 65 60 3a 73 5e 49 18 f3 3e 9a ba e8 cd 83 90 25 12 56 54 e1 ba d1 c0 31 3f 28 6f ba d8 8a c7 07 38 63 51 79 af bc 81 7f 6a c9 1b 72 6f 4c 8a e2 31 f9 69 24 de 4d 06 d8 90 c8 66 57 c4 24 be be 2a 4d c7 eb 2e 93 46 42 5d 82 ec f0 b0 30 bd 66 f2 eb d3 ed 85 d3 33 1b 6e e1 80 37 7b c5 4f 83 2e 15 cf 44 83 b8 9c 18 cc 87 14 df 7e 5c a8 94 b4 f7 83 a2 d0 0c fb d7 bb 99 dd 8e f7 b5 82 0f 0f cc b6 fa 24 c7 40 85 a4 e7 36 f3 06 2e 55 c3 Data Ascii: :i.=z01;w>G3f6O^E}Z7"~Dl9TJlq.z?e`:s^I>%VT1?(o8cQyjroL1i$MfW$*M.FB]0f3n7{O.D~\$@6.U
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: dc 0e e2 6d 2d 18 f2 24 3b 3f 6f af 38 2a 03 c5 3b a1 28 97 b6 c4 64 29 62 07 f4 ab f3 d7 69 10 d9 9c c4 3d 01 27 0d 79 1f 2a e6 df 5a 58 25 42 b6 9d 4b f3 46 69 2c 12 7f 9a e7 3c 1e b8 9d c5 6f 68 c3 b1 0e 88 f5 99 2e 11 0f 32 c2 ca 69 d7 6b 07 e6 52 8b 4b 3e 4c ad 1b a0 5e 2f f7 2c ef 47 a9 eb 9f 13 9b cd 16 b9 8a 69 d7 cb 17 44 d0 1e ae c1 4c e4 71 4b 88 29 86 b0 1e 91 a7 30 ac 97 6b 28 21 f1 b8 c5 24 51 0f da 2b 04 e4 b7 b0 ad ca 3f 21 fd 28 d1 b0 71 1e 6c 78 3a e5 60 41 53 77 f7 c6 28 e8 45 b7 2a a8 9b 59 60 24 70 63 b9 1e 8f 7f 0b dc 10 f8 db 23 9e 07 22 c5 40 64 16 04 f5 8a a4 8d e1 2a d0 64 8f 40 af 19 22 cb ed 0d c7 c8 9b 9c b7 95 0d 24 2b 75 93 22 63 3f 1e 6a a7 36 a8 97 59 60 20 a6 64 6d 17 29 5c e1 36 0f 39 1e 30 ae 91 c4 34 90 fe 41 89 2c 19 Data Ascii: m-$;?o8;(d)bi='yZX%BKFi,<oh.2ikRK>L^/,GiDLqK)0k(!$Q+?!(qlx:`ASw(EY`$pc#"@dd@"$+u"c?j6Y` dm)\6904A,
2024-01-19 23:41:24 UTC	576	IN	Data Raw: 75 8e 5e 99 39 89 4e 8a 36 07 40 ca 9d b0 71 ec d4 de 5f 0b 5a d9 60 48 ff 5d 64 ff 98 a7 60 db e2 09 52 fd 6c 9a 84 db 2c d6 b4 33 eb 18 4a 79 e3 b0 cc 79 16 b3 35 81 f5 ce c0 f8 5a 46 6d e5 e8 57 6c 99 7d c0 40 5f a6 1f 85 ea 56 9c 50 b1 63 2a da bf 1a 07 83 aa 7d 8f 62 5b 42 68 8d aa 46 bb 5d 7d 1d b5 79 62 a0 fe 56 da e6 55 f6 03 a2 35 4b f4 f3 39 c9 0a 05 e1 0a 07 53 ff 18 6d a9 cc 4f 83 46 d6 ba 2b 7d 2c 38 3c 3e d2 b1 5a c6 1f 33 6a 47 1f e6 68 97 39 c6 0d d5 5f 76 2f fb e4 2e 34 aa 7e d5 54 3b 69 7b bf a6 6a 92 ec 5f 11 d1 5b 63 94 14 43 d4 88 d0 f6 40 6e 7b 26 a9 2d ef 92 cf d8 d9 f4 0c 30 d9 f8 c5 13 db f7 d0 a3 96 62 f4 3b 3a 0a 05 fa be ca ba 71 98 2e 3d bc 9c 02 33 db 2e 30 16 7e 31 14 2c 4b 42 0b c2 df f7 9a 00 66 1c 5b c7 f7 68 39 64 85 2c Data Ascii: u^9N6@q_Z`H]d`Rl,3Jyy5ZFmWl}@_VPc*}b[BhF]}ybVU5K9SmOF+},8<>Z3jGh9_v/.4~T;i{j_[cC@n{&-0b;:q.=3.0~1,KBf[h9d,

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:24 UTC	765	OUT	GET /media/mainstream/all/mb/chrome58x58.png HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:24 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:24 GMT Content-Type: image/png Content-Length: 8496 Connection: close ETag: "6111593186764223a5c03ae8fe3820ef" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A194EBFC5 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223404#631748971/gid:0/gname:root/mode:33279/mtime:1653412344#641098000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-24T17:12:24.641098Z Expires: Sat, 18 Jan 2025 23:41:24 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:24 UTC	3313	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f5 00 00 00 f5 08 03 00 00 00 bf 6f 43 57 00 00 02 f4 50 4c 54 45 00 00 00 00 00 00 01 00 00 05 02 01 02 01 00 02 04 01 05 08 02 13 2f 12 82 2c 1c 1b 53 24 4d 4c 11 81 61 0d 23 69 30 a8 38 2b d6 a3 2d c9 54 42 4e b0 50 e2 54 43 4a a9 4b dd 62 4d ac 2a 1e 36 88 38 f1 7b 66 eb c3 09 dc 34 29 e5 be 07 b4 92 06 f3 cb 0d c5 92 26 e8 74 5e bd 8c 1f 43 a3 45 27 76 37 37 8e 3c e1 38 2d d2 9d 25 dc b7 00 bd 31 22 eb 75 5f d7 31 26 39 8e 40 d5 3b 2e 98 7d 00 37 8c 4a 2e 84 42 cb 97 25 ce a4 0e a7 7d 15 db ae 18 41 97 47 b0 85 1a c9 33 26 94 6d 15 2f 83 3f d7 62 4d c9 a5 01 33 8b 47 e3 50 44 e2 b2 21 e9 68 54 36 8d 44 3a 92 47 48 a3 4d d1 a3 1b fe d8 00 5b c1 5b 5a bf 5b e8 39 33 fc d6 06 eb 49 3e e9 42 39 59 Data Ascii: PNGIHDRoCWPLTE/,S$MLa#i08+-TBNPTCJKbM*68{f4)&t^CE'v77<8-%1"u_1&9@;.}7J.B%}AG3&m/?bM3GPD!hT6D:GHM[[Z[93I>B9Y
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: 31 e2 d6 01 bf e6 a5 0e bf 2f d8 d9 63 13 68 a7 14 4d 49 76 16 6c 3d 59 85 26 75 2a 5a 29 4b 35 b3 95 f8 04 c4 8d 75 dd 81 2d ee fd 59 f0 a5 61 4d ad 95 3d 9e b7 b1 87 8b 4a ed 5c 89 5e 48 31 db c3 cd 64 a0 53 17 a2 3d 8e 62 e7 de 05 eb 18 5d 9f 58 31 d5 de b5 78 44 f1 56 87 bf e6 2d ec c3 03 0a fd 36 15 bd 70 41 63 67 cd 9e 81 66 f5 85 e8 15 47 95 3d f0 02 84 40 5d 6f c4 83 8a e7 80 cf ba 15 d2 d4 c6 42 cb 93 db 9d bd 69 30 93 51 e8 18 a9 0d 36 41 51 73 cd 0c 34 25 96 9d 60 bf 44 d1 01 42 ea 25 ab fc a8 a7 ca 7b 0b 6a 33 23 79 4f f6 50 31 0e 74 b4 8e 0d 38 02 b3 42 47 a3 cc 96 ea 5c 7f 93 5d 77 ac e5 11 b7 fd 9f 53 3a d6 36 f5 e3 f7 79 b8 75 76 61 f8 66 5c 56 ed a4 92 84 06 9b dc 32 26 19 45 33 9a 92 ec 2c ab 19 7f d7 54 d7 7c b0 a7 91 da 7a ac a1 76 2d Data Ascii: 1/chMIvl=Y&u*Z)K5u-YaM=J\^H1dS=b]X1xDV-6pAcgfG=@]oBi0Q6AQs4%`DB%{j3#yOP1t8BG\]wS:6yuvaf\V2&E3,T\|zv-
2024-01-19 23:41:24 UTC	1087	IN	Data Raw: 3c dc b2 af 3a 81 ba d9 39 ee b9 f0 47 2a d6 24 57 19 e0 99 e4 79 45 7f 50 f4 b9 45 af 92 cd a5 e6 bb 15 8e 9c cc a9 ba f7 49 a8 88 95 8c 19 f2 6c 73 0a 7d b3 66 5e bf 22 39 db c2 76 ea 0e b9 81 13 5b b5 55 cb 0f 74 7f 00 4e 89 a9 59 a3 64 63 76 8a 66 de ec 7b 25 6c b3 72 c7 0d 1b 38 72 2f 13 f4 bb 6e ff a9 62 c3 e4 b3 59 66 8e 74 db 41 af 86 7d dc 52 36 b7 1a ee 3f 80 3f 3e 35 79 27 ea 9f 63 2f 62 c8 1c 67 2e 31 8a 56 73 bb 04 7a d5 6c ea f6 dd c0 91 bb 76 29 d9 a4 de 1d bc b1 5e c4 96 4c cd f4 8c 59 d1 cd f2 fe 0a 9a 06 6d d9 f2 cb e9 65 d8 ed c3 91 13 5b b5 34 dd 7b 6b c1 88 21 cf 34 33 ee 76 b3 b8 9f 59 4d d3 b8 2d fb c0 b2 03 6e e0 12 e0 e4 49 dd 36 dd bd 7e fe 0a 30 bb 4e dd da ae 99 71 b7 cf e3 d5 a1 71 4f d8 27 2d cf 1d 82 d3 39 f8 d3 ae bc 60 d5 Data Ascii: <:9G*$WyEPEIls}f^"9v[UtNYdcvf{%lr8r/nbYftA}R6??>5y'c/bg.1Vszlv)^LYme[4{k!43vYM-nI6~0NqqO'-9`

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:24 UTC	757	OUT	GET /media/mainstream/all/cf/box.png HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:24 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:24 GMT Content-Type: image/png Content-Length: 23977 Connection: close ETag: "b31b2de6ba6ab0d538c6249ba43af93d" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A1A0CE9FC X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#951745191/gid:0/gname:root/mode:33279/mtime:1652249418#866789000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:18.866789Z Expires: Sat, 18 Jan 2025 23:41:24 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:24 UTC	3312	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 14 00 00 01 14 08 03 00 00 00 dd ae 39 4b 00 00 03 00 50 4c 54 45 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 01 02 01 00 00 00 00 0a 05 02 00 00 00 00 00 00 d7 34 42 f0 b2 a2 a5 57 1d 8a 35 13 f4 9f a4 00 00 00 e9 9e 82 12 07 02 e2 97 3d a2 21 28 e3 a9 4a c4 63 20 4b 23 09 be 6b 1e de 9b 45 e0 a3 65 df 95 57 e5 96 76 dd 90 34 e2 91 67 dc b3 8c ea 77 7b d8 35 45 e4 96 6e d5 5f 44 cf 71 33 d2 76 27 d8 5f 64 6f 20 10 86 52 15 e1 43 52 e3 ad 89 d7 4a 55 e3 57 62 d9 29 3e c8 16 2f a4 49 0f b4 1e 31 b0 19 2c e2 0e 30 b6 07 19 ff d0 72 d8 57 01 af 06 18 e6 81 03 de 0e 2f ff cb 64 d5 0c 2c c5 0b 28 ff d2 79 e3 13 33 ff cd 6b d9 0c 2d e5 30 42 d5 53 01 da Data Ascii: PNGIHDR9KPLTE4BW5=!(Jc K#kEeWv4gw{5En_Dq3v'_do RCRJUWb)>/I1,0rW/d,(y3k-0BS
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: e1 5a a5 f9 89 5a e9 14 9e 17 50 fa 05 14 2b 43 01 15 0a 9d 4a 26 24 a6 e2 22 24 bc 5e 03 8b c9 ee 57 50 8b f5 9a 9d 50 3e 6b a3 6e 2b d6 75 18 46 24 97 1b f0 51 38 1c 0c c0 28 06 43 ee e6 6f df fd fc 75 d3 61 5b db f3 a7 5e 78 a5 ee a9 67 5f 7d 5e 31 2a 40 e5 21 21 0b 8b b6 16 a3 c1 97 fa e4 13 b5 d2 4b 39 25 81 83 3a 64 5a e8 18 0a 61 e1 f8 61 26 15 50 5c bd 52 58 b9 1d 26 bb 27 57 b4 0c f7 53 e1 b7 d2 08 24 d9 95 95 ec 44 7e 05 a7 45 f7 de fb 78 26 1c 83 c2 f1 48 a7 b1 f3 cd 6f ef 1c 6e 6f b4 7d ed c7 01 89 68 5c 53 4a ad 94 9d e5 51 3a dd 64 9a 48 0d 5b b4 bb c5 1c 9c e2 a2 4d b2 06 85 a9 10 93 47 a1 78 01 85 cb 5c 16 4e 38 73 aa c1 61 05 94 6c 63 a3 33 9b 9f d8 9c c8 e6 a7 d1 e6 cd 29 fe 1c a6 7f 96 89 89 bb d8 7e 78 78 74 cf 2b 53 93 9d 80 74 b0 68 Data Ascii: ZZP+CJ&$"$^WPP>kn+uF$Q8(Coua[^xg_}^1*@!!K9%:dZaa&P\RX&'WS$D~Ex&Hono}h\SJQ:dH[MGx\N8salc3)~xxt+Sth
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: 32 56 00 e8 ff 1f 03 0e 3b 93 a5 07 94 b1 e3 1c fa 6e bb 53 f2 88 5a 18 05 4c 4e 2e 2f 81 c9 c2 60 a0 d8 22 98 10 15 0b 96 49 33 28 26 aa 47 40 e6 1a 8e 6a 7b 25 0e 85 ac 82 7b 15 ac 11 d0 b9 d6 1d bf 52 a6 28 92 5c 2c 62 6c 57 25 15 55 80 09 a1 2e aa 08 8a eb a8 16 79 a1 17 f8 81 d7 a8 37 9c a0 91 0d 03 70 61 62 54 9a 0f 8e c5 2f a7 a1 2b c9 c0 12 73 01 18 42 33 72 f9 f2 cd f4 a4 6b f2 c6 90 0b 43 df 26 50 e6 e9 33 8f 5e 5c 68 23 6a 57 3e 3b 46 50 d6 16 06 00 e5 1a 8d 31 e1 5c f8 10 41 f5 d2 2c 6e 1d d5 97 b0 43 bc b5 47 05 e1 0f 24 38 fe 84 e0 14 d3 56 8a 82 5b b5 e4 16 f6 48 b1 61 94 4e cb e8 45 af 16 76 23 3f 0a ba 7e e4 93 28 80 bd 3a 36 9f 5e 80 96 34 13 63 09 1f 1d 23 91 55 f8 88 33 e1 42 64 12 38 53 23 9b 17 d0 f7 b0 57 ff 3c 81 c2 3b 4f 3e df 26 Data Ascii: 2V;nSZLN./`"I3(&G@j{%{R(\,blW%U.y7pabT/+sB3rkC&P3^\h#jW>;FP1\A,nCG$8V[HaNEv#?~(:6^4c#U3Bd8S#W<;O>&
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: c1 57 65 b3 0c 29 28 97 b0 11 a6 a3 a7 15 ca c9 9f be b2 b8 f1 61 77 d7 5e 28 0f b5 40 51 48 58 fd 4c e8 26 05 9f 48 e8 e8 8e d6 1e 28 3e 9f af 9c f0 05 12 c3 7e 60 b0 08 72 6a a7 0c 7b a2 a2 60 ad 4d f3 d6 01 94 13 e4 4c 69 2e 44 ec c4 23 e4 db 5c 2e 47 1b 37 20 18 f2 d8 45 89 05 50 be 2a 5b f0 b1 de 6a 3e 64 41 79 8a 2e a5 eb 82 16 28 fa ec 4e c7 32 c5 67 63 93 f0 39 d8 29 13 a6 53 fa 6e 55 d1 43 e7 36 ae c6 b3 ba 59 79 df 26 28 63 89 44 b9 4c b7 ef f7 03 c5 e1 54 a2 bd ad 39 1c 35 b2 6e bb e5 60 c7 f9 87 9d 10 a2 f6 c4 23 a1 78 3c 14 c4 26 b2 06 0a 72 0f c4 f0 e4 e8 fb 3d 5a 32 a9 dc 89 b1 60 8e f5 ee e4 39 98 30 17 af 03 e5 f4 d3 ef b3 a6 06 17 2a 26 16 14 9c 72 7e 51 96 3e 9b 0b 0a ca f4 eb 2d 3e 41 45 81 82 a6 d6 a8 3d ef 63 14 e5 13 3c a2 02 c8 1e Data Ascii: We)(aw^(@QHXL&H(>~`rj{`MLi.D#\.G7 EP[j>dAy.(N2gc9)SnUC6Yy&(cDLT95n`#x<&r=Z2`90&r~Q>->AE=c<
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: 17 f8 54 77 d1 27 09 42 e5 85 0b ac c5 11 28 f7 9c 45 cb 9d 54 4a d3 c7 e5 f1 58 9f 4f 69 a4 d0 9c 62 b2 a8 a0 d8 4c ec 48 c1 53 0c d5 aa 51 cc 1b ed 3c 62 63 0c da df ce fa fc e4 4f 78 02 05 fb cd 96 7a ae ec e3 2e 99 3e df 9c 15 28 99 8c e4 4f b2 79 d0 fa 14 3d 6f 5a 0a d9 03 94 08 4c 92 47 19 6a 15 62 a5 56 99 3a fa 8c 9a 6c a5 e3 9b 90 50 21 73 aa 04 c9 b3 18 0a 50 f8 23 0b 8e 41 19 6b 29 7c 36 da 19 6b 63 5d d3 e6 75 6d 51 69 12 29 6a 62 ac 68 70 55 50 f6 1b 21 2f e2 25 88 da f0 40 bd d6 56 1b 33 91 0d 65 a6 14 9e 2d 65 5d 6c 21 ea 6d fb f6 81 b2 ca e8 23 4c 22 9e 74 a5 25 54 de 7b f4 91 47 5f 6c 29 4b e1 93 94 c3 21 ea 47 f5 25 0b ca f5 37 a7 ec 07 8a 61 b4 2f 00 45 22 66 b7 aa 6c 65 f7 22 f1 2c ae e2 1c 14 14 2f 97 e3 9a 1e 4f cd 69 da a2 9e 9a 40 Data Ascii: Tw'B(ETJXOibLHSQ<bcOxz.>(Oy=oZLGjbV:lP!sP#Ak)\|6kc]umQi)jbhpUP!/%@V3e-e]l!m#L"t%T{G_l)K!G%7a/E"fle",/Oi@
2024-01-19 23:41:24 UTC	4096	IN	Data Raw: 9c 37 a7 4c b0 0a 76 69 db 74 ae c6 20 19 94 28 55 f4 4e 48 34 6b 14 0d 25 43 87 3b cd 40 65 6d c8 f3 c4 cd e1 50 02 89 f1 27 19 39 05 8b 52 8f 57 7b 31 0c c5 0a bb 68 d9 41 f3 2f 38 dc ce 63 95 b8 2c 3b d3 5a 25 8a 72 3b f7 e8 a3 30 1e f8 6f a7 cc e8 f1 43 79 c4 8a 54 62 51 48 b8 3a da 3a 47 47 47 40 79 35 c4 82 ce 97 61 3e 69 b8 bb 8a 8a df 0e 34 76 fd 12 c2 28 ff 0b 85 4e ee 68 2d 8b fa 9b 99 74 1a c7 f0 66 59 3f 53 65 6a bb 27 ef f3 22 bc b2 52 69 6d 43 66 75 8b ae 42 85 e5 68 05 28 00 d0 06 09 ad 02 20 26 bd c4 28 fb a7 d0 c2 2a ff 07 45 86 9e 22 d2 cf fd 1e 26 72 c8 3d 1f fc 6b 8f 40 79 ed b5 d7 5e 1a cb 27 c7 8d f1 84 08 72 77 ed 09 44 b0 8d bd e7 5a 6c 85 6c 6b 1e 94 6f f4 0d 28 f4 6f c3 c7 ce 0c cc e1 1a 70 6c ea 40 4a f0 9a 59 40 65 53 de e8 55 Data Ascii: 7Lvit (UNH4k%C;@emP'9RW{1hA/8c,;Z%r;0oCyTbQH::GGG@y5a>i4v(Nh-tfY?Sej'"RimCfuBh( &(*E"&r=k@y^'rwDZllko(opl@JY@eSU
2024-01-19 23:41:24 UTC	185	IN	Data Raw: 95 eb d4 dc eb 37 3e fb 62 e7 b8 ba 7a 12 c9 30 4f 07 4e ff 68 94 4e a3 3d a7 b2 5e 98 bb fe d1 17 ed bd ed f1 27 be 96 fc f1 19 20 5e 06 52 97 76 7e fc fc db 57 f6 aa ba b4 78 1a 6a 49 1f 2c e9 34 82 cb 2f 93 93 e3 26 12 33 f4 67 62 86 74 aa c5 a5 2b 8d 54 76 89 84 c8 d3 a5 92 1e e6 25 e4 f2 d2 f9 f3 27 80 3c 19 ee 75 30 ab 9b 70 79 fe dc 39 e3 11 02 81 c8 53 86 a4 e7 60 97 44 22 c0 41 a4 1f 7a 7c a2 9c c9 5f 2a bb 80 b1 30 1c 4f aa 25 19 a0 ec 86 f1 74 66 4c ff 78 6a 7a cc ff 71 f6 e3 37 43 ac 46 ca f4 16 1f 54 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: 7>bz0ONhN=^' ^Rv~WxjI,4/&3gbt+Tv%'<u0py9S`D"Az\|_*0O%tfLxjzq7CFTIENDB`

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:24 UTC	770	OUT	GET /media/mainstream/all/cf/google_play_card.jpg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:24 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:24 GMT Content-Type: image/jpeg Content-Length: 4130 Connection: close ETag: "3776a9f0c3b19e203951d23c2d577f31" Last-Modified: Wed, 20 Sep 2023 15:23:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A1A3D7A99 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#240024442/gid:0/gname:root/mode:33279/mtime:1652249419#274790000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:19.27479Z Expires: Sat, 18 Jan 2025 23:41:24 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:24 UTC	3313	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 02 03 03 03 03 03 04 07 05 04 04 04 04 09 06 07 05 07 0a 09 0b 0b 0a 09 0a 0a 0c 0d 11 0e 0c 0c 10 0c 0a 0a 0e 14 0f 10 11 12 13 13 13 0b 0e 14 16 14 12 16 11 12 13 12 ff db 00 43 01 03 03 03 04 04 04 08 05 05 08 12 0c 0a 0c 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 ff c2 00 11 08 00 77 00 55 03 01 11 00 02 11 01 03 11 01 ff c4 00 1d 00 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 08 07 09 04 05 06 03 01 02 ff c4 00 1c 01 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 05 07 03 04 06 02 01 08 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 f6 13 d0 Data Ascii: JFIFCCwU
2024-01-19 23:41:24 UTC	817	IN	Data Raw: 6d 09 51 d3 14 53 d6 a2 3d 9a 71 54 e3 39 bf 2f 17 14 dc e9 c9 2c 3a 5d 62 0b b4 26 60 be c3 f3 db 8a eb 06 d1 ba b7 fb cb 22 8a a3 98 f5 4a 93 f1 0c 3f 13 1e a9 52 7e 21 87 e2 63 d5 2a 4f c4 30 fc 4c 7a a5 49 f8 86 1f 89 8f 54 a9 3f 10 c3 f1 31 ea 95 27 e2 18 7e 26 3d 52 a4 fc 43 0f c4 c7 aa 54 9f 88 61 f8 98 f5 4a 93 f1 0c 3f 13 09 95 f9 46 58 49 5c 9f 5a 91 54 7a 3c 47 b6 c3 18 5c 06 80 41 4f 72 ad 99 c7 ff c4 00 32 11 00 00 05 02 02 06 08 07 01 00 00 00 00 00 00 00 00 02 03 04 05 01 12 06 13 20 21 22 51 81 f1 11 23 30 33 61 a1 d1 e1 14 31 32 40 41 50 52 b1 ff da 00 08 01 02 01 01 3f 00 fd cc 34 79 5f 39 c9 31 ba 29 d0 24 99 28 c5 6c b5 38 57 7f 65 86 4d 6b ee 15 12 4d 51 7c 8e 5a 9c 84 91 5d 45 38 cb 53 da a1 b4 aa 2b 6c 9b 55 7b 08 4a da e7 80 ab 81 Data Ascii: mQS=qT9/,:]b&`"J?R~!c*O0LzIT?1'~&=RCTaJ?FXI\ZTz<G\AOr2 !"Q#03a12@APR?4y_91)$(l8WeMkMQ\|Z]E8S+lU{J

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Windows Analysis Report
https://jfwbgwiugeq2ohfqofh16.z13.web.core.windows.net/win/

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:24 UTC	694	OUT	GET /media/mainstream/all/cf/2.js HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:24 UTC	789	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:24 GMT Content-Type: text/javascript Content-Length: 1287 Connection: close ETag: "30a227187f27de3552c0037eea9d7fa1" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A1B34778B X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223402#871745011/gid:0/gname:root/mode:33279/mtime:1652249417#618783000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:17.618783Z Expires: Sat, 18 Jan 2025 23:41:24 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:24 UTC	1287	IN	Data Raw: 09 09 09 76 61 72 20 77 69 6e 6e 65 72 5f 64 61 74 65 31 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 0d 0a 09 09 09 77 69 6e 6e 65 72 5f 64 61 74 65 31 2e 73 65 74 44 61 74 65 28 77 69 6e 6e 65 72 5f 64 61 74 65 31 2e 67 65 74 44 61 74 65 28 29 2d 32 38 29 3b 0d 0a 09 09 09 76 61 72 20 77 69 6e 6e 65 72 5f 64 61 74 65 32 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 0d 0a 09 09 09 77 69 6e 6e 65 72 5f 64 61 74 65 32 2e 73 65 74 44 61 74 65 28 77 69 6e 6e 65 72 5f 64 61 74 65 32 2e 67 65 74 44 61 74 65 28 29 2d 35 35 29 3b 0d 0a 09 09 09 76 61 72 20 77 69 6e 6e 65 72 5f 64 61 74 65 33 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 0d 0a 09 09 09 77 69 6e 6e 65 72 5f 64 61 74 65 33 2e 73 65 74 44 61 74 65 28 77 69 6e 6e 65 72 5f 64 61 74 65 33 2e 67 65 74 44 61 74 65 Data Ascii: var winner_date1 = new Date();winner_date1.setDate(winner_date1.getDate()-28);var winner_date2 = new Date();winner_date2.setDate(winner_date2.getDate()-55);var winner_date3 = new Date();winner_date3.setDate(winner_date3.getDate

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:24 UTC	694	OUT	GET /media/mainstream/all/cf/4.js HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:24 UTC	795	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:24 GMT Content-Type: application/javascript Content-Length: 3533 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "116c9460f5e882a7fcf4e837f7efc72a" Last-Modified: Mon, 20 Feb 2023 09:33:03 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17ABE41A1C1B06CD X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#791577239/gid:0/gname:root/mode:33279/mtime:1652249417#702784000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:17.702784Z Expires: Sat, 18 Jan 2025 23:41:24 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:24 UTC	3301	IN	Data Raw: 76 61 72 20 63 61 6e 76 61 73 31 2c 63 74 78 2c 57 2c 48 3b 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 3e 3d 39 38 38 29 76 61 72 20 6d 70 3d 31 35 30 3b 65 6c 73 65 20 6d 70 3d 37 35 3b 76 61 72 20 64 65 61 63 74 69 76 61 74 69 6f 6e 54 69 6d 65 72 48 61 6e 64 6c 65 72 2c 72 65 61 63 74 69 76 61 74 69 6f 6e 54 69 6d 65 72 48 61 6e 64 6c 65 72 2c 61 6e 69 6d 61 74 69 6f 6e 48 61 6e 64 6c 65 72 2c 70 61 72 74 69 63 6c 65 73 3d 5b 5d 2c 61 6e 67 6c 65 3d 30 2c 74 69 6c 74 41 6e 67 6c 65 3d 30 2c 63 6f 6e 66 65 74 74 69 41 63 74 69 76 65 3d 21 30 2c 61 6e 69 6d 61 74 69 6f 6e 43 6f 6d 70 6c 65 74 65 3d 21 30 2c 70 61 72 74 69 63 6c 65 43 6f 6c 6f 72 73 3d 7b 63 6f 6c 6f 72 4f 70 74 69 6f 6e 73 3a 5b 22 44 6f 64 67 65 72 42 6c 75 65 22 2c 22 4f 6c 69 76 65 Data Ascii: var canvas1,ctx,W,H;if(screen.width>=988)var mp=150;else mp=75;var deactivationTimerHandler,reactivationTimerHandler,animationHandler,particles=[],angle=0,tiltAngle=0,confettiActive=!0,animationComplete=!0,particleColors={colorOptions:["DodgerBlue","Olive
2024-01-19 23:41:24 UTC	232	IN	Data Raw: 6e 64 6f 77 2e 72 65 71 75 65 73 74 41 6e 69 6d 46 72 61 6d 65 3d 77 69 6e 64 6f 77 2e 72 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 7c 7c 77 69 6e 64 6f 77 2e 77 65 62 6b 69 74 52 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 7c 7c 77 69 6e 64 6f 77 2e 6d 6f 7a 52 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 7c 7c 77 69 6e 64 6f 77 2e 6f 52 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 7c 7c 77 69 6e 64 6f 77 2e 6d 73 52 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 74 2c 31 65 33 2f 36 30 29 7d 3b Data Ascii: ndow.requestAnimFrame=window.requestAnimationFrame\|\|window.webkitRequestAnimationFrame\|\|window.mozRequestAnimationFrame\|\|window.oRequestAnimationFrame\|\|window.msRequestAnimationFrame\|\|function(t){return window.setTimeout(t,1e3/60)};

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	762	OUT	GET /media/mainstream/all/cf/winner_2.jpg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:25 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:25 GMT Content-Type: image/jpeg Content-Length: 1856 Connection: close ETag: "0751077bb39eb354771c0918dd4651a2" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A4D96CE51 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223403#295745965/gid:0/gname:root/mode:33279/mtime:1652249422#854806000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:22.854806Z Expires: Sat, 18 Jan 2025 23:41:25 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:25 UTC	1856	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 04 03 02 02 03 04 05 04 04 04 04 04 05 06 05 05 05 05 05 05 06 06 07 07 08 07 07 06 09 09 0a 0a 09 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff db 00 43 01 03 03 03 05 04 05 09 06 06 09 0d 0b 09 0b 0d 0f 0e 0e 0e 0e 0f 0f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 30 00 30 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 00 09 0a 07 08 03 05 06 04 ff c4 00 31 10 00 01 03 03 03 03 03 03 03 03 05 00 00 00 00 00 01 02 03 04 05 06 11 07 12 13 00 08 21 14 22 31 09 32 51 15 41 42 16 23 71 24 61 72 Data Ascii: JFIFHHCC001!"12QAB#q$ar

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	770	OUT	GET /media/mainstream/all/cf/winner_initial_s.jpg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:25 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:25 GMT Content-Type: image/jpeg Content-Length: 751 Connection: close ETag: "e8c1454c15c6596bb21d99f4d907f632" Last-Modified: Wed, 20 Sep 2023 15:23:23 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A4EB82F76 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134509#244024455/gid:0/gname:root/mode:33279/mtime:1652249423#310808000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:23.310808Z Expires: Sat, 18 Jan 2025 23:41:25 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:25 UTC	751	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 04 03 02 02 03 04 05 04 04 04 04 04 05 06 05 05 05 05 05 05 06 06 07 07 08 07 07 06 09 09 0a 0a 09 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff db 00 43 01 03 03 03 05 04 05 09 06 06 09 0d 0b 09 0b 0d 0f 0e 0e 0e 0e 0f 0f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 30 00 30 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 01 00 02 03 01 00 00 00 00 00 00 00 00 00 00 00 00 03 08 01 06 07 09 ff c4 00 28 10 00 00 05 04 01 04 02 02 03 00 00 00 00 00 00 00 01 02 03 04 06 00 05 07 11 12 08 13 21 41 14 31 15 23 42 51 61 ff c4 00 1a 01 01 01 01 Data Ascii: JFIFHHCC00(!A1#BQa

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	764	OUT	GET /media/mainstream/all/cf/winner_cat.jpg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:25 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:25 GMT Content-Type: image/jpeg Content-Length: 1422 Connection: close ETag: "386e89d83d4f84499cbb1611b2db4173" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A4EA2F0A6 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223403#303745984/gid:0/gname:root/mode:33279/mtime:1652249423#26807000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:23.026807Z Expires: Sat, 18 Jan 2025 23:41:25 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:25 UTC	1422	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 04 03 02 02 03 04 05 04 04 04 04 04 05 06 05 05 05 05 05 05 06 06 07 07 08 07 07 06 09 09 0a 0a 09 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff db 00 43 01 03 03 03 05 04 05 09 06 06 09 0d 0b 09 0b 0d 0f 0e 0e 0e 0e 0f 0f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 30 00 30 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 00 03 01 00 00 00 00 00 00 00 00 00 00 06 08 03 05 07 01 02 09 04 ff c4 00 34 10 00 02 02 01 03 03 01 06 04 04 07 00 00 00 00 00 01 02 03 04 05 06 11 12 00 07 21 31 08 13 14 22 23 41 32 51 61 81 15 33 42 52 53 Data Ascii: JFIFHHCC004!1"#A2Qa3BRS

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	762	OUT	GET /media/mainstream/all/cf/winner_1.jpg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:25 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:25 GMT Content-Type: image/jpeg Content-Length: 1434 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "21bda39c69a0527bcb17d0f5d3ce9ebd" Last-Modified: Mon, 20 Feb 2023 09:33:03 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17ABE41A54153B40 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#791577239/gid:0/gname:root/mode:33279/mtime:1652249422#798806000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:22.798806Z Expires: Sat, 18 Jan 2025 23:41:25 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:25 UTC	1434	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 04 03 02 02 03 04 05 04 04 04 04 04 05 06 05 05 05 05 05 05 06 06 07 07 08 07 07 06 09 09 0a 0a 09 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff db 00 43 01 03 03 03 05 04 05 09 06 06 09 0d 0b 09 0b 0d 0f 0e 0e 0e 0e 0f 0f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 30 00 30 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 06 09 05 07 08 0a 04 ff c4 00 35 10 00 01 03 03 02 04 03 05 06 07 00 00 00 00 00 00 01 02 03 04 05 06 11 00 12 07 13 21 31 22 41 51 08 14 15 61 71 23 42 52 72 91 a1 24 32 Data Ascii: JFIFHHCC005!1"AQaq#BRr$2

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	762	OUT	GET /media/mainstream/all/cf/winner_3.jpg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/ubxplwqi/article2041.doc?u=6w3kaew&o=uvdg6dv&cid=uomgcwv9&t=sweepstakes&f=1&sid=t1~x0hgjdzxqkzaumrwysnznltv&fp=GI2Fw%2FVe3BGeXNdZNxapug%3D%3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:25 UTC	784	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:25 GMT Content-Type: image/jpeg Content-Length: 1721 Connection: close ETag: "6442f84b2acd86e6e571a24313651987" Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A63E69C05 X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1695223403#295745965/gid:0/gname:root/mode:33279/mtime:1652249422#914806000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:22.914806Z Expires: Sat, 18 Jan 2025 23:41:25 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:25 UTC	1721	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 02 02 02 03 02 02 02 03 03 03 03 04 06 04 04 04 04 04 08 06 06 05 06 09 08 0a 0a 09 08 09 09 0a 0c 0f 0c 0a 0b 0e 0b 09 09 0d 11 0d 0e 0f 10 10 11 10 0a 0c 12 13 12 10 13 0f 10 10 10 ff db 00 43 01 03 03 03 04 03 04 08 04 04 08 10 0b 09 0b 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ff c2 00 11 08 00 30 00 30 03 01 11 00 02 11 01 03 11 01 ff c4 00 1a 00 01 00 03 01 01 01 00 00 00 00 00 00 00 00 00 00 07 04 06 08 05 01 02 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 00 05 06 01 02 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 f7 2e a1 cc e2 cf bf Data Ascii: JFIFCC00.

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	397	OUT	GET /media/mainstream/all/cf/box.png HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookie1=true
2024-01-19 23:41:26 UTC	783	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:26 GMT Content-Type: image/png Content-Length: 23977 Connection: close Content-Security-Policy: block-all-mixed-content ETag: "b31b2de6ba6ab0d538c6249ba43af93d" Last-Modified: Mon, 20 Feb 2023 09:33:03 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 17ABE41A6994615A X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1676843277#791577239/gid:0/gname:root/mode:33279/mtime:1652249418#866789000/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-05-11T06:10:18.866789Z Expires: Sat, 18 Jan 2025 23:41:26 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:26 UTC	3313	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 14 00 00 01 14 08 03 00 00 00 dd ae 39 4b 00 00 03 00 50 4c 54 45 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 01 02 01 00 00 00 00 0a 05 02 00 00 00 00 00 00 d7 34 42 f0 b2 a2 a5 57 1d 8a 35 13 f4 9f a4 00 00 00 e9 9e 82 12 07 02 e2 97 3d a2 21 28 e3 a9 4a c4 63 20 4b 23 09 be 6b 1e de 9b 45 e0 a3 65 df 95 57 e5 96 76 dd 90 34 e2 91 67 dc b3 8c ea 77 7b d8 35 45 e4 96 6e d5 5f 44 cf 71 33 d2 76 27 d8 5f 64 6f 20 10 86 52 15 e1 43 52 e3 ad 89 d7 4a 55 e3 57 62 d9 29 3e c8 16 2f a4 49 0f b4 1e 31 b0 19 2c e2 0e 30 b6 07 19 ff d0 72 d8 57 01 af 06 18 e6 81 03 de 0e 2f ff cb 64 d5 0c 2c c5 0b 28 ff d2 79 e3 13 33 ff cd 6b d9 0c 2d e5 30 42 d5 53 01 da Data Ascii: PNGIHDR9KPLTE4BW5=!(Jc K#kEeWv4gw{5En_Dq3v'_do RCRJUWb)>/I1,0rW/d,(y3k-0BS
2024-01-19 23:41:26 UTC	4096	IN	Data Raw: 5a a5 f9 89 5a e9 14 9e 17 50 fa 05 14 2b 43 01 15 0a 9d 4a 26 24 a6 e2 22 24 bc 5e 03 8b c9 ee 57 50 8b f5 9a 9d 50 3e 6b a3 6e 2b d6 75 18 46 24 97 1b f0 51 38 1c 0c c0 28 06 43 ee e6 6f df fd fc 75 d3 61 5b db f3 a7 5e 78 a5 ee a9 67 5f 7d 5e 31 2a 40 e5 21 21 0b 8b b6 16 a3 c1 97 fa e4 13 b5 d2 4b 39 25 81 83 3a 64 5a e8 18 0a 61 e1 f8 61 26 15 50 5c bd 52 58 b9 1d 26 bb 27 57 b4 0c f7 53 e1 b7 d2 08 24 d9 95 95 ec 44 7e 05 a7 45 f7 de fb 78 26 1c 83 c2 f1 48 a7 b1 f3 cd 6f ef 1c 6e 6f b4 7d ed c7 01 89 68 5c 53 4a ad 94 9d e5 51 3a dd 64 9a 48 0d 5b b4 bb c5 1c 9c e2 a2 4d b2 06 85 a9 10 93 47 a1 78 01 85 cb 5c 16 4e 38 73 aa c1 61 05 94 6c 63 a3 33 9b 9f d8 9c c8 e6 a7 d1 e6 cd 29 fe 1c a6 7f 96 89 89 bb d8 7e 78 78 74 cf 2b 53 93 9d 80 74 b0 68 74 Data Ascii: ZZP+CJ&$"$^WPP>kn+uF$Q8(Coua[^xg_}^1*@!!K9%:dZaa&P\RX&'WS$D~Ex&Hono}h\SJQ:dH[MGx\N8salc3)~xxt+Stht
2024-01-19 23:41:26 UTC	4096	IN	Data Raw: 56 00 e8 ff 1f 03 0e 3b 93 a5 07 94 b1 e3 1c fa 6e bb 53 f2 88 5a 18 05 4c 4e 2e 2f 81 c9 c2 60 a0 d8 22 98 10 15 0b 96 49 33 28 26 aa 47 40 e6 1a 8e 6a 7b 25 0e 85 ac 82 7b 15 ac 11 d0 b9 d6 1d bf 52 a6 28 92 5c 2c 62 6c 57 25 15 55 80 09 a1 2e aa 08 8a eb a8 16 79 a1 17 f8 81 d7 a8 37 9c a0 91 0d 03 70 61 62 54 9a 0f 8e c5 2f a7 a1 2b c9 c0 12 73 01 18 42 33 72 f9 f2 cd f4 a4 6b f2 c6 90 0b 43 df 26 50 e6 e9 33 8f 5e 5c 68 23 6a 57 3e 3b 46 50 d6 16 06 00 e5 1a 8d 31 e1 5c f8 10 41 f5 d2 2c 6e 1d d5 97 b0 43 bc b5 47 05 e1 0f 24 38 fe 84 e0 14 d3 56 8a 82 5b b5 e4 16 f6 48 b1 61 94 4e cb e8 45 af 16 76 23 3f 0a ba 7e e4 93 28 80 bd 3a 36 9f 5e 80 96 34 13 63 09 1f 1d 23 91 55 f8 88 33 e1 42 64 12 38 53 23 9b 17 d0 f7 b0 57 ff 3c 81 c2 3b 4f 3e df 26 a3 Data Ascii: V;nSZLN./`"I3(&G@j{%{R(\,blW%U.y7pabT/+sB3rkC&P3^\h#jW>;FP1\A,nCG$8V[HaNEv#?~(:6^4c#U3Bd8S#W<;O>&
2024-01-19 23:41:26 UTC	4096	IN	Data Raw: 57 65 b3 0c 29 28 97 b0 11 a6 a3 a7 15 ca c9 9f be b2 b8 f1 61 77 d7 5e 28 0f b5 40 51 48 58 fd 4c e8 26 05 9f 48 e8 e8 8e d6 1e 28 3e 9f af 9c f0 05 12 c3 7e 60 b0 08 72 6a a7 0c 7b a2 a2 60 ad 4d f3 d6 01 94 13 e4 4c 69 2e 44 ec c4 23 e4 db 5c 2e 47 1b 37 20 18 f2 d8 45 89 05 50 be 2a 5b f0 b1 de 6a 3e 64 41 79 8a 2e a5 eb 82 16 28 fa ec 4e c7 32 c5 67 63 93 f0 39 d8 29 13 a6 53 fa 6e 55 d1 43 e7 36 ae c6 b3 ba 59 79 df 26 28 63 89 44 b9 4c b7 ef f7 03 c5 e1 54 a2 bd ad 39 1c 35 b2 6e bb e5 60 c7 f9 87 9d 10 a2 f6 c4 23 a1 78 3c 14 c4 26 b2 06 0a 72 0f c4 f0 e4 e8 fb 3d 5a 32 a9 dc 89 b1 60 8e f5 ee e4 39 98 30 17 af 03 e5 f4 d3 ef b3 a6 06 17 2a 26 16 14 9c 72 7e 51 96 3e 9b 0b 0a ca f4 eb 2d 3e 41 45 81 82 a6 d6 a8 3d ef 63 14 e5 13 3c a2 02 c8 1e 28 Data Ascii: We)(aw^(@QHXL&H(>~`rj{`MLi.D#\.G7 EP[j>dAy.(N2gc9)SnUC6Yy&(cDLT95n`#x<&r=Z2`90&r~Q>->AE=c<(
2024-01-19 23:41:26 UTC	4096	IN	Data Raw: f8 54 77 d1 27 09 42 e5 85 0b ac c5 11 28 f7 9c 45 cb 9d 54 4a d3 c7 e5 f1 58 9f 4f 69 a4 d0 9c 62 b2 a8 a0 d8 4c ec 48 c1 53 0c d5 aa 51 cc 1b ed 3c 62 63 0c da df ce fa fc e4 4f 78 02 05 fb cd 96 7a ae ec e3 2e 99 3e df 9c 15 28 99 8c e4 4f b2 79 d0 fa 14 3d 6f 5a 0a d9 03 94 08 4c 92 47 19 6a 15 62 a5 56 99 3a fa 8c 9a 6c a5 e3 9b 90 50 21 73 aa 04 c9 b3 18 0a 50 f8 23 0b 8e 41 19 6b 29 7c 36 da 19 6b 63 5d d3 e6 75 6d 51 69 12 29 6a 62 ac 68 70 55 50 f6 1b 21 2f e2 25 88 da f0 40 bd d6 56 1b 33 91 0d 65 a6 14 9e 2d 65 5d 6c 21 ea 6d fb f6 81 b2 ca e8 23 4c 22 9e 74 a5 25 54 de 7b f4 91 47 5f 6c 29 4b e1 93 94 c3 21 ea 47 f5 25 0b ca f5 37 a7 ec 07 8a 61 b4 2f 00 45 22 66 b7 aa 6c 65 f7 22 f1 2c ae e2 1c 14 14 2f 97 e3 9a 1e 4f cd 69 da a2 9e 9a 40 59 Data Ascii: Tw'B(ETJXOibLHSQ<bcOxz.>(Oy=oZLGjbV:lP!sP#Ak)\|6kc]umQi)jbhpUP!/%@V3e-e]l!m#L"t%T{G_l)K!G%7a/E"fle",/Oi@Y
2024-01-19 23:41:26 UTC	4096	IN	Data Raw: 37 a7 4c b0 0a 76 69 db 74 ae c6 20 19 94 28 55 f4 4e 48 34 6b 14 0d 25 43 87 3b cd 40 65 6d c8 f3 c4 cd e1 50 02 89 f1 27 19 39 05 8b 52 8f 57 7b 31 0c c5 0a bb 68 d9 41 f3 2f 38 dc ce 63 95 b8 2c 3b d3 5a 25 8a 72 3b f7 e8 a3 30 1e f8 6f a7 cc e8 f1 43 79 c4 8a 54 62 51 48 b8 3a da 3a 47 47 47 40 79 35 c4 82 ce 97 61 3e 69 b8 bb 8a 8a df 0e 34 76 fd 12 c2 28 ff 0b 85 4e ee 68 2d 8b fa 9b 99 74 1a c7 f0 66 59 3f 53 65 6a bb 27 ef f3 22 bc b2 52 69 6d 43 66 75 8b ae 42 85 e5 68 05 28 00 d0 06 09 ad 02 20 26 bd c4 28 fb a7 d0 c2 2a ff 07 45 86 9e 22 d2 cf fd 1e 26 72 c8 3d 1f fc 6b 8f 40 79 ed b5 d7 5e 1a cb 27 c7 8d f1 84 08 72 77 ed 09 44 b0 8d bd e7 5a 6c 85 6c 6b 1e 94 6f f4 0d 28 f4 6f c3 c7 ce 0c cc e1 1a 70 6c ea 40 4a f0 9a 59 40 65 53 de e8 55 96 Data Ascii: 7Lvit (UNH4k%C;@emP'9RW{1hA/8c,;Z%r;0oCyTbQH::GGG@y5a>i4v(Nh-tfY?Sej'"RimCfuBh( &(*E"&r=k@y^'rwDZllko(opl@JY@eSU
2024-01-19 23:41:26 UTC	184	IN	Data Raw: eb d4 dc eb 37 3e fb 62 e7 b8 ba 7a 12 c9 30 4f 07 4e ff 68 94 4e a3 3d a7 b2 5e 98 bb fe d1 17 ed bd ed f1 27 be 96 fc f1 19 20 5e 06 52 97 76 7e fc fc db 57 f6 aa ba b4 78 1a 6a 49 1f 2c e9 34 82 cb 2f 93 93 e3 26 12 33 f4 67 62 86 74 aa c5 a5 2b 8d 54 76 89 84 c8 d3 a5 92 1e e6 25 e4 f2 d2 f9 f3 27 80 3c 19 ee 75 30 ab 9b 70 79 fe dc 39 e3 11 02 81 c8 53 86 a4 e7 60 97 44 22 c0 41 a4 1f 7a 7c a2 9c c9 5f 2a bb 80 b1 30 1c 4f aa 25 19 a0 ec 86 f1 74 66 4c ff 78 6a 7a cc ff 71 f6 e3 37 43 ac 46 ca f4 16 1f 54 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: 7>bz0ONhN=^' ^Rv~WxjI,4/&3gbt+Tv%'<u0py9S`D"Az\|_*0O%tfLxjzq7CFTIENDB`

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:25 UTC	581	OUT	GET /ExtService.svc/getextparams HTTP/1.1 Host: jsontdsexit2.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://2041.awlivedose.live Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://2041.awlivedose.live/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-19 23:41:25 UTC	213	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 19 Jan 2024 23:41:25 GMT Content-Type: application/json; charset=utf-8 Content-Length: 607 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *
2024-01-19 23:41:25 UTC	607	IN	Data Raw: 7b 22 63 63 22 3a 22 55 53 22 2c 22 63 6e 61 6d 65 73 22 3a 7b 22 64 65 22 3a 22 55 53 41 22 2c 22 65 6e 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 65 73 22 3a 22 45 73 74 61 64 6f 73 20 55 6e 69 64 6f 73 22 2c 22 66 72 22 3a 22 c3 89 74 61 74 73 20 55 6e 69 73 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 a1 e3 83 aa e3 82 ab 22 2c 22 70 74 2d 42 52 22 3a 22 45 55 41 22 2c 22 72 75 22 3a 22 d0 a1 d0 a8 d0 90 22 2c 22 7a 68 2d 43 4e 22 3a 22 e7 be 8e e5 9b bd 22 7d 2c 22 63 69 74 79 22 3a 7b 22 64 65 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 65 6e 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 65 73 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 66 72 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 6a 61 22 3a 22 e3 82 a2 e3 83 88 e3 83 a9 e3 83 b3 e3 82 bf 22 2c 22 70 74 2d Data Ascii: {"cc":"US","cnames":{"de":"USA","en":"United States","es":"Estados Unidos","fr":"tats Unis","ja":"","pt-BR":"EUA","ru":"","zh-CN":""},"city":{"de":"Atlanta","en":"Atlanta","es":"Atlanta","fr":"Atlanta","ja":"","pt-

Timestamp	Bytes transferred	Direction	Data
2024-01-19 23:41:26 UTC	694	OUT	GET /media/mainstream/flag-icon/flags/4x3/us.svg HTTP/1.1 Host: 2041.awlivedose.live Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://2041.awlivedose.live/media/mainstream/flag-icon/css/flag-icon.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookie1=true
2024-01-19 23:41:26 UTC	790	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 19 Jan 2024 23:41:26 GMT Content-Type: image/svg+xml Content-Length: 6215 Connection: close ETag: "2b327bda75ccb4c9c3cd7ea61c4fed82" Last-Modified: Wed, 20 Sep 2023 15:24:08 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 X-Amz-Request-Id: 17ABE41A83786A5F X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block x-amz-meta-mc-attrs: atime:1693134508#308021526/gid:0/gname:root/mode:33279/mtime:1655387477#446639958/uid:0/uname:root x-amz-meta-mm-source-mtime: 2022-06-16T13:51:17.446639958Z Expires: Sat, 18 Jan 2025 23:41:26 GMT Cache-Control: max-age=31536000 Accept-Ranges: bytes
2024-01-19 23:41:26 UTC	3306	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 68 65 69 67 68 74 3d 22 34 38 30 22 20 77 69 64 74 68 3d 22 36 34 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 34 30 20 34 38 30 22 3e 0d 0a 20 20 3c 67 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 73 63 61 6c 65 28 2e 39 33 37 35 29 22 3e 0d 0a 20 20 20 20 3c 67 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 31 70 74 22 3e 0d 0a 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 30 20 30 68 39 37 32 2e 38 31 76 33 39 2e 33 38 35 48 30 7a 6d 30 20 37 38 2e 37 37 68 39 37 32 2e 38 31 76 33 39 2e 33 38 35 48 30 7a 6d 30 20 37 38 2e 37 37 68 39 37 32 2e 38 31 76 33 39 2e 33 38 35 48 30 7a Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480"> <g fill-rule="evenodd" transform="scale(.9375)"> <g stroke-width="1pt"> <path d="M0 0h972.81v39.385H0zm0 78.77h972.81v39.385H0zm0 78.77h972.81v39.385H0z
2024-01-19 23:41:26 UTC	2909	IN	Data Raw: 31 30 2e 38 39 36 2d 39 2e 32 36 39 2d 36 2e 37 33 34 2d 39 2e 32 36 39 20 36 2e 37 33 34 20 33 2e 35 34 2d 31 30 2e 38 39 36 2d 39 2e 32 36 39 2d 36 2e 37 33 35 68 31 31 2e 34 35 38 7a 6d 36 34 2e 38 35 32 20 30 6c 33 2e 35 34 20 31 30 2e 38 39 36 68 31 31 2e 34 35 37 6c 2d 39 2e 32 36 39 20 36 2e 37 33 35 20 33 2e 35 34 20 31 30 2e 38 39 36 2d 39 2e 32 36 38 2d 36 2e 37 33 34 2d 39 2e 32 37 20 36 2e 37 33 34 20 33 2e 35 34 31 2d 31 30 2e 38 39 36 2d 39 2e 32 37 2d 36 2e 37 33 35 68 31 31 2e 34 35 38 7a 6d 36 34 2e 38 35 35 20 30 6c 33 2e 35 34 20 31 30 2e 38 39 36 68 31 31 2e 34 35 38 6c 2d 39 2e 32 37 20 36 2e 37 33 35 20 33 2e 35 34 31 20 31 30 2e 38 39 36 2d 39 2e 32 37 2d 36 2e 37 33 34 2d 39 2e 32 36 38 20 36 2e 37 33 34 20 33 2e 35 34 2d 31 30 2e Data Ascii: 10.896-9.269-6.734-9.269 6.734 3.54-10.896-9.269-6.735h11.458zm64.852 0l3.54 10.896h11.457l-9.269 6.735 3.54 10.896-9.268-6.734-9.27 6.734 3.541-10.896-9.27-6.735h11.458zm64.855 0l3.54 10.896h11.458l-9.27 6.735 3.541 10.896-9.27-6.734-9.268 6.734 3.54-10.