Edit tour

Windows Analysis Report
securedoc_20240521T074217.html

Overview

General Information

Sample name:	securedoc_20240521T074217.html
Analysis ID:	1445453
MD5:	3cf9f4a1891b42bc6f876e2119d784af
SHA1:	a8609475657c939a74c5075b5219b36a79e7f965
SHA256:	6fa40dfe09338f9cfad83a3a2c152a181c151df0194f74e9d9370082408e6566
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected suspicious javascript

Suspicious Javascript code found in HTML file

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Found iframes

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Unusual large HTML page

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\securedoc_20240521T074217.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,6923652519489000315,5938503757430733907,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html

LLM: Score: 8 brands: Stanford Reasons: The URL provided is a local file path ('file:///C:/Users/user/Desktop/securedoc_20240521T074217.html'), which is highly suspicious for a legitimate web service. Legitimate services typically use secure web domains (e.g., 'https://stanford.edu'). The page includes a login form, which is a common element in phishing sites. The use of the Stanford brand name and logo suggests an attempt to deceive users into thinking the site is legitimate. No CAPTCHA is present, which is often used in legitimate sites to prevent automated attacks. The combination of these factors strongly indicates that this is a phishing site. DOM: 0.0.pages.csv

AI detected suspicious javascript

Source: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html	LLM: Score: 8 Reasons: The JavaScript code listens for messages from other windows (potentially cross-origin), dynamically creates and manipulates form elements, and submits them. This behavior can be exploited for phishing attacks by injecting malicious forms or redirecting users to malicious URLs. The code also includes obfuscated variable names and functions, which is a common tactic to hide malicious intent. DOM: 0.0.pages.csv
Source: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html	LLM: Score: 8 Reasons: The code includes obfuscated and encoded elements, which are common in malicious scripts. It manipulates form submission and key events, potentially capturing sensitive information. The use of a remote server (res.cisco.com) for key handling is suspicious and could be used for phishing or data exfiltration. DOM: 0.0.pages.csv

Suspicious Javascript code found in HTML file

Source: securedoc_20240521T074217.html	HTTP Parser: document.write
Source: securedoc_20240521T074217.html	HTTP Parser: location.href
Source: securedoc_20240521T074217.html	HTTP Parser: window.location

Source: securedoc_20240521T074217.html	HTTP Parser: "Parida, Prabhas" <PParida@stanfordhealthcare.org>
Source: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html	HTTP Parser: {'name':null,'msgID':'\|1__540cdd740000018f9b9a646bff2e3ffff04b63f7@localhost','keysize':24,'flags':2049,'rid':'ZGlwZXNoIHNoYWggPGRpcGVzaC5zaGFoQGF1dG9tYXRpb25hbnl3aGVyZS5jb20+LCAic2hlbm95LA1cCiBhbWl0IiA8YXNoZW5veUBzdGFuZm9yZGhlYWx0aGNhcmUub3JnPg==','algnames':{'encryption':{'data':'AES'}},'algparams':{'encryption':{'data':{'IV':'9zLXKSpZQ9OgbGAJC3CL5w=='}}},'keyserverhost':'res.cisco.com:443','securereplyhost':'res.cisco.com:443','openerhost':'res.cisco.com:443','toc':[['Body-1716302537846.txt',1,'','',13,[0,83154],'Body-1716302537846.txt','UTF-16'],['image003.jpg',2,'','image003.jpg',21,[83154,5457],'image003.jpg','ISO-8859-1'],['image004.png',2,'','image004.png',21,[88611,665341],'image004.png','ISO-8859-1'],['image005.png',2,'','image005.png',21,[753952,265036],'image005.png','ISO-8859-1'],['image006.png',2,'','image006.png',21,[1018988,8347],'image006.png','ISO-8859-1'],['image007.png',2,'','image007.png',21,[1027335,536],'image007.png','ISO-8859-1'],['image008.png',2,'','image008.png',21,[1027871,3407],'image008.png','ISO-8859-1'],['image009.png',2,'','image009.png',21,[1031278,2865],'image009.png','ISO-8859-1'],['image010.jpg',2,'','image010.jpg',21,[1034143,4576],'image010.jpg','ISO-8859-1'],['image011.png',2,'','image011.png',21,[1038719,2301],'image011.png','ISO-8859-1'],['MessageBar.html',4,'','',1,[1041020,63314],'MessageBar.html','UTF-16']],'salt':'QbX820jbXjacsfkEIoG438jir4w=','data':['','','']}

Source: https://stanfordhealthcare.org/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-PND43V
Source: https://stanfordhealthcare.org/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-PND43V
Source: https://stanfordhealthcare.org/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-PND43V
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-PND43V
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-PND43V

Source: securedoc_20240521T074217.html

HTTP Parser: Title: Secure Registered Envelope:RE: Secure your spot: Early access to Imagine Austin 2024 does not match URL

Source: https://stanfordhealthcare.org/	HTTP Parser: Invalid link: Conditions & Treatments
Source: https://stanfordhealthcare.org/	HTTP Parser: Invalid link: Conditions & Treatments
Source: https://stanfordhealthcare.org/	HTTP Parser: Invalid link: Conditions & Treatments
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: Invalid link: Conditions & Treatments
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: Invalid link: Conditions & Treatments

Source: securedoc_20240521T074217.html

HTTP Parser: Total size: 1522619

Source: securedoc_20240521T074217.html	HTTP Parser: <input type="password" .../> found
Source: https://stanfordhealthcare.org/	HTTP Parser: <input type="password" .../> found
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: <input type="password" .../> found

Source: securedoc_20240521T074217.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html	HTTP Parser: No favicon

Source: securedoc_20240521T074217.html	HTTP Parser: No <meta name="author".. found
Source: https://stanfordhealthcare.org/	HTTP Parser: No <meta name="author".. found
Source: https://stanfordhealthcare.org/	HTTP Parser: No <meta name="author".. found
Source: https://stanfordhealthcare.org/	HTTP Parser: No <meta name="author".. found
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: No <meta name="author".. found
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: No <meta name="author".. found

Source: https://stanfordhealthcare.org/	HTTP Parser: No <meta name="copyright".. found
Source: https://stanfordhealthcare.org/	HTTP Parser: No <meta name="copyright".. found
Source: https://stanfordhealthcare.org/	HTTP Parser: No <meta name="copyright".. found
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: No <meta name="copyright".. found
Source: https://stanfordhealthcare.org/#shc-search-title	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49762 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 43MB

Source: global traffic

TCP traffic: 192.168.2.5:63185 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: urldefense.com to http://stanfordhospital.org

Source: global traffic

HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__540cdd740000018f9b9a646bff2e3ffff04b63f7%40localhost%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A2049,%0D%0A%27rid%27%3A%27ZGlwZXNoIHNoYWggPGRpcGVzaC5zaGFoQGF1dG9tYXRpb25hbnl3aGVyZS5jb20%2BLCAic2hlbm95LA1cCiBhbWl0IiA8YXNoZW5veUBzdGFuZm9yZGhlYWx0aGNhcmUub3JnPg%3D%3D%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%279zLXKSpZQ9OgbGAJC3CL5w%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1716302537846%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,83154%5D,%27Body-1716302537846%2Etxt%27,%0D%0A%27UTF-16%27%5D,%0D%0A%5B%27image003%2Ejpg%27,2,%0D%0A%27%27,%0D%0A%27image003%2Ejpg%27,%0D%0A21,%5B83154,5457%5D,%27image003%2Ejpg%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image004%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image004%2Epng%27,%0D%0A21,%5B88611,665341%5D,%27image004%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image005%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image005%2Epng%27,%0D%0A21,%5B753952,265036%5D,%27image005%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image006%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image006%2Epng%27,%0D%0A21,%5B1018988,8347%5D,%27image006%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image007%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image007%2Epng%27,%0D%0A21,%5B1027335,536%5D,%27image007%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image008%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image008%2Epng%27,%0D%0A21,%5B1027871,3407%5D,%27image008%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image009%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image009%2Epng%27,%0D%0A21,%5B1031278,2865%5D,%27image009%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image010%2Ejpg%27,2,%0D%0A%27%27,%0D%0A%27image010%2Ejpg%27,%0D%0A21,%5B1034143,4576%5D,%27image010%2Ejpg%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image011%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image011%2Epng%27,%0D%0A21,%5B1038719,2301%5D,%27image011%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B1041020,63314%5D,%27MessageBar%2Ehtml%27,%0D%0A%27UTF-16%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27QbX820jbXjacsfkEIoG438jir4w%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27em%2BqUSh%2FYf0qFpS2UzvZRQ%2BxgkjiJIt4uZpAhhfs0D%2BIldXbXksPN3%2Bsd%2FtzBhuBFj0NoTPRLpV09obh62hZrgX0LfiacWSlZvAvrvwQjLf7y3pkfW%2FTHiLtEbWRe4wiKT1d63kFWUc15zPoULg5uKehPXnjCkmixKbpF5EFXqHyXIzTk1nIXfTqe9C0PC%2FxMa75%2FwJ%2BpwhaXfmTVnEjvfiBJu24FwQDGTqhGqgidqg5dlDExQZpUNJ07r7q5xMk8t%2FRf9sTzV4%2Fz86LHe2iIT7uLfoC9v1%2BHy2h6C1l4h2mYl6aI%2FTvSb4dvQgy8RH%2BoxVvIubOpvuDpWvcA2PTmjzNPxuIvndOlpJCwvp6iE7zO6IKGYaqaYsVk1h7Qa1xehdUkA3HNVQZ8

Source: Joe Sandbox View	IP Address: 52.71.28.102 52.71.28.102
Source: Joe Sandbox View	IP Address: 63.140.62.27 63.140.62.27
Source: Joe Sandbox View	IP Address: 63.140.62.222 63.140.62.222
Source: Joe Sandbox View	IP Address: 63.140.62.17 63.140.62.17
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/css/select2.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /postx.css HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWYqxqJg!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=70XNNTOmK3Ki0YCDqCEYec1nMtcra+cIL5WtxeT82l0wBQYjJSKUIzWcg8CHGeFl7XhP1MNzorSjjLBo3GfCr+twVDuojyrCp2GiY19l1Ss+jpQbQpOd/veIq9y2
Source: global traffic	HTTP traffic detected: GET /websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWYqxqJg!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Regular.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Light.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-SemiBold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Bold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
Source: global traffic	HTTP traffic detected: GET /keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__540cdd740000018f9b9a646bff2e3ffff04b63f7%40localhost&s=1&f=0&d=1716339352065&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
Source: global traffic	HTTP traffic detected: GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=apI+LBAvBpr9jAvkjw4+J2Y81jl4yAA6NKczidtlcL/YjGfis5i3Ke4vuRtji6UsH/xACWIdCc/DbWejuKA6R0lFJqg7DFKIo5yD9hg7M2sdBc/4bUp4gXgQxVCb
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=CC5ADD88F5F7E33EEDB42FF05F34C525; AWSALB=75ZHcevimwA8TeYWqU02+gw0+mW3KIYRG/UTbpwSYlrqIGIndrCM5TFPopPYydlfmTe5+lzEh87vq17JlFVUTluVHAXK0BXBobHdclOkpST+1r3MMqnGC6EO3dB0; AWSALBCORS=CAg7WJq+xe8qPGDpuHO8hgf3uxz64OvUZkrEzUVebqiClom2TxU8tIUJttVf3drah93reiuTsRS4hFxXYQpHJbxPNecCHmzGWwkyUZT6rd/7uVzifVnnu9ZYKSMA
Source: global traffic	HTTP traffic detected: GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=CC5ADD88F5F7E33EEDB42FF05F34C525; AWSALB=75ZHcevimwA8TeYWqU02+gw0+mW3KIYRG/UTbpwSYlrqIGIndrCM5TFPopPYydlfmTe5+lzEh87vq17JlFVUTluVHAXK0BXBobHdclOkpST+1r3MMqnGC6EO3dB0; AWSALBCORS=CAg7WJq+xe8qPGDpuHO8hgf3uxz64OvUZkrEzUVebqiClom2TxU8tIUJttVf3drah93reiuTsRS4hFxXYQpHJbxPNecCHmzGWwkyUZT6rd/7uVzifVnnu9ZYKSMA
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gXAG9K5P8KmYgYH&MD=LboOX44E HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=Toghs2EnoUMAhMZefWdlj0UlJLBPdT/KbH3K8l2Kv6fY9ocOefyCRXrBhA4CqMOun6neXNYXFwjB91oKTxScx8E/ipRNvy+KxxpnMdIEuX6x1RwAZpco3fvc7bwv
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=gpOUFEsdMSNYThtj2BIaxVWoO/yEWwTYpg831B8bAHyGWnvW6LjFRO/Cxkf0oGIUcALBqiGAXjX3WDgLc1rRAggqCEOXejA/qX2YgxwiPffW0OvMaJCQsOzS7PDI
Source: global traffic	HTTP traffic detected: GET /v3/__http://stanfordhospital.org__;!!BHlfX_zbyOAjqHI!wgyEG2JxI2P6-nnwEtViTwF0Z9cRgAzwL8Ix44wul2R1tUTK5pHKGckJKICGmfD_OJoMbm4pdzwPIsbHISCdNy7PQrF-posI2ZrPT3Y$ HTTP/1.1Host: urldefense.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stanfordhospital.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gXAG9K5P8KmYgYH&MD=LboOX44E HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/all.homepage.lc-1712886023033-lc.min.dc52b606184a0cc4e1da3f038e4aa98c.css HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF; AWSALBCORS=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-regular/Source-Sans-Pro-regular.woff2 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF; AWSALBCORS=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-300/Source-Sans-Pro-300.woff2 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF; AWSALBCORS=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-600/Source-Sans-Pro-600.woff2 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF; AWSALBCORS=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-700/Source-Sans-Pro-700.woff2 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF; AWSALBCORS=ze5V8CUxhc0WjP6SNO2FgRge7wDUuN3lN9fSsduChdtt8NjzM6jw/bJcjq37gk25gKVC8D16+nkh38Hkb89P8+MMApQuPlERJDCMsc6wl0iDYjx+z8iNCqz/BjHF
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/stanfordHealthcareLogo.svg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=DzspkQpCV592r+RfzikZ6eaG+oILqibqTuIGtfviSrO1T1bNHGpD710C9XlwGDr7OV0LRC6dSDduFDPK2UukCFEyqiiP9nSYNO3ChQ09V0og/LbW6DK7hV5i7S1L; AWSALBCORS=DzspkQpCV592r+RfzikZ6eaG+oILqibqTuIGtfviSrO1T1bNHGpD710C9XlwGDr7OV0LRC6dSDduFDPK2UukCFEyqiiP9nSYNO3ChQ09V0og/LbW6DK7hV5i7S1L
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/home/sustainability-joint-commission-homepage-marquee-690x450.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=DzspkQpCV592r+RfzikZ6eaG+oILqibqTuIGtfviSrO1T1bNHGpD710C9XlwGDr7OV0LRC6dSDduFDPK2UukCFEyqiiP9nSYNO3ChQ09V0og/LbW6DK7hV5i7S1L; AWSALBCORS=DzspkQpCV592r+RfzikZ6eaG+oILqibqTuIGtfviSrO1T1bNHGpD710C9XlwGDr7OV0LRC6dSDduFDPK2UukCFEyqiiP9nSYNO3ChQ09V0og/LbW6DK7hV5i7S1L
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/spritesheetSHC.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O; AWSALBCORS=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/docs.png/_jcr_content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O; AWSALBCORS=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/location.png/_jcr_content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O; AWSALBCORS=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O
Source: global traffic	HTTP traffic detected: GET /etc.clientlibs/shc/components/embedded/fatfooter/clientlibs.lc-1712886023033-lc.min.js HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O; AWSALBCORS=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O
Source: global traffic	HTTP traffic detected: GET /etc.clientlibs/shc/clientlibs/clientlib-site.lc-1712886023033-lc.min.js HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O; AWSALBCORS=0Fyv8X8TTGB/GCbo9y/1aIYGfJinzP4MdZBZrwrufWN4V9BvYRMpNE5khNdJjj5G59Kue6iawSXFC+813I4/qIdUmamauLD8dsZyKLOlBu6pjlAXjwzBAiqqUm9O
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/stanfordHealthcareLogo.svg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=uhO9VznCRKeKRYlXBWKT6NtvLvnv2vyIu+9Jrwli45Ar2wasAQwdz75OsaXvYkIC1kkcMDWVlwCsBLHMJYHQb6NV2oBCKWIJcEEpiOxq8gSf6bT8291SENf9X9YP; AWSALBCORS=uhO9VznCRKeKRYlXBWKT6NtvLvnv2vyIu+9Jrwli45Ar2wasAQwdz75OsaXvYkIC1kkcMDWVlwCsBLHMJYHQb6NV2oBCKWIJcEEpiOxq8gSf6bT8291SENf9X9YP
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/aem-optimized.lc-1712886023033-lc.min.20c52ea3b4b6614ef1f8f3cd02469cc5.js HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rgm1KEYKuLPx6KLSA/u8CWARqZTsMK9bB3MKhuYO9h7Gjsn93UyD4eMXLqE7CMOdgSH9zpj5oWu+qcmf25TDXZ/MeYy+qrYGgHV+8ROLBG2ZhTl9JD137dMq4C6e; AWSALBCORS=rgm1KEYKuLPx6KLSA/u8CWARqZTsMK9bB3MKhuYO9h7Gjsn93UyD4eMXLqE7CMOdgSH9zpj5oWu+qcmf25TDXZ/MeYy+qrYGgHV+8ROLBG2ZhTl9JD137dMq4C6e
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/all.homepage.lc-1712886023033-lc.min.aff442c8dac4494a8fdf8b54b1e7b60b.js HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://stanfordhealthcare.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rgm1KEYKuLPx6KLSA/u8CWARqZTsMK9bB3MKhuYO9h7Gjsn93UyD4eMXLqE7CMOdgSH9zpj5oWu+qcmf25TDXZ/MeYy+qrYGgHV+8ROLBG2ZhTl9JD137dMq4C6e; AWSALBCORS=rgm1KEYKuLPx6KLSA/u8CWARqZTsMK9bB3MKhuYO9h7Gjsn93UyD4eMXLqE7CMOdgSH9zpj5oWu+qcmf25TDXZ/MeYy+qrYGgHV+8ROLBG2ZhTl9JD137dMq4C6e
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/_jcr_content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rgm1KEYKuLPx6KLSA/u8CWARqZTsMK9bB3MKhuYO9h7Gjsn93UyD4eMXLqE7CMOdgSH9zpj5oWu+qcmf25TDXZ/MeYy+qrYGgHV+8ROLBG2ZhTl9JD137dMq4C6e; AWSALBCORS=rgm1KEYKuLPx6KLSA/u8CWARqZTsMK9bB3MKhuYO9h7Gjsn93UyD4eMXLqE7CMOdgSH9zpj5oWu+qcmf25TDXZ/MeYy+qrYGgHV+8ROLBG2ZhTl9JD137dMq4C6e
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/svg/stanford-med-logo.svg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=qVy73aXJ/f7ENNZI9ACtw/2+e8iv0o/qbilLptQ2FPIDUXQCqO0eO0CbUCx2jutGvBSMWTcjRihRe9qRLHdmr52HKFIMAbjIwi2GWPvrwR7371N21ioBk9fGGO5v; AWSALBCORS=qVy73aXJ/f7ENNZI9ACtw/2+e8iv0o/qbilLptQ2FPIDUXQCqO0eO0CbUCx2jutGvBSMWTcjRihRe9qRLHdmr52HKFIMAbjIwi2GWPvrwR7371N21ioBk9fGGO5v
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/youtube_social_squircle_dark_v2.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=qVy73aXJ/f7ENNZI9ACtw/2+e8iv0o/qbilLptQ2FPIDUXQCqO0eO0CbUCx2jutGvBSMWTcjRihRe9qRLHdmr52HKFIMAbjIwi2GWPvrwR7371N21ioBk9fGGO5v; AWSALBCORS=qVy73aXJ/f7ENNZI9ACtw/2+e8iv0o/qbilLptQ2FPIDUXQCqO0eO0CbUCx2jutGvBSMWTcjRihRe9qRLHdmr52HKFIMAbjIwi2GWPvrwR7371N21ioBk9fGGO5v
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/docs.png/_jcr_content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn; AWSALBCORS=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/location.png/_jcr_content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn; AWSALBCORS=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/home/sustainability-joint-commission-homepage-marquee-690x450.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn; AWSALBCORS=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/spritesheetSHC.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn; AWSALBCORS=SvEXg+angfUwfOOZg7bXkmMaoIikSPkifamiP/DqeiJjOPAH1yWqstrjNh4hUbE32DPmbH7az/mdIT1dT5+53Yt4RnmrDhYDjnK+d5rqelSCnlOOn/hbW+z3lbMn
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/_jcr_content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=8VqJ1T+WDPROM6SEpbboimXGXPIEoRPzbxO/oe9HdtWyk8VFFfHiQLBbjrejRW57WtQ5voai6ggplcJZeUo8xT8YrQ2oQFWvQDSAu0m3ylYrTAl0k6B/mHBLgZ4O; AWSALBCORS=8VqJ1T+WDPROM6SEpbboimXGXPIEoRPzbxO/oe9HdtWyk8VFFfHiQLBbjrejRW57WtQ5voai6ggplcJZeUo8xT8YrQ2oQFWvQDSAu0m3ylYrTAl0k6B/mHBLgZ4O
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/svg/stanford-med-logo.svg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=8VqJ1T+WDPROM6SEpbboimXGXPIEoRPzbxO/oe9HdtWyk8VFFfHiQLBbjrejRW57WtQ5voai6ggplcJZeUo8xT8YrQ2oQFWvQDSAu0m3ylYrTAl0k6B/mHBLgZ4O; AWSALBCORS=8VqJ1T+WDPROM6SEpbboimXGXPIEoRPzbxO/oe9HdtWyk8VFFfHiQLBbjrejRW57WtQ5voai6ggplcJZeUo8xT8YrQ2oQFWvQDSAu0m3ylYrTAl0k6B/mHBLgZ4O; s_gpv=stanford%20health%20care
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/youtube_social_squircle_dark_v2.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=8VqJ1T+WDPROM6SEpbboimXGXPIEoRPzbxO/oe9HdtWyk8VFFfHiQLBbjrejRW57WtQ5voai6ggplcJZeUo8xT8YrQ2oQFWvQDSAu0m3ylYrTAl0k6B/mHBLgZ4O; AWSALBCORS=8VqJ1T+WDPROM6SEpbboimXGXPIEoRPzbxO/oe9HdtWyk8VFFfHiQLBbjrejRW57WtQ5voai6ggplcJZeUo8xT8YrQ2oQFWvQDSAu0m3ylYrTAl0k6B/mHBLgZ4O; s_gpv=stanford%20health%20care
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/CSSPlugin.min.js?_=1716339401308 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; AWSALB=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; AWSALBCORS=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw
Source: global traffic	HTTP traffic detected: GET /bin/api/v1/content/externaldependencieshealthcheck.json HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01Content-Type: application/jsonX-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; AWSALB=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; AWSALBCORS=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; activeView=list
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/favicon.gif HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; AWSALB=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; AWSALBCORS=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/docs.png/jcr:content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; AWSALB=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; AWSALBCORS=UBn7Fkid1VXWQxSE7D4i+E50XvvY0AXFz/GskFuuBBaGfj+PEeFD0FP6To+5+9iautaNoc+/oD1K/bui61lDL4jrvZA9uv7/9v1WrmJoa70wEClRJvw3zhXM1RUw; activeView=list
Source: global traffic	HTTP traffic detected: GET /ee/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=27c43590-60b3-4816-b673-4f890a65407b HTTP/1.1Host: adobedc.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=03043343755273230681186400625765861680
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/TweenLite.min.js?_=1716339401309 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=HO3uwOD2Ftl3SyaAEkosE2qT0gI5KTviGmDnyYjREvsqVMtZ6gqmx/KF22nzoTXorpAhPJ4OGER8dHp1Yn42VYM6XXkWMsnHWXEaFLHcBQznnj3PW3EY4cS6Hj2X; AWSALBCORS=HO3uwOD2Ftl3SyaAEkosE2qT0gI5KTviGmDnyYjREvsqVMtZ6gqmx/KF22nzoTXorpAhPJ4OGER8dHp1Yn42VYM6XXkWMsnHWXEaFLHcBQznnj3PW3EY4cS6Hj2X
Source: global traffic	HTTP traffic detected: GET /ee/irl1/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=1b534b18-5d15-43f3-98b8-ca9a99e544a2 HTTP/1.1Host: smetrics.stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/CSSPlugin.min.js?_=1716339401308 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=HO3uwOD2Ftl3SyaAEkosE2qT0gI5KTviGmDnyYjREvsqVMtZ6gqmx/KF22nzoTXorpAhPJ4OGER8dHp1Yn42VYM6XXkWMsnHWXEaFLHcBQznnj3PW3EY4cS6Hj2X; AWSALBCORS=HO3uwOD2Ftl3SyaAEkosE2qT0gI5KTviGmDnyYjREvsqVMtZ6gqmx/KF22nzoTXorpAhPJ4OGER8dHp1Yn42VYM6XXkWMsnHWXEaFLHcBQznnj3PW3EY4cS6Hj2X
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/location.png/jcr:content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS; AWSALBCORS=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/jcr:content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS; AWSALBCORS=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/stroke-awareness/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1682717674026.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS; AWSALBCORS=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/give-someone-a-future/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.png/1682717677188.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS; AWSALBCORS=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/psychiatrys-new-frontiers/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1715287038035.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS; AWSALBCORS=IcCfZNA93y08EuryAVnxeCDPVNHi42pu1vzz4zjRvyI1QrcQ+amcL+hEswfTV37+B+3+CdZVrdNyOEl+dLz1c/i1yOblN3cwc+TtyDb+sDd6DQctxwWZFS49zpiS
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/skin-cancer-can-affect-anyone-feature/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1715981755286.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=jQGcJ61Xar63MxrFtFdDfq9ewfLu1BRDtF557mLmO56ehVjaDvS+GjOzH3yREZIMdqclwuNoNNZadnzcY3MfUp7tKKkDzwQFT0S6HyYj6IdvqHws35wxZKHTHvbg; AWSALBCORS=jQGcJ61Xar63MxrFtFdDfq9ewfLu1BRDtF557mLmO56ehVjaDvS+GjOzH3yREZIMdqclwuNoNNZadnzcY3MfUp7tKKkDzwQFT0S6HyYj6IdvqHws35wxZKHTHvbg
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/favicon.gif HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Xm63WRf3SIZMRqQHRzt2S0CdguUnitWye79hPfGM0y2DNe7ZuzegwiztMuAz9M2PfuysXxTI7NklguBYOpnGDFGS0dBzWqLdGbpJYw8MRzQ2nAt54izDbbvnjI//; AWSALBCORS=Xm63WRf3SIZMRqQHRzt2S0CdguUnitWye79hPfGM0y2DNe7ZuzegwiztMuAz9M2PfuysXxTI7NklguBYOpnGDFGS0dBzWqLdGbpJYw8MRzQ2nAt54izDbbvnjI//
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/docs.png/jcr:content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Xm63WRf3SIZMRqQHRzt2S0CdguUnitWye79hPfGM0y2DNe7ZuzegwiztMuAz9M2PfuysXxTI7NklguBYOpnGDFGS0dBzWqLdGbpJYw8MRzQ2nAt54izDbbvnjI//; AWSALBCORS=Xm63WRf3SIZMRqQHRzt2S0CdguUnitWye79hPfGM0y2DNe7ZuzegwiztMuAz9M2PfuysXxTI7NklguBYOpnGDFGS0dBzWqLdGbpJYw8MRzQ2nAt54izDbbvnjI//
Source: global traffic	HTTP traffic detected: GET /bin/api/v1/content/externaldependencieshealthcheck.json HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Xm63WRf3SIZMRqQHRzt2S0CdguUnitWye79hPfGM0y2DNe7ZuzegwiztMuAz9M2PfuysXxTI7NklguBYOpnGDFGS0dBzWqLdGbpJYw8MRzQ2nAt54izDbbvnjI//; AWSALBCORS=Xm63WRf3SIZMRqQHRzt2S0CdguUnitWye79hPfGM0y2DNe7ZuzegwiztMuAz9M2PfuysXxTI7NklguBYOpnGDFGS0dBzWqLdGbpJYw8MRzQ2nAt54izDbbvnjI//
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/TweenLite.min.js?_=1716339401309 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe; AWSALBCORS=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/location.png/jcr:content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe; AWSALBCORS=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/jcr:content/renditions/original HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe; AWSALBCORS=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/psychiatrys-new-frontiers/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1715287038035.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe; AWSALBCORS=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/stroke-awareness/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1682717674026.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe; AWSALBCORS=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/give-someone-a-future/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.png/1682717677188.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe; AWSALBCORS=Nl0CykCyYRwyYkRQVdE2Fb2uMdnQg5rR11ys7uOhaPmUG1icN1utBdky4QvpUwkDNMLGdn4b4Xc4pdUc9AvpYHPIh6WNye4k+Oodzs/Q6grc5GaggZWovemcBDMe
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/aapi-heritage-month-2024/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1714515125224.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=4x8PdvYQ+N9juMyKYWIxbn8mxtakoeP1SPpw+sG+JBMMCm6wy24wUgbKy+S137NIO/lw0VNqzytv1r4afe93j2p6qXNRBXMYALJTW3yQHC0EmH9HBji32HbeAJ0A; AWSALBCORS=4x8PdvYQ+N9juMyKYWIxbn8mxtakoeP1SPpw+sG+JBMMCm6wy24wUgbKy+S137NIO/lw0VNqzytv1r4afe93j2p6qXNRBXMYALJTW3yQHC0EmH9HBji32HbeAJ0A
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/drug-limits-dangerous-reactions-to-allergy-triggering-foods/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1714515130499.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=4x8PdvYQ+N9juMyKYWIxbn8mxtakoeP1SPpw+sG+JBMMCm6wy24wUgbKy+S137NIO/lw0VNqzytv1r4afe93j2p6qXNRBXMYALJTW3yQHC0EmH9HBji32HbeAJ0A; AWSALBCORS=4x8PdvYQ+N9juMyKYWIxbn8mxtakoeP1SPpw+sG+JBMMCm6wy24wUgbKy+S137NIO/lw0VNqzytv1r4afe93j2p6qXNRBXMYALJTW3yQHC0EmH9HBji32HbeAJ0A
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/skin-cancer-can-affect-anyone-feature/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1715981755286.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=4x8PdvYQ+N9juMyKYWIxbn8mxtakoeP1SPpw+sG+JBMMCm6wy24wUgbKy+S137NIO/lw0VNqzytv1r4afe93j2p6qXNRBXMYALJTW3yQHC0EmH9HBji32HbeAJ0A; AWSALBCORS=4x8PdvYQ+N9juMyKYWIxbn8mxtakoeP1SPpw+sG+JBMMCm6wy24wUgbKy+S137NIO/lw0VNqzytv1r4afe93j2p6qXNRBXMYALJTW3yQHC0EmH9HBji32HbeAJ0A
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/aapi-heritage-month-2024/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1714515125224.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=B3sUm3NrwTbll5bwgXvvT+hvnUVumoL+C/eX5xvka8I2qyLj8OVlXLhLOnQVHNgouudkrCptEDOmmPmna56EHgjvYkXcX1B2OC0nT1GudLPJ+aOBHVDOz5hfgs6+; AWSALBCORS=B3sUm3NrwTbll5bwgXvvT+hvnUVumoL+C/eX5xvka8I2qyLj8OVlXLhLOnQVHNgouudkrCptEDOmmPmna56EHgjvYkXcX1B2OC0nT1GudLPJ+aOBHVDOz5hfgs6+
Source: global traffic	HTTP traffic detected: GET /content/shc/en-tools/home/drug-limits-dangerous-reactions-to-allergy-triggering-foods/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1714515130499.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=B3sUm3NrwTbll5bwgXvvT+hvnUVumoL+C/eX5xvka8I2qyLj8OVlXLhLOnQVHNgouudkrCptEDOmmPmna56EHgjvYkXcX1B2OC0nT1GudLPJ+aOBHVDOz5hfgs6+; AWSALBCORS=B3sUm3NrwTbll5bwgXvvT+hvnUVumoL+C/eX5xvka8I2qyLj8OVlXLhLOnQVHNgouudkrCptEDOmmPmna56EHgjvYkXcX1B2OC0nT1GudLPJ+aOBHVDOz5hfgs6+
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/CSSPlugin.min.js?_=1716339413696 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=rW51Mytoo3neWvh9wJMuhW3zDaV4XWaa/+PJPHblZ1jpCITaPh6vr6KcvUXuVmXJUdXwaJi174wrzPG0aFY4MkLmquM4F1apOzi04mPBWopA7NuIzKd4T5u4I96n; AWSALBCORS=rW51Mytoo3neWvh9wJMuhW3zDaV4XWaa/+PJPHblZ1jpCITaPh6vr6KcvUXuVmXJUdXwaJi174wrzPG0aFY4MkLmquM4F1apOzi04mPBWopA7NuIzKd4T5u4I96n
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/masthead-sticky-gradient.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=rW51Mytoo3neWvh9wJMuhW3zDaV4XWaa/+PJPHblZ1jpCITaPh6vr6KcvUXuVmXJUdXwaJi174wrzPG0aFY4MkLmquM4F1apOzi04mPBWopA7NuIzKd4T5u4I96n; AWSALBCORS=rW51Mytoo3neWvh9wJMuhW3zDaV4XWaa/+PJPHblZ1jpCITaPh6vr6KcvUXuVmXJUdXwaJi174wrzPG0aFY4MkLmquM4F1apOzi04mPBWopA7NuIzKd4T5u4I96n
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/TweenLite.min.js?_=1716339413697 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=9yUSb62Ygz9zhgOQWPgMRP5N96XVdWVag538d6R5gqUanir8rtvCfqohHpwH8qhF0yiuuPRUY7IPt605rUAHpjQODxSKVPnjaRQZNLPCJLbaSuOqdiaDORybfUPt; AWSALBCORS=9yUSb62Ygz9zhgOQWPgMRP5N96XVdWVag538d6R5gqUanir8rtvCfqohHpwH8qhF0yiuuPRUY7IPt605rUAHpjQODxSKVPnjaRQZNLPCJLbaSuOqdiaDORybfUPt
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/home/sustainability-joint-commission-homepage-marquee-690x450.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; AWSALBCORS=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; QSI_ReplaySession_SampledOut_ZN_6yf3gkbyV99Pi86=trueRange: bytes=321381-321381If-Range: Thu, 16 May 2024 14:23:30 GMT
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/CSSPlugin.min.js?_=1716339413696 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; AWSALBCORS=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; QSI_ReplaySession_SampledOut_ZN_6yf3gkbyV99Pi86=true
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/img/masthead-sticky-gradient.png HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; AWSALBCORS=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; QSI_ReplaySession_SampledOut_ZN_6yf3gkbyV99Pi86=true
Source: global traffic	HTTP traffic detected: GET /etc/clientlibs/shc/main/js/vendor/gsap/TweenLite.min.js?_=1716339413697 HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; QSI_ReplaySession_SampledOut_ZN_6yf3gkbyV99Pi86=true; AWSALB=buPeuv7ZFGGmNjHm0i0MGiVMGvvZJ5ixInDcX9eWAQmmEIcf+2U8Le5s8sjjsNm8tleNCQUk24W187UMJGRwg8Lb5J34+INQ9kWpl5rFZx+ZpQAt9KVa0q0q32Z9; AWSALBCORS=buPeuv7ZFGGmNjHm0i0MGiVMGvvZJ5ixInDcX9eWAQmmEIcf+2U8Le5s8sjjsNm8tleNCQUk24W187UMJGRwg8Lb5J34+INQ9kWpl5rFZx+ZpQAt9KVa0q0q32Z9
Source: global traffic	HTTP traffic detected: GET /ee/irl1/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=5f4a708c-7282-4928-ab70-20bd2631e63c HTTP/1.1Host: smetrics.stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066
Source: global traffic	HTTP traffic detected: GET /content/dam/SHC/home/sustainability-joint-commission-homepage-marquee-690x450.jpg HTTP/1.1Host: stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: s_gpv=stanford%20health%20care; activeView=list; kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066; AWSALB=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; AWSALBCORS=0u9ZGbRSvihe9GF7A7jHgXBAoq8BNHc+Qc3dTigLOwOJJZiiDHpPHkm+fqvbW4iz+FbY48/xjtQNz+TTJXvuPM3i5//MHPQLXI+kT/tGulMLxyYHFbqPt0xd7zsg; QSI_ReplaySession_SampledOut_ZN_6yf3gkbyV99Pi86=trueRange: bytes=321381-325149If-Range: Thu, 16 May 2024 14:23:30 GMT
Source: global traffic	HTTP traffic detected: GET /ee/irl1/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=217aac59-7433-4be9-874c-e44f4b274016 HTTP/1.1Host: smetrics.stanfordhealthcare.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kndctr_2C6958B4534410520A490D45_AdobeOrg_cluster=irl1; kndctr_2C6958B4534410520A490D45_AdobeOrg_identity=CiYwMzAyMTg1MTI3MDE0MTg4Mjc4MTE4ODQ4MDA1NjM2NDI0MzA2NlITCMnQs-75MRABGAEqBElSTDEwAPABydCz7vkx; AMCV_2C6958B4534410520A490D45%40AdobeOrg=MCMID\|03021851270141882781188480056364243066
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=q42Q/CyiNCg5eMmfW1eTGBFauuFpYzebzC+Jj3xf8wuNMPPm2s3ZhdcY3pLyOodwnE4V39RCC9onY+h3/3o9OX3oy+4y2AJ1qzD/90qVNbwIUXCpmot0xQH5QBc3; AWSALBCORS=UVx/kTX++EEBKCUolUzdbD6YC/17fGzLUn5M7YsItiECduTLRB0SLYL+5QlOrKJ6+mXK6iqWvdpHmbMp/L/g9S5nAIBW8truxCEeAiXaAbdn702v3EDk/6fCpU6S
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=q42Q/CyiNCg5eMmfW1eTGBFauuFpYzebzC+Jj3xf8wuNMPPm2s3ZhdcY3pLyOodwnE4V39RCC9onY+h3/3o9OX3oy+4y2AJ1qzD/90qVNbwIUXCpmot0xQH5QBc3; AWSALBCORS=e6Kii/9Or+hxFK1E4jUfvjd+R/+Sr/9mf90fAPAB5q+a5YK5ZYsPJHN/GsQUOnh01IH79uQKu61m/1irawqjSI4lA5ngeG4AKqcU9bowgmI6m8cgnu3C3+Nxwo0G
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__540cdd740000018f9b9a646bff2e3ffff04b63f7%40localhost%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A2049,%0D%0A%27rid%27%3A%27ZGlwZXNoIHNoYWggPGRpcGVzaC5zaGFoQGF1dG9tYXRpb25hbnl3aGVyZS5jb20%2BLCAic2hlbm95LA1cCiBhbWl0IiA8YXNoZW5veUBzdGFuZm9yZGhlYWx0aGNhcmUub3JnPg%3D%3D%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%279zLXKSpZQ9OgbGAJC3CL5w%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1716302537846%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,83154%5D,%27Body-1716302537846%2Etxt%27,%0D%0A%27UTF-16%27%5D,%0D%0A%5B%27image003%2Ejpg%27,2,%0D%0A%27%27,%0D%0A%27image003%2Ejpg%27,%0D%0A21,%5B83154,5457%5D,%27image003%2Ejpg%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image004%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image004%2Epng%27,%0D%0A21,%5B88611,665341%5D,%27image004%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image005%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image005%2Epng%27,%0D%0A21,%5B753952,265036%5D,%27image005%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image006%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image006%2Epng%27,%0D%0A21,%5B1018988,8347%5D,%27image006%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image007%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image007%2Epng%27,%0D%0A21,%5B1027335,536%5D,%27image007%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image008%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image008%2Epng%27,%0D%0A21,%5B1027871,3407%5D,%27image008%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image009%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image009%2Epng%27,%0D%0A21,%5B1031278,2865%5D,%27image009%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image010%2Ejpg%27,2,%0D%0A%27%27,%0D%0A%27image010%2Ejpg%27,%0D%0A21,%5B1034143,4576%5D,%27image010%2Ejpg%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image011%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image011%2Epng%27,%0D%0A21,%5B1038719,2301%5D,%27image011%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B1041020,63314%5D,%27MessageBar%2Ehtml%27,%0D%0A%27UTF-16%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27QbX820jbXjacsfkEIoG438jir4w%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27em%2BqUSh%2FYf0qFpS2UzvZRQ%2BxgkjiJIt4uZpAhhfs0D%2BIldXbXksPN3%2Bsd%2FtzBhuBFj0NoTPRLpV09obh62hZrgX0LfiacWSlZvAvrvwQjLf7y3pkfW%2FTHiLtEbWRe4wiKT1d63kFWUc15zPoULg5uKehPXnjCkmixKbpF5EFXqHyXIzTk1nIXfTqe9C0PC%2FxMa75%2FwJ%2BpwhaXfmTVnEjvfiBJu24FwQDGTqhGqgidqg5dlDExQZpUNJ07r7q5xMk8t%2FRf9sTzV4%2Fz86LHe2iIT7uLfoC9v1%2BHy2h6C1l4h2mYl6aI%2FTvSb4dvQgy8RH%2BoxVvIubOpvuDpWvcA2PTmjzNPxuIvndOlpJCwvp6iE7zO6IKGYaqaYsVk1h7Qa1xehdUkA3HNVQZ8
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stanfordhospital.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_226.2.dr	String found in binary or memory: getter = "https://www.linkedin.com/shareArticle"; equals www.linkedin.com (Linkedin)
Source: chromecache_226.2.dr	String found in binary or memory: getter = "https://www.linkedin.com/shareArticle?mini=true&url="+newUrl; equals www.linkedin.com (Linkedin)
Source: chromecache_202.2.dr	String found in binary or memory: "https://www.youtube.com/user/StanfordHospital" equals www.youtube.com (Youtube)
Source: chromecache_202.2.dr	String found in binary or memory: <a href="https://www.facebook.com/sharer/sharer.php?u=https://stanfordhealthcare.org/">Share on Facebook</a> equals www.facebook.com (Facebook)
Source: chromecache_226.2.dr	String found in binary or memory: //facebook.attr('href', "https://www.facebook.com/sharer/sharer.php?u=" + newUrl); equals www.facebook.com (Facebook)
Source: chromecache_202.2.dr	String found in binary or memory: <a class="youtube" href="https://www.youtube.com/user/StanfordHospital" aria-label="YouTube" data-aa-footer-links="youtube"></a> equals www.youtube.com (Youtube)
Source: chromecache_226.2.dr	String found in binary or memory: getter = "https://www.facebook.com/sharer/sharer.php"; equals www.facebook.com (Facebook)
Source: chromecache_226.2.dr	String found in binary or memory: getter = "https://www.facebook.com/sharer/sharer.php?u=" + newUrl; equals www.facebook.com (Facebook)
Source: chromecache_202.2.dr	String found in binary or memory: <p><b><a href="https://www.youtube.com/watch?v=Fv-T5CKHCXo" target="_blank">Coping With Loneliness</a></b></p> equals www.youtube.com (Youtube)
Source: chromecache_226.2.dr	String found in binary or memory: fb.attr("href", "https://www.facebook.com/sharer/sharer.php?u=" + window.location.href); equals www.facebook.com (Facebook)
Source: chromecache_226.2.dr	String found in binary or memory: tag.src = '//www.youtube.com/iframe_api'; equals www.youtube.com (Youtube)
Source: chromecache_226.2.dr	String found in binary or memory: tag.src = 'http://www.youtube.com/iframe_api'; equals www.youtube.com (Youtube)
Source: chromecache_226.2.dr	String found in binary or memory: return this.showVideoIframe('//www.youtube.com/embed/' + id + '?badge=0&autoplay=1&html5=1' + rel, width, height); equals www.youtube.com (Youtube)
Source: chromecache_202.2.dr	String found in binary or memory: <a href="https://www.youtube.com/watch?v=Fv-T5CKHCXo"> equals www.youtube.com (Youtube)
Source: chromecache_202.2.dr	String found in binary or memory: <link rel="preconnect" href="https://www.youtube.com"> equals www.youtube.com (Youtube)
Source: chromecache_215.2.dr	String found in binary or memory: return b}AC.K="internal.enableAutoEventOnTimer";var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: static.cres-aws.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: res.cisco.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: urldefense.com
Source: global traffic	DNS traffic detected: DNS query: stanfordhospital.org
Source: global traffic	DNS traffic detected: DNS query: stanfordhealthcare.org
Source: global traffic	DNS traffic detected: DNS query: sp1004f3b2.guided.ss-omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: smetrics.stanfordhealthcare.org
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: device.4seeresults.com
Source: global traffic	DNS traffic detected: DNS query: adservice.google.com
Source: global traffic	DNS traffic detected: DNS query: s.ytimg.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: adobedc.demdex.net
Source: global traffic	DNS traffic detected: DNS query: zn6yf3gkbyv99pi86-shcpx.siteintercept.qualtrics.com
Source: global traffic	DNS traffic detected: DNS query: siteintercept.qualtrics.com

Source: unknown

HTTP traffic detected: POST /ee/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=27c43590-60b3-4816-b673-4f890a65407b HTTP/1.1Host: adobedc.demdex.netConnection: keep-aliveContent-Length: 2006Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain; charset=UTF-8Accept: */*Origin: https://stanfordhealthcare.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stanfordhealthcare.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 27c43590-60b3-4816-b673-4f890a65407bvary: Origindate: Wed, 22 May 2024 00:56:44 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 1b534b18-5d15-43f3-98b8-ca9a99e544a2vary: Origindate: Wed, 22 May 2024 00:56:44 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 5f4a708c-7282-4928-ab70-20bd2631e63cvary: Origindate: Wed, 22 May 2024 00:56:57 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 217aac59-7433-4be9-874c-e44f4b274016vary: Origindate: Wed, 22 May 2024 00:56:57 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close

Source: chromecache_226.2.dr	String found in binary or memory: http://baymard.com/labs/country-selector#documentation
Source: chromecache_226.2.dr	String found in binary or memory: http://blog.stevenlevithan.com/archives/date-time-format
Source: chromecache_241.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: chromecache_241.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/13378
Source: chromecache_226.2.dr	String found in binary or memory: http://cherne.net/brian/resources/jquery.hoverIntent.html
Source: chromecache_226.2.dr	String found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=68323
Source: chromecache_226.2.dr	String found in binary or memory: http://demos.flesler.com/jquery/scrollTo/
Source: chromecache_241.2.dr	String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: chromecache_241.2.dr	String found in binary or memory: http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
Source: chromecache_226.2.dr	String found in binary or memory: http://es5.github.com/#x15.4.4.19
Source: chromecache_226.2.dr	String found in binary or memory: http://flesler.blogspot.com
Source: chromecache_226.2.dr	String found in binary or memory: http://flesler.blogspot.com/2007/10/jquerylocalscroll-10.html
Source: chromecache_226.2.dr	String found in binary or memory: http://flesler.blogspot.com/2007/10/jqueryscrollto.html
Source: chromecache_241.2.dr	String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: chromecache_226.2.dr	String found in binary or memory: http://geek-and-poke.com/geekandpoke/2012/7/27/simply-explained.html
Source: chromecache_226.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_226.2.dr	String found in binary or memory: http://github.com/rstacruz/jquery.transit
Source: chromecache_248.2.dr, chromecache_252.2.dr, chromecache_266.2.dr, chromecache_232.2.dr, chromecache_276.2.dr, chromecache_238.2.dr, chromecache_256.2.dr, chromecache_273.2.dr	String found in binary or memory: http://greensock.com
Source: chromecache_248.2.dr, chromecache_252.2.dr, chromecache_266.2.dr, chromecache_232.2.dr, chromecache_276.2.dr, chromecache_238.2.dr, chromecache_256.2.dr, chromecache_273.2.dr	String found in binary or memory: http://greensock.com/standard-license
Source: chromecache_241.2.dr	String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: chromecache_241.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_241.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_226.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_226.2.dr	String found in binary or memory: http://jsapi.info/jquery/1.7.1/val#L2363
Source: chromecache_241.2.dr	String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: chromecache_241.2.dr	String found in binary or memory: http://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_202.2.dr	String found in binary or memory: http://med.stanford.edu/
Source: chromecache_202.2.dr	String found in binary or memory: http://medicalgiving.stanford.edu/
Source: chromecache_226.2.dr	String found in binary or memory: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-h
Source: chromecache_226.2.dr	String found in binary or memory: http://mths.be/placeholder
Source: securedoc_20240521T074217.html	String found in binary or memory: http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2ve
Source: chromecache_226.2.dr	String found in binary or memory: http://ricostacruz.com/jquery.transit
Source: chromecache_202.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_213.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterLightWeightSlant
Source: chromecache_269.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterSemiBoldWeightSlant
Source: chromecache_225.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlant
Source: chromecache_262.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlantRegular
Source: chromecache_241.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_226.2.dr	String found in binary or memory: http://someweblog.com/
Source: chromecache_226.2.dr	String found in binary or memory: http://stackoverflow.com/questions/1144783/replacing-all-occurrences-of-a-string-in-javascript
Source: chromecache_226.2.dr	String found in binary or memory: http://stackoverflow.com/questions/2405117/difference-between-window-location-href-window-location-h
Source: chromecache_241.2.dr	String found in binary or memory: http://tools.ietf.org/html/rfc6570
Source: chromecache_226.2.dr	String found in binary or memory: http://twbs.github.com/bootstrap/javascript.html#carousel
Source: chromecache_226.2.dr	String found in binary or memory: http://twitter.com/some_web_guy
Source: chromecache_202.2.dr	String found in binary or memory: http://twitter.com/stanfordhealth
Source: chromecache_241.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_241.2.dr	String found in binary or memory: http://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_241.2.dr	String found in binary or memory: http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
Source: chromecache_226.2.dr	String found in binary or memory: http://www.amazon.co.uk/wishlist/HNTU0468LQON
Source: chromecache_226.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_241.2.dr	String found in binary or memory: http://www.day.com/foo/bar.html
Source: chromecache_226.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_202.2.dr	String found in binary or memory: http://www.stanford.edu/
Source: chromecache_202.2.dr	String found in binary or memory: http://www.stanfordchildrens.org/
Source: chromecache_226.2.dr	String found in binary or memory: http://www.youtube.com/iframe_api
Source: chromecache_202.2.dr	String found in binary or memory: https://adservice.google.com
Source: securedoc_20240521T074217.html	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Source: chromecache_226.2.dr	String found in binary or memory: https://api-ssl.bitly.com
Source: chromecache_202.2.dr	String found in binary or memory: https://assets.adobedtm.com
Source: chromecache_221.2.dr	String found in binary or memory: https://assets.adobedtm.com/eb749d4c0348/aa19ad4db9cb/302aeabfa458/RC64a6d961de1c4eafa21787d6839c310
Source: chromecache_263.2.dr	String found in binary or memory: https://assets.adobedtm.com/eb749d4c0348/aa19ad4db9cb/launch-e22cb62438e1.js
Source: chromecache_241.2.dr	String found in binary or memory: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Source: chromecache_241.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_241.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_241.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: chromecache_241.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: chromecache_241.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_202.2.dr	String found in binary or memory: https://careers.stanfordhealthcare.org
Source: chromecache_215.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: securedoc_20240521T074217.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
Source: securedoc_20240521T074217.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
Source: chromecache_241.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=378607
Source: chromecache_241.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=449857
Source: chromecache_241.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=470258
Source: chromecache_241.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_226.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/from
Source: chromecache_241.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#Polyf
Source: chromecache_226.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/map
Source: chromecache_226.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: chromecache_241.2.dr	String found in binary or memory: https://developer.mozilla.org/en/Security/CSP)
Source: chromecache_202.2.dr	String found in binary or memory: https://device.4seeresults.com
Source: chromecache_267.2.dr, chromecache_226.2.dr	String found in binary or memory: https://github.com/ashleydw/lightbox
Source: chromecache_267.2.dr, chromecache_226.2.dr	String found in binary or memory: https://github.com/ashleydw/lightbox/blob/master/LICENSE
Source: chromecache_241.2.dr	String found in binary or memory: https://github.com/jquery/jquery-migrate
Source: chromecache_241.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_241.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: chromecache_241.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_241.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_226.2.dr	String found in binary or memory: https://github.com/louisremi/jquery-smartresize
Source: chromecache_226.2.dr	String found in binary or memory: https://github.com/mathiasbynens/jquery-placeholder/pull/99
Source: chromecache_269.2.dr, chromecache_213.2.dr	String found in binary or memory: https://github.com/rsms/inter)Inter
Source: chromecache_262.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
Source: chromecache_225.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
Source: chromecache_226.2.dr	String found in binary or memory: https://github.com/rviscomi/trunk8
Source: chromecache_230.2.dr	String found in binary or memory: https://github.com/select2/select2/blob/master/LICENSE.md
Source: chromecache_226.2.dr	String found in binary or memory: https://github.com/somewebmedia/hc-sticky
Source: chromecache_241.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_202.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/stanford-health-care-myhealth/id922978966?mt=8
Source: chromecache_241.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_241.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_226.2.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/staticmap?center=
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/02/antonio-omuro.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/02/augmented-reality-surgery.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/02/diabetes-liver-cancer.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/02/men-women-brain-organization-patterns.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/02/omalizumab-allergies-food.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/03/ambient-listening-notes.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/03/covid-booster.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/2024/05/joint-commission-certification.html
Source: chromecache_202.2.dr	String found in binary or memory: https://med.stanford.edu/news/all-news/brands/inside-stanford-medicine.html
Source: chromecache_202.2.dr	String found in binary or memory: https://mychart.stanfordhealthcare.org/MakeAppointment/openscheduling?specialty=2527&sugvtid=3000136
Source: chromecache_202.2.dr	String found in binary or memory: https://mychart.stanfordhealthcare.org/MakeAppointment/openscheduling?specialty=9&sugvtid=300014000
Source: chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/
Source: chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/#/
Source: chromecache_226.2.dr, chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/#/activate-create
Source: chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/#/activation/lookup=true
Source: chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/#/forgot-password
Source: chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/#/forgot-username
Source: chromecache_202.2.dr	String found in binary or memory: https://myhealth.stanfordhealthcare.org/ContactHelpDesk
Source: chromecache_202.2.dr	String found in binary or memory: https://mypage.stanfordhealthcare.org/SignUp-SMHC.html
Source: chromecache_241.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_241.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_215.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_215.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_202.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=org.stanfordhealthcare.myhealth
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=authFrame
Source: chromecache_275.2.dr	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=null
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com/websafe/images/loginbg.gif
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com/websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWY
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/keyserver/Logout
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/keyserver/keyserver
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=AddrNotShown
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=PPNotShown
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=RegEnvelope
Source: securedoc_20240521T074217.html	String found in binary or memory: https://res.cisco.com:443/websafe/pswdForgot.action
Source: chromecache_255.2.dr	String found in binary or memory: https://s.qualtrics.com/spoke/all/jam
Source: chromecache_202.2.dr	String found in binary or memory: https://s.ytimg.com
Source: chromecache_202.2.dr	String found in binary or memory: https://scopeblog.stanford.edu/2023/10/19/new-policy-sexual-orientation-gender-blood-donation/
Source: chromecache_202.2.dr	String found in binary or memory: https://scopeblog.stanford.edu/2024/02/27/non-alcoholic-drinks-and-alcoholism/
Source: chromecache_226.2.dr	String found in binary or memory: https://secure.shippingapis.com/ShippingAPI.dll?API=CityStateLookup&XML=
Source: chromecache_255.2.dr	String found in binary or memory: https://siteintercept.qualtrics.com
Source: chromecache_255.2.dr	String found in binary or memory: https://siteintercept.qualtrics.com/dxjsmodule/
Source: chromecache_202.2.dr	String found in binary or memory: https://smetrics.stanfordhealthcare.org
Source: chromecache_202.2.dr	String found in binary or memory: https://sp1004f3b2.guided.ss-omtrdc.net
Source: chromecache_226.2.dr	String found in binary or memory: https://stackoverflow.com/questions/2830542/prevent-double-submission-of-forms-in-jquery
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/&via=StanfordHealth
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/Ecard/ecard-intro-page.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/_jcr_content/home-main-parsys/general_container_1035446371/parsyscont
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/_jcr_content/home-main-parsys/general_container_47/parsyscontainer/ge
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/_jcr_content/home-main-parsys/general_container_824407088/parsysconta
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/300-pasteur-renewal-program.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/ceo-report.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/conduct.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/contact.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/facilities-services-and-planning.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/legal-disclaimer.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/notice-of-nondiscrimination.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/about-us/supplier-diversity.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/application/ct.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/campaigns/living-donor-campaign.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/content/dam/SHC/logos-awards/images/stanford-health-care-shield-logo-
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/directory/guided-search.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/directory/guided-search.html#x1=sp_spec_care_clinic&q1=true&page=1
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/directory/guided-search.html#x1=sp_spec_care_phy&q1=true&page=1
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/directory/guided-search.html#x1=sp_type&q1=%2520&page=1
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/discover/covid-19-resource-center.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/discover/covid-19-resource-center.html#appointment
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/discover/covid-19-resource-center/patient-care/visitor-policy.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/discover/covid-19-resource-center/specialty-care-services.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/discover/covid-19-resource-center/your-visit/visitor-policy.html
Source: chromecache_226.2.dr	String found in binary or memory: https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/SHC_Map_Pin_Active.png
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/behavioral-standards.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/billing.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/financial-assistance.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/guest-services.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/guest-services/patient-privacy.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/health-insurance-plans.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/hospital-check-in.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/how-to-become-a-patient.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/international-services.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/locations-and-parking.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/medical-records.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/myhealth.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/no-surprises-act.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/price-transparency.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/support-groups.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/video-visits/connecting-to-a-video-visit.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/video-visits/scheduling-a-video-visit.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-patients-visitors/volunteering.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/for-vendors/vendors.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/health-care-professionals.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/health-care-professionals/allied-healthcare.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/health-care-professionals/nursing.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/health-care-professionals/physician-referral-center.html
Source: chromecache_226.2.dr	String found in binary or memory: https://stanfordhealthcare.org/medical-clinics/emergency-department-1199-welch.html
Source: chromecache_226.2.dr	String found in binary or memory: https://stanfordhealthcare.org/medical-clinics/emergency-department-900-quarry.html
Source: chromecache_226.2.dr, chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/medical-clinics/emergency-department.html
Source: chromecache_226.2.dr	String found in binary or memory: https://stanfordhealthcare.org/medical-clinics/express-care.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/medical-clinics/skin-cancer-program/risks.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/medical-conditions/brain-and-nerves/stroke.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/newsroom.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/search-results.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/search-results.html/
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/second-opinion/overview.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/stanford-health-care-now.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/stanford-health-care-now/2020/novel-coronavirus/updated-visitor-polic
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/sustainability-program-office/sustainability-program-office.html
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcare.org/tri-valley
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordhealthcarequality.com/
Source: chromecache_202.2.dr	String found in binary or memory: https://stanfordmedicinepartners.org/
Source: chromecache_202.2.dr	String found in binary or memory: https://stanmed.stanford.edu/issue/2024issue1/
Source: securedoc_20240521T074217.html	String found in binary or memory: https://static.cres-aws.com/CRES_login_bg.jpg
Source: securedoc_20240521T074217.html	String found in binary or memory: https://static.cres-aws.com/postx.css
Source: chromecache_215.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_241.2.dr	String found in binary or memory: https://tools.ietf.org/html/rfc3986#appendix-B
Source: chromecache_226.2.dr	String found in binary or memory: https://twitter.com/share
Source: chromecache_226.2.dr	String found in binary or memory: https://twitter.com/share?text=
Source: chromecache_202.2.dr	String found in binary or memory: https://twitter.com/share?text=Stanford%20Health%20Care%20(SHC)%20
Source: securedoc_20240521T074217.html	String found in binary or memory: https://urldefense.com/v3/__http://stanfordhospital.org__;
Source: securedoc_20240521T074217.html	String found in binary or memory: https://urldefense.com/v3/__https://res.cisco.com:443/websafe/help?topic=AddrNotShown__;
Source: securedoc_20240521T074217.html	String found in binary or memory: https://urldefense.com/v3/__https://res.cisco.com:443/websafe/pswdForgot.action__;
Source: chromecache_202.2.dr	String found in binary or memory: https://www.google-analytics.com
Source: chromecache_215.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_226.2.dr	String found in binary or memory: https://www.google.com/chrome/browser/desktop
Source: chromecache_226.2.dr	String found in binary or memory: https://www.google.com/recaptcha/enterprise.js?render=6LfsKfUfAAAAAL11B3SscoXn2bSFo9KI579Me-NF
Source: chromecache_215.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_215.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_202.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_202.2.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PND43V
Source: chromecache_226.2.dr	String found in binary or memory: https://www.linkedin.com/shareArticle
Source: chromecache_226.2.dr	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=
Source: chromecache_202.2.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_202.2.dr	String found in binary or memory: https://www.youtube.com/user/StanfordHospital
Source: chromecache_202.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=Fv-T5CKHCXo
Source: chromecache_221.2.dr	String found in binary or memory: https://zn6yf3gkbyv99pi86-shcpx.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_6yf3gkbyV99Pi86

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63187
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49762 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.winHTML@35/146@54/19

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\securedoc_20240521T074217.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,6923652519489000315,5938503757430733907,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,6923652519489000315,5938503757430733907,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: securedoc_20240521T074217.html

Static file information: File size 1522619 > 1048576

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
res.cisco.com	0%	Virustotal	Browse
urldefense.com	1%	Virustotal	Browse
stanfordhealthcare.org	0%	Virustotal	Browse
device-detection-public-static-1385501924.us-east-1.elb.amazonaws.com	0%	Virustotal	Browse
stanfordhospital.org	0%	Virustotal	Browse
adservice.google.com	0%	Virustotal	Browse
youtube-ui.l.google.com	0%	Virustotal	Browse
cdnjs.cloudflare.com	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
demdex.net.ssl.sc.omtrdc.net	0%	Virustotal	Browse
stanfordhealthcare.org.102.122.2o7.net	0%	Virustotal	Browse
smetrics.stanfordhealthcare.org	0%	Virustotal	Browse
siteintercept.qualtrics.com	0%	Virustotal	Browse
s.ytimg.com	1%	Virustotal	Browse
device.4seeresults.com	0%	Virustotal	Browse
assets.adobedtm.com	0%	Virustotal	Browse
sp1004f3b2.guided.ss-omtrdc.net	0%	Virustotal	Browse
commerce.ss-omtrdc.net	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse
adobedc.demdex.net	0%	Virustotal	Browse
static.cres-aws.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://code.google.com/p/chromium/issues/detail?id=378607	0%	URL Reputation	safe
https://www.youtube.com	0%	URL Reputation	safe
http://dev.w3.org/csswg/cssom/#resolved-values	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php	0%	URL Reputation	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	0%	URL Reputation	safe
https://openjsf.org/	0%	URL Reputation	safe
http://bugs.jquery.com/ticket/12359	0%	URL Reputation	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	0%	URL Reputation	safe
https://siteintercept.qualtrics.com	0%	URL Reputation	safe
http://underscorejs.org/LICENSE	0%	URL Reputation	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	0%	URL Reputation	safe
https://code.google.com/p/chromium/issues/detail?id=470258	0%	URL Reputation	safe
https://npms.io/search?q=ponyfill.	0%	URL Reputation	safe
http://jsperf.com/getall-vs-sizzle/2	0%	URL Reputation	safe
http://schema.org	0%	URL Reputation	safe
http://www.amazon.co.uk/wishlist/HNTU0468LQON	0%	Avira URL Cloud	safe
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc.clientlibs/shc/components/embedded/fatfooter/clientlibs.lc-1712886023033-lc.min.js	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/for-patients-visitors/no-surprises-act.html	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/for-patients-visitors/financial-assistance.html	0%	Avira URL Cloud	safe
https://med.stanford.edu/news/all-news/2024/02/antonio-omuro.html	0%	Avira URL Cloud	safe
https://twitter.com/share?text=	0%	Avira URL Cloud	safe
https://stanfordmedicinepartners.org/	0%	Avira URL Cloud	safe
http://www.amazon.co.uk/wishlist/HNTU0468LQON	0%	Virustotal		Browse
https://assets.adobedtm.com/eb749d4c0348/aa19ad4db9cb/launch-e22cb62438e1.js	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/for-patients-visitors/financial-assistance.html	0%	Virustotal		Browse
https://stanfordhealthcare.org/for-patients-visitors/support-groups.html	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/for-patients-visitors/no-surprises-act.html	0%	Virustotal		Browse
https://stanfordhealthcare.org/etc.clientlibs/shc/clientlibs/clientlib-site.lc-1712886023033-lc.min.js	0%	Avira URL Cloud	safe
https://stanfordmedicinepartners.org/	0%	Virustotal		Browse
https://sp1004f3b2.guided.ss-omtrdc.net	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/for-patients-visitors/health-insurance-plans.html	0%	Virustotal		Browse
https://stanfordhealthcare.org/for-patients-visitors/health-insurance-plans.html	0%	Avira URL Cloud	safe
https://assets.adobedtm.com/eb749d4c0348/aa19ad4db9cb/302aeabfa458/RC64a6d961de1c4eafa21787d6839c310	0%	Avira URL Cloud	safe
https://github.com/select2/select2/blob/master/LICENSE.md	0%	Avira URL Cloud	safe
https://med.stanford.edu/news/all-news/2024/02/omalizumab-allergies-food.html	0%	Avira URL Cloud	safe
https://assets.adobedtm.com	0%	Avira URL Cloud	safe
https://sp1004f3b2.guided.ss-omtrdc.net	1%	Virustotal		Browse
https://stanfordhealthcare.org/discover/covid-19-resource-center/your-visit/visitor-policy.html	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/stanford-health-care-now.html	0%	Avira URL Cloud	safe
https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter	0%	Avira URL Cloud	safe
https://twitter.com/share?text=	0%	Virustotal		Browse
https://assets.adobedtm.com	0%	Virustotal		Browse
https://www.google.com/recaptcha/enterprise.js?render=6LfsKfUfAAAAAL11B3SscoXn2bSFo9KI579Me-NF	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/content/shc/en-tools/home/stroke-awareness/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1682717674026.jpg	0%	Avira URL Cloud	safe
https://myhealth.stanfordhealthcare.org/ContactHelpDesk	0%	Avira URL Cloud	safe
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en	0%	Avira URL Cloud	safe
https://urldefense.com/v3/__http://stanfordhospital.org__;!!BHlfX_zbyOAjqHI!wgyEG2JxI2P6-nnwEtViTwF0Z9cRgAzwL8Ix44wul2R1tUTK5pHKGckJKICGmfD_OJoMbm4pdzwPIsbHISCdNy7PQrF-posI2ZrPT3Y$	0%	Avira URL Cloud	safe
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	0%	Avira URL Cloud	safe
https://urldefense.com/v3/__https://res.cisco.com:443/websafe/help?topic=AddrNotShown__;	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/for-patients-visitors/hospital-check-in.html	0%	Avira URL Cloud	safe
https://res.cisco.com:443	0%	Avira URL Cloud	safe
https://res.cisco.com:443/keyserver/keyserver	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/_jcr_content/home-main-parsys/general_container_1035446371/parsyscont	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/application/ct.html	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-700/Source-Sans-Pro-700.woff2	0%	Avira URL Cloud	safe
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	0%	Avira URL Cloud	safe
https://res.cisco.com:443/keyserver/Logout	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/stanford-health-care-now/2020/novel-coronavirus/updated-visitor-polic	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/_jcr_content/renditions/original	0%	Avira URL Cloud	safe
http://www.stanford.edu/	0%	Avira URL Cloud	safe
https://zn6yf3gkbyv99pi86-shcpx.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_6yf3gkbyV99Pi86	0%	Avira URL Cloud	safe
https://careers.stanfordhealthcare.org	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/content/shc/en-tools/home/aapi-heritage-month-2024/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1714515125224.jpg	0%	Avira URL Cloud	safe
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-600/Source-Sans-Pro-600.woff2	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/spritesheetSHC.png	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/directory/guided-search.html#x1=sp_type&q1=%2520&page=1	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/content/dam/SHC/Campaign/Homepage-Redesign/images/docs.png/_jcr_content/renditions/original	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/about-us/legal-disclaimer.html	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#Polyf	0%	Avira URL Cloud	safe
https://smetrics.stanfordhealthcare.org/ee/irl1/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=217aac59-7433-4be9-874c-e44f4b274016	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/second-opinion/overview.html	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/favicon.gif	0%	Avira URL Cloud	safe
https://tools.ietf.org/html/rfc3986#appendix-B	0%	Avira URL Cloud	safe
https://github.com/louisremi/jquery-smartresize	0%	Avira URL Cloud	safe
https://med.stanford.edu/news/all-news/2024/02/diabetes-liver-cancer.html	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/newsroom.html	0%	Avira URL Cloud	safe
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/jcr:content/renditions/original	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/SHC_Map_Pin_Active.png	0%	Avira URL Cloud	safe
https://myhealth.stanfordhealthcare.org/#/forgot-password	0%	Avira URL Cloud	safe
http://twbs.github.com/bootstrap/javascript.html#carousel	0%	Avira URL Cloud	safe
http://www.youtube.com/iframe_api	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/etc/clientlibs/shc/main/js/vendor/gsap/TweenLite.min.js?_=1716339413697	0%	Avira URL Cloud	safe
https://urldefense.com/v3/__http://stanfordhospital.org__;	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/about-us/supplier-diversity.html	0%	Avira URL Cloud	safe
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg	0%	Avira URL Cloud	safe
https://stanfordhealthcare.org/about-us/contact.html	0%	Avira URL Cloud	safe
https://github.com/ashleydw/lightbox	0%	Avira URL Cloud	safe
https://adobedc.demdex.net/ee/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=27c43590-60b3-4816-b673-4f890a65407b	0%	Avira URL Cloud	safe
https://res.cisco.com/websafe/images/loginbg.gif	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css	0%	Avira URL Cloud	safe
http://stanfordhospital.org/	0%	Avira URL Cloud	safe
https://res.cisco.com/websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWYqxqJg!!/branding/customer-logo.gif?f=1	0%	Avira URL Cloud	safe
https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter	0%	Avira URL Cloud	safe
http://medicalgiving.stanford.edu/	0%	Avira URL Cloud	safe
https://github.com/jquery/jquery/pull/557)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
res.cisco.com	54.88.189.149	true	true	0%, Virustotal, Browse	unknown
urldefense.com	52.71.28.102	true	false	1%, Virustotal, Browse	unknown
stanfordhospital.org	34.192.118.136	true	false	0%, Virustotal, Browse	unknown
stanfordhealthcare.org	3.85.248.140	true	false	0%, Virustotal, Browse	unknown
device-detection-public-static-1385501924.us-east-1.elb.amazonaws.com	54.92.234.21	true	false	0%, Virustotal, Browse	unknown
adservice.google.com	172.217.23.98	true	false	0%, Virustotal, Browse	unknown
d2qj7djftjbj85.cloudfront.net	13.32.121.110	true	false		unknown
youtube-ui.l.google.com	142.250.74.206	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.68	true	false	0%, Virustotal, Browse	unknown
demdex.net.ssl.sc.omtrdc.net	63.140.62.27	true	false	0%, Virustotal, Browse	unknown
stanfordhealthcare.org.102.122.2o7.net	63.140.62.27	true	false	0%, Virustotal, Browse	unknown
commerce.ss-omtrdc.net	192.243.240.8	true	false	0%, Virustotal, Browse	unknown
s.ytimg.com	142.250.185.110	true	false	1%, Virustotal, Browse	unknown
assets.adobedtm.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
siteintercept.qualtrics.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
smetrics.stanfordhealthcare.org	unknown	unknown	false	0%, Virustotal, Browse	unknown
device.4seeresults.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
sp1004f3b2.guided.ss-omtrdc.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
static.cres-aws.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
adobedc.demdex.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
zn6yf3gkbyv99pi86-shcpx.siteintercept.qualtrics.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc.clientlibs/shc/components/embedded/fatfooter/clientlibs.lc-1712886023033-lc.min.js	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc.clientlibs/shc/clientlibs/clientlib-site.lc-1712886023033-lc.min.js	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/content/shc/en-tools/home/stroke-awareness/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1682717674026.jpg	false	Avira URL Cloud: safe	unknown
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/#shc-search-title	false		unknown
https://urldefense.com/v3/__http://stanfordhospital.org__;!!BHlfX_zbyOAjqHI!wgyEG2JxI2P6-nnwEtViTwF0Z9cRgAzwL8Ix44wul2R1tUTK5pHKGckJKICGmfD_OJoMbm4pdzwPIsbHISCdNy7PQrF-posI2ZrPT3Y$	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-700/Source-Sans-Pro-700.woff2	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/_jcr_content/renditions/original	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/content/shc/en-tools/home/aapi-heritage-month-2024/_jcr_content/content-parsys/general_container_co/parsyscontainer/imagewithcaption/image.img.full.high.jpg/1714515125224.jpg	false	Avira URL Cloud: safe	unknown
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/spritesheetSHC.png	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc/clientlibs/shc/fonts/fonts/Source-Sans-Pro-600/Source-Sans-Pro-600.woff2	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/content/dam/SHC/Campaign/Homepage-Redesign/images/docs.png/_jcr_content/renditions/original	false	Avira URL Cloud: safe	unknown
https://smetrics.stanfordhealthcare.org/ee/irl1/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=217aac59-7433-4be9-874c-e44f4b274016	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/favicon.gif	false	Avira URL Cloud: safe	unknown
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/content/dam/SHC/Campaign/Homepage-Redesign/images/heart.png/jcr:content/renditions/original	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc/clientlibs/shc/main/js/vendor/gsap/TweenLite.min.js?_=1716339413697	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg	false	Avira URL Cloud: safe	unknown
https://adobedc.demdex.net/ee/v1/interact?configId=cc1e64a2-987d-41e6-bb54-44e68c6af05e&requestId=27c43590-60b3-4816-b673-4f890a65407b	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/websafe/images/loginbg.gif	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css	false	Avira URL Cloud: safe	unknown
http://stanfordhospital.org/	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWYqxqJg!!/branding/customer-logo.gif?f=1	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stanfordhealthcare.org/for-patients-visitors/no-surprises-act.html	chromecache_202.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.amazon.co.uk/wishlist/HNTU0468LQON	chromecache_226.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/for-patients-visitors/financial-assistance.html	chromecache_202.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://med.stanford.edu/news/all-news/2024/02/antonio-omuro.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/share?text=	chromecache_226.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stanfordmedicinepartners.org/	chromecache_202.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/eb749d4c0348/aa19ad4db9cb/launch-e22cb62438e1.js	chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/for-patients-visitors/support-groups.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://sp1004f3b2.guided.ss-omtrdc.net	chromecache_202.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/for-patients-visitors/health-insurance-plans.html	chromecache_202.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/eb749d4c0348/aa19ad4db9cb/302aeabfa458/RC64a6d961de1c4eafa21787d6839c310	chromecache_221.2.dr	false	Avira URL Cloud: safe	unknown
https://code.google.com/p/chromium/issues/detail?id=378607	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://github.com/select2/select2/blob/master/LICENSE.md	chromecache_230.2.dr	false	Avira URL Cloud: safe	unknown
https://med.stanford.edu/news/all-news/2024/02/omalizumab-allergies-food.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com	chromecache_202.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/discover/covid-19-resource-center/your-visit/visitor-policy.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/stanford-health-care-now.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com	chromecache_202.2.dr	false	URL Reputation: safe	unknown
http://dev.w3.org/csswg/cssom/#resolved-values	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter	chromecache_225.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/enterprise.js?render=6LfsKfUfAAAAAL11B3SscoXn2bSFo9KI579Me-NF	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php	chromecache_226.2.dr	false	URL Reputation: safe	unknown
https://myhealth.stanfordhealthcare.org/ContactHelpDesk	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_241.2.dr	false	Avira URL Cloud: safe	unknown
https://urldefense.com/v3/__https://res.cisco.com:443/websafe/help?topic=AddrNotShown__;	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown
http://getbootstrap.com)	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://stanfordhealthcare.org/for-patients-visitors/hospital-check-in.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://res.cisco.com:443	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown
https://res.cisco.com:443/keyserver/keyserver	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/_jcr_content/home-main-parsys/general_container_1035446371/parsyscont	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://openjsf.org/	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://stanfordhealthcare.org/application/ct.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	chromecache_241.2.dr	false	Avira URL Cloud: safe	unknown
https://res.cisco.com:443/keyserver/Logout	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/stanford-health-care-now/2020/novel-coronavirus/updated-visitor-polic	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
http://www.stanford.edu/	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
http://bugs.jquery.com/ticket/12359	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://zn6yf3gkbyv99pi86-shcpx.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_6yf3gkbyV99Pi86	chromecache_221.2.dr	false	Avira URL Cloud: safe	unknown
https://careers.stanfordhealthcare.org	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://siteintercept.qualtrics.com	chromecache_255.2.dr	false	URL Reputation: safe	unknown
https://stanfordhealthcare.org/directory/guided-search.html#x1=sp_type&q1=%2520&page=1	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/about-us/legal-disclaimer.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#Polyf	chromecache_241.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/second-opinion/overview.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc3986#appendix-B	chromecache_241.2.dr	false	Avira URL Cloud: safe	unknown
http://underscorejs.org/LICENSE	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://github.com/louisremi/jquery-smartresize	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://med.stanford.edu/news/all-news/2024/02/diabetes-liver-cancer.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/newsroom.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/etc/clientlibs/shc/main/img/SHC_Map_Pin_Active.png	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://myhealth.stanfordhealthcare.org/#/forgot-password	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
http://twbs.github.com/bootstrap/javascript.html#carousel	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
http://www.youtube.com/iframe_api	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://urldefense.com/v3/__http://stanfordhospital.org__;	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/about-us/supplier-diversity.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://code.google.com/p/chromium/issues/detail?id=470258	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://npms.io/search?q=ponyfill.	chromecache_241.2.dr	false	URL Reputation: safe	unknown
https://stanfordhealthcare.org/about-us/contact.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/ashleydw/lightbox	chromecache_267.2.dr, chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter	chromecache_262.2.dr	false	Avira URL Cloud: safe	unknown
http://jsperf.com/getall-vs-sizzle/2	chromecache_241.2.dr	false	URL Reputation: safe	unknown
http://medicalgiving.stanford.edu/	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
http://schema.org	chromecache_202.2.dr	false	URL Reputation: safe	unknown
https://github.com/jquery/jquery/pull/557)	chromecache_241.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/browser/desktop	chromecache_226.2.dr	false	Avira URL Cloud: safe	unknown
https://device.4seeresults.com	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://stanfordhealthcare.org/for-patients-visitors/volunteering.html	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown
http://www.stanfordchildrens.org/	chromecache_202.2.dr	false	Avira URL Cloud: safe	unknown
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2ve	securedoc_20240521T074217.html	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
34.226.242.185	unknown	United States	14618	AMAZON-AESUS	false
52.71.28.102	urldefense.com	United States	14618	AMAZON-AESUS	false
34.202.119.98	unknown	United States	14618	AMAZON-AESUS	false
142.250.74.206	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
34.192.118.136	stanfordhospital.org	United States	14618	AMAZON-AESUS	false
63.140.62.27	demdex.net.ssl.sc.omtrdc.net	United States	15224	OMNITUREUS	false
3.85.248.140	stanfordhealthcare.org	United States	14618	AMAZON-AESUS	false
172.217.23.98	adservice.google.com	United States	15169	GOOGLEUS	false
63.140.62.222	unknown	United States	15224	OMNITUREUS	false
192.243.240.8	commerce.ss-omtrdc.net	United States	15224	OMNITUREUS	false
54.88.189.149	res.cisco.com	United States	14618	AMAZON-AESUS	true
54.92.234.21	device-detection-public-static-1385501924.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
63.140.62.17	unknown	United States	15224	OMNITUREUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
13.32.121.110	d2qj7djftjbj85.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1445453
Start date and time:	2024-05-22 02:54:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	securedoc_20240521T074217.html
Detection:	MAL
Classification:	mal56.phis.winHTML@35/146@54/19
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html Browse: https://urldefense.com/v3/__http://stanfordhospital.org__;!!BHlfX_zbyOAjqHI!wgyEG2JxI2P6-nnwEtViTwF0Z9cRgAzwL8Ix44wul2R1tUTK5pHKGckJKICGmfD_OJoMbm4pdzwPIsbHISCdNy7PQrF-posI2ZrPT3Y$ Browse: https://stanfordhealthcare.org/#shc-search-title

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.163, 142.250.184.238, 173.194.76.84, 142.250.185.138, 34.104.35.123, 199.232.210.172, 172.217.18.10, 142.250.186.138, 216.58.212.138, 142.250.186.170, 142.250.186.42, 216.58.206.74, 142.250.184.202, 172.217.16.138, 142.250.185.202, 142.250.186.106, 216.58.206.42, 142.250.181.234, 142.250.184.234, 172.217.16.202, 142.250.186.74, 192.229.221.95, 172.217.16.206, 2.19.104.20, 216.58.212.168, 142.250.185.170, 216.58.212.170, 142.250.185.234, 142.250.185.74, 142.250.185.106, 104.17.208.240, 104.17.209.240, 142.250.184.227, 142.250.185.110
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ajax.googleapis.com, cn-assets.adobedtm.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e7808.dscg.akamaiedge.net, www.googletagmanager.com, prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com, www.google-analytics.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Input	Output
URL: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": true, "reasons": [ "The text contains the word 'email' which is commonly used in login forms for users to enter their email address.", "The text contains the word 'Submit' which is often used as a button for submitting form data, including login information.", "The text contains the phrase 'My address is not listed' which suggests that the user has the option to enter their own email address, indicating a login form." ] }
EngliSh (us) Message Security Medium Stanford Secure Email Encryption Service TO Select email address Submit My address is not listed f3G
URL: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html Model: gpt-4o	```json { "riskscore": 8, "reasons": "The JavaScript code listens for messages from other windows (potentially cross-origin), dynamically creates and manipulates form elements, and submits them. This behavior can be exploited for phishing attacks by injecting malicious forms or redirecting users to malicious URLs. The code also includes obfuscated variable names and functions, which is a common tactic to hide malicious intent." }
window.addEventListener('message',function(event){if(document.getElementById ('forgotPasswordForm')!=null){document.getElementById('forgotPasswordForm'). remove()}var pj=event.data.email,ez=event.data.href,oR=event.data.titleText, _H=event.data.value,qc=document.getElementById('forgotPwdDiv');qc. appendChild(pb(pj,oR,ez,_H))});function pb(pj,oR,ez,_H){if(oR==null){oR= 'Click here to recover a lost password.'}if(_H==null){_H='Forgot password?'} var oA=document.createElement('input');oA.name='forgotPasswordSubmit';oA.id= 'forgotPwdSubmit';oA.title=oR;oA.type='submit';oA.value=_H;if(window. navigator.userAgent.indexOf('Firefox')!=-1){oA.style='margin-top: 10px;'}if( window.navigator.userAgent.indexOf('Edge')!=-1){oA.style='margin-top: 5px;'} var o6=document.createElement('input');o6.name='forgotPswdEmail';o6.value=pj ;o6.type='hidden';var ey=document.createElement('form');ey.action=ez;ey. method='POST';ey.name='forgotPassword';ey.id='forgotPasswordForm';ey. autocomplete='off';ey.appendChild(oA);ey.appendChild(o6);return ey} function pbnew(pj, oR, ez, _H) {if (oR == null) {oR = 'Click here to recover a lost password.'} if (_H == null) {_H = 'Forgot password?'}var afp = document.createElement('a'); afp.title = oR;afp.name = 'forgotPwd';afp.href = ez + '?forgotPswdEmail=' + pj; afp.innerHTML = _H;return afp} function qQ(_l,ey,qu){mm(_l,{'error':p7,'success':p7},{'form':ey,'signature':qu})} function p7(status,qP,eu){if(!eu)eu=gUserArg;if(eu){var f5=eu.signature;if( status==ib\|\|status==ic){e3(eu.form,0);if(f5)et(f5, '\x3cspan class="error mds-text mds-text-p3 mds-text-weight-regular mds-text-color-regular mds-notification-content mds-notification mds-notification-negative"\x3eBad '+(status==ib?'postmark':'signature')+ '\x3c/span\x3e')}else if(f5){var c=qP,b=-1;for(_=0;_<3;_++)if((b=c.indexOf( ' ',b+1))==-1)break;if(b!=-1)c=c.substring(0,b)+'<br>'+c.substring(b+1);et( f5,c)}}}function pE(_l,iY,la,iG,eu,qV){var c;if(iG==jn&&_l.userKey){fa(fw,eu );gB(_l.userkeyname);_l.userKey='';oM(_l,true)}else if(iG== RPC_STATUS_NO_RECORD_FOUND){c=er('RPCMessageKeyRemoved','',iG,_l.msgID)}else if(iG!=iZ)c=er('RPCError','',iG,_l.msgID);if(c)alert(c)}var js,ok='passMsg', ol='',oC='initMsg',pm='',po='';function pv(dq){ if(!dq)dq=window.event;if(dq){if(dq.type=='keydown')window.onkeydown='';else if(js&&dq.type=='load')return;js={'ctrlKey':dq.ctrlKey?1:0,'altKey':dq. altKey?1:0,'shiftKey':dq.shiftKey?1:0}}} function qt(){pR();fp('passwordRow1');fp ('forgotPasswordRow');pl();fD(oC,'RPCWaiting')}function qJ(ey,eC, _l,ge,oj){if(OSMacOS9&&(_l.flags&iF)&&!(_l.flags&iM)){fa(fv);return;}window. onkeydown='';_l.rpc={'url':ge};_l.form.index=ey;_l.form.focusField=eC;_l. secureReplyAlg='';if(!oj)oj=js\|\|window.event; if(c=am( 'timeStampLocation'))if(payload.signature)c.innerHTML= '\x3cspan class=timestamp id=signature\x3e'+'\x3ca href="javascript:'+"qQ"+ '('+"payload"+',\''+ey+'\',\'signature\')'+ '"\x3eVerify this envelope\x3c/a\x3e'+'\x3c/span\x3e';else c.innerHTML= '\x3cspan cla
URL: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html Model: gpt-4o	```json { "riskscore": 8, "reasons": "The code includes obfuscated and encoded elements, which are common in malicious scripts. It manipulates form submission and key events, potentially capturing sensitive information. The use of a remote server (res.cisco.com) for key handling is suspicious and could be used for phishing or data exfiltration." }
ew('browserLoading','');if(typeof ag=='function')ag();window.onload=pv; window.onkeydown=pv;var ey=document.forms[0];ey.method='POST'; ey.onsubmit=function(){return qg(ey,payload)};ey.onkeyup= function(oj){ql(ey,oj)};p5();if(!fP){qt();setTimeout(function(){i9(0,'payloadValue','payloadImage', 'metaPayloadValue','metaPayloadImage',"qJ(0,'key1',payload,"+ '"https://res.cisco.com:443/keyserver/keyserver")' ,{'progressFn':fq,'progressArgs':{'progressBar':{'bgColor':'#808080', 'borderColor':'#000000'}}})},125)}//-->
URL: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html Model: gpt-4o	```json { "riskscore": 3, "reasons": "The JavaScript code provided does not exhibit clear signs of malicious behavior such as obfuscation, data exfiltration, or unauthorized access to user data. The code appears to be related to encoding/decoding functions and some utility functions for handling strings and arrays. However, the presence of multiple serial and revision numbers, as well as the extensive use of encoding functions, suggests it could be part of a larger system, possibly for email or data processing. Without further context, it is difficult to definitively assess the intent. Therefore, a moderate risk score is assigned." }
'$Serial: 6261 $ $Revision: 1.16 $'; 'Copyright (c) 2001-2019, Cisco Systems, Inc. All rights reserved.'; 'Protected by United States patent numbers 6,014,688, 6,304,897,'; '7,533,422, 7,694,297, 7,802,096, 7,814,317, 8,005,920 and others.'; '$Serial: 3328 $ $Revision: 1.7 $';'Version: 2.3'; '$Serial: 6248 $ $Revision: 1.15 $';var ad='EnvelopeTools51',db='PostXBPC', dd='PostXPreferences',dc='PostXCookieCheck',ac='PostXCarbon.',de= 'PostXSessionKey.',df='PostXUserKey.',dk=315360000000,dg='',di= 'Tue, 19-Jan-2038 03:14:07 GMT',dh=315360000000,dj=315360000000,dl= 315360000000; '$Serial: 0478 $ $Revision: 1.9 $';var ae='appletHolder',f0='appletHolder', fE='undefined',aG='object',dv='string';try{if(typeof Array.prototype.push== fE)Array.prototype.push=function(){for(var _=0;_<arguments.length;_++)this[ this.length]=arguments[_];return this.length}}catch(fx){}try{if(typeof String.prototype.trim==fE)String.prototype.trim=function(){return this. replace(/^\s+\|\s+$/g,'')}}catch(fx){} '$Serial: 3888 $ $Revision: 1.23 $';function _w(a8){var gS= /^\sfunction\s+([^(]+)/,cS;if((cS=gS.exec(a8)))return cS[1];return''} function mp(i){i=i.toString(16);if(i.length&1)i='0'+i;return'%'+i}function _N(c,mr){c+='';var au,_,d=c.length,aw='';for(_=0;_<d;_++){au=c.charAt(_);if( au>='A'&&au<='Z'\|\|au>='a'&&au<='z'\|\|au>='0'&&au<='9'\|\|au=='.'\|\|au=='-'\|\|au== ''\|\|au=='_')aw+=au;else{au=au.charCodeAt(0);if(mr\|\|au<128){aw+=mp(au&255)} else if(au<2048){aw+=mp(192\|au>>>6);aw+=mp(128\|au&63)}else{aw+=mp(224\|au>>> 12);aw+=mp(128\|(au>>>6)&63);aw+=mp(128\|au&63)}}}return aw}function a_(c,mr){ c+='';var au,dE,_,d=c.length,aw='';for(_=0;_<d;_++){au=c.charAt(_);switch(au ){default:aw+=au;break;case'+':aw+=' ';break;case'%':if(c.charAt(_+1)=='u'){ au=c.substr(_+2,4);_+=5;dE=parseInt(au,16)}else{au=c.substr(_+1,2);_+=2;dE= parseInt(au,16);if(mr\|\|dE<128){}else if(dE<224){if(d-_<4\|\|c.charAt(_+1)!='%' ){}else{au=c.substr(_+2,2);_+=3;dE=((dE&31)<<6)\|(parseInt(au,16)&63)}}else{ if(d-_<7\|\|c.charAt(_+1)!='%'\|\|c.charAt(_+4)!='%'){}else{au=c.substr(_+2,2);_ +=3;dE=((dE&15)<<6)\|(parseInt(au,16)&63);au=c.substr(_+2,2);_+=3;dE=(dE<<6)\| (parseInt(au,16)&63)}}}aw+=String.fromCharCode(dE);break}}return aw}function _Y(c){c+='';var au,_,d=c.length,aw='';for(_=0;_<d;_++){au=c.charAt(_);if(au< ' '\|\|au>'~'\|\|au=='\''\|\|au=='"')aw+='&#'+c.charCodeAt(_)+';';else aw+=au} return aw}function mv(my,mu){var k0=arguments.length,j=[],_;if(k0==3&& arguments[2].elements){var ey=arguments[2],eq;for(_=1;eq=ey['key'+_];_++)if( eq.value!='')j[j.length]=eq.value}else{for(_=2;_<k0;_++)if(arguments[_]!='') j[j.length]=arguments[_]}j=j.join(my);if(mu)j=j.toLowerCase();return j} function go(cN,mq){if(!mq)mq=72;var _,b,d=cN.length;if('\ '=='')return cN;var cS=new Array(Math.floor((d+mq-1)/mq));for(_=b=0;_<d;_+= mq+1,b++)cS[b]=cN.substr(_,mq);cS.length=b;return cS.join('')}var mt=0; function mw(ir){var c;if(fM)c=ir+new Date().getTime()+mt++;else do{c=ir+mt++ }while(document.getElementById(c));return c}function jy(hq){var mo='',_,
URL: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html Model: gpt-4o	```json { "riskscore": 3, "reasons": "The provided code contains a URL with a URL defense mechanism, which is commonly used by security systems to protect against malicious links. However, the URL itself is obfuscated and points to an external site, which could potentially be used for phishing or other malicious activities. The rest of the code appears to be related to localization and UI elements, which are typical for legitimate web pages. The presence of the URL defense mechanism suggests some level of security awareness, but the obfuscation and external link warrant caution." }
if(fQ)om('--\x3e');//--><xmp></xmp></div> <table style="width: 100%; margin: -2% auto 2% auto"> <tbody><tr><td align="right" id="localeSelectorLocation"><select name="localeUI" id="localeSelector" onchange="updateText();"><option value="de">Deutsch</option><option value="en">English (US)</option><option value="es">Espaol</option><option value="fr">Franais</option><option value="it">Italiano</option><option value="ja"></option><option value="ko"></option><option value="nl_NL">Dutch</option><option value="pl">Polski</option><option value="pt">Portugus</option><option value="ru"></option><option value="zh_CN">()</option></select></td></tr></tbody></table><div><table id="outerTable" cellpadding="0" cellspacing="0" border="0"><tbody><tr><td style="padding: 15px 2px 2px 2px;"><table cellpadding="0" cellspacing="0" border="0"><tbody><tr><td id="postmarkCell" align="right" valign="right"><div id="innerPostmark"><table cellpadding="0" cellspacing="0" border="0"><tbody><tr><td colspan="2" align="right" height="16"><table border="0" cellpadding="0" cellspacing="0"><tbody><tr id="senderAuthLocation"><td class="senderAuth" align="right"></td><td class="senderAuth" align="left"></td></tr><tr id="sensitivityLocation" style="display: block; float: right;"><td id="text_MessageSecurity" class="senderAuth">Message Security</td><td><br style="line-height: 4px;"></td><td style="display: inline-block;"><div><span id="bullet" style="height: 10px; width: 10px; border-radius: 50%; display: inline-block; margin: 4px 0px 0px 60px; background-color: rgb(108, 192, 74);"></span> </div></td><td id="MessageSecurityValue" class="senderAuth">Medium</td></tr></tbody></table></td></tr> </tbody></table></div></td></tr><tr><td id="logoCell" width="50%" valign="middle" align="center"> <a href="https://urldefense.com/v3/__http://stanfordhospital.org__;!!BHlfX_zbyOAjqHI!wgyEG2JxI2P6-nnwEtViTwF0Z9cRgAzwL8Ix44wul2R1tUTK5pHKGckJKICGmfD_OJoMbm4pdzwPIsbHISCdNy7PQrF-posI2ZrPT3Y$" target="_blank"><img id="text_altImgLogo" style="max-width: 60px; max-height: 60px;" alt="Logo" src="https://res.cisco.com/websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWYqxqJg!!/branding/customer-logo.gif?f=1" border="0"></a></td></tr><tr> <td> <div style="color: rgb(55, 60, 66); font-family:'Inter'; font-size: 36px; font-weight: 300; line-height: 49px; text-align: center;"> Secure Email </div> <div style="color: rgb(55, 60, 66); font-family:'Inter'; font-size: 36px; font-weight: 300; line-height: 49px; text-align: center;"> Encryption Service </div> </td> </tr></tbody></table></td></tr><tr><td id="iframeLocation"><label for="localeSelector" aria-hidden="true"></label><table id="iframeTable" class="mainWindow" width="88%" align="center" cellpadding="0" cellspacing="0" border="0"><tbody><tr><t
URL: file:///C:/Users/user/Desktop/securedoc_20240521T074217.html Model: gpt-4o	```json { "phishing_score": 8, "brands": "Stanford", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "reasons": "The URL provided is a local file path ('file:///C:/Users/user/Desktop/securedoc_20240521T074217.html'), which is highly suspicious for a legitimate web service. Legitimate services typically use secure web domains (e.g., 'https://stanford.edu'). The page includes a login form, which is a common element in phishing sites. The use of the Stanford brand name and logo suggests an attempt to deceive users into thinking the site is legitimate. No CAPTCHA is present, which is often used in legitimate sites to prevent automated attacks. The combination of these factors strongly indicates that this is a phishing site." }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
52.71.28.102	https://url.us.m.mimecastprotect.com/s/m0zFC5yEYqhPZQA5tz31aK?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse
	https://urldefense.com/v3/__https://adclick.g.doubleclick.net/pcs/click?b2tuY41515N2435yMX419snVO7695-2024-McWAN324SCAN&&adurl=Atracker.club-os.comCcampaignclick8ymfqmsgId=d738c6bd137e6a03157c6c728cbc659e734fc39826test=false26target=neopartsBcomBbr2Fdodo2Fes8qj2F*2FamxpbjJAbW9vZy5jb20=$__;Ly8vLy8vLy8_JSXjgILjgIIlJSUl!!EhqYCQ!fXdc6vQjcCJOoS8BYlNUvv3DEx-Bdjf9gHdJcCKMrE6GO7o-8hvti7bNgb9cqWsZW4YBRttxc-7pog$	Get hash	malicious	Unknown	Browse
	Horvath Otilia Selmanco with you.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	FW_ Town of Lake Hamilton_Spreadsheet.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	Travelsafe Flyer_pdf.html	Get hash	malicious	Unknown	Browse
	FW_ New Submission - Plant Process.msg	Get hash	malicious	Unknown	Browse
	9b7eb368-a906-4e0e-97c2-310fd3b9f90a.eml	Get hash	malicious	HTMLPhisher	Browse
	https://usps.uspskkv.com/	Get hash	malicious	Unknown	Browse
	http://az7technoloan.com/cl/0_mt/10/1603/3039/0/0	Get hash	malicious	Phisher	Browse
	http://qgasyntax.com/2753402WB7192675vw697764118Il17367cC38SJr190893GZ	Get hash	malicious	Phisher	Browse
239.255.255.250	https://url6.mailanyone.net/scanner?m=1s9Rgg-0001cq-54&d=4%7Cmail%2F90%2F1716306000%2F1s9Rgg-0001cq-54%7Cin6i%7C57e1b682%7C26023477%7C10839452%7C664CC1BA6AE264A629C85064C11FFBD2&o=%2Fphth%3A%2Fktsilatastwuioaja%2F.cmbreyesllub&s=lh8IWNoEpJyhBSNhYRv-aFY2Urg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	ELECTRONIC RECEIPT_Homeownersfg.html	Get hash	malicious	Unknown	Browse
	ELECTRONIC RECEIPT_Jfs.html	Get hash	malicious	Unknown	Browse
	https://phantmuiswalles.gitbook.io/	Get hash	malicious	Unknown	Browse
	https://dhl-express-group.blogspot.lt/	Get hash	malicious	Unknown	Browse
	https://atualizcadastralcras.com/	Get hash	malicious	Unknown	Browse
	https://metamasskluginn.blogspot.hk/	Get hash	malicious	Unknown	Browse
	https://neweventx.bgmis-mobile.com/	Get hash	malicious	HTMLPhisher	Browse
	http://pro.asyncooo.shop/https/web.telegram.org	Get hash	malicious	Unknown	Browse
	https://raptorsa.shop/	Get hash	malicious	Unknown	Browse
63.140.62.222	http://bagrwb.appleidliy.com/de/	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:fe70e042-f4ed-416e-a72e-487193bbbf8d	Get hash	malicious	Unknown	Browse
	https://bituotools.com/	Get hash	malicious	Unknown	Browse
	https://s3.amazonaws.com/tryhse45ysw45y7w4/rastgawet78watrf8whasieytrewyafiweauistgsidreyrest.html#/14/204625-1367	Get hash	malicious	Phisher	Browse
	http://belastingdienst-betalingportaal.info	Get hash	malicious	Unknown	Browse
	https://protect-us.mimecast.com/s/WmtgC2krQxIovQN4I2X4tR?domain=click-notification.capitalone.com	Get hash	malicious	Unknown	Browse
192.243.240.8	https://americuer.com/	Get hash	malicious	Unknown	Browse
	https://umuace.com/logs/logininav.htm	Get hash	malicious	Unknown	Browse
	https://www.arquitecturafiscal.com/support/logininav.htm	Get hash	malicious	Unknown	Browse
	Rydoo_SUMMARY.html	Get hash	malicious	HTMLPhisher	Browse
63.140.62.17	http://iyfhshsp.com/Stockyard.cfm?domain=ontariostockyards.on.ca&fp=CIJaHXP%2F0skOkNSQd%2F4jtYF3X0QXgT%2B41bUKlz9x8WIfofj6IPTV8ScBtVOQWLtb%2FRwG%2FSkHiiHeZllib976kXCJ4XMA794ZiznRS1wP5Uf04A9tPtI%2B0LoCkzGPdAHYsRq7MR7MdbFPY6oXhvApuHKBrlR32ugZAs8XzrJENmfc665HHXmTlZitcPeywgrTHI6o1222VmPYvgQj3BF3SrPGahD54P8mb7wnGA1Iq2VkMCzKYfTBs9TsEjTlKq4y0VG2Wfe4HZz%2FfV4Kj9e8srxlzEkIc8wqr0A4WlsXH8B6EYuy9GOPwGtl0mU5fDBh&yep=RVNTenhI%2BK5wtfh2y3hvr0C%2Bf8yLo0OquMvUcIDm2pI%2BazRSAc%2BgO8tqXXkadYdZm%2FCdVtUW6v4fRHfi2iLasg4ugBXXocFy%2BKZRh8tTJ%2B1hPAPyIid9TVDBqYtpHTyVkiaz87oq7ncPzsby9Tg3T2j1RIiGpW1BmK%2FTrWUih%2FXnDRKhZFMjpokW5c0YMS1fK3J7%2Bd66FySEOnk4uznr%2Bj2iXwlpK45ddD%2FQhCQdRbSYtXyK6Y%2BnNH0XmeriKJQq30PcKbP2b2rfFFjMfmciNCzMIuHsxuylX1DCXMJkN7S2Y8niXSmMcZHZ2gbvX7m%2FOujBxUYqP4pl5pesXzNvel9QWXdbhQ6U03mTXDA670%2FoRFLT8ez1b%2BRvdcfRh2IRVZ3USOJ7UUDZsD%2B4qi731tfoY%2BuT2tHsaGjnJUDy6MSUl743ntfchbV8KuCXmSn1XmeM0kBMR7GWGmgarnEPN%2Fu7tqup9nk129kApIU2XJazrgl2BHASztPoRHJA4xbNJbkTRaDBlHCK9N67TWzrLkFiJ4twAESoSeN26JeNJt6yqKEPdMZKK%2FsbdMW2QYCGWTu0y0eI792%2BqESxmSj4qA6XfdvJ79k%2Bt%2FyBpSzxK2dquDe2JW6MniZQO6CyU2DhiqKzuDQZmsRZ9m8oHVJf6beA8iYJEbjVJaqTWlmrxGQuQ3DSFeBBE8Ne7oPiiZpLqvFbXKPRcgHr9vMQnTDuCWeZqxXfyiW6CcQ3voM95JJ3tzh5utgMLxXBGHBXFS4Ixa%2B5xkoKj0z7EcOCMx8YiIPVZV4lNs46zB9oqP6jlu0MJAe0pYCGsL8uwTsCVWoXahV%2Fu8JKPadX1ikQgHDyF9%2BcBGvs%2FbzL7vuCdqOfmzHcvExkDQgErBb%2BBtNCNp%2B%2FWqR%2F0cmKe6xi8aBCM7qXGm9cEPpsSqr%2BUuXrF193vXut6QHyCd5IqK1XfStY9gWk7QIiMjNxV8zcI%2FXxHJzeFzAjtmoqhbv4cIOJbt8Na7zCDyqKk48L1UnuTJqozjuhQ8WSTcNUOw%2B88xJFzzj95RXpBCr2YLtw6JWH8LGB9MnYKzgGed%2B%2F2vh7SMj%2FO%2FGwwIYOzl3ObdsRSKRFiuUKJqDDT93kK1kj4kEZap5RR9jN6EErfJGTODOigOlaeC1li6Vkvd4gGLQ%2B0HboZ1yg1huBq3K6KvalppsbOoowIz7KG9DqWOJX8hCeGv9dgx9in43hGAWlPGAeuTIqH1boNtj9V3sYVooX5WKblP6tqk3kwvWKmKQOG8vtPGqF5k5Fu4FYO7VSCSzcZoMsDuO2NgJXtvtrFv2D%2FUL%2FeQWWBRqTbSAlLtN%2FMaxEHYMn8Gh%2FJUJ0BoFknnzE9rvJSVjZPOF9mWaZ5JUpoLmRcFBiOVduKCDx5GiDppZF7oI32XfhBbpQYJKIoXaSuCLE%2BUlgzBN8eV4RUkpSDfiZWEL0ePYtSC9bG1YPOZQrRvsZSXYnczNPInescpPN59yK9vXTcATqofw2juvQf	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:fe70e042-f4ed-416e-a72e-487193bbbf8d	Get hash	malicious	Unknown	Browse
	http://rig-ved.github.io/	Get hash	malicious	Unknown	Browse
	https://winrocket07.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://20maymic17.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://qki.tfa.mybluehost.me/T/home/net/login.php	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:EU:3884f367-683f-4d94-bda4-885dae5d3ddc	Get hash	malicious	Unknown	Browse
	https://protect-us.mimecast.com/s/WmtgC2krQxIovQN4I2X4tR?domain=click-notification.capitalone.com	Get hash	malicious	Unknown	Browse
63.140.62.27	http://bagrwb.appleidliy.com/de/	Get hash	malicious	Unknown	Browse
	https://flow.page/wadobedocs	Get hash	malicious	Unknown	Browse
	https://u44480879.ct.sendgrid.net/ls/click?upn=u001.K3PKLmjBF8yuYObBAUhMhoYgMCf2QPF8-2BZI72vFIksvq5gv1YdeLmebXIjmharYkUcFgg0gxX-2FWnhhIuwG1v7hZ1jSPSflMHjG28wduJ6WYURJRkvoZYkrpgydIv6UCw7t1grI-2FOHPnDvS00ShpX9xXHYT95jO14dPyhKlpfAgbiguCssCUSGyzsUXoj0i5OD5WgRtFSbHv5xA6nkt2-2BnV2PahLYLwt63WRXCeSfWq4QVMqO-2BJ19jNeGlkPsSJ7LjTRQ_i2l0JY0a-2B5IHliMJOpuAQskejvIIAloJuWpirDIyAKvqXPSxi-2BJFNs3s-2BBhNyt3IuemV4R9vgK4lniAodKDuO5I3mYVK4xxASVKvZBnT0EvvqLHkUoab3uOwe13cn6mNyhQaL1Vcdvxd7XZ0GFfTZ9aBlD2GiHfinlIyB6vRF7bjNGZmtvLv3o0jYjOgY4RXF495TuUjjBZNoMguN8rUGoiNOkgNXvc2IiDsbNfgghazj2fwqVSs1vbmTcZe0zePKD2UCPQB-2F0HgPY4-2FJ1DTehOrWMbxZ-2FvJVCWppZOFHMlDv0TKEyx1-2FUlF330qgqw9RpmfgzpuSa3QNju2XxovCzCQMgiykbvuS-2BASB-2BwolLPpkcOYAm2PSCx0uDNQdWPLOarKIcv5eBG38XDZm38U-2BPUlNv7WKbMtJQtnyTRX26RGa2QEgMJJEg7pVaW1E3fNSFtUzV-2B9TRB6AR-2F0dQVDjN-2BDXbuC2wdD8XIcTiR0x13qN9Ue7Uy0B1mkdyBFM-2F-2FLCkULNCj3vHyywuiz7XFtD80zjdMZ6p7qRnJvTxE0OErqVvXV7ExeSfPpIkvRb2vtYGXyPwsJU84YitEGasTuan1Qb7qY-2BCjK-2BGu2OF5qtxAM4ffvs-2FAs5ymdEqvJZV5Bn1jeQjLz6wDOoEy-2B8bZnhDZ-2BAPDyVjfuq0GObtbYn-2Fb4GPUYaWbH-2F93IuGgnTByDILI-2FWE9MVp3RKV-2F-2BBryOsBGlBUQrWR2ImfTNzWzMbBrj-2BKqW5yNH1deqIdAglTH68WrBSO0mlGYUjctN4j364ck9SzZdvU5uN2VirSfK9wZwGXR-2B6p-2FOHwxd9cjm1b-2BjZRFALK9cu3efthTs-2BPI5tXAxrm5lL9s-2B9SEQz4IW6nJ3DWzdxXvZ4LC5H5taTAQj2lceiCXaxhPNI6PfuuInsvKiGXyFdparkshCJAzM5SH0o7fpSAMjEQa7MyV8onNW	Get hash	malicious	HTMLPhisher	Browse
	http://rig-ved.github.io/	Get hash	malicious	Unknown	Browse
	https://bituotools.com/	Get hash	malicious	Unknown	Browse
	https://winrocket07.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://s3.amazonaws.com/tryhse45ysw45y7w4/rastgawet78watrf8whasieytrewyafiweauistgsidreyrest.html#/14/204625-1367	Get hash	malicious	Phisher	Browse
	https://flow.page/mainstreetinc.com	Get hash	malicious	Unknown	Browse
	http://belastingdienst-betalingportaal.info	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdnjs.cloudflare.com	ELECTRONIC RECEIPT_Homeownersfg.html	Get hash	malicious	Unknown	Browse	104.17.24.14
	ELECTRONIC RECEIPT_Jfs.html	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://neweventx.bgmis-mobile.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://cloudflare-ipfs.com/ipfs/bafybeigamplrf7nvgvwzlbmlnszy7rlab4pwatrdj5q3idts3tvjtui4li/trustefnew.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://ipfs.io/ipfs/bafybeigamplrf7nvgvwzlbmlnszy7rlab4pwatrdj5q3idts3tvjtui4li/trustefnew.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://fix-walletconnect.pages.dev/wallet	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://loved-virtue-774b44b7b7.media.strapiapp.com/owwwaa_8facbd42ef.html	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	104.17.25.14
	http://bafybeiekusbd4y4cjqiqtwmlhlumtbj33wlrqtecaoccsxfdw5bixyh6ja.ipfs.dweb.link/	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	104.17.25.14
	http://bafybeihrc6cuyrla6xtmysscawr36h2gh43dfxnb7a5hsbgrgi7tuxtvcy.ipfs.dweb.link/	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	104.17.25.14
	https://mte-reguje.onrender.com/?scn=29023&ble=statistics&em=314387306_160807	Get hash	malicious	Phisher	Browse	104.17.24.14
res.cisco.com	securedoc_20240509T112530.html	Get hash	malicious	Unknown	Browse	18.233.198.142
	securedoc_20240328T081124.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	bankozk_securedoc_20231214T140252.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	http://res.cisco.com/envelopeopener/pf/ZGJAUG9zdFhuZXQgVG9rZW46MTAwMDE!/fhj.kysPBL1vCr-Ap0cgAxtf-4oAnvhBQdGWEbLmIsfjOkRt1iRs6AjBPp6q3ex6OVzfkENWZJb6NYNiwEi.uZSk84ZMSx7qDA!!/	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20231101T114817.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20231030T033913.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	https://tinyurl.com/mu4vnty3	Get hash	malicious	HTMLPhisher	Browse	184.94.241.74
d2qj7djftjbj85.cloudfront.net	securedoc_20240509T112530.html	Get hash	malicious	Unknown	Browse	18.160.225.62
	securedoc_20240328T081124.html	Get hash	malicious	Unknown	Browse	108.138.85.20
	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse	108.138.85.60
	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse	3.163.115.70
	bankozk_securedoc_20231214T140252.html	Get hash	malicious	Unknown	Browse	18.173.166.40
demdex.net.ssl.sc.omtrdc.net	https://u44480879.ct.sendgrid.net/ls/click?upn=u001.K3PKLmjBF8yuYObBAUhMhoYgMCf2QPF8-2BZI72vFIksvq5gv1YdeLmebXIjmharYkUcFgg0gxX-2FWnhhIuwG1v7hZ1jSPSflMHjG28wduJ6WYURJRkvoZYkrpgydIv6UCw7t1grI-2FOHPnDvS00ShpX9xXHYT95jO14dPyhKlpfAgbiguCssCUSGyzsUXoj0i5OD5WgRtFSbHv5xA6nkt2-2BnV2PahLYLwt63WRXCeSfWq4QVMqO-2BJ19jNeGlkPsSJ7LjTRQ_i2l0JY0a-2B5IHliMJOpuAQskejvIIAloJuWpirDIyAKvqXPSxi-2BJFNs3s-2BBhNyt3IuemV4R9vgK4lniAodKDuO5I3mYVK4xxASVKvZBnT0EvvqLHkUoab3uOwe13cn6mNyhQaL1Vcdvxd7XZ0GFfTZ9aBlD2GiHfinlIyB6vRF7bjNGZmtvLv3o0jYjOgY4RXF495TuUjjBZNoMguN8rUGoiNOkgNXvc2IiDsbNfgghazj2fwqVSs1vbmTcZe0zePKD2UCPQB-2F0HgPY4-2FJ1DTehOrWMbxZ-2FvJVCWppZOFHMlDv0TKEyx1-2FUlF330qgqw9RpmfgzpuSa3QNju2XxovCzCQMgiykbvuS-2BASB-2BwolLPpkcOYAm2PSCx0uDNQdWPLOarKIcv5eBG38XDZm38U-2BPUlNv7WKbMtJQtnyTRX26RGa2QEgMJJEg7pVaW1E3fNSFtUzV-2B9TRB6AR-2F0dQVDjN-2BDXbuC2wdD8XIcTiR0x13qN9Ue7Uy0B1mkdyBFM-2F-2FLCkULNCj3vHyywuiz7XFtD80zjdMZ6p7qRnJvTxE0OErqVvXV7ExeSfPpIkvRb2vtYGXyPwsJU84YitEGasTuan1Qb7qY-2BCjK-2BGu2OF5qtxAM4ffvs-2FAs5ymdEqvJZV5Bn1jeQjLz6wDOoEy-2B8bZnhDZ-2BAPDyVjfuq0GObtbYn-2Fb4GPUYaWbH-2F93IuGgnTByDILI-2FWE9MVp3RKV-2F-2BBryOsBGlBUQrWR2ImfTNzWzMbBrj-2BKqW5yNH1deqIdAglTH68WrBSO0mlGYUjctN4j364ck9SzZdvU5uN2VirSfK9wZwGXR-2B6p-2FOHwxd9cjm1b-2BjZRFALK9cu3efthTs-2BPI5tXAxrm5lL9s-2B9SEQz4IW6nJ3DWzdxXvZ4LC5H5taTAQj2lceiCXaxhPNI6PfuuInsvKiGXyFdparkshCJAzM5SH0o7fpSAMjEQa7MyV8onNW	Get hash	malicious	HTMLPhisher	Browse	63.140.62.27
	https://bituotools.com/	Get hash	malicious	Unknown	Browse	63.140.62.222
	https://s3.amazonaws.com/tryhse45ysw45y7w4/rastgawet78watrf8whasieytrewyafiweauistgsidreyrest.html#/14/204625-1367	Get hash	malicious	Phisher	Browse	63.140.62.222
	securedoc_20240509T112530.html	Get hash	malicious	Unknown	Browse	63.140.39.130
	https://d-wz.info/mygov	Get hash	malicious	HTMLPhisher	Browse	63.140.37.126
	Dot_ Microsoft Password Expired Wednesday, January 24, 2024.eml	Get hash	malicious	Unknown	Browse	63.140.39.82
	https://jf3su0nc82kocw61.blob.core.windows.net/jf3su0nc82kocw61/1.html?4WNYDE6475pnqu82jukhgadbqc940IQTGHHCQEULWJIX13036XJPP12205G13#13/82-6475/940-13036-12205	Get hash	malicious	HTMLPhisher	Browse	63.140.39.72
	https://links.rasa.io/v1/t/eJx1kM1uwjAMx18F9by2aQl0RULbC4zT7pGbuBBokypxNjHEuy90UCaNXe3f_8M-JcF1yWqW7IiGVZ7vKZXW-NCRNttM2oy-cpkP4EjL0IFDn4dDPmhzyNWuW79AoN26rnnFPoxFlzzNkh4JFBBE11PibXASLwEb_PQdEj2AsAc9llDak9OtA5MZS7o9vv6aSNtnMIodeBA9eg9bFHQcJv_GaWzf0dPbz3KCfWj2KEnc60S3PhhNRxHvbfU2OCBtzY2clHdOq4sOSlkxznjazJtF-syWbcqrBaZtJZlkBWtqpv509GiUiOeOySUreRoNCjZxDqV16ppQ8KJcljV_UGFA52PHf7hbmgsTUlRzvnyeF_VjyPuAV3RjzfguaATFBwo7XN4xbc7n8zfoWblN	Get hash	malicious	Unknown	Browse	63.140.39.117
	https://cibc-en.covarity.net/	Get hash	malicious	Unknown	Browse	63.140.38.91
	https://new.express.adobe.com/webpage/VzGp96vT3e2fS	Get hash	malicious	Unknown	Browse	63.140.38.138
urldefense.com	http://uspsqqww.world	Get hash	malicious	Unknown	Browse	52.204.90.22
	https://url.us.m.mimecastprotect.com/s/m0zFC5yEYqhPZQA5tz31aK?domain=urldefense.proofpoint.com	Get hash	malicious	HTMLPhisher	Browse	52.204.90.22
	https://url.us.m.mimecastprotect.com/s/h59bCNkB7XSEM8B9imsaV7?domain=Ccfi	Get hash	malicious	Unknown	Browse	52.6.56.188
	ffffff.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	44.241.220.131
	https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	54.213.143.44
	https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse	52.6.56.188
	https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	52.6.56.188
	https://url.us.m.mimecastprotect.com/s/E9vACKrzxZSDM5kTOI6-C?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse	52.204.90.22
	https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse	52.6.56.188
	https://url.us.m.mimecastprotect.com/s/FY0hCPNp42s1rx35tzam0J?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse	52.6.56.188

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	http://bt-103301.weeblysite.com/	Get hash	malicious	Unknown	Browse	54.235.101.7
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	52.54.184.215
	https://fix-walletconnect.pages.dev/wallet	Get hash	malicious	Unknown	Browse	52.73.82.193
	http://kocin-logixnlkcz.godaddysites.com/	Get hash	malicious	Unknown	Browse	54.88.142.103
	http://lasvocaux.wixsite.com/vocaleacceil	Get hash	malicious	Unknown	Browse	34.197.167.136
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	52.206.173.77
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	52.86.37.184
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	54.144.2.150
	SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exe	Get hash	malicious	Unknown	Browse	44.215.213.2
	https://www.google.co.in/amp/s/www.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Flinkprotect.cudasvc.com%252Furl%253Fa%253Dhttps%253A%252F%252Fwww.visaliakawasaki.com%252FElementSettings%252Fwww.visaliakawasaki.com%252FViewSwitcher%252FSwitchView%253Fmobile%25253DTrue%252526returnUrl%25253Dhttps%253A%252F%252Fu44590137.ct.sendgrid.net%2525252Fls%2525252Fclick%2525253Fupn%2525253Du001.GjIPgTulbfriEzQws5bSKQ0tBwgDf638cPIbrF7bBS8NN2MSd8LfwpRfwqfZEGcjwx-2FiuTfrARoUEAvK7M4n-2BAg1-2F-2FELp5mbBCr0JpdUspiR4oOxJWlS78YEBXijZzkpDiow2nY9KnoFU4ondac8lETPxsyfIct1leS36BfzpkQFKz3TSN9vr61CiVS4uHuNxHob1YUQlV-2BuCeGkvPZJV-2Fo6nAK0QlEj0EmBYAIy3ug8F51T3ZDa-2B0U9lsOqpmba-2FjupN30EfyuEJ9V8e6kbUqxVB0dBioMo5Q1FZl2HioSDtvdcNiAGq-2FmCD-2BpOCdTj4QHZ1svLtVhW3tuPt3TtsKIhMyEQSCBs4KE0QMxTg7Tz3z8lSQNT9N-2Fv2njFNugtWC55_ePYPF6nkF-2BGqBPgpX-2FhQmioAe0Ok4T3S5or1jtZ-2Ff383C4htchEL8ALyz-2FlVDREoFm5EYW0CKJH8Ggnzzvs7KZs3lddF5XzBqvbWlUq3b7V8WyhGiFvjiJtK7QU5N-2Bw2l0QVeej2h7lohWb4z7akLA6ULkTMilx4MGaOA76Y-2F5HTpAh-2FdbwkpAokcG5eM9Rgxr4DfjrCXIjRfG-2BxidDnJzSHi3PNzjjg2x85tMoFNvNhO8MXLTCfsTp2viUCW4cwXWH41yL3YRc97LTzO-2Bs1tiekgXBuymyjOOUCwrfeaoXHwdrUnOC9lLkSCEyEphHHVSUXTRheWH0LQ7d2Vy6YeuU-2FjUnSGfGD3ETh0RWvsTi4KIuS1qozJTidO-2BKbzSC9TN6-2FxeDkpH2v1OcpEc8Fy-2FLfywg7-2FYgWvv7vnLqr0rtoJRdMZ5ykC1gZl1L6PvUe%2526c%253DE%252C1%252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%2526typo%253D1%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw1azOLVizvjWw-irSjGm96x#dGhhbGxAb3AtZi5vcmc=	Get hash	malicious	HTMLPhisher	Browse	54.87.148.249
AMAZON-AESUS	http://bt-103301.weeblysite.com/	Get hash	malicious	Unknown	Browse	54.235.101.7
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	52.54.184.215
	https://fix-walletconnect.pages.dev/wallet	Get hash	malicious	Unknown	Browse	52.73.82.193
	http://kocin-logixnlkcz.godaddysites.com/	Get hash	malicious	Unknown	Browse	54.88.142.103
	http://lasvocaux.wixsite.com/vocaleacceil	Get hash	malicious	Unknown	Browse	34.197.167.136
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	52.206.173.77
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	52.86.37.184
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	54.144.2.150
	SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exe	Get hash	malicious	Unknown	Browse	44.215.213.2
	https://www.google.co.in/amp/s/www.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Flinkprotect.cudasvc.com%252Furl%253Fa%253Dhttps%253A%252F%252Fwww.visaliakawasaki.com%252FElementSettings%252Fwww.visaliakawasaki.com%252FViewSwitcher%252FSwitchView%253Fmobile%25253DTrue%252526returnUrl%25253Dhttps%253A%252F%252Fu44590137.ct.sendgrid.net%2525252Fls%2525252Fclick%2525253Fupn%2525253Du001.GjIPgTulbfriEzQws5bSKQ0tBwgDf638cPIbrF7bBS8NN2MSd8LfwpRfwqfZEGcjwx-2FiuTfrARoUEAvK7M4n-2BAg1-2F-2FELp5mbBCr0JpdUspiR4oOxJWlS78YEBXijZzkpDiow2nY9KnoFU4ondac8lETPxsyfIct1leS36BfzpkQFKz3TSN9vr61CiVS4uHuNxHob1YUQlV-2BuCeGkvPZJV-2Fo6nAK0QlEj0EmBYAIy3ug8F51T3ZDa-2B0U9lsOqpmba-2FjupN30EfyuEJ9V8e6kbUqxVB0dBioMo5Q1FZl2HioSDtvdcNiAGq-2FmCD-2BpOCdTj4QHZ1svLtVhW3tuPt3TtsKIhMyEQSCBs4KE0QMxTg7Tz3z8lSQNT9N-2Fv2njFNugtWC55_ePYPF6nkF-2BGqBPgpX-2FhQmioAe0Ok4T3S5or1jtZ-2Ff383C4htchEL8ALyz-2FlVDREoFm5EYW0CKJH8Ggnzzvs7KZs3lddF5XzBqvbWlUq3b7V8WyhGiFvjiJtK7QU5N-2Bw2l0QVeej2h7lohWb4z7akLA6ULkTMilx4MGaOA76Y-2F5HTpAh-2FdbwkpAokcG5eM9Rgxr4DfjrCXIjRfG-2BxidDnJzSHi3PNzjjg2x85tMoFNvNhO8MXLTCfsTp2viUCW4cwXWH41yL3YRc97LTzO-2Bs1tiekgXBuymyjOOUCwrfeaoXHwdrUnOC9lLkSCEyEphHHVSUXTRheWH0LQ7d2Vy6YeuU-2FjUnSGfGD3ETh0RWvsTi4KIuS1qozJTidO-2BKbzSC9TN6-2FxeDkpH2v1OcpEc8Fy-2FLfywg7-2FYgWvv7vnLqr0rtoJRdMZ5ykC1gZl1L6PvUe%2526c%253DE%252C1%252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%2526typo%253D1%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw1azOLVizvjWw-irSjGm96x#dGhhbGxAb3AtZi5vcmc=	Get hash	malicious	HTMLPhisher	Browse	54.87.148.249
AMAZON-AESUS	http://bt-103301.weeblysite.com/	Get hash	malicious	Unknown	Browse	54.235.101.7
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	52.54.184.215
	https://fix-walletconnect.pages.dev/wallet	Get hash	malicious	Unknown	Browse	52.73.82.193
	http://kocin-logixnlkcz.godaddysites.com/	Get hash	malicious	Unknown	Browse	54.88.142.103
	http://lasvocaux.wixsite.com/vocaleacceil	Get hash	malicious	Unknown	Browse	34.197.167.136
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	52.206.173.77
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	52.86.37.184
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	54.144.2.150
	SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exe	Get hash	malicious	Unknown	Browse	44.215.213.2
	https://www.google.co.in/amp/s/www.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Flinkprotect.cudasvc.com%252Furl%253Fa%253Dhttps%253A%252F%252Fwww.visaliakawasaki.com%252FElementSettings%252Fwww.visaliakawasaki.com%252FViewSwitcher%252FSwitchView%253Fmobile%25253DTrue%252526returnUrl%25253Dhttps%253A%252F%252Fu44590137.ct.sendgrid.net%2525252Fls%2525252Fclick%2525253Fupn%2525253Du001.GjIPgTulbfriEzQws5bSKQ0tBwgDf638cPIbrF7bBS8NN2MSd8LfwpRfwqfZEGcjwx-2FiuTfrARoUEAvK7M4n-2BAg1-2F-2FELp5mbBCr0JpdUspiR4oOxJWlS78YEBXijZzkpDiow2nY9KnoFU4ondac8lETPxsyfIct1leS36BfzpkQFKz3TSN9vr61CiVS4uHuNxHob1YUQlV-2BuCeGkvPZJV-2Fo6nAK0QlEj0EmBYAIy3ug8F51T3ZDa-2B0U9lsOqpmba-2FjupN30EfyuEJ9V8e6kbUqxVB0dBioMo5Q1FZl2HioSDtvdcNiAGq-2FmCD-2BpOCdTj4QHZ1svLtVhW3tuPt3TtsKIhMyEQSCBs4KE0QMxTg7Tz3z8lSQNT9N-2Fv2njFNugtWC55_ePYPF6nkF-2BGqBPgpX-2FhQmioAe0Ok4T3S5or1jtZ-2Ff383C4htchEL8ALyz-2FlVDREoFm5EYW0CKJH8Ggnzzvs7KZs3lddF5XzBqvbWlUq3b7V8WyhGiFvjiJtK7QU5N-2Bw2l0QVeej2h7lohWb4z7akLA6ULkTMilx4MGaOA76Y-2F5HTpAh-2FdbwkpAokcG5eM9Rgxr4DfjrCXIjRfG-2BxidDnJzSHi3PNzjjg2x85tMoFNvNhO8MXLTCfsTp2viUCW4cwXWH41yL3YRc97LTzO-2Bs1tiekgXBuymyjOOUCwrfeaoXHwdrUnOC9lLkSCEyEphHHVSUXTRheWH0LQ7d2Vy6YeuU-2FjUnSGfGD3ETh0RWvsTi4KIuS1qozJTidO-2BKbzSC9TN6-2FxeDkpH2v1OcpEc8Fy-2FLfywg7-2FYgWvv7vnLqr0rtoJRdMZ5ykC1gZl1L6PvUe%2526c%253DE%252C1%252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%2526typo%253D1%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw1azOLVizvjWw-irSjGm96x#dGhhbGxAb3AtZi5vcmc=	Get hash	malicious	HTMLPhisher	Browse	54.87.148.249
AMAZON-AESUS	http://bt-103301.weeblysite.com/	Get hash	malicious	Unknown	Browse	54.235.101.7
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	52.54.184.215
	https://fix-walletconnect.pages.dev/wallet	Get hash	malicious	Unknown	Browse	52.73.82.193
	http://kocin-logixnlkcz.godaddysites.com/	Get hash	malicious	Unknown	Browse	54.88.142.103
	http://lasvocaux.wixsite.com/vocaleacceil	Get hash	malicious	Unknown	Browse	34.197.167.136
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	52.206.173.77
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	52.86.37.184
	SecuriteInfo.com.Win32.TrojanX-gen.3459.12800.exe	Get hash	malicious	Unknown	Browse	54.144.2.150
	SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exe	Get hash	malicious	Unknown	Browse	44.215.213.2
	https://www.google.co.in/amp/s/www.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Flinkprotect.cudasvc.com%252Furl%253Fa%253Dhttps%253A%252F%252Fwww.visaliakawasaki.com%252FElementSettings%252Fwww.visaliakawasaki.com%252FViewSwitcher%252FSwitchView%253Fmobile%25253DTrue%252526returnUrl%25253Dhttps%253A%252F%252Fu44590137.ct.sendgrid.net%2525252Fls%2525252Fclick%2525253Fupn%2525253Du001.GjIPgTulbfriEzQws5bSKQ0tBwgDf638cPIbrF7bBS8NN2MSd8LfwpRfwqfZEGcjwx-2FiuTfrARoUEAvK7M4n-2BAg1-2F-2FELp5mbBCr0JpdUspiR4oOxJWlS78YEBXijZzkpDiow2nY9KnoFU4ondac8lETPxsyfIct1leS36BfzpkQFKz3TSN9vr61CiVS4uHuNxHob1YUQlV-2BuCeGkvPZJV-2Fo6nAK0QlEj0EmBYAIy3ug8F51T3ZDa-2B0U9lsOqpmba-2FjupN30EfyuEJ9V8e6kbUqxVB0dBioMo5Q1FZl2HioSDtvdcNiAGq-2FmCD-2BpOCdTj4QHZ1svLtVhW3tuPt3TtsKIhMyEQSCBs4KE0QMxTg7Tz3z8lSQNT9N-2Fv2njFNugtWC55_ePYPF6nkF-2BGqBPgpX-2FhQmioAe0Ok4T3S5or1jtZ-2Ff383C4htchEL8ALyz-2FlVDREoFm5EYW0CKJH8Ggnzzvs7KZs3lddF5XzBqvbWlUq3b7V8WyhGiFvjiJtK7QU5N-2Bw2l0QVeej2h7lohWb4z7akLA6ULkTMilx4MGaOA76Y-2F5HTpAh-2FdbwkpAokcG5eM9Rgxr4DfjrCXIjRfG-2BxidDnJzSHi3PNzjjg2x85tMoFNvNhO8MXLTCfsTp2viUCW4cwXWH41yL3YRc97LTzO-2Bs1tiekgXBuymyjOOUCwrfeaoXHwdrUnOC9lLkSCEyEphHHVSUXTRheWH0LQ7d2Vy6YeuU-2FjUnSGfGD3ETh0RWvsTi4KIuS1qozJTidO-2BKbzSC9TN6-2FxeDkpH2v1OcpEc8Fy-2FLfywg7-2FYgWvv7vnLqr0rtoJRdMZ5ykC1gZl1L6PvUe%2526c%253DE%252C1%252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%2526typo%253D1%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw1azOLVizvjWw-irSjGm96x#dGhhbGxAb3AtZi5vcmc=	Get hash	malicious	HTMLPhisher	Browse	54.87.148.249

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	ELECTRONIC RECEIPT_Jfs.html	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	https://phantmuiswalles.gitbook.io/	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	https://dhl-express-group.blogspot.lt/	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	https://metamasskluginn.blogspot.hk/	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	https://neweventx.bgmis-mobile.com/	Get hash	malicious	HTMLPhisher	Browse	2.19.244.127 13.85.23.86
	http://pro.asyncooo.shop/https/web.telegram.org	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	http://bagrwb.appleidliy.com/de/	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	https://288ysb.app/	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	http://bt-103301.weeblysite.com/	Get hash	malicious	Unknown	Browse	2.19.244.127 13.85.23.86
	https://cloudflare-ipfs.com/ipfs/bafybeigamplrf7nvgvwzlbmlnszy7rlab4pwatrdj5q3idts3tvjtui4li/trustefnew.html	Get hash	malicious	HTMLPhisher	Browse	2.19.244.127 13.85.23.86

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 21 23:55:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9856317588796126
Encrypted:	false
SSDEEP:	48:88MdDTrnIHiidAKZdA19ehwiZUklqehoxy+3:8Tf9zy
MD5:	8361D7860B96095AADBA981FADDEBC5E
SHA1:	792C6468FAFA09D85AF74B29C4BE04204FD39716
SHA-256:	F3B4B99DD8100837EEDDC521F511D78C77E4E16CDCEE75DB5FF42B622D2DFFF8
SHA-512:	746548992DFD37F1A4576B134600C07C3972A0C32EB57CE865B9B5D9BCA09AD11E89F9DEDB8CC8B9A17F10F30D1E0BE2EE961BEE9FDF88C180E12F8E2D3EB4DE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S."......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	HTML document, Unicode text, UTF-8 text, with very long lines (474), with CRLF line terminators
Entropy (8bit):	6.0767828777571085
TrID:	Scalable Vector Graphics (18501/1) 24.18% HyperText Markup Language (12001/1) 15.69% HyperText Markup Language (12001/1) 15.69% HyperText Markup Language (11501/1) 15.03% HyperText Markup Language (11501/1) 15.03%
File name:	securedoc_20240521T074217.html
File size:	1'522'619 bytes
MD5:	3cf9f4a1891b42bc6f876e2119d784af
SHA1:	a8609475657c939a74c5075b5219b36a79e7f965
SHA256:	6fa40dfe09338f9cfad83a3a2c152a181c151df0194f74e9d9370082408e6566
SHA512:	b79b28bdbe552cc26555eb624eaf497385485216a6713dad5c6e6ca38a8abf06fc9b201a06abb243eacde48012887dff02d2c8158f0b2f28c37634ff3200d043
SSDEEP:	24576:RWDWDR0TUPaRvicalcFeSKuK8a33Q3vYzOeCgJwA4EHNSIG4ummv2x:72UixinF/gTPgl4R8
TLSH:	316502495A151835D2F05431B8BF3701397C0E9B488C3CEAD96C92AC2FEBA2E5467EDD
File Content Preview:	saved from url=(0025)https://res.cisco.com:443 -->..<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN".. "http://www.w3.org/TR/html4/loose.dtd"><html..lang="en"><head><base href="http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 22, 2024 02:55:50.693135977 CEST	65528	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:50.693356037 CEST	56084	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:50.694173098 CEST	58245	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:50.694374084 CEST	59336	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:50.694938898 CEST	58723	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:50.695115089 CEST	62007	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:50.706768036 CEST	53	62203	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.706799984 CEST	53	62525	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.726973057 CEST	53	58245	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.727015018 CEST	53	59336	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.727076054 CEST	53	62007	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.727104902 CEST	53	58723	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.731645107 CEST	53	56053	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.879384995 CEST	53	65528	1.1.1.1	192.168.2.5
May 22, 2024 02:55:50.925168037 CEST	53	56084	1.1.1.1	192.168.2.5
May 22, 2024 02:55:51.238795996 CEST	50831	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:51.238944054 CEST	61822	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:51.253988028 CEST	53	50831	1.1.1.1	192.168.2.5
May 22, 2024 02:55:51.263639927 CEST	53	61822	1.1.1.1	192.168.2.5
May 22, 2024 02:55:51.866385937 CEST	53	55412	1.1.1.1	192.168.2.5
May 22, 2024 02:55:51.982832909 CEST	51573	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:51.982964039 CEST	59185	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:51.994915962 CEST	53	51573	1.1.1.1	192.168.2.5
May 22, 2024 02:55:52.092688084 CEST	53	59185	1.1.1.1	192.168.2.5
May 22, 2024 02:55:54.408981085 CEST	52633	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:54.409097910 CEST	50512	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:54.416949987 CEST	53	52633	1.1.1.1	192.168.2.5
May 22, 2024 02:55:54.421972036 CEST	53	50512	1.1.1.1	192.168.2.5
May 22, 2024 02:55:56.060889959 CEST	53	55211	1.1.1.1	192.168.2.5
May 22, 2024 02:55:56.104471922 CEST	58054	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:56.104733944 CEST	56262	53	192.168.2.5	1.1.1.1
May 22, 2024 02:55:56.141652107 CEST	53	58054	1.1.1.1	192.168.2.5
May 22, 2024 02:55:56.193276882 CEST	53	56262	1.1.1.1	192.168.2.5
May 22, 2024 02:56:09.473638058 CEST	53	63637	1.1.1.1	192.168.2.5
May 22, 2024 02:56:29.097065926 CEST	53	60397	1.1.1.1	192.168.2.5
May 22, 2024 02:56:34.956898928 CEST	53651	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:34.957045078 CEST	49242	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:34.963764906 CEST	53	53651	1.1.1.1	192.168.2.5
May 22, 2024 02:56:34.980942011 CEST	53	49242	1.1.1.1	192.168.2.5
May 22, 2024 02:56:35.958479881 CEST	50648	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:35.958762884 CEST	51518	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:36.042478085 CEST	53	51518	1.1.1.1	192.168.2.5
May 22, 2024 02:56:36.049458027 CEST	53	50648	1.1.1.1	192.168.2.5
May 22, 2024 02:56:36.537823915 CEST	53157	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:36.537982941 CEST	54310	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:36.560390949 CEST	53	53157	1.1.1.1	192.168.2.5
May 22, 2024 02:56:36.602710962 CEST	53	54310	1.1.1.1	192.168.2.5
May 22, 2024 02:56:37.461776018 CEST	64563	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:37.461999893 CEST	56667	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:37.561417103 CEST	53	56667	1.1.1.1	192.168.2.5
May 22, 2024 02:56:37.561449051 CEST	53	64563	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.499280930 CEST	57528	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.499614954 CEST	59391	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.499834061 CEST	55955	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.500006914 CEST	63515	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.535799980 CEST	53	64406	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.537559986 CEST	52615	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.537684917 CEST	60706	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.554205894 CEST	64099	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.554457903 CEST	57805	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.570422888 CEST	53	63515	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.587793112 CEST	53	64099	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.592593908 CEST	53	57805	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.600454092 CEST	57283	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.600589037 CEST	58982	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.610497952 CEST	53	55955	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.610552073 CEST	53	57283	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.612185001 CEST	50503	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.612351894 CEST	51434	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.617309093 CEST	53	58982	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.618700981 CEST	56938	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.618840933 CEST	55547	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:38.621855974 CEST	53	50503	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.631555080 CEST	53	55547	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.631586075 CEST	53	56938	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.637679100 CEST	53	51434	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.642683983 CEST	53	53978	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.644829035 CEST	53	57528	1.1.1.1	192.168.2.5
May 22, 2024 02:56:38.658710957 CEST	53	59391	1.1.1.1	192.168.2.5
May 22, 2024 02:56:40.244280100 CEST	61546	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:40.244894981 CEST	52086	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:40.271378040 CEST	53	52086	1.1.1.1	192.168.2.5
May 22, 2024 02:56:40.294984102 CEST	53	61546	1.1.1.1	192.168.2.5
May 22, 2024 02:56:41.703540087 CEST	50493	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:41.703896046 CEST	58037	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:41.711153984 CEST	53	50493	1.1.1.1	192.168.2.5
May 22, 2024 02:56:41.712990046 CEST	53	58037	1.1.1.1	192.168.2.5
May 22, 2024 02:56:43.437588930 CEST	60002	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:43.438066959 CEST	62051	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:43.453114033 CEST	53	56565	1.1.1.1	192.168.2.5
May 22, 2024 02:56:43.457905054 CEST	53	62051	1.1.1.1	192.168.2.5
May 22, 2024 02:56:43.565273046 CEST	63072	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:43.565553904 CEST	62451	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:43.603147030 CEST	53	63072	1.1.1.1	192.168.2.5
May 22, 2024 02:56:43.623035908 CEST	53	62451	1.1.1.1	192.168.2.5
May 22, 2024 02:56:43.737076044 CEST	54572	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:43.737348080 CEST	62846	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:43.782891989 CEST	53	62846	1.1.1.1	192.168.2.5
May 22, 2024 02:56:43.830596924 CEST	53	54572	1.1.1.1	192.168.2.5
May 22, 2024 02:56:44.856741905 CEST	51146	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:44.857121944 CEST	51882	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:44.889925003 CEST	53	51882	1.1.1.1	192.168.2.5
May 22, 2024 02:56:46.953778982 CEST	51372	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:46.953932047 CEST	65100	53	192.168.2.5	1.1.1.1
May 22, 2024 02:56:47.000027895 CEST	53	65100	1.1.1.1	192.168.2.5
May 22, 2024 02:56:50.118349075 CEST	53	56365	1.1.1.1	192.168.2.5
May 22, 2024 02:56:52.707037926 CEST	53	62751	1.1.1.1	192.168.2.5
May 22, 2024 02:57:18.237055063 CEST	53	59720	1.1.1.1	192.168.2.5
May 22, 2024 02:57:53.564769983 CEST	60186	53	192.168.2.5	1.1.1.1
May 22, 2024 02:57:53.565316916 CEST	51423	53	192.168.2.5	1.1.1.1
May 22, 2024 02:57:53.578180075 CEST	53	51423	1.1.1.1	192.168.2.5
May 22, 2024 02:57:53.667598963 CEST	53	60186	1.1.1.1	192.168.2.5
May 22, 2024 02:57:54.455176115 CEST	64464	53	192.168.2.5	1.1.1.1
May 22, 2024 02:57:54.455627918 CEST	58821	53	192.168.2.5	1.1.1.1
May 22, 2024 02:57:54.492399931 CEST	53	64464	1.1.1.1	192.168.2.5
May 22, 2024 02:57:54.496997118 CEST	53	58821	1.1.1.1	192.168.2.5
May 22, 2024 02:58:03.166088104 CEST	53	52609	1.1.1.1	192.168.2.5
May 22, 2024 02:58:07.214179993 CEST	53	57761	1.1.1.1	192.168.2.5

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 22, 2024 02:55:52.092781067 CEST	192.168.2.5	1.1.1.1	c238	(Port unreachable)	Destination Unreachable
May 22, 2024 02:56:36.602797985 CEST	192.168.2.5	1.1.1.1	c23d	(Port unreachable)	Destination Unreachable
May 22, 2024 02:56:38.637754917 CEST	192.168.2.5	1.1.1.1	c21b	(Port unreachable)	Destination Unreachable
May 22, 2024 02:56:43.623104095 CEST	192.168.2.5	1.1.1.1	c254	(Port unreachable)	Destination Unreachable
May 22, 2024 02:56:50.118499994 CEST	192.168.2.5	1.1.1.1	c225	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 02:55:50.742744923 CEST	477	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 22, 2024 02:55:51.224968910 CEST	483	IN	HTTP/1.1 301 Moved Permanently Server: awselb/2.0 Date: Wed, 22 May 2024 00:55:51 GMT Content-Type: text/html Content-Length: 134 Connection: keep-alive Location: https://res.cisco.com:443/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?lp=en Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
May 22, 2024 02:55:51.981031895 CEST	491	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 22, 2024 02:55:52.091681004 CEST	497	IN	HTTP/1.1 301 Moved Permanently Server: awselb/2.0 Date: Wed, 22 May 2024 00:55:52 GMT Content-Type: text/html Content-Length: 134 Connection: keep-alive Location: https://res.cisco.com:443/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
May 22, 2024 02:56:37.097815037 CEST	6	OUT	Data Raw: 00 Data Ascii:
May 22, 2024 02:57:22.103285074 CEST	6	OUT	Data Raw: 00 Data Ascii:
May 22, 2024 02:58:07.113492012 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 02:55:50.752756119 CEST	12360	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__540cdd740000018f9b9a646bff2e3ffff04b63f7%40localhost%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A2049,%0D%0A%27rid%27%3A%27ZGlwZXNoIHNoYWggPGRpcGVzaC5zaGFoQGF1dG9tYXRpb25hbnl3aGVyZS5jb20%2BLCAic2hlbm95LA1cCiBhbWl0IiA8YXNoZW5veUBzdGFuZm9yZGhlYWx0aGNhcmUub3JnPg%3D%3D%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%279zLXKSpZQ9OgbGAJC3CL5w%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1716302537846%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,83154%5D,%27Body-1716302537846%2Etxt%27,%0D%0A%27UTF-16%27%5D,%0D%0A%5B% [TRUNCATED] Data Raw: Data Ascii:
May 22, 2024 02:55:50.765122890 CEST	7416	OUT	Data Raw: 5a 4a 52 57 6e 4f 25 32 46 76 33 41 44 51 79 37 4c 4b 39 47 59 57 45 4f 51 39 4c 25 32 46 55 56 44 4f 54 37 74 6e 61 58 4c 35 75 52 70 54 6b 65 62 25 32 46 6a 63 75 4a 48 49 64 48 36 72 33 34 57 44 65 31 34 78 57 76 47 4f 6d 74 36 76 7a 6a 55 52 Data Ascii: ZJRWnO%2Fv3ADQy7LK9GYWEOQ9L%2FUVDOT7tnaXL5uRpTkeb%2FjcuJHIdH6r34WDe14xWvGOmt6vzjUREn%2B477ukOlIMb8BvQwu9aFww6N4HWZ2mxm6LvF0GNbHkCcKgDTg2opdXJ4TDLVolNcUbwlkLMo0XdbS2k0WljiziI45ivAY8RXB7pj77u%2BHhAMWhu2x%2F7R34Lg2fuu47Vym8pGfc3BOQSSCx%2Bwvur5Zsp
May 22, 2024 02:55:50.765186071 CEST	12360	OUT	Data Raw: 45 51 42 32 30 73 59 45 33 59 69 4a 67 41 36 52 7a 4b 37 25 32 42 6a 36 6a 51 41 43 63 6e 74 51 35 78 44 36 72 63 5a 6a 55 62 62 25 32 46 51 37 63 25 32 42 65 61 52 32 73 45 36 73 6b 77 7a 4d 74 54 70 35 6f 6f 61 35 79 66 77 58 6e 4c 57 42 43 39 Data Ascii: EQB20sYE3YiJgA6RzK7%2Bj6jQACcntQ5xD6rcZjUbb%2FQ7c%2BeaR2sE6skwzMtTp5ooa5yfwXnLWBC99eRSRpCW2DvfQDOJ5z37pIaz15l6kWoI0OD4t7k4fiSEUOKJewx1FdUh3wDQryUFMqIBtcXkZntomwI5oXcv3xPAU0a%2F5lGuSpBMNwnJw3Dal7GqPrVfFzhGTeLq8PHYW%2B3HgEh5LzZpOsRypLwQbV3KGmrkB
May 22, 2024 02:55:50.771229982 CEST	4944	OUT	Data Raw: 35 25 32 46 49 77 6f 72 70 70 31 49 4c 32 50 59 7a 36 71 4c 74 75 78 4f 56 63 59 75 66 36 67 75 68 45 72 44 46 25 32 46 39 41 38 32 25 32 46 63 4f 67 66 6b 72 41 77 46 38 39 58 50 5a 37 45 71 66 43 48 53 4c 57 7a 70 35 63 6f 52 7a 4e 49 46 35 65 Data Ascii: 5%2FIworpp1IL2PYz6qLtuxOVcYuf6guhErDF%2F9A82%2FcOgfkrAwF89XPZ7EqfCHSLWzp5coRzNIF5e8MmPf5vhM1%2FVXHlyxgBUJnOyiDUPbGsKRyb7eWwa5%2F41yy6o22uMBoAEOKlvSEVaAvMP1d4f17D9yTVWaLHzD0jS97ZxO5XRxfm86dQnK8vbFdx7T9jX%2FOeBVxyZ8KvjOh2t2Za8lmMxcN247nF1%2BRl%2
May 22, 2024 02:55:50.777542114 CEST	7416	OUT	Data Raw: 55 4d 39 6b 41 58 4f 65 5a 5a 45 5a 70 25 32 42 54 6d 58 46 50 43 25 32 46 71 72 53 46 6b 50 57 4d 6e 33 6f 35 42 25 32 42 71 61 36 77 63 36 6d 7a 52 41 72 45 47 43 66 6f 45 73 77 71 36 77 43 44 34 37 4f 34 25 32 42 64 25 32 42 6c 58 6a 79 45 7a Data Ascii: UM9kAXOeZZEZp%2BTmXFPC%2FqrSFkPWMn3o5B%2Bqa6wc6mzRArEGCfoEswq6wCD47O4%2Bd%2BlXjyEzwHKzIaTnCQn6%2FngCYlU7bsfJvEyV4a4FxpEqj2zF2vHkpaGck5hgM112pcw7GE%2Bb8L4tu%2Fj3KVPcMpE%2B1Non%2BiAkXzLXO%2FWxWH5%2B0ipPHfxANYMxHXBOMKe89UvUtG4xHvUNDRZocM2gubZnoSx
May 22, 2024 02:55:50.777609110 CEST	7416	OUT	Data Raw: 6d 31 69 58 52 4e 33 48 31 51 58 35 6c 7a 5a 52 39 6a 48 70 31 53 57 33 62 70 44 5a 77 63 4f 54 39 50 25 32 46 64 41 76 31 45 57 4a 74 45 70 44 46 25 32 46 6e 65 42 48 78 5a 25 32 46 52 7a 62 63 25 32 42 71 43 4b 55 4e 32 75 71 65 76 4f 71 34 54 Data Ascii: m1iXRN3H1QX5lzZR9jHp1SW3bpDZwcOT9P%2FdAv1EWJtEpDF%2FneBHxZ%2FRzbc%2BqCKUN2uqevOq4TU83CRBzX4nF1EsDB5t%2FmuqUfcctSif1WuW1xm400F0aj7E3vq9SQves54DwNLlHJ9%2FREchcclRGn1wQK%2FlMNDb4PoIjrFiV1mXndEei1K5zLhDFn4cdpQnuuiLQ5k1AztMWEJM8HPC9Ju7OuUQsNnSf2wpu
May 22, 2024 02:55:50.813946962 CEST	34608	OUT	Data Raw: 34 4e 42 6c 62 6f 77 75 34 64 4f 6b 71 55 25 32 42 25 32 46 7a 59 53 72 43 4c 32 49 36 78 33 49 49 77 61 76 25 32 46 37 34 7a 6f 77 47 77 74 71 55 62 78 64 7a 45 57 54 44 25 32 46 79 72 79 57 7a 30 56 51 69 57 6b 62 55 65 35 4f 6d 49 44 4f 33 38 Data Ascii: 4NBlbowu4dOkqU%2B%2FzYSrCL2I6x3IIwav%2F74zowGwtqUbxdzEWTD%2FyryWz0VQiWkbUe5OmIDO38iR9zAyF%2FRkwLBzKEPNWEoRUsfuMwxtQXC%2FEoWaGJoXIby4coizESPvUqIlxxxwNCXXhYKIltvOh5Y0FJsU6RNzBtl1ccCMcSnGWczZQZSNXBEtBVgA7%2B57TnOwobNdH8pBMOzu%2FkCARKMsh4iio4SlkQx
May 22, 2024 02:55:50.861690044 CEST	1236	OUT	Data Raw: 72 73 41 38 34 52 55 50 41 6e 35 25 32 42 30 4c 48 25 32 46 61 78 30 4e 6f 54 32 61 44 30 6b 51 57 52 52 64 36 73 57 66 69 54 6b 48 52 43 50 44 4e 70 25 32 46 70 53 30 66 5a 75 76 39 6a 39 46 5a 51 65 45 46 67 6c 51 35 63 4f 6b 44 67 33 50 61 5a Data Ascii: rsA84RUPAn5%2B0LH%2Fax0NoT2aD0kQWRRd6sWfiTkHRCPDNp%2FpS0fZuv9j9FZQeEFglQ5cOkDg3PaZGAyJxE5wyWlpCCPkvj2WJzIQ5rlTm8At%2FHtBltJPBr4K0oYp%2BLtHM7EGpt2awMSNPVuNuQEPONC%2B8HtNw3Dr1%2Fkn7ygPcGtYZbbH4nfs5akx5RgfovjRmi5VjIMXGAS5YOFzCpnCns9qoxFnfLhjmZyzq
May 22, 2024 02:55:50.925369978 CEST	1236	OUT	Data Raw: 6c 42 46 70 72 70 7a 53 6d 33 75 25 32 42 42 47 33 41 4a 6c 38 63 74 69 31 70 25 32 46 63 68 55 6b 44 61 38 67 32 5a 50 44 63 77 41 57 53 31 6a 74 45 76 38 36 49 25 32 42 66 4e 52 25 32 46 34 76 73 63 4d 38 53 4f 52 63 69 35 51 70 6a 33 65 33 68 Data Ascii: lBFprpzSm3u%2BBG3AJl8cti1p%2FchUkDa8g2ZPDcwAWS1jtEv86I%2BfNR%2F4vscM8SORci5Qpj3e3h8ejOLYiJHRs7ljZEzot%2Ff27kXn3XRA1ZkFa%2B0iJOJfBRtIXoctG31lGvM2nb9VziKCtlOyezRhYst6wkIAyQHsv19IQmV6dET4WMl9ntMHNNapDRtXvW%2F2oqf3E1PmEym4Dso2eyEnmmhxu08xM7LVtgoE0
May 22, 2024 02:55:50.973674059 CEST	1236	OUT	Data Raw: 4a 38 64 37 50 6c 35 31 44 73 4c 4d 48 25 32 42 38 37 25 32 42 77 67 51 49 46 41 41 78 7a 64 79 47 78 49 6c 4e 25 32 42 66 73 4d 38 62 45 6b 32 65 37 75 4d 6e 46 38 47 49 44 70 61 34 71 52 63 4e 33 54 6e 6a 4d 76 58 69 44 65 4c 64 4c 64 33 4d 53 Data Ascii: J8d7Pl51DsLMH%2B87%2BwgQIFAAxzdyGxIlN%2BfsM8bEk2e7uMnF8GIDpa4qRcN3TnjMvXiDeLdLd3MShwDiMC4%2FedRg5k0xR0eeAF%2BxhmFaLsMcQ1DVHSo9WJgVXUhLKjxM6QXZTJJO7E0%2BSFwTnDwdWwydt3hii8simaBUqt4i%2FMgfIODE7LH8bwF%2BWGR3pHjWtpeq6FyWFC9K8PR%2FWbsCuV%2F1SoidLAp
May 22, 2024 02:55:51.029633999 CEST	1236	OUT	Data Raw: 62 61 46 6c 76 65 70 55 7a 49 52 73 68 49 6b 32 32 70 74 52 77 41 4d 72 5a 42 4b 25 32 46 74 6f 5a 53 68 47 4f 73 25 32 42 4e 68 59 25 32 42 6d 79 67 73 63 6f 77 78 37 76 58 56 77 4e 36 73 71 57 6a 4a 48 49 33 33 6a 72 39 64 70 73 6c 79 45 47 52 Data Ascii: baFlvepUzIRshIk22ptRwAMrZBK%2FtoZShGOs%2BNhY%2Bmygscowx7vXVwN6sqWjJHI33jr9dpslyEGRAapBwRQTtJBpkVkVH31aUtUeo2eiFNRXcmStUmiCPeAXkll8S5vlZnZaRLyePdfPloQE9WjUiKmZcNyvUdxj8k%2Ft6rXFB3QZs0XcWzUxPkVgMtB9apm4yrpmtMofWBsqvrWtbOdtdZTcK0tBI%2Bq4stYPUrwY2
May 22, 2024 02:55:51.246701002 CEST	302	IN	HTTP/1.1 414 Request-URI Too Large Server: awselb/2.0 Date: Wed, 22 May 2024 00:55:51 GMT Content-Type: text/html Content-Length: 142 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 34 20 52 65 71 75 65 73 74 2d 55 52 49 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 34 20 52 65 71 75 65 73 74 2d 55 52 49 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>414 Request-URI Too Large</title></head><body><center><h1>414 Request-URI Too Large</h1></center></body></html>

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 02:55:52.003038883 CEST	487	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 22, 2024 02:55:52.497519970 CEST	493	IN	HTTP/1.1 301 Moved Permanently Server: awselb/2.0 Date: Wed, 22 May 2024 00:55:52 GMT Content-Type: text/html Content-Length: 134 Connection: keep-alive Location: https://res.cisco.com:443/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
May 22, 2024 02:56:37.506200075 CEST	6	OUT	Data Raw: 00 Data Ascii:
May 22, 2024 02:57:22.566401005 CEST	6	OUT	Data Raw: 00 Data Ascii:
May 22, 2024 02:58:07.582232952 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 02:56:36.056327105 CEST	435	OUT	GET / HTTP/1.1 Host: stanfordhospital.org Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 22, 2024 02:56:36.535409927 CEST	340	IN	HTTP/1.1 301 Moved Permanently Server: awselb/2.0 Date: Wed, 22 May 2024 00:56:36 GMT Content-Type: text/html Content-Length: 134 Connection: keep-alive Location: https://stanfordhospital.org:443/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
May 22, 2024 02:57:21.536838055 CEST	6	OUT	Data Raw: 00 Data Ascii:
May 22, 2024 02:58:06.551004887 CEST	6	OUT	Data Raw: 00 Data Ascii:
May 22, 2024 02:58:51.566536903 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:51 UTC	542	OUT	GET /ajax/libs/select2/4.0.12/css/select2.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:51 UTC	946	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:55:51 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fcb-3a76" Last-Modified: Mon, 04 May 2020 16:16:11 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 470148 Expires: Mon, 12 May 2025 00:55:51 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYVE6ozzeIbB%2Fi65bXGFVI6gohYAumYrbTmNqXKsTPDdZAew%2F0XCZTRyK0rxQjzG4DojZFWTnHxioGrZupgrjCx026cU%2B%2FEbBcOfWDvbrjOkEjOVXKyvj1cU2wNecDNdGWphFkHy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8878d7d1aefa4322-EWR alt-svc: h3=":443"; ma=86400
2024-05-22 00:55:51 UTC	423	IN	Data Raw: 33 61 37 36 0d 0a 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 Data Ascii: 3a76.select2-container{box-sizing:border-box;display:inline-block;margin:0;position:relative;vertical-align:middle}.select2-container .select2-selection--single{box-sizing:border-box;cursor:pointer;display:block;height:28px;user-select:none;-webkit-user
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 63 6c 65 61 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 5b 64 69 72 3d 22 72 74 6c 22 5d 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 72 65 6e 64 65 72 65 64 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 Data Ascii: ellipsis;white-space:nowrap}.select2-container .select2-selection--single .select2-selection__clear{position:relative}.select2-container[dir="rtl"] .select2-selection--single .select2-selection__rendered{padding-right:8px;padding-left:20px}.select2-contai
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 72 6f 70 64 6f 77 6e 2d 2d 61 62 6f 76 65 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6f 70 65 6e 20 2e 73 65 6c 65 63 74 32 2d 64 72 6f 70 64 6f 77 6e 2d 2d 62 65 6c 6f 77 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 73 65 6c 65 63 74 32 2d 73 65 61 72 63 68 2d 2d 64 72 6f 70 64 6f 77 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 Data Ascii: ropdown--above{border-bottom:none;border-bottom-left-radius:0;border-bottom-right-radius:0}.select2-container--open .select2-dropdown--below{border-top:none;border-top-left-radius:0;border-top-right-radius:0}.select2-search--dropdown{display:block;padding
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 23 39 39 39 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 61 72 72 6f 77 7b 68 65 69 67 68 74 3a 32 36 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 31 70 78 3b 72 69 67 68 74 3a 31 70 78 3b 77 69 64 74 68 3a 32 30 70 78 7d 2e 73 65 6c 65 Data Ascii: weight:bold}.select2-container--default .select2-selection--single .select2-selection__placeholder{color:#999}.select2-container--default .select2-selection--single .select2-selection__arrow{height:26px;position:absolute;top:1px;right:1px;width:20px}.sele
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 6e 5f 5f 72 65 6e 64 65 72 65 64 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 72 65 6e 64 65 72 65 64 20 6c 69 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 20 2e 73 65 6c 65 63 74 32 2d Data Ascii: n__rendered{box-sizing:border-box;list-style:none;margin:0;padding:0 5px;width:100%}.select2-container--default .select2-selection--multiple .select2-selection__rendered li{list-style:none}.select2-container--default .select2-selection--multiple .select2-
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 61 69 6e 65 72 2d 2d 66 6f 63 75 73 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 7b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 62 6c 61 63 6b 20 31 70 78 3b 6f 75 74 6c 69 6e 65 3a 30 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 69 73 61 62 6c 65 64 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 69 73 61 62 6c 65 64 20 2e 73 Data Ascii: ainer--focus .select2-selection--multiple{border:solid black 1px;outline:0}.select2-container--default.select2-container--disabled .select2-selection--multiple{background-color:#eee;cursor:default}.select2-container--default.select2-container--disabled .s
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 5b 61 72 69 61 2d 73 65 6c 65 63 74 65 64 3d 74 72 75 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 64 64 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 65 6d 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 20 Data Ascii: ainer--default .select2-results__option[aria-selected=true]{background-color:#ddd}.select2-container--default .select2-results__option .select2-results__option{padding-left:1em}.select2-container--default .select2-results__option .select2-results__option
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 67 72 6f 75 70 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 36 70 78 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 63 6c 61 73 73 69 63 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 37 66 37 66 37 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 6f 75 74 6c 69 6e 65 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 20 35 30 25 Data Ascii: fault .select2-results__group{cursor:default;display:block;padding:6px}.select2-container--classic .select2-selection--single{background-color:#f7f7f7;border:1px solid #aaa;border-radius:4px;outline:0;background-image:-webkit-linear-gradient(top, #fff 50%
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 23 65 65 65 20 35 30 25 2c 20 23 63 63 63 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 27 23 46 46 45 45 45 45 45 45 27 2c 20 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 27 23 46 46 43 43 43 43 43 43 27 2c 20 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 63 6c 61 73 73 69 63 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e Data Ascii: ackground-image:linear-gradient(to bottom, #eee 50%, #ccc 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#FFEEEEEE', endColorstr='#FFCCCCCC', GradientType=0)}.select2-container--classic .select2-selection
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 20 30 25 2c 20 23 65 65 65 20 35 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 20 30 25 2c 20 23 65 65 65 20 35 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 23 66 66 66 20 30 25 2c 20 23 65 65 65 20 35 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 78 3b 66 Data Ascii: eft-radius:0;border-top-right-radius:0;background-image:-webkit-linear-gradient(top, #fff 0%, #eee 50%);background-image:-o-linear-gradient(top, #fff 0%, #eee 50%);background-image:linear-gradient(to bottom, #fff 0%, #eee 50%);background-repeat:repeat-x;f

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:51 UTC	526	OUT	GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:51 UTC	965	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:55:51 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fcb-112d5" Last-Modified: Mon, 04 May 2020 16:16:11 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 126870 Expires: Mon, 12 May 2025 00:55:51 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xTzq0%2Bxyd2UOgSja%2FiR7kHVCBhzer5dJDoEdjCJBWlkhwjWYIuT87urrnf2z1A3y1kLew7Ub45H2kPRq4t9U6G4c7%2BP2pUZjXpzcc%2BE118GB%2BN%2BlEkQvOKujW0vFTnGanT6yatrj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8878d7d1ba2972b3-EWR alt-svc: h3=":443"; ma=86400
2024-05-22 00:55:51 UTC	404	IN	Data Raw: 37 62 65 62 0d 0a 2f 2a 21 20 53 65 6c 65 63 74 32 20 34 2e 30 2e 31 32 20 7c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 65 6c 65 63 74 32 2f 73 65 6c 65 63 74 32 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 2e 6d 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 6a 71 75 65 72 79 22 5d 2c 6e 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 22 75 6e 64 Data Ascii: 7beb/! Select2 4.0.12 \| https://github.com/select2/select2/blob/master/LICENSE.md /!function(n){"function"==typeof define&&define.amd?define(["jquery"],n):"object"==typeof module&&module.exports?module.exports=function(e,t){return void 0===t&&(t="und
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 2e 61 6d 64 29 76 61 72 20 65 3d 75 2e 66 6e 2e 73 65 6c 65 63 74 32 2e 61 6d 64 3b 76 61 72 20 74 2c 6e 2c 72 2c 68 2c 6f 2c 73 2c 66 2c 67 2c 6d 2c 76 2c 79 2c 5f 2c 69 2c 61 2c 77 3b 66 75 6e 63 74 69 6f 6e 20 62 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 69 2e 63 61 6c 6c 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 73 2c 61 2c 6c 2c 63 2c 75 2c 64 2c 70 2c 68 3d 74 26 26 74 2e 73 70 6c 69 74 28 22 2f 22 29 2c 66 3d 79 2e 6d 61 70 2c 67 3d 66 26 26 66 5b 22 2a 22 5d 7c 7c 7b 7d 3b 69 66 28 65 29 7b 66 6f 72 28 73 3d 28 65 3d 65 2e 73 70 6c 69 74 28 22 2f 22 29 29 2e 6c 65 6e 67 74 68 2d 31 2c 79 2e 6e 6f 64 65 49 64 43 6f 6d 70 61 74 26 26 77 2e 74 65 73 74 28 65 5b 73 5d 29 26 26 28 65 5b 73 5d 3d Data Ascii: .amd)var e=u.fn.select2.amd;var t,n,r,h,o,s,f,g,m,v,y,_,i,a,w;function b(e,t){return i.call(e,t)}function l(e,t){var n,r,i,o,s,a,l,c,u,d,p,h=t&&t.split("/"),f=y.map,g=f&&f["*"]\|\|{};if(e){for(s=(e=e.split("/")).length-1,y.nodeIdCompat&&w.test(e[s])&&(e[s]=
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 5d 3b 72 65 74 75 72 6e 20 65 3d 72 5b 31 5d 2c 69 26 26 28 6e 3d 44 28 69 3d 6c 28 69 2c 6f 29 29 29 2c 69 3f 65 3d 6e 26 26 6e 2e 6e 6f 72 6d 61 6c 69 7a 65 3f 6e 2e 6e 6f 72 6d 61 6c 69 7a 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6c 28 65 2c 74 29 7d 7d 28 6f 29 29 3a 6c 28 65 2c 6f 29 3a 28 69 3d 28 72 3d 63 28 65 3d 6c 28 65 2c 6f 29 29 29 5b 30 5d 2c 65 3d 72 5b 31 5d 2c 69 26 26 28 6e 3d 44 28 69 29 29 29 2c 7b 66 3a 69 3f 69 2b 22 21 22 2b 65 3a 65 2c 6e 3a 65 2c 70 72 3a 69 2c 70 3a 6e 7d 7d 2c 67 3d 7b 72 65 71 75 69 72 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 41 28 65 29 7d 2c 65 78 70 6f 72 74 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 Data Ascii: ];return e=r[1],i&&(n=D(i=l(i,o))),i?e=n&&n.normalize?n.normalize(e,function(t){return function(e){return l(e,t)}}(o)):l(e,o):(i=(r=c(e=l(e,o)))[0],e=r[1],i&&(n=D(i))),{f:i?i+"!"+e:e,n:e,pr:i,p:n}},g={require:function(e){return A(e)},exports:function(e){v
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 20 45 72 72 6f 72 28 22 53 65 65 20 61 6c 6d 6f 6e 64 20 52 45 41 44 4d 45 3a 20 69 6e 63 6f 72 72 65 63 74 20 6d 6f 64 75 6c 65 20 62 75 69 6c 64 2c 20 6e 6f 20 6d 6f 64 75 6c 65 20 6e 61 6d 65 22 29 3b 74 2e 73 70 6c 69 63 65 7c 7c 28 6e 3d 74 2c 74 3d 5b 5d 29 2c 62 28 6d 2c 65 29 7c 7c 62 28 76 2c 65 29 7c 7c 28 76 5b 65 5d 3d 5b 65 2c 74 2c 6e 5d 29 7d 29 2e 61 6d 64 3d 7b 6a 51 75 65 72 79 3a 21 30 7d 2c 65 2e 72 65 71 75 69 72 65 6a 73 3d 74 2c 65 2e 72 65 71 75 69 72 65 3d 6e 2c 65 2e 64 65 66 69 6e 65 3d 72 29 2c 65 2e 64 65 66 69 6e 65 28 22 61 6c 6d 6f 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 65 2e 64 65 66 69 6e 65 28 22 6a 71 75 65 72 79 22 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 75 7c 7c 24 3b 72 65 74 75 Data Ascii: Error("See almond README: incorrect module build, no module name");t.splice\|\|(n=t,t=[]),b(m,e)\|\|b(v,e)\|\|(v[e]=[e,t,n])}).amd={jQuery:!0},e.requirejs=t,e.require=n,e.define=r),e.define("almond",function(){}),e.define("jquery",[],function(){var e=u\|\|$;retu
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 6e 74 73 2c 74 29 2c 6e 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 66 6f 72 28 76 61 72 20 6c 3d 30 3b 6c 3c 65 2e 6c 65 6e 67 74 68 3b 6c 2b 2b 29 7b 76 61 72 20 63 3d 65 5b 6c 5d 3b 6f 2e 70 72 6f 74 6f 74 79 70 65 5b 63 5d 3d 61 28 63 29 7d 72 65 74 75 72 6e 20 6f 7d 3b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 7b 7d 7d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 7c 7c 7b 7d 2c 65 20 69 6e 20 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3f 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 5b 65 5d 2e 70 75 73 68 28 74 29 3a 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 Data Ascii: nts,t),n.apply(this,arguments)}}for(var l=0;l<e.length;l++){var c=e[l];o.prototype[c]=a(c)}return o};function e(){this.listeners={}}e.prototype.on=function(e,t){this.listeners=this.listeners\|\|{},e in this.listeners?this.listeners[e].push(t):this.listeners
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 2c 22 3e 22 3a 22 26 67 74 3b 22 2c 27 22 27 3a 22 26 71 75 6f 74 3b 22 2c 22 27 22 3a 22 26 23 33 39 3b 22 2c 22 2f 22 3a 22 26 23 34 37 3b 22 7d 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 3f 65 3a 53 74 72 69 6e 67 28 65 29 2e 72 65 70 6c 61 63 65 28 2f 5b 26 3c 3e 22 27 5c 2f 5c 5c 5d 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 5b 65 5d 7d 29 7d 2c 69 2e 61 70 70 65 6e 64 4d 61 6e 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 31 2e 37 22 3d 3d 3d 6f 2e 66 6e 2e 6a 71 75 65 72 79 2e 73 75 62 73 74 72 28 30 2c 33 29 29 7b 76 61 72 20 6e 3d 6f 28 29 3b 6f 2e 6d 61 70 28 74 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 3d 6e 2e 61 64 64 28 65 29 7d 29 2c 74 3d 6e 7d 65 2e 61 70 70 65 6e 64 Data Ascii: ,">":">",'"':""","'":"'","/":"/"};return"string"!=typeof e?e:String(e).replace(/[&<>"'\/\\]/g,function(e){return t[e]})},i.appendMany=function(e,t){if("1.7"===o.fn.jquery.substr(0,3)){var n=o();o.map(t,function(e){n=n.add(e)}),t=n}e.append
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 28 22 65 73 63 61 70 65 4d 61 72 6b 75 70 22 29 3b 74 68 69 73 2e 63 6c 65 61 72 28 29 2c 74 68 69 73 2e 68 69 64 65 4c 6f 61 64 69 6e 67 28 29 3b 76 61 72 20 6e 3d 68 28 27 3c 6c 69 20 72 6f 6c 65 3d 22 61 6c 65 72 74 22 20 61 72 69 61 2d 6c 69 76 65 3d 22 61 73 73 65 72 74 69 76 65 22 20 63 6c 61 73 73 3d 22 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 22 3e 3c 2f 6c 69 3e 27 29 2c 72 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 67 65 74 28 22 74 72 61 6e 73 6c 61 74 69 6f 6e 73 22 29 2e 67 65 74 28 65 2e 6d 65 73 73 61 67 65 29 3b 6e 2e 61 70 70 65 6e 64 28 74 28 72 28 65 2e 61 72 67 73 29 29 29 2c 6e 5b 30 5d 2e 63 6c 61 73 73 4e 61 6d 65 2b 3d 22 20 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6d 65 73 73 61 67 65 22 2c 74 Data Ascii: ("escapeMarkup");this.clear(),this.hideLoading();var n=h('<li role="alert" aria-live="assertive" class="select2-results__option"></li>'),r=this.options.get("translations").get(e.message);n.append(t(r(e.args))),n[0].className+=" select2-results__message",t
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 6c 65 6d 65 6e 74 2e 73 65 6c 65 63 74 65 64 7c 7c 6e 75 6c 6c 3d 3d 74 2e 65 6c 65 6d 65 6e 74 26 26 2d 31 3c 68 2e 69 6e 41 72 72 61 79 28 6e 2c 72 29 3f 65 2e 61 74 74 72 28 22 61 72 69 61 2d 73 65 6c 65 63 74 65 64 22 2c 22 74 72 75 65 22 29 3a 65 2e 61 74 74 72 28 22 61 72 69 61 2d 73 65 6c 65 63 74 65 64 22 2c 22 66 61 6c 73 65 22 29 7d 29 7d 29 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 4c 6f 61 64 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 68 69 64 65 4c 6f 61 64 69 6e 67 28 29 3b 76 61 72 20 74 3d 7b 64 69 73 61 62 6c 65 64 3a 21 30 2c 6c 6f 61 64 69 6e 67 3a 21 30 2c 74 65 78 74 3a 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 67 65 74 28 22 74 72 61 6e 73 6c 61 74 69 6f 6e 73 22 29 2e 67 65 74 28 22 73 65 61 72 63 68 69 Data Ascii: lement.selected\|\|null==t.element&&-1<h.inArray(n,r)?e.attr("aria-selected","true"):e.attr("aria-selected","false")})})},r.prototype.showLoading=function(e){this.hideLoading();var t={disabled:!0,loading:!0,text:this.options.get("translations").get("searchi
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 6c 29 2c 73 2e 61 70 70 65 6e 64 28 61 29 2c 73 2e 61 70 70 65 6e 64 28 70 29 7d 65 6c 73 65 20 74 68 69 73 2e 74 65 6d 70 6c 61 74 65 28 65 2c 74 29 3b 72 65 74 75 72 6e 20 66 2e 53 74 6f 72 65 44 61 74 61 28 74 2c 22 64 61 74 61 22 2c 65 29 2c 74 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6c 3d 74 68 69 73 2c 6e 3d 74 2e 69 64 2b 22 2d 72 65 73 75 6c 74 73 22 3b 74 68 69 73 2e 24 72 65 73 75 6c 74 73 2e 61 74 74 72 28 22 69 64 22 2c 6e 29 2c 74 2e 6f 6e 28 22 72 65 73 75 6c 74 73 3a 61 6c 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6c 2e 63 6c 65 61 72 28 29 2c 6c 2e 61 70 70 65 6e 64 28 65 2e 64 61 74 61 29 2c 74 2e 69 73 4f 70 65 6e 28 29 26 26 28 6c 2e 73 65 74 43 6c 61 73 73 65 73 Data Ascii: l),s.append(a),s.append(p)}else this.template(e,t);return f.StoreData(t,"data",e),t},r.prototype.bind=function(t,e){var l=this,n=t.id+"-results";this.$results.attr("id",n),t.on("results:all",function(e){l.clear(),l.append(e.data),t.isOpen()&&(l.setClasses
2024-05-22 00:55:51 UTC	1369	IN	Data Raw: 29 3b 69 66 28 21 28 6e 3c 3d 30 29 29 7b 76 61 72 20 72 3d 6e 2d 31 3b 30 3d 3d 3d 65 2e 6c 65 6e 67 74 68 26 26 28 72 3d 30 29 3b 76 61 72 20 69 3d 74 2e 65 71 28 72 29 3b 69 2e 74 72 69 67 67 65 72 28 22 6d 6f 75 73 65 65 6e 74 65 72 22 29 3b 76 61 72 20 6f 3d 6c 2e 24 72 65 73 75 6c 74 73 2e 6f 66 66 73 65 74 28 29 2e 74 6f 70 2c 73 3d 69 2e 6f 66 66 73 65 74 28 29 2e 74 6f 70 2c 61 3d 6c 2e 24 72 65 73 75 6c 74 73 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2b 28 73 2d 6f 29 3b 30 3d 3d 3d 72 3f 6c 2e 24 72 65 73 75 6c 74 73 2e 73 63 72 6f 6c 6c 54 6f 70 28 30 29 3a 73 2d 6f 3c 30 26 26 6c 2e 24 72 65 73 75 6c 74 73 2e 73 63 72 6f 6c 6c 54 6f 70 28 61 29 7d 7d 29 2c 74 2e 6f 6e 28 22 72 65 73 75 6c 74 73 3a 6e 65 78 74 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b Data Ascii: );if(!(n<=0)){var r=n-1;0===e.length&&(r=0);var i=t.eq(r);i.trigger("mouseenter");var o=l.$results.offset().top,s=i.offset().top,a=l.$results.scrollTop()+(s-o);0===r?l.$results.scrollTop(0):s-o<0&&l.$results.scrollTop(a)}}),t.on("results:next",function(){

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:51 UTC	506	OUT	GET /postx.css HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:51 UTC	534	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 125526 Connection: close Date: Tue, 21 May 2024 04:58:18 GMT Last-Modified: Fri, 06 Oct 2023 15:16:52 GMT ETag: "1444470212c91839f71d8f970716c08e" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: DTZ4EWw9KH3PeArQ6EkZzm8LG-5ZbnfXqcn07EA6V7z4myL4DHc_NQ== Age: 71854 Vary: Origin
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 0a 2f 2a 20 49 6e 74 65 72 20 46 6f 6e 74 20 4c 69 62 72 61 72 79 20 2a 2f 0a 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 49 6e 74 65 72 22 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 0a 20 20 20 20 73 72 63 3a 20 75 72 6c 28 22 2e 2f 66 6f 6e 74 73 2f 49 6e 74 65 72 2f 49 6e 74 65 72 2d 54 68 69 6e 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 20 20 7d 0a 20 20 0a 20 20 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 49 6e 74 65 72 22 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 32 30 30 3b 0a 20 20 20 20 73 72 63 3a 20 75 72 6c 28 22 2e 2f 66 6f 6e 74 73 2f 49 6e 74 65 72 2f 49 6e 74 65 Data Ascii: /* Inter Font Library */@font-face { font-family: "Inter"; font-weight: 100; src: url("./fonts/Inter/Inter-Thin.ttf") format("truetype"); } @font-face { font-family: "Inter"; font-weight: 200; src: url("./fonts/Inter/Inte
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 67 6e 3a 20 74 6f 70 3b 0a 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 66 66 66 3b 0a 7d 0a 0a 2e 6c 69 73 74 44 69 76 69 64 65 72 43 65 6c 6c 20 7b 0a 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 31 70 78 20 30 70 78 3b 0a 7d 0a 0a 2e 6c 69 73 74 43 65 6c 6c 54 65 78 74 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 7d 0a 0a 2e 6c 69 73 74 43 65 6c 6c 4c 69 6e 6b 54 65 78 74 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 30 30 33 33 36 36 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e Data Ascii: gn: top; border-left: 1px solid #ffffff;}.listDividerCell { border-bottom: 1px solid #d9d9d9; margin: 1px 0px;}.listCellText { color: #555555; font-size: 8pt;}.listCellLinkText { color: #003366; font-size: 8pt; text-decoration: un
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 6e 67 20 7b 0a 7d 0a 0a 2e 64 65 66 61 75 6c 74 45 72 72 6f 72 43 6f 6e 74 61 69 6e 65 72 20 2e 65 72 72 6f 72 54 65 78 74 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 65 36 30 30 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 70 74 3b 0a 7d 0a 0a 23 70 61 73 73 77 6f 72 64 43 68 61 6c 6c 65 6e 67 65 54 61 62 6c 65 43 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 7d 0a 0a 2e 63 68 61 6c 6c 65 6e 67 65 51 75 65 73 74 69 6f 6e 43 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 20 30 70 78 20 31 30 70 78 20 35 70 Data Ascii: ng {}.defaultErrorContainer .errorText { color: #e60000; font-size: 9pt;}#passwordChallengeTableContainer { margin-top: 10px;}.challengeQuestionContainer { color: #555555; font-size: 8pt; font-weight: normal; margin: 0px 0px 10px 5p
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 77 6f 72 64 2d 65 72 72 6f 72 2d 62 6f 78 20 7b 0a 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 35 30 70 78 3b 0a 20 20 77 69 64 74 68 3a 20 36 36 35 70 78 3b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 38 63 39 36 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 64 39 64 63 3b 0a 7d 0a 23 74 69 63 6b 2d 6d 61 72 6b 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 36 63 63 30 34 61 3b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 31 76 77 3b 0a 7d 0a 23 63 6c 6f 73 65 2d 6d 61 72 6b 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6c 69 67 68 74 65 72 3b 0a 7d 0a 40 6d 65 Data Ascii: word-error-box { box-sizing: border-box; height: 50px; width: 665px; border: 1px solid #ff8c96; border-radius: 3px; background-color: #ffd9dc;}#tick-mark { color: #6cc04a; padding-right: 1vw;}#close-mark { font-weight: lighter;}@me
2024-05-22 00:55:52 UTC	4820	IN	Data Raw: 31 34 34 2c 20 32 33 32 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 70 75 72 70 6c 65 2d 34 3a 20 72 67 62 61 28 31 37 37 2c 20 31 36 38 2c 20 32 34 30 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 70 75 72 70 6c 65 2d 33 3a 20 72 67 62 61 28 32 30 30 2c 20 31 39 33 2c 20 32 34 35 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 70 75 72 70 6c 65 2d 32 3a 20 72 67 62 61 28 32 32 34 2c 20 32 32 30 2c 20 32 35 30 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 70 75 72 70 6c 65 2d 31 3a 20 72 67 62 61 28 32 34 36 2c 20 32 34 35 2c 20 32 35 35 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 72 65 64 2d 31 30 3a 20 72 67 62 61 28 31 35 38 2c 20 34 34 2c 20 32 37 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 72 65 64 2d 39 3a 20 72 67 62 61 28 31 37 36 Data Ascii: 144, 232, 1); --color-purple-4: rgba(177, 168, 240, 1); --color-purple-3: rgba(200, 193, 245, 1); --color-purple-2: rgba(224, 220, 250, 1); --color-purple-1: rgba(246, 245, 255, 1); --color-red-10: rgba(158, 44, 27, 1); --color-red-9: rgba(176
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 2d 34 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 69 6e 74 65 72 61 63 74 2d 62 6f 72 64 65 72 2d 6d 65 64 69 75 6d 2d 64 69 73 61 62 6c 65 64 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 62 6c 75 65 2d 34 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 69 6e 74 65 72 61 63 74 2d 62 6f 72 64 65 72 2d 6d 65 64 69 75 6d 2d 64 65 73 74 72 75 63 74 69 76 65 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 72 65 64 2d 38 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 69 6e 74 65 72 61 63 74 2d 62 6f 72 64 65 72 2d 6d 65 64 69 75 6d 2d 68 6f 76 65 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 62 6c 75 65 2d 38 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 69 6e 74 65 72 61 63 74 2d 62 6f 72 64 65 72 2d 6d 65 64 69 75 6d 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 62 Data Ascii: olor-neutral-4); --color-interact-border-medium-disabled: var(--color-blue-4); --color-interact-border-medium-destructive: var(--color-red-8); --color-interact-border-medium-hover: var(--color-blue-8); --color-interact-border-medium: var(--color-b
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 32 30 70 78 20 2d 20 63 61 6c 63 28 32 70 78 20 2a 20 32 29 29 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 63 61 6c 63 28 0a 20 20 20 20 76 61 72 28 2d 2d 73 69 7a 65 2d 66 6f 6e 74 2d 68 65 69 67 68 74 2d 6c 69 6e 65 2d 32 78 73 29 20 2d 20 63 61 6c 63 28 76 61 72 28 2d 2d 73 69 7a 65 2d 69 6e 74 65 72 61 63 74 2d 73 74 72 6f 6b 65 29 20 2a 20 32 29 0a 20 20 29 3b 0a 7d 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 2e 6d 64 73 2d 62 75 74 74 6f 6e 2d 6b 69 6e 64 2d 74 65 72 74 69 61 72 79 2e 6d 64 73 2d 62 75 74 74 6f 6e 2d 61 64 6d 69 6e 20 7b 0a 20 20 2d 2d 6d 64 73 2d 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 2d 62 6f 72 64 65 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 61 64 6d 69 6e 2d 69 6e 74 65 72 61 63 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 6c 69 67 68 Data Ascii: 20px - calc(2px * 2)); line-height: calc( var(--size-font-height-line-2xs) - calc(var(--size-interact-stroke) * 2) );}.mds-button.mds-button-kind-tertiary.mds-button-admin { --mds-button-color-border: var(--color-admin-interact-background-ligh
2024-05-22 00:55:52 UTC	16384	IN	Data Raw: 6d 64 73 2d 73 77 69 74 63 68 2d 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 76 61 72 28 2d 2d 73 69 7a 65 2d 66 6f 6e 74 2d 68 65 69 67 68 74 2d 6c 69 6e 65 2d 33 78 73 29 3b 0a 7d 0a 2e 6d 64 73 2d 73 77 69 74 63 68 5b 64 69 73 61 62 6c 65 64 5d 20 7b 0a 20 20 63 75 72 73 6f 72 3a 20 6e 6f 74 2d 61 6c 6c 6f 77 65 64 3b 0a 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 2d 36 29 3b 0a 7d 0a 2e 6d 64 73 2d 73 77 69 74 63 68 2e 6d 64 73 2d 73 77 69 74 63 68 2d 6b 69 6e 64 2d 74 6f 67 67 6c 65 20 7b 0a 20 20 2d 2d 6d 64 73 2d 73 77 69 74 63 68 2d 69 63 6f 6e 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 76 61 72 28 2d 2d 6d 64 73 2d 73 77 69 74 63 68 2d 69 63 6f 6e 2d 68 65 69 67 68 74 29 3b 0a 20 20 2d 2d 6d 64 73 2d 73 77 Data Ascii: mds-switch-line-height: var(--size-font-height-line-3xs);}.mds-switch[disabled] { cursor: not-allowed; color: var(--color-neutral-6);}.mds-switch.mds-switch-kind-toggle { --mds-switch-icon-border-radius: var(--mds-switch-icon-height); --mds-sw
2024-05-22 00:55:52 UTC	6018	IN	Data Raw: 65 6d 46 6f 6e 74 2c 20 53 65 67 6f 65 20 55 49 2c 20 52 6f 62 6f 74 6f 2c 0a 20 20 20 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 2e 61 73 74 65 72 69 73 6b 2d 72 65 71 75 69 72 65 64 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 72 65 64 2d 38 29 3b 0a 7d 0a 2e 70 33 2d 64 65 66 61 75 6c 74 2d 62 6f 6c 64 2d 62 6c 75 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 49 6e 74 65 72 22 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 73 69 7a 65 2d 66 6f 6e 74 2d 32 78 73 29 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 76 61 72 Data Ascii: emFont, Segoe UI, Roboto, sans-serif;}.asterisk-required { color: var(--color-red-8);}.p3-default-bold-blue { font-family: "Inter"; font-style: normal; font-weight: 700; font-size: var(--size-font-2xs); line-height: 20px; color: var

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:51 UTC	653	OUT	GET /websafe/logo/3uP6D1APSG4uuQwuZFjB4f1O4898oqlP7HxnaOHNGVgZQ3z3q5AvZPn3WvfZHQxWYqxqJg!!/branding/customer-logo.gif?f=1 HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:51 UTC	970	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:55:51 GMT Content-Type: image/gif Content-Length: 4327 Connection: close Set-Cookie: AWSALB=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo; Expires=Wed, 29 May 2024 00:55:51 GMT; Path=/ Set-Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo; Expires=Wed, 29 May 2024 00:55:51 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" X-Frame-Options: DENY Cache-Control: must-revalidate,max-age=1 Pragma: no-cache Set-Cookie: JSESSIONID=939B04C2E6AD2E62518E85E007960CF5; Path=/websafe; Secure; HttpOnly Last-Modified: Wed, 22 Jul 2015 00:00:01 GMT ETag: "14eb30f4800-10e7" Server: unknown
2024-05-22 00:55:51 UTC	4327	IN	Data Raw: 47 49 46 38 39 61 b1 00 3e 00 f7 00 00 00 00 00 00 00 33 00 00 66 00 00 99 00 00 cc 00 00 ff 00 2b 00 00 2b 33 00 2b 66 00 2b 99 00 2b cc 00 2b ff 00 55 00 00 55 33 00 55 66 00 55 99 00 55 cc 00 55 ff 00 80 00 00 80 33 00 80 66 00 80 99 00 80 cc 00 80 ff 00 aa 00 00 aa 33 00 aa 66 00 aa 99 00 aa cc 00 aa ff 00 d5 00 00 d5 33 00 d5 66 00 d5 99 00 d5 cc 00 d5 ff 00 ff 00 00 ff 33 00 ff 66 00 ff 99 00 ff cc 00 ff ff 33 00 00 33 00 33 33 00 66 33 00 99 33 00 cc 33 00 ff 33 2b 00 33 2b 33 33 2b 66 33 2b 99 33 2b cc 33 2b ff 33 55 00 33 55 33 33 55 66 33 55 99 33 55 cc 33 55 ff 33 80 00 33 80 33 33 80 66 33 80 99 33 80 cc 33 80 ff 33 aa 00 33 aa 33 33 aa 66 33 aa 99 33 aa cc 33 aa ff 33 d5 00 33 d5 33 33 d5 66 33 d5 99 33 d5 cc 33 d5 ff 33 ff 00 33 ff 33 33 ff Data Ascii: GIF89a>3f++3+f+++UU3UfUUU3f3f3f3f3333f3333+3+33+f3+3+3+3U3U33Uf3U3U3U3333f3333333f3333333f3333333

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:52 UTC	716	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
2024-05-22 00:56:07 UTC	805	IN	HTTP/1.1 302 Moved Temporarily Date: Wed, 22 May 2024 00:56:07 GMT Content-Length: 0 Connection: close Set-Cookie: AWSALB=Toghs2EnoUMAhMZefWdlj0UlJLBPdT/KbH3K8l2Kv6fY9ocOefyCRXrBhA4CqMOun6neXNYXFwjB91oKTxScx8E/ipRNvy+KxxpnMdIEuX6x1RwAZpco3fvc7bwv; Expires=Wed, 29 May 2024 00:55:52 GMT; Path=/ Set-Cookie: AWSALBCORS=Toghs2EnoUMAhMZefWdlj0UlJLBPdT/KbH3K8l2Kv6fY9ocOefyCRXrBhA4CqMOun6neXNYXFwjB91oKTxScx8E/ipRNvy+KxxpnMdIEuX6x1RwAZpco3fvc7bwv; Expires=Wed, 29 May 2024 00:55:52 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains Location: https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en&try=1 Server: unknown

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:52 UTC	712	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
2024-05-22 00:56:08 UTC	801	IN	HTTP/1.1 302 Moved Temporarily Date: Wed, 22 May 2024 00:56:08 GMT Content-Length: 0 Connection: close Set-Cookie: AWSALB=gpOUFEsdMSNYThtj2BIaxVWoO/yEWwTYpg831B8bAHyGWnvW6LjFRO/Cxkf0oGIUcALBqiGAXjX3WDgLc1rRAggqCEOXejA/qX2YgxwiPffW0OvMaJCQsOzS7PDI; Expires=Wed, 29 May 2024 00:55:53 GMT; Path=/ Set-Cookie: AWSALBCORS=gpOUFEsdMSNYThtj2BIaxVWoO/yEWwTYpg831B8bAHyGWnvW6LjFRO/Cxkf0oGIUcALBqiGAXjX3WDgLc1rRAggqCEOXejA/qX2YgxwiPffW0OvMaJCQsOzS7PDI; Expires=Wed, 29 May 2024 00:55:53 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains Location: https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en&try=1 Server: unknown

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	560	OUT	GET /CRES_login_bg.jpg HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:53 UTC	513	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 155249 Connection: close Date: Tue, 21 May 2024 15:01:34 GMT Last-Modified: Wed, 20 Sep 2023 11:59:56 GMT ETag: "c3598f2d3bf6694df3378aafc792bfee" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: 5z6hfggxC-gjmWiR-M8GqYFF2BCcil8gWwJ_q4RHTWKLqvBdYhL5Iw== Age: 35659 Vary: Origin
2024-05-22 00:55:53 UTC	15871	IN	Data Raw: ff d8 ff e1 00 4a 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 01 00 98 82 02 00 26 00 00 00 1a 00 00 00 00 00 00 00 73 61 6e 64 72 61 20 63 69 66 6f 2e 20 77 77 77 2e 63 69 66 6f 67 72 61 70 68 79 2e 63 6f 6d 2e 20 32 30 31 36 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 00 00 00 ff e1 04 13 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 Data Ascii: JExifII*&sandra cifo. www.cifography.com. 2016Duckyhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79
2024-05-22 00:55:53 UTC	119	IN	Data Raw: 80 2a 43 23 00 26 18 6d 28 97 68 f3 01 e1 13 2e da 68 1b 67 2c b0 25 55 22 80 52 03 26 da 04 83 4d 80 55 ca 45 19 d2 b8 2e 00 24 24 30 85 f0 00 76 39 dc b7 83 a1 bf 03 3a b7 21 12 a6 56 05 65 69 c2 35 aa b2 2b 21 5c fb 79 3b 20 74 e4 7a 1d 19 0c 81 cb f4 ec 3d bc 8b a1 b5 55 a5 97 ea 03 9a 2f d8 69 da 72 8e 8c 86 40 6f 42 1d 96 e2 9c 93 d5 81 72 86 46 02 Data Ascii: *C#&m(h.hg,%U"R&MUE.$$0v9:!Vei5+!\y; tz=U/ir@oBrF
2024-05-22 00:55:53 UTC	10857	IN	Data Raw: 10 16 04 c0 64 06 d8 22 2c d8 eb 6c 01 60 12 00 26 a7 53 36 9d 7c 8d 40 09 59 ca 61 91 35 19 5f 70 eb 69 f3 01 c8 4a 18 a2 40 60 4c 04 b4 04 f2 5a 0b d4 84 fb 93 c7 6e 84 1a c0 0c 0a 16 45 28 a0 02 61 04 34 38 14 3e 80 29 ee 61 6a 4e 51 d1 2f a8 61 81 c6 93 ea 6a ad 0a 10 f9 6b d5 18 a6 44 74 d2 91 97 a9 7e 04 56 d8 2a af 05 55 01 9d 2d b9 be c6 a0 00 00 00 27 54 c6 00 4c 76 61 2d 14 00 4e e2 80 5b 50 0c 09 80 96 b5 02 84 29 04 e4 09 bd 5b 45 a8 6b 03 21 a8 ca 02 c0 95 64 ca 01 0c 00 09 75 42 87 d0 b0 03 9f e5 b4 b3 65 64 63 79 dc a7 43 7c 30 09 19 3b 50 43 40 50 13 2d 6a 3d c8 06 02 90 d4 00 9b 5a 30 b2 c4 ed 2e 2a 35 5d ba 6a 01 5a c6 5e 59 41 03 00 00 00 00 00 00 00 00 21 88 b6 48 0d 14 24 20 1c 80 a0 40 0d 12 50 98 12 20 02 20 2a b3 d0 93 4a 05 54 be Data Ascii: d",l`&S6\|@Ya5_piJ@`LZnE(a48>)ajNQ/ajkDt~VU-'TLva-N[P)[Ek!duBedcyC\|0;PC@P-j=Z0.5]jZ^YA!H$ @P *JT
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: f6 ef d8 8a fb 7a 7e e3 55 c3 c7 5e 80 4f d1 ab d0 15 36 8a f5 55 f9 46 9b ea 06 77 49 b3 17 c5 d8 da cf 24 a7 01 0b 8d d9 59 27 a1 dd 6d 0e 7a 65 a3 a5 95 58 08 6c 44 00 00 c0 00 00 06 52 12 19 44 31 03 02 00 62 28 00 68 45 22 89 18 06 d6 10 c9 b5 55 87 94 12 45 62 f8 e0 95 67 53 a4 8b 52 42 15 79 1d b0 cd 76 f8 9c ae ad 3c 17 4e 68 c3 0a e9 49 0c 85 c8 98 b7 94 68 04 e4 00 4d c1 93 d7 06 e6 77 ab d5 00 ea 9f 70 6d af 11 55 63 0c d1 39 01 48 e4 24 97 59 02 80 95 58 ea 10 d7 88 16 63 ca df 44 6b 24 d8 0c 3d 4c 4e 51 b0 11 13 c7 6c c7 73 73 28 cc 95 bd 22 a9 5a d0 62 dc 8e d9 65 d7 8e 56 48 82 b4 9f 03 58 00 92 a8 80 00 00 31 b2 5b a5 1a bc 02 50 02 56 92 b2 4b f4 e4 7b 93 01 c0 04 86 40 62 91 40 d0 0a 7b 03 4d 8c 8b dd 24 06 5c 96 e8 57 1b da 85 4a 3d 59 Data Ascii: z~U^O6UFwI$Y'mzeXlDRD1b(hE"UEbgSRByv<NhIhMwpmUc9H$YXcDk$=LNQlss("ZbeVHX1[PVK{@b@{M$\WJ=Y
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 40 22 90 51 d0 94 53 12 20 cf 9a d0 91 9d 6d 22 f7 93 b5 43 8c 9c d4 b3 58 6e 40 ec 55 63 da ce 65 6f 12 97 23 02 ef c7 26 89 f4 32 57 45 27 90 86 91 af 06 8c ca 75 36 e1 ea 15 4f 51 8a c3 28 4c 8e 47 a1 6c c7 9e ea a9 4b 80 14 8f 75 c8 4e 50 27 c9 db 04 47 47 13 6e 64 7d 49 e1 51 32 32 a9 93 67 92 8c 79 1c 34 4a 36 a3 c8 5b 53 2e 27 94 68 f5 03 3b 5a 1c 1a 98 5f e6 47 40 0a 00 00 a0 09 00 00 2a a4 95 50 15 b5 24 ab 12 02 be 86 7b 5f 73 6b 68 41 10 ad 3d 18 b8 d3 4f 2c a6 3a ea 06 ac 82 d9 05 51 d0 c2 2d dc e8 e8 64 04 c5 bb 85 77 77 29 8d 11 1b a2 19 48 96 55 24 64 dd a5 9a 90 06 73 7e a6 9c 72 de 42 24 74 59 22 35 42 b1 44 b7 25 54 8e 44 00 12 c7 2c 40 03 96 1b 84 00 3d c3 56 92 02 63 20 68 f4 32 2f 72 68 cd 81 6b 1a 83 bf 44 63 47 2d bf 02 2a e5 81 da Data Ascii: @"QS m"CXn@Uceo#&2WE'u6OQ(LGlKuNP'GGnd}IQ22gy4J6[S.'h;Z_G@P${_skhA=O,:Q-dww)HU$ds~rB$tY"5BD%TD,@=Vc h2/rhkDcG-
2024-05-22 00:55:53 UTC	11977	IN	Data Raw: 68 65 6e 3b 57 a6 0d eb ee 7f a9 47 fa 5f e8 6d 5b d2 fa 35 3f 73 fe 05 4d fc bc fd d0 1b da ca 4e 7c 30 7a 16 e2 4f c3 ed dc c2 dc 16 5a 38 0b b1 3c 7e f2 31 6f fd d8 fc 4e da f3 55 b8 98 7e 27 27 d2 8f 9b d7 e7 84 0b 8e d5 51 4f 47 82 58 7f 79 19 b2 3d 0b 12 73 d1 de b8 79 f2 fe 66 ca c9 99 67 14 02 18 43 43 12 18 47 1f bf 53 c4 d1 e7 7b 2e 35 4b 38 3d 7f 71 55 6a c5 b4 39 6b 4a 56 cb 60 07 bd aa b5 61 9c 35 f6 d4 75 89 3d 2f 71 c9 4a 29 e4 38 79 3d df 1b 51 4a b9 f2 26 aa 5f b1 55 2e be c1 3c 94 bd d5 d2 d1 12 fd c7 23 eb 03 51 af f6 49 75 1f d0 a5 75 b7 e2 78 b7 e6 e4 b3 cd 99 54 ac a9 63 57 1e a5 af c3 5f dd 92 29 ee e9 1b 5a 67 9f 05 ad 50 d1 ed fb 5b fd 4a 6e 88 c9 d2 72 7b 25 fe d2 f8 9d 65 42 80 08 08 28 12 ec 11 d4 12 81 40 0e 01 28 14 30 86 03 Data Ascii: hen;WG_m[5?sMN\|0zOZ8<~1oNU~''QOGXy=syfgCCGS{.5K8=qUj9kJV`a5u=/qJ)8y=QJ&_U.<#QIuuxTcW_)ZgP[Jnr{%eB(@(0
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: ea 79 db b3 fe 52 9b 5d 00 f4 57 25 1e 8d 06 fa 7f 52 38 56 c4 e6 ba ae 84 fa 1e b2 98 57 7b e5 a2 ea 89 57 a5 71 bb f1 38 ae d3 70 d1 2e 14 46 50 1e 8f d4 a2 ea 3f a9 5f ea 3c e7 09 63 3e 02 9a f6 7f 70 1e 8f d6 a7 f5 20 fa d5 fe a5 f7 9e 6a 75 7a a8 7e 43 4a b2 f1 1f 00 8f 4d 72 d7 ba 0f a8 bb a3 cc b6 da e5 2f 8c 0d 3a ca 8d 67 b0 1e a3 6c e1 b5 eb ba 1b c9 db 6b 34 ce 26 bd 53 d4 2a 6d 7a cf 73 5e 27 2d a4 4e df 54 f5 35 a7 cd f0 08 cb 9a ca ae 2c 2a 3a da c9 27 91 f3 44 e7 01 54 9b 94 f4 03 5d 8f 93 57 a0 5b db e3 51 ae 54 86 f9 aa b5 2a b0 ad 2f 57 0d fa 5f 72 ab c1 cb 5c 2b e0 e8 4d 35 31 28 a5 6c 68 41 8b 5c d5 53 29 fc 0c be b7 27 55 9f 23 b1 30 b1 47 1d 79 79 7b 1d 6a cf a8 de 49 c6 84 0a 65 ca 52 53 b3 8d 0b 02 89 d5 76 26 d0 94 1a 0a 08 39 f9 Data Ascii: yR]W%R8VW{Wq8p.FP?_<c>p juz~CJMr/:glk4&Smzs^'-NT5,:'DT]W[QT*/W_r\+M51(lhA\S)'U#0Gyy{jIeRSv&9
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 13 c9 ed f9 17 fc 6a af cc e9 a2 9a c3 39 2e df 1e 68 da 2a 39 79 d7 b8 4e 16 9d 63 06 1e e1 65 6e dc 9b 5f 03 d7 5e e2 d5 52 f2 1f 53 86 f6 4a ca 2c c0 f2 3d c7 0b ba af 5c 1d dc 35 d9 c7 b7 c0 e8 e7 e0 5c 94 69 34 91 9d 7e 4e eb ba 03 08 39 ef f4 eb 67 6e 5e 37 7a ff 00 52 e9 f0 d0 eb 6b b1 87 27 03 b3 76 9f 4c 68 4d c1 97 06 68 99 d0 8c b8 ab b6 a9 76 36 41 1b 7b 85 3c 50 b1 a1 c1 ed ab 75 ca 95 9a 8e cd e7 ee 3d 0e 5f f8 cf 2f d9 d1 af 71 3e 65 18 f2 f2 ba b7 b5 bd 4e af 79 cd 7e 16 b6 b6 b0 8e 2e 5e 3b 5a d8 fe af d4 eb ff 00 b0 a5 ad 65 1d 80 df 8b dd 72 db 89 5d b4 e5 c6 4b e1 f7 7f 53 7a da bd 3a ba e2 4c 38 ab b7 db d6 7b b0 f6 95 6b ea 36 ba 01 c1 ee 2c ad c8 dd 54 23 7f 61 c5 f5 39 54 e9 5c ff 00 03 97 93 59 ee 7a 1e ce df 4f 82 f7 5f 36 8b cf Data Ascii: j9.h*9yNcen_^RSJ,=\5\i4~N9gn^7zRk'vLhMhv6A{<Pu=_/q>eNy~.^;Zer]KSz:L8{k6,T#a9T\YzO_6
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 5e b6 6d 76 fb 7d e5 3a e5 42 dc fb 69 2f f8 2f b6 09 cf c9 58 b7 57 db fc 17 50 89 4a d6 c3 d3 ed f7 b3 6a 29 cd 9b 95 a4 75 f8 fe 7f 81 0a ad 47 58 ec f3 e3 e5 fe 06 b6 75 bc 71 fa ac f2 fc 7e ff 00 b2 28 75 58 77 7d 1e 3f d5 fa a2 ed 30 ab 77 ea ef a6 7a c2 ff 00 2a ee 55 39 13 af 64 bd 29 4e 37 78 fd b2 64 e5 e2 cb d4 ac 96 75 9f e0 c0 d6 8a db b7 2c c2 fb 97 77 21 56 ad 6c bf 4a cc f7 f3 eb f7 11 6b b7 13 9b 3e bf 84 4f 5c e3 e0 68 e2 9c 6d d5 c4 75 eb 6e 9b 93 fc 3b 78 01 5b ad 7b ec 9f 16 d7 e5 fc 11 77 b3 94 aa a2 fd 73 e9 49 7e 9d 5f 8e 0c b8 6a f8 e8 dc c2 6a 67 b2 ef 1e 3d 3e 05 2a 6e 6b 29 2b 2f 19 8d 27 b4 c9 07 4b 5b 6b d1 ad 2c fa 7d bb fe 26 2a cd b4 d2 b3 ea db fc 12 fb 64 ca d6 55 51 5c f7 4f f7 76 f8 cf 4d 0d 69 76 fd 49 fa 97 7f d5 7d Data Ascii: ^mv}:Bi//XWPJj)uGXuq~(uXw}?0wzU9d)N7xdu,w!VlJk>O\hmun;x[{wsI~_jjg=>nk)+/'K[k,}&*dUQ\OvMivI}
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: d0 6d 5d ce 6b 54 f7 a4 bc 97 56 9b f1 cc 30 33 f7 35 5c 70 b0 eb ab c7 c3 ee d1 c7 ed b1 4d b4 e6 f6 8b 55 27 8c b5 e3 5f d5 7e e4 56 e7 7a da df 2d 93 f4 f9 fd b0 e4 c9 a7 b2 17 cc d6 ed 73 e3 ff 00 8f 54 96 80 6b 57 5b 55 da b1 56 fe 6e f9 d6 37 6a 9f ed fb 8c f8 e2 b6 c7 a9 e1 5a ba ca eb 1e 31 aa 7f 00 55 76 6a 1a ae 3c d4 f6 f1 7f d4 bc a0 a5 c5 6b 55 29 88 c2 8f dd db e3 f6 60 2c f1 f2 a5 ac d7 d0 bf 29 9d 46 ea dc db 3b dc d5 a9 ca 8c fe 22 4f 6d 55 7e 65 36 9a d9 7d 9d 73 92 68 ef 32 9b da b5 d5 d5 7f 95 f5 7e 0c 0b a5 ac de ec 6e 59 52 b4 9e af c3 ef c6 99 1a ae f4 9d 5b b6 dc 2c e9 f7 ea 97 73 2b d1 59 44 34 ea fe 56 be 55 e3 1d 24 7c 77 5c 93 b9 45 e7 76 3c 31 3d a3 ba d4 0b e4 53 5c 38 bf ca d3 97 f9 fd 96 99 17 aa eb 3f 3a 8d bd 1b 6b ad 5b Data Ascii: m]kTV035\pMU'_~Vz-sTkW[UVn7jZ1Uvj<kU)`,)F;"OmU~e6}sh2~nYR[,s+YD4VU$\|w\Ev<1=S\8?:k[

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	569	OUT	GET /fonts/Inter/Inter-Regular.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:53 UTC	552	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 303504 Connection: close Date: Tue, 21 May 2024 13:04:08 GMT Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT ETag: "a4a7379505cd554ea9523594b7c28b2a" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: CrCA7aWW-eIBTp3TivY89cARDkl5Lo1eOxT5jDFZwd0XwgihdagzBw== Age: 42706 Access-Control-Allow-Origin: *
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 3b 00 00 00 04 12 47 50 4f 53 bc af 92 58 00 03 3f 14 00 01 1f 80 47 53 55 42 be 7f 66 78 00 04 5e 94 00 00 42 b4 4f 53 2f 32 22 97 6e 62 00 02 6e 4c 00 00 00 60 53 54 41 54 f1 71 d9 45 00 04 a1 48 00 00 00 48 63 6d 61 70 2f 2e e9 9d 00 02 6e ac 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 3a f8 00 00 00 08 67 6c 79 66 8b bf 4f 34 00 00 01 0c 00 02 1d 26 68 65 61 64 2d c3 61 46 00 02 46 24 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 6e 28 00 00 00 24 68 6d 74 78 fd c3 4c d4 00 02 46 5c 00 00 27 ca 6c 6f 63 61 09 5d 06 34 00 02 1e 54 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 1e 34 00 00 00 20 6e 61 6d 65 30 24 51 40 00 02 d4 40 00 00 02 16 70 6f 73 74 a7 a8 35 72 00 02 d6 58 00 00 64 9e 70 72 65 Data Ascii: GDEF11;GPOSX?GSUBfx^BOS/2"nbnL`STATqEHHcmap/.negasp:glyfO4&head-aFF$6hhean($hmtxLF\'loca]4T'maxp4 name0$Q@@post5rXdpre
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 07 30 0a f8 02 26 01 a5 00 00 00 07 08 0c 07 3c 02 38 ff ff 00 f8 ff dc 07 30 0a a0 02 26 01 a5 00 00 00 07 06 7b 06 9c 02 00 ff ff 00 f8 ff dc 07 30 0a 74 02 26 01 a5 00 00 00 07 06 7f 07 66 02 a0 ff ff 00 f8 fd e8 07 30 08 00 02 26 01 a5 00 00 00 07 06 8d 07 c0 ff e4 ff ff 00 f8 fd e8 07 30 08 00 02 26 01 a5 00 00 00 07 06 90 07 74 ff e4 ff ff 00 f8 fd b4 07 30 08 00 02 26 01 a5 00 00 00 07 06 89 07 34 ff e4 ff ff 00 f8 ff dc 07 30 0b a0 02 26 01 a5 00 00 00 07 08 bd 06 00 00 00 ff ff 00 f8 ff dc 07 30 0b 80 02 26 01 a5 00 00 00 07 08 5d 07 3c 02 8c ff ff 00 f8 fd e8 07 30 08 00 02 26 01 a5 00 00 00 07 06 8b 07 54 ff e4 ff ff 00 f8 ff dc 07 30 0b 0c 02 26 01 a5 00 00 00 07 06 80 07 44 02 24 ff ff 00 f8 ff dc 08 fc 0a a0 02 26 01 a6 00 00 00 07 06 64 01 Data Ascii: 0&<80&{0t&f0&0&t0&40&0&]<0&T0&D$&d
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: ff 00 90 ff e0 06 00 09 fc 02 26 03 07 00 00 00 07 08 12 06 78 00 00 ff ff 00 90 ff e0 06 00 0a a0 02 26 03 07 00 00 00 07 08 bc 05 08 00 00 ff ff 00 90 ff e0 06 00 09 b8 02 26 03 07 00 00 00 07 08 bf 06 74 00 14 ff ff 00 90 ff e0 06 00 09 ec 02 26 03 07 00 00 00 07 08 60 06 74 00 1c ff ff 00 90 ff e0 06 00 0a 40 02 26 03 07 00 00 00 07 08 5c 05 50 00 00 ff ff 00 90 fe 04 06 00 06 14 02 26 03 07 00 00 00 07 06 8b 06 88 00 00 ff ff 00 90 ff e0 06 00 09 0c 02 26 03 07 00 00 00 07 06 80 06 78 00 24 ff ff 00 90 ff e0 06 cc 09 1c 02 26 03 07 00 00 00 07 07 f0 01 10 00 04 ff ff ff c4 ff e0 06 00 09 1c 02 26 03 07 00 00 00 06 07 f1 90 1c ff ff 00 90 ff e0 06 28 09 4c 02 26 03 07 00 00 00 07 07 f2 00 bc ff e8 ff ff 00 90 ff e0 06 00 09 38 02 26 03 07 00 00 00 06 Data Ascii: &x&&t&`t@&\P&&x$&&(L&8&
2024-05-22 00:55:53 UTC	15401	IN	Data Raw: 00 35 00 00 01 32 1e 02 15 14 06 04 23 22 2e 02 27 33 16 16 33 32 36 35 34 26 26 23 23 35 15 35 33 32 36 35 34 26 23 22 06 07 23 36 36 24 33 32 04 16 15 14 0e 02 23 03 3c b3 e3 7b 2f a1 fe e8 b3 88 e1 a6 64 0d f8 1e b6 a8 ae d2 56 9e 6c b8 b8 a7 a5 be 9e 9a bd 19 f8 14 9e 01 07 af af 01 09 94 29 73 d8 b0 03 20 49 74 86 3d 85 c8 6f 43 7d b0 6c 84 80 84 6c 49 75 46 70 40 9c 74 60 6b 85 80 68 8b c7 6a 6c ca 8e 3d 82 6d 44 00 02 00 80 ff e4 05 a0 06 14 00 1b 00 36 00 00 05 22 24 26 02 35 33 10 12 33 32 36 35 34 26 26 23 23 35 33 32 1e 02 15 14 06 04 03 23 35 33 32 36 35 34 26 23 22 06 06 15 23 34 12 36 24 33 20 04 15 14 0e 02 03 34 ab fe fe af 58 ec e1 e7 a7 cd 56 9e 6c b8 d0 b3 e3 7b 2f a1 fe e8 87 d0 b8 a7 a5 b8 98 9f d1 68 ec 59 af 01 05 ab 01 07 01 45 29 Data Ascii: 52#".'332654&&##5532654&#"#66$32#<{/dVl)s It=oC}llIuFp@t`khjl=mD6"$&5332654&&##532#532654&#"#46$3 4XVl{/hYE)
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 04 03 1c ca fe dc 9e 6d c1 7e 01 28 57 69 89 6f 4e 77 43 4f 7b 42 03 ac fe e4 fc f8 6c b0 68 7b df 96 9a de 78 92 7e fe 68 8a 62 64 b6 7a 74 dc b3 69 e4 5e 76 24 0c 14 0c 63 fe d2 1c 94 01 02 a6 80 c7 ab 56 dc 39 82 69 4e 92 4f 79 40 48 93 99 50 fb 84 03 a8 82 d4 ce 78 8a d1 75 77 c3 72 93 d8 5d fe d0 66 c0 2a 60 a6 66 63 bc 01 08 a5 cc fe fe 92 24 0f 1e 0f 6f 6d 00 02 00 d4 ff f0 02 3c 08 00 00 03 00 10 00 00 01 03 23 03 13 22 26 35 34 36 33 32 16 15 14 06 06 02 10 14 e8 14 88 4a 6a 6a 4a 4a 6a 31 51 08 00 fa 40 05 c0 f7 f0 6a 4a 4a 6a 6a 4a 31 52 31 ff ff 00 d4 ff f0 05 4c 08 00 00 26 05 31 00 00 00 07 05 31 03 10 00 00 00 02 00 d4 fd f8 02 3c 06 08 00 03 00 10 00 00 01 21 13 33 03 32 16 15 14 06 23 22 26 35 34 36 36 02 10 fe f0 14 e8 74 4a 6a 6a 4a 4a Data Ascii: m~(WioNwCO{Blh{x~hbdzti^v$cV9iNOy@HPxuwr]f*`fc$om<#"&54632JjjJJj1Q@jJJjjJ1R1L&11<!32#"&5466tJjjJJ
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 03 01 33 01 04 e8 5d b3 80 82 b0 5a 5b b1 80 82 b2 5c cc 58 6c 69 57 54 6c 69 5b fb 38 5d b3 80 82 b0 5a 5b b1 80 82 b2 5c cc 58 6c 69 57 54 6c 69 5b 80 05 80 e4 fa 80 01 80 6c 70 bb 71 71 bb 70 6c 70 bb 71 71 bb dc 6c 5d 93 93 5d 6c 5d 93 93 03 cb 6c 70 bb 71 71 bb 70 6c 70 bb 71 71 bb dc 6c 5d 93 93 5d 6c 5d 93 93 f9 23 08 00 f8 00 00 07 00 ec ff e4 0a 94 08 1c 00 11 00 1f 00 31 00 3f 00 51 00 5f 00 63 00 00 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 05 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 Data Ascii: 2#"&&7326554&#"3]Z[\XliWTli[8]Z[\XliWTli[lpqqplpqql]]l]lpqqplpqql]]l]#1?Q_c546632#"&&7326554&#"546632#"&&7326554&#"546632#"&&732655
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 78 dc 95 57 57 99 fb 08 00 02 00 f4 00 00 05 fc 05 d0 00 03 00 19 00 00 01 21 01 21 01 21 11 21 11 21 32 36 35 34 26 23 21 35 21 32 16 16 15 14 06 04 04 48 fe d8 01 b4 01 28 fd 70 fd 88 01 14 01 64 9c 8c 7f 8d fe 38 01 c8 ac f3 81 86 ff 00 03 04 02 cc fa 30 05 d0 fb 08 9a 5a 54 94 dc 76 ce 84 82 ce 78 00 02 00 88 03 80 04 68 07 cc 00 03 00 19 00 00 01 21 01 21 01 21 11 33 11 33 32 36 35 34 26 23 21 35 21 32 16 16 15 14 06 06 03 44 fe e0 01 24 01 20 fe 0c fe 14 fc c0 75 67 5b 69 fe f4 01 38 80 b5 5f 64 be 05 f4 01 d8 fb b4 04 4c fc 88 5a 42 3f 59 d0 64 a6 62 60 a6 66 00 03 00 2c fd a8 07 c4 08 1e 00 1c 00 20 00 24 00 00 01 21 36 12 36 24 33 20 00 12 11 15 10 02 00 21 11 32 24 12 11 35 10 02 00 23 22 04 02 13 01 17 01 13 01 17 01 01 4c fe e0 17 82 e2 01 49 Data Ascii: xWW!!!!!2654&#!5!2H(pd80ZTvxh!!!332654&#!5!2D$ ug[i8_dLZB?Ydb`f, $!66$3 !2$5#"LI
2024-05-22 00:55:53 UTC	1514	IN	Data Raw: 53 5d fd fe 93 b7 b7 93 53 57 57 53 93 b7 b7 93 53 57 57 ff ff 02 4c 06 d0 04 54 08 a0 00 06 06 64 1c 00 ff ff 00 60 00 00 0a b4 08 40 00 26 03 a4 00 00 00 27 02 a7 06 20 00 00 00 07 02 a7 08 bc 00 00 ff ff 00 50 00 00 07 40 08 40 00 26 03 a4 f0 00 00 07 02 a7 05 48 00 00 00 01 f9 98 ff 7c ff 8c 08 28 00 03 00 00 03 01 23 01 74 fa 98 8c 05 68 08 28 f7 54 08 ac 00 01 fa a8 ff 48 fe ec 06 7c 00 03 00 00 01 01 23 01 fe ec fc 70 b4 03 90 06 7c f8 cc 07 34 00 01 00 d0 fe 4c 07 20 00 c0 00 07 00 00 37 33 11 21 11 33 11 21 d0 ec 04 7c e8 f9 b0 c0 fe 68 01 98 fd 8c 00 02 fb c4 fd 64 fd f0 ff 90 00 03 00 07 00 00 01 11 21 11 01 11 21 11 fb c4 02 2c fe 68 01 00 fd 64 02 2c fd d4 01 98 ff 00 01 00 00 01 00 7c fd f4 05 74 06 14 00 2b 00 00 01 35 32 36 35 34 26 27 25 Data Ascii: S]SWWSSWWLTd`@&' P@@&H\|(#th(TH\|#p\|4L 73!3!\|hd!!,hd,\|t+52654&'%
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 36 4e b4 50 88 54 39 58 50 55 36 39 4f 09 0c 3f 59 59 3f 3f 59 5c 37 40 59 59 3f 3f 55 55 a5 10 68 99 53 27 32 27 5c 3c 08 66 9d 59 27 32 27 59 00 01 fa e8 06 b4 05 18 08 34 00 1a 00 00 01 27 3e 02 33 32 0c 03 33 32 36 37 17 06 06 23 22 2c 03 23 22 06 fb 7c 94 0e 6f b5 76 82 01 64 01 91 01 8f 01 5c 7a 63 99 18 98 15 e9 ae 97 fe 92 fe 79 fe 83 fe ad 80 63 90 06 b4 24 54 94 5c 1d 2b 2b 1d 51 57 30 8a ae 1c 2a 2a 1c 50 00 02 fb 04 06 84 fe b0 09 10 00 15 00 19 00 00 01 17 14 06 23 22 26 26 23 22 06 15 27 34 36 33 32 16 16 33 32 36 13 15 21 35 fd e0 78 82 66 4a 5a 50 3c 2d 3f 78 81 63 3e 5d 5b 3a 2d 43 d0 fc 54 07 b4 20 66 96 34 34 4c 30 20 63 9d 32 32 41 01 8f d0 d0 00 02 fa ec 06 a8 fe c4 09 84 00 19 00 1d 00 00 01 17 14 06 06 23 22 2e 02 23 22 06 15 27 34 Data Ascii: 6NPT9XPU69O?YY??Y\7@YY??UUhS'2'\<fY'2'Y4'>323267#",#"\|ovd\zcyc$T\++QW0**P#"&&#"'4632326!5xfJZP<-?xc>][:-CT f44L0 c22A#".#"'4
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 00 01 15 23 01 35 21 05 35 33 15 14 16 17 07 26 26 04 00 80 fe c4 01 24 fd 88 f8 37 39 6c 78 84 06 44 14 01 b4 1c 70 70 68 63 92 3f 54 42 c6 00 02 00 cc 06 10 04 24 08 00 00 05 00 0f 00 00 01 35 13 21 15 01 05 26 26 35 35 33 15 14 16 17 02 68 98 01 24 fe c4 fe e0 78 84 f8 3a 36 06 30 14 01 bc 1c fe 4c 20 42 c6 78 70 68 63 92 3f 00 02 00 cc 06 10 04 24 08 00 00 05 00 0f 00 00 01 35 13 21 15 01 05 26 26 35 35 33 15 14 16 17 02 68 98 01 24 fe c4 fe e0 78 84 f8 3a 36 06 30 14 01 bc 1c fe 4c 20 42 c6 78 70 68 63 92 3f 00 02 00 7c 06 18 03 78 09 14 00 09 00 21 00 00 01 35 33 15 14 16 17 07 26 26 01 17 14 06 23 22 2e 02 23 22 06 15 27 34 36 33 32 1e 02 33 32 36 01 a0 d0 26 2a 7c 54 50 01 60 78 82 66 37 4d 3d 42 2d 2d 3f 78 7e 66 2f 4a 44 48 2b 2d 43 07 54 60 Data Ascii: #5!53&&$79lxDpphc?TB$5!&&553h$x:60L Bxphc?$5!&&553h$x:60L Bxphc?\|x!53&&#".#"'4632326&*\|TP`xf7M=B--?x~f/JDH+-CT`

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	567	OUT	GET /fonts/Inter/Inter-Light.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:53 UTC	552	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 304092 Connection: close Date: Tue, 21 May 2024 13:04:07 GMT Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT ETag: "60c8f64064078554b6469eeda25944eb" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: DwihJswQaoMXPqKxbR3hiW94SPP-wsHrEsGFn1aWYCl9nwjg95DFCw== Age: 42707 Access-Control-Allow-Origin: *
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 3b 6c 00 00 04 12 47 50 4f 53 44 54 7b 36 00 03 3f 80 00 01 21 64 47 53 55 42 be 7f 66 78 00 04 60 e4 00 00 42 b4 4f 53 2f 32 22 33 6e 62 00 02 6e 98 00 00 00 60 53 54 41 54 ee 4d d9 3f 00 04 a3 98 00 00 00 44 63 6d 61 70 2f 2e e9 9d 00 02 6e f8 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 3b 64 00 00 00 08 67 6c 79 66 97 e6 ea 0c 00 00 01 0c 00 02 1d 71 68 65 61 64 2d c3 61 46 00 02 46 70 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 6e 74 00 00 00 24 68 6d 74 78 e5 18 e6 d0 00 02 46 a8 00 00 27 ca 6c 6f 63 61 09 5d 8d 80 00 02 1e a0 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 1e 80 00 00 00 20 6e 61 6d 65 35 9c 5c a6 00 02 d4 8c 00 00 02 38 70 6f 73 74 a7 a8 35 72 00 02 d6 c4 00 00 64 9e 70 72 65 Data Ascii: GDEF11;lGPOSDT{6?!dGSUBfx`BOS/2"3nbn`STATM?Dcmap/.negasp;dglyfqhead-aFFp6hheant$hmtxF'loca]'maxp name5\8post5rdpre
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: dd 07 20 0a d4 02 26 01 a5 00 00 00 07 08 0c 07 23 02 38 ff ff 01 10 ff dd 07 20 0a 9b 02 26 01 a5 00 00 00 07 06 7b 06 c8 02 00 ff ff 01 10 ff dd 07 20 0a 67 02 26 01 a5 00 00 00 07 06 7f 07 61 02 95 ff ff 01 10 fd f8 07 20 08 00 02 26 01 a5 00 00 00 07 06 8d 07 94 ff e3 ff ff 01 10 fe 11 07 20 08 00 02 26 01 a5 00 00 00 07 06 90 07 37 ff e3 ff ff 01 10 fd b8 07 20 08 00 02 26 01 a5 00 00 00 07 06 89 07 18 ff e3 ff ff 01 10 ff dd 07 20 0b 60 02 26 01 a5 00 00 00 07 08 bd 06 0b 00 00 ff ff 01 10 ff dd 07 20 0b 43 02 26 01 a5 00 00 00 07 08 5d 07 23 02 af ff ff 01 10 fd f8 07 20 08 00 02 26 01 a5 00 00 00 07 06 8b 07 43 ff e3 ff ff 01 10 ff dd 07 20 0b 0d 02 26 01 a5 00 00 00 07 06 80 07 1c 02 2c ff ff 01 10 ff dd 08 c2 0a 9b 02 26 01 a6 00 00 00 07 06 64 Data Ascii: &#8 &{ g&a & &7 & `& C&]# &C &,&d
2024-05-22 00:55:53 UTC	12288	IN	Data Raw: ff 00 9c ff e0 05 e4 09 b2 02 26 03 07 00 00 00 07 08 12 06 8b 00 00 ff ff 00 9c ff e0 05 e4 0a 9b 02 26 03 07 00 00 00 07 08 bc 05 01 00 00 ff ff 00 9c ff e0 05 e4 09 77 02 26 03 07 00 00 00 07 08 bf 06 4d 00 17 ff ff 00 9c ff e0 05 e4 09 93 02 26 03 07 00 00 00 07 08 60 06 3c 00 08 ff ff 00 9c ff e0 05 e4 0a 2b 02 26 03 07 00 00 00 07 08 5c 05 48 00 00 ff ff 00 9c fe 15 05 e4 06 15 02 26 03 07 00 00 00 07 06 8b 06 6b 00 00 ff ff 00 9c ff e0 05 e4 09 0d 02 26 03 07 00 00 00 07 06 80 06 44 00 2c ff ff 00 9c ff e0 06 7f 09 27 02 26 03 07 00 00 00 07 07 f0 01 3a 00 0f ff ff 00 12 ff e0 05 e4 09 38 02 26 03 07 00 00 00 06 07 f1 e0 30 ff ff 00 9c ff e0 06 11 09 5d 02 26 03 07 00 00 00 07 07 f2 00 ec ff ed ff ff 00 9c ff e0 05 e4 09 3d 02 26 03 07 00 00 00 06 Data Ascii: &&w&M&`<+&\H&k&D,'&:8&0]&=&
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: ba 6f d2 94 51 a0 9d 9a 4a 4e 94 95 a0 5a d0 fe da 9a 04 e9 b7 b7 08 00 fd 59 9f c1 56 0e 1b 26 19 ac 19 26 1b 0d 7e 01 0d d6 02 a7 f8 00 ff ff 01 0f fe 0f 07 61 08 00 02 26 04 0d 00 00 00 07 08 03 06 3e 00 00 00 03 01 0f 00 00 06 af 08 00 00 03 00 19 00 1d 00 00 01 11 23 11 01 33 11 14 16 16 33 32 3e 02 37 15 0e 03 23 22 24 02 35 01 33 11 23 04 15 a8 fd a2 ba 6f d2 94 51 a0 9d 9a 4a 4e 94 95 a0 5a d0 fe da 9a 04 e9 b7 b7 05 58 fc 5c 03 a4 02 a8 fd 59 9f c1 56 0e 1b 26 19 ac 19 26 1b 0d 7e 01 0d d6 02 a7 f8 00 00 02 01 10 00 00 06 b1 08 00 00 15 00 19 00 00 21 23 11 34 26 26 23 22 0e 02 07 35 3e 03 33 32 04 12 15 01 23 11 33 06 b1 bb 6f d1 95 50 a1 9d 9a 4a 4f 93 96 9f 5a d0 01 26 9b fb 16 b7 b7 02 a7 9f c1 56 0e 1b 26 19 ac 19 26 1b 0d 7e fe f4 d7 fd 59 Data Ascii: oQJNZYV&&~a&>#332>7#"$53#oQJNZX\YV&&~!#4&&#"5>32#3oPJOZ&V&&~Y
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 01 1e ab a9 fe f6 91 fa 97 00 02 00 f5 ff 54 08 73 06 e0 00 03 00 2d 00 00 01 01 23 01 03 11 23 11 34 26 23 22 06 06 15 11 23 11 33 15 33 3e 02 33 32 16 17 33 3e 02 33 32 16 16 15 11 23 11 34 26 26 23 22 06 06 10 fc f6 b7 03 0d 4c b5 a2 9a 6a a9 64 b3 b3 0d 18 74 a5 63 9a cb 2f 0e 17 7b b8 72 88 d0 74 b3 5c 95 58 ac bb 06 e0 f8 74 07 8c fc fb fc 25 03 f5 b8 ba 6b c1 80 fc 45 06 00 f9 45 7b 4d a5 7c 4a 84 53 7c f2 b1 fc 0b 03 fb 7d a1 4e dd 00 02 01 09 00 00 07 5d 06 00 00 0d 00 1b 00 00 01 21 32 16 15 11 23 11 34 26 23 21 11 23 21 11 33 11 21 32 36 35 11 33 11 14 06 23 01 09 02 a4 eb e8 bb 82 90 fe 11 bb 01 de ba 01 ef 91 82 ba e8 ea 06 00 e8 f8 fd cb 02 3c 9b 96 fa a8 04 15 fc 93 96 9b 04 18 fb ef f8 e8 00 02 00 d9 00 00 06 ed 06 00 00 15 00 19 00 00 21 Data Ascii: Ts-##4&#"#33>323>32#4&&#"Ljdtc/{rt\Xt%kEE{M\|JS\|}N]!2#4&#!#!3!2653#<!
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 61 fd 20 03 df 02 ad 02 07 05 d9 00 00 fa a0 ff ff 00 93 fe a0 02 cd 02 ac 02 07 05 da 00 00 fa a0 00 01 00 60 fe 8c 03 7d 02 ad 00 28 00 00 01 07 26 26 23 22 06 15 14 16 17 17 16 16 15 14 06 06 23 22 26 27 37 16 16 33 32 36 35 34 26 27 27 26 26 35 34 36 33 32 16 03 6c 95 14 6c 5e 5a 7e 51 5a ab 83 83 67 b5 74 a7 cf 17 9f 13 76 65 67 84 4c 58 a9 86 84 d1 a5 9b be 01 a4 10 45 58 57 4a 38 4f 15 28 1e 8b 63 5c 8b 4d 96 85 10 53 5b 5d 4b 37 51 14 26 1e 8e 68 87 9f 8b ff ff 00 43 fe 91 02 68 03 94 02 07 05 dc 00 00 fa a0 00 01 00 93 fe 94 03 c5 02 a0 00 14 00 00 25 11 33 11 23 35 23 06 06 23 22 26 35 11 33 11 14 16 33 32 36 03 24 a1 9c 08 24 a1 71 98 c0 a1 88 6b 64 99 24 02 7c fc 00 af 54 67 c7 a9 02 9c fd 7b 70 8b 8b ff ff 00 41 fe a0 03 d1 02 a0 02 07 05 Data Ascii: a `}(&&#"#"&'732654&''&&54632ll^Z~QZgtvegLXEXWJ8O(c\MS[]K7Q&hCh%3#5##"&53326$$qkd$\|Tg{pA
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 15 21 11 21 32 04 16 15 14 02 04 23 25 21 32 36 36 35 34 26 23 21 01 10 04 ab fc 10 02 45 cd 01 1f 98 97 fe e1 ce fd bb 02 45 93 cd 6c f3 d9 fd bb 08 00 a8 fd 24 8a fb ab b0 fe f8 94 a5 73 c1 77 a5 df ff ff 00 b9 fd c4 08 06 08 1c 02 26 04 20 00 00 00 07 08 03 04 b4 ff b5 ff ff 01 0f 00 00 06 af 0a 08 02 26 04 0d 00 00 00 07 06 68 00 7f 02 00 ff ff 01 0f fe 0f 07 61 08 00 02 26 04 0d 00 00 00 07 08 03 06 3e 00 00 ff ff 01 10 00 00 0d fd 08 00 00 26 00 54 00 00 00 07 01 ed 07 e4 00 00 ff ff ff c9 00 00 07 30 08 00 02 06 00 5c 00 00 00 04 01 0b 00 00 05 ac 08 00 00 03 00 07 00 0b 00 0f 00 00 01 11 23 11 01 11 23 11 01 15 21 35 01 15 21 35 05 34 ad fd 3e ba 04 29 fc 69 04 0f fb f1 04 3f fe 26 01 da 03 c1 f8 00 08 00 fc 55 a8 a8 03 ab a8 a8 00 02 00 a3 00 00 Data Ascii: !!2#%!26654&#!EEl$sw& &ha&>&T0\##!5!54>)i?&U
2024-05-22 00:55:53 UTC	13491	IN	Data Raw: ac 01 20 ae ae fe e0 ac ac fe e2 ac 00 04 00 6c ff e4 07 1b 08 22 00 1a 00 35 00 40 00 56 00 00 01 35 32 16 16 15 11 14 06 06 23 22 26 26 35 11 33 11 14 16 33 32 36 35 11 34 26 25 15 22 06 15 11 14 16 33 32 36 35 11 33 11 14 06 06 23 22 26 26 35 11 34 36 36 05 27 36 36 35 35 33 15 14 06 06 01 33 15 23 22 2e 02 23 22 06 15 15 23 35 34 36 33 32 1e 02 05 64 81 c6 70 75 d0 89 89 ce 74 a8 9f 84 77 9c 91 fc 51 6b 8e 99 77 84 a2 a8 74 d0 8a 89 cf 73 6f c4 02 13 58 2f 2e b0 36 53 01 fb 3c 3e 78 b5 91 7f 42 49 56 92 a3 8c 51 8a 8f aa 05 33 a8 76 e8 ac fe 26 b2 ec 75 6e db a4 01 4c fe b4 a5 a0 b0 bb 01 da b2 b0 a8 a8 b0 b2 fe 26 bb b0 a0 a5 01 4c fe b4 a4 db 6e 75 ec b2 01 da ac e8 76 9c 3c 3c 64 33 77 7f 31 63 56 02 24 90 31 3f 32 46 4b 11 25 88 85 31 40 31 ff ff Data Ascii: l"5@V52#"&&5332654&%"32653#"&&5466'665533#".#"#54632dputwQkwtsoX/.6S<>xBIVQ3v&unL&Lnuv<<d3w1cV$1?2FK%1@1
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 27 37 25 17 01 25 35 37 05 01 01 37 17 13 01 13 33 17 03 01 27 01 17 07 01 25 35 05 15 13 03 37 01 07 fc 94 0f a0 68 6a 02 26 66 02 01 b8 48 01 14 fe 20 14 01 cc fe 2f fe f5 66 17 d4 fc 0f 6a 8f 0f a0 fc 71 4b 01 9c 66 02 fe cc fe 34 01 e0 78 d2 46 01 0b 68 06 0c 13 01 d1 fe 1c fe e1 67 15 da 4c fc 5c 69 93 0f a0 fc 05 01 a2 68 02 fe 46 fe b4 01 e4 13 fe 2f 01 84 49 01 0d 67 15 02 3a a0 6b 69 92 02 3e 01 bd 49 fe 5e 66 ff ff ff d6 00 00 06 94 08 00 02 06 07 cc 00 00 ff ff 00 b4 ff e4 06 92 0a 08 02 26 04 19 00 00 00 07 06 68 00 44 02 00 ff ff 00 9c ff e4 05 4c 08 08 02 26 04 e3 00 00 00 06 06 68 93 00 ff ff 01 10 fe 0f 05 bc 08 00 02 26 03 da 00 00 00 07 08 03 01 57 00 00 ff ff 00 eb fe 04 04 7c 06 00 02 26 04 b8 00 00 00 07 08 03 01 29 ff f5 ff ff 00 53 Data Ascii: '7%%5773'%57hj&fH /fjqKf4xFhgL\ihF/Ig:ki>I^f&hDL&h&W\|&)S
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: af 00 00 36 c7 00 00 36 df 00 00 36 ff 00 00 37 17 00 00 37 98 00 00 38 0b 00 00 38 7f 00 00 39 1d 00 00 39 35 00 00 39 4d 00 00 39 65 00 00 39 7d 00 00 39 95 00 00 39 ad 00 00 39 c5 00 00 39 dd 00 00 39 f5 00 00 3a 15 00 00 3a 25 00 00 3a c2 00 00 3b 50 00 00 3b 74 00 00 3b 8c 00 00 3b a4 00 00 3b bc 00 00 3b d4 00 00 3b ec 00 00 3c 04 00 00 3c 1c 00 00 3c 56 00 00 3c 9d 00 00 3c d5 00 00 3c e5 00 00 3d 33 00 00 3d 9f 00 00 3d b7 00 00 3d cf 00 00 3d e7 00 00 3d ff 00 00 3e 17 00 00 3e 2f 00 00 3e 47 00 00 3e 5f 00 00 3e 77 00 00 3e 8f 00 00 3e a7 00 00 3e bf 00 00 3e d7 00 00 3e ef 00 00 3f 07 00 00 3f 1f 00 00 3f 37 00 00 3f 4f 00 00 3f 67 00 00 3f 7f 00 00 3f 97 00 00 3f af 00 00 3f c7 00 00 3f df 00 00 3f f7 00 00 40 0f 00 00 40 27 00 00 40 3f 00 00 Data Ascii: 66677889959M9e9}99999::%:;P;t;;;;;<<<V<<<=3=====>>/>G>_>w>>>>>???7?O?g??????@@'@?

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	570	OUT	GET /fonts/Inter/Inter-SemiBold.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:53 UTC	552	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 309432 Connection: close Date: Tue, 21 May 2024 15:01:35 GMT Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT ETag: "1753a05196abeef95c32f10246bd6473" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 a49c26e403f2dac09629dceb6dac5740.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: wh0rHZ4s3m89HWjcqInOsNf5rJK30q6OhAEOwNopimaABjecq2N7fw== Age: 35659 Access-Control-Allow-Origin: *
2024-05-22 00:55:53 UTC	8949	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 44 98 00 00 04 12 47 50 4f 53 9b af 91 74 00 03 48 ac 00 01 2d 14 47 53 55 42 be 7f 66 78 00 04 75 c0 00 00 42 b4 4f 53 2f 32 23 5f 6e 62 00 02 77 ac 00 00 00 60 53 54 41 54 ef 79 d9 45 00 04 b8 74 00 00 00 44 63 6d 61 70 2f 2e e9 9d 00 02 78 0c 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 44 90 00 00 00 08 67 6c 79 66 6a 1b 9d 97 00 00 01 0c 00 02 26 86 68 65 61 64 2d c3 61 46 00 02 4f 84 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 77 88 00 00 00 24 68 6d 74 78 24 35 88 39 00 02 4f bc 00 00 27 ca 6c 6f 63 61 09 84 29 ed 00 02 27 b4 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 27 94 00 00 00 20 6e 61 6d 65 37 5c 60 0e 00 02 dd a0 00 00 02 50 70 6f 73 74 a7 a8 35 72 00 02 df f0 00 00 64 9e 70 72 65 Data Ascii: GDEF11DGPOStH-GSUBfxuBOS/2#_nbw`STATyEtDcmap/.xegaspDglyfj&head-aFO6hheaw$hmtx$59O'loca)''maxp' name7\`Ppost5rdpre
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: e9 00 00 00 06 06 69 88 20 ff ff 00 70 00 00 04 b5 0b d1 02 26 00 e9 00 00 00 07 08 08 04 ab 00 00 ff ff 00 70 00 00 04 b5 08 00 02 26 00 e9 00 00 00 06 07 fe f8 1d ff ff 00 70 fd e9 04 d1 08 00 02 26 00 e9 00 00 00 07 06 90 06 30 00 00 ff ff 00 70 00 00 04 b5 0a 93 02 26 00 e9 00 00 00 07 06 66 ff 41 02 00 ff ff 00 70 00 00 04 b5 0a 93 02 26 00 e9 00 00 00 07 06 64 ff ea 02 00 ff ff 00 70 00 00 04 b5 0a 76 02 26 00 e9 00 00 00 07 06 6a ff b0 02 00 ff ff 00 70 00 00 04 b5 0a 47 02 26 00 e9 00 00 00 07 06 6b ff d3 02 00 ff ff 00 70 00 00 04 b5 0a 00 02 26 00 e9 00 00 00 07 06 6d ff ae 02 00 ff ff 00 70 00 00 04 b5 0a 10 02 26 00 e9 00 00 00 07 06 6e ff fc 02 00 ff ff 00 70 fd ba 04 d3 08 00 02 26 00 e9 00 00 00 07 06 76 02 32 00 00 ff ff 00 70 00 00 04 b5 Data Ascii: i p&p&p&0p&fAp&dpv&jpG&kp&mp&np&v2p
2024-05-22 00:55:53 UTC	1514	IN	Data Raw: 64 00 00 ff ff 00 78 ff e2 06 0d 08 93 02 26 02 64 00 00 00 06 06 66 f2 00 ff ff 00 78 ff e2 06 0d 08 5b 02 06 02 65 00 00 ff ff 00 78 ff e2 06 0d 08 10 02 26 02 64 00 00 00 07 06 6e 00 ae 00 00 00 01 00 78 ff ec 06 0d 06 1e 00 26 00 00 01 32 04 12 15 14 02 04 23 22 26 26 02 35 35 21 15 21 1e 02 33 32 36 36 37 35 34 26 26 23 22 06 06 07 25 36 36 24 03 22 e8 01 4f b4 b5 fe ba dc 8e fd c3 70 04 eb fc 70 01 57 9e 68 70 a7 5d 01 62 b0 76 4e 82 5d 18 fe ad 20 b4 01 16 06 1e c1 fe 9d f1 ed fe 99 c9 5b be 01 25 ca 6f f4 68 a3 5e 6b ae 66 d5 86 bf 65 2d 58 41 26 86 c7 6d 00 01 01 25 00 00 04 18 08 60 00 10 00 00 21 11 34 36 36 33 32 16 17 03 26 26 23 22 06 15 11 01 25 81 da 85 5e 92 23 49 17 45 2b 65 54 06 91 9b ce 66 1e 0c fe e8 07 0f 61 5a f9 87 00 02 00 38 00 Data Ascii: dx&dfx[ex&dnx&2#"&&55!!3266754&&#"%66$"OppWhp]bvN] [%oh^kfe-XA&m%`!46632&&#"%^#IE+eTfaZ8
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 03 9a 9a ae 53 9c 00 03 00 ba fd c0 05 ff 08 1c 00 11 00 24 00 3b 00 00 21 21 15 14 0e 02 23 22 26 27 11 16 16 33 32 36 35 01 21 35 34 3e 02 33 32 16 17 11 26 26 23 22 06 06 15 13 11 21 11 21 11 33 36 36 33 32 16 12 07 11 21 11 34 26 23 22 06 06 04 94 01 6a 4b 85 b0 64 3e 5e 23 16 2f 1a 56 84 fd 80 fe a6 4e 88 ac 5e 3d 5e 23 16 2f 1a 39 69 43 10 fe 96 01 5a 12 35 e9 ac 9f ed 83 01 fe 96 9f 8c 5f 93 53 76 7f af 6c 30 07 07 01 1b 03 05 46 63 06 76 53 84 b1 68 2c 07 07 fe e5 03 05 1c 49 43 fd 31 fc 7c 06 00 fe fb 81 98 88 fe fe b8 fc 2e 03 9a 9a ae 53 9c 00 02 00 ba ff e4 09 f3 08 00 00 16 00 2c 00 00 33 11 21 11 33 36 36 33 32 16 12 15 15 21 35 34 26 23 22 06 06 15 11 05 22 24 02 35 35 21 15 14 16 16 33 32 36 12 11 35 21 15 10 02 00 ba 01 62 12 36 e3 b0 a0 Data Ascii: S$;!!#"&'3265!54>32&&#"!!36632!4&#"jKd>^#/VN^=^#/9iCZ5_Svl0FcvSh,IC1\|.S,3!36632!54&#""$55!3265!b6
2024-05-22 00:55:53 UTC	10463	IN	Data Raw: 15 23 01 35 21 21 15 16 06 06 07 27 36 36 35 35 03 32 01 8d b7 d6 8b fe 01 5a d0 cf 01 5b fe 8b d6 b8 01 8e fc f0 74 bb 6e 93 fe fc a9 7e d4 99 55 6d bc 74 fd 02 83 fe bd 01 27 fe 99 01 3d 74 52 6e 38 3a 01 37 10 76 01 84 01 0c d6 01 65 01 05 8f 8f fe fb fe 9b d6 fe f4 fe 7c 76 10 fe c9 01 88 30 c7 01 14 a3 bd 01 2c af 65 b4 f1 8e a3 fe ec c7 30 fe 78 06 49 14 01 b4 1c 70 50 8e 76 2c 54 3f 93 62 68 ff ff ff cb 00 00 0a 3e 08 1c 00 27 03 e2 02 4b 00 00 00 07 09 95 ff 08 00 00 ff ff ff d8 00 00 0a 09 08 1c 00 27 03 e2 02 16 00 00 00 07 09 90 fe d6 00 00 ff ff ff d6 00 00 0a 32 08 1c 00 27 03 e2 02 3f 00 00 00 07 09 97 fe e4 00 00 ff ff ff cb 00 00 09 94 09 4f 00 27 03 e2 01 a1 00 00 00 07 09 92 ff 46 00 30 ff ff ff cb 00 00 09 b2 09 4f 00 27 03 e2 01 be 00 Data Ascii: #5!!'66552Z[tn~Umt'=tRn8:7ve\|v0,e0xIpPv,T?bh>'K'2'?O'F0O'
2024-05-22 00:55:53 UTC	10858	IN	Data Raw: 22 00 00 13 21 11 14 16 04 33 32 24 36 35 2e 03 27 21 1e 03 15 14 02 06 04 21 20 24 02 11 01 21 11 21 ba 01 5d 9c 01 09 a2 e0 01 11 7b 01 19 2b 38 22 01 4c 23 3f 31 1c 62 dd fe 91 fe f4 fe e2 fe 56 ea 03 04 01 5c fe a4 06 00 fd 2a c9 ed 67 94 f7 94 56 ba bd b6 51 3d a0 bc cf 6c a5 fe d2 ec 89 af 01 74 01 27 02 d2 f7 70 00 02 00 ce ff e4 09 08 06 00 00 18 00 32 00 00 01 21 06 02 06 15 14 12 33 32 36 35 11 21 11 14 02 06 23 22 24 02 13 36 12 25 21 16 12 15 12 02 04 23 22 26 02 35 11 21 11 14 16 33 32 36 36 35 34 26 02 01 b4 01 61 55 64 2a 8a 7c 6d 84 01 0d 77 f0 b2 b7 fe f7 8f 01 01 75 05 7b 01 61 70 75 02 8f fe f7 b7 b2 f0 78 01 0e 85 6c 53 74 3e 2a 63 06 00 9b fe f9 ed 77 e6 fe fa cd c3 02 04 fe 18 e0 fe ba b0 b6 01 62 01 04 d3 01 83 aa aa fe 7d d3 fe fc Data Ascii: "!32$65.'!! $!!]{+8"L#?1bV\gVQ=lt'p2!3265!#"$6%!#"&5!326654&aUd\|mwu{apuxlSt>*cwb}
2024-05-22 00:55:53 UTC	8949	IN	Data Raw: 12 02 02 04 23 22 24 02 27 21 16 16 33 32 12 11 23 0e 02 23 22 24 02 27 34 12 24 13 22 06 06 15 1e 02 33 32 3e 02 27 34 26 26 03 7d 93 01 17 e0 84 01 71 d2 fe d8 b9 c2 fe d5 b8 15 01 6d 1c ad 84 d5 e6 0e 31 9c c5 6e b4 fe e1 a7 01 b9 01 4c df 6c ad 63 01 61 a9 6d 51 8c 69 3b 01 63 ab 08 1c 01 65 e3 fe 84 fe e8 fe f8 fe 61 fe e2 96 98 01 08 aa 7a 8f 01 72 01 49 58 7f 44 ac 01 2c c1 c8 01 3f b9 fe d2 69 b3 6e 6d b2 68 3e 6f 8e 4f 69 b2 6c 00 03 00 96 ff da 06 c0 08 1e 00 03 00 13 00 21 00 00 01 17 01 27 01 26 24 02 11 12 12 24 33 32 04 12 11 10 02 04 03 32 12 11 34 02 26 23 22 02 03 06 12 16 04 da 98 fd 02 90 01 c7 f7 fe 9f bd 01 bd 01 61 f6 f6 01 62 bd bd fe 9f f7 c0 df 66 ba 7f bf de 01 01 65 ba 07 27 5b fa 0e 65 fe 9b 01 fa 01 dc 01 4f 01 4e 01 d8 f8 f9 Data Ascii: #"$'!32##"$'4$"32>'4&&}qm1nLlcamQi;ceazrIXD,?inmh>oOil!'&$$3224&#"abfe'[eON
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 2c 00 00 01 11 34 26 23 22 06 15 27 34 36 33 32 16 15 11 14 16 17 23 26 26 13 15 23 22 06 15 14 16 33 32 36 36 35 17 06 06 23 22 26 35 34 36 33 03 46 4f 54 5b 66 f3 ef c5 b8 e0 0e 18 f9 0f 13 3e cb 79 70 4e 55 39 75 4f 18 1f a4 8f a8 b5 ee f2 04 a0 01 d4 55 5b 46 42 12 8c b6 bf bd fe 50 3d 7d 40 2f 6f 01 c6 a0 5c 3c 37 41 33 49 22 a2 43 7f ab 8d 99 a5 00 02 00 b4 03 b6 04 7f 07 f0 00 0f 00 1d 00 00 13 35 34 36 36 33 32 00 15 15 14 06 06 23 22 00 13 15 14 16 33 32 36 35 35 34 26 23 22 06 b4 77 da 95 e1 01 04 74 d8 95 e3 fe f9 f5 7a 7b 77 75 76 7a 78 79 05 9c 6a 8f dd 7e fe ed d7 6a 8e db 7d 01 11 01 3f 6a 7b a1 a1 7b 6a 78 a6 a6 00 02 00 66 04 00 01 94 09 e1 00 03 00 0f 00 00 13 11 21 11 03 22 26 35 34 36 33 32 16 15 14 06 75 01 11 88 3d 5b 5a 3e 3d 59 Data Ascii: ,4&#"'4632#&&#"32665#"&5463FOT[f>ypNU9uOU[FBP=}@/o\<7A3I"C546632#"326554&#"wtz{wuvzxyj~j}?j{{jxf!"&54632u=[Z>=Y
2024-05-22 00:55:53 UTC	10463	IN	Data Raw: 7d 7a 52 51 7b 20 04 04 7b 01 46 01 43 78 7b 51 52 7a 84 84 7a 52 51 7b 78 fe bd fe ba 7b ff ff 00 d0 ff e0 0a 70 08 2c 02 06 06 e6 00 00 00 01 01 00 ff ec 0a 80 09 00 00 09 00 00 09 03 21 01 01 21 01 01 05 c0 fd 0c 01 2a fd 0a 03 a0 01 20 01 20 03 a0 fd 0a 01 2a 02 0e fd de 03 78 02 24 03 78 fc 88 fd dc fc 88 00 02 01 00 ff ec 0a 80 09 00 00 09 00 13 00 00 09 03 21 01 01 21 09 02 05 03 25 21 03 03 21 05 03 05 c0 fd 0c 01 2a fd 0a 03 a0 01 20 01 20 03 a0 fd 0a 01 2a fd 0c 01 42 80 01 4a fe 72 7e 7c fe 70 01 4b 81 02 0e fd de 03 78 02 24 03 78 fc 88 fd dc fc 88 03 38 e9 01 7f ee 01 82 fe 7e ee fe 81 00 01 00 e6 00 00 0a f3 08 a0 00 06 00 00 13 01 01 21 11 21 11 e6 05 07 05 06 fd 7a fb 00 03 9a 05 06 fa fa fc 66 03 9a 00 02 00 e6 00 00 0a f3 08 a0 00 06 00 Data Ascii: }zRQ{ {FCx{QRzzRQ{x{p,!!* x$x!!%!! *BJr~\|pKx$x8~!!zf
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 03 00 07 00 1e 00 22 00 27 00 2c 00 30 00 00 01 11 21 11 13 11 21 11 01 21 11 10 00 21 21 32 04 16 16 15 11 21 11 34 26 23 21 22 06 06 15 01 11 21 11 01 01 21 01 23 01 01 07 23 01 01 11 21 11 07 35 fa ac 65 fe 8d 04 9f fe 80 01 73 01 71 02 ab a5 01 10 c4 6a fe 7d a8 b8 fd 55 70 9f 55 04 f4 fb c3 01 b0 02 4f 01 ac fd 18 de fe 48 02 58 3e db fd 17 04 4e fe 80 04 52 fe d2 01 2e 03 ae f8 00 08 00 f8 00 01 da 01 4c 01 2c 40 93 f2 b3 fe 26 01 da b5 8a 34 8a 81 06 26 fe c5 01 3b fb c3 04 3d fb 09 04 f7 fb b9 b0 04 f7 fc 1b fb e5 04 1b 00 04 00 4f 00 00 07 75 08 00 00 04 00 09 00 0d 00 11 00 00 01 01 21 01 33 01 01 37 33 01 01 11 21 11 05 11 21 11 04 4b fd 98 fe 6c 02 d3 ec 01 d4 fd 97 43 eb 02 ce fe 6a fb d9 02 c7 fe b4 07 48 f8 b8 08 00 f8 00 07 54 ac f8 00 Data Ascii: "',0!!!!!2!4&#!"!!##!5esqj}UpUOHX>NR.L,@&4&;=Ou!373!!KlCjHT

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	566	OUT	GET /fonts/Inter/Inter-Bold.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:53 UTC	552	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 309772 Connection: close Date: Tue, 21 May 2024 15:01:35 GMT Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT ETag: "d17c0274915408cee0308d5476df9f45" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 ed4565467c6c9847b6a3fcb6cec799e4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: BhNzUDqTXMTyXX7bGStu5ATZD-hVsQ2C0T8roGjpW47_Fej6NABhMQ== Age: 35659 Access-Control-Allow-Origin: *
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 46 04 00 00 04 12 47 50 4f 53 ab ef 32 2f 00 03 4a 18 00 01 2c fc 47 53 55 42 be 7f 66 78 00 04 77 14 00 00 42 b4 4f 53 2f 32 23 c3 6e 42 00 02 79 50 00 00 00 60 53 54 41 54 ef dd d9 47 00 04 b9 c8 00 00 00 44 63 6d 61 70 2f 2e e9 9d 00 02 79 b0 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 45 fc 00 00 00 08 67 6c 79 66 05 f3 35 d8 00 00 01 0c 00 02 28 2b 68 65 61 64 2d c4 61 46 00 02 51 28 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 79 2c 00 00 00 24 68 6d 74 78 37 f0 22 d7 00 02 51 60 00 00 27 ca 6c 6f 63 61 09 88 86 18 00 02 29 58 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 29 38 00 00 00 20 6e 61 6d 65 30 30 54 df 00 02 df 44 00 00 02 18 70 6f 73 74 a7 a8 35 72 00 02 e1 5c 00 00 64 9e 70 72 65 Data Ascii: GDEF11FGPOS2/J,GSUBfxwBOS/2#nByP`STATGDcmap/.yegaspEglyf5(+head-aFQ(6hheay,$hmtx7"Q`'loca)X'maxp)8 name00TDpost5r\dpre
2024-05-22 00:55:53 UTC	1514	IN	Data Raw: 00 00 00 07 06 76 02 6f 00 02 ff ff 00 b2 ff e3 07 54 0a 7e 02 26 01 a5 00 00 00 07 06 73 00 ee 02 00 ff ff 00 b2 ff e3 07 54 0c 00 02 26 01 a5 00 00 00 07 08 0e 07 70 00 00 ff ff 00 b2 ff e3 07 54 0b e9 02 26 01 a5 00 00 00 07 08 08 06 23 00 00 ff ff 00 b2 ff e3 07 54 0b 78 02 26 01 a5 00 00 00 07 08 0a 07 8e 02 38 ff ff 00 b2 ff e3 07 54 0b 17 02 26 01 a5 00 00 00 07 08 0c 07 84 02 38 ff ff 00 b2 ff e3 07 54 0a 8d 02 26 01 a5 00 00 00 07 06 7b 06 fd 02 00 ff ff 00 b2 ff e3 07 54 0a 96 02 26 01 a5 00 00 00 07 06 7f 07 6a 02 c2 ff ff 00 b2 fd bd 07 54 08 00 02 26 01 a5 00 00 00 07 06 8d 08 42 ff fc ff ff 00 b2 fd d7 07 54 08 00 02 26 01 a5 00 00 00 07 06 90 07 c1 ff fc ff ff 00 b2 fd b6 07 54 08 00 02 26 01 a5 00 00 00 07 06 89 07 70 ff fc ff ff 00 b2 ff Data Ascii: voT~&sT&pT&#Tx&8T&8T&{T&jT&BT&T&p
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 11 07 e2 f8 37 21 01 e5 01 d3 14 01 d3 01 e5 fd 15 fe 52 06 55 de de 01 ab fc 8e 03 72 fa d4 fd 2c 02 d4 ff ff 00 3a 00 00 07 be 08 00 02 06 01 d5 00 00 ff ff 00 22 00 00 09 f2 08 93 00 27 01 d5 02 34 00 00 00 07 06 67 fe f7 00 00 ff ff 00 3a 00 00 07 be 0a 69 02 06 01 d9 00 00 ff ff 00 69 00 00 09 5a 08 00 00 27 01 d5 01 9b 00 00 00 07 09 a2 ff 62 00 00 ff ff 00 57 00 00 0b 12 08 00 00 27 01 d5 03 53 00 00 00 06 09 95 ab 00 ff ff 00 1d 00 00 0b b4 08 00 00 27 01 d5 03 f6 00 00 00 07 09 97 ff 17 00 00 ff ff 00 16 00 00 0a f2 09 55 00 27 01 d5 03 34 00 00 00 06 09 99 8b 30 ff ff 00 3a 00 00 07 be 0a 18 02 26 01 d5 00 00 00 07 06 6e 01 55 02 00 ff ff 00 3a 00 00 07 be 0a 00 02 26 01 d5 00 00 00 07 06 6d 00 e1 02 00 ff ff 00 62 00 00 09 90 08 00 00 27 01 d5 Data Ascii: 7!RUr,:"'4g:iiZ'bW'S'U'40:&nU:&mb'
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 05 40 89 cc 71 73 cd 86 85 ca 72 6e ca 00 03 00 aa fd c0 06 84 07 97 00 0d 00 24 00 34 00 00 01 21 34 36 21 32 16 17 11 26 26 27 26 06 01 11 21 11 33 3e 02 33 32 04 12 11 10 02 04 23 22 26 26 27 23 11 03 14 16 16 33 32 36 36 35 34 26 26 23 22 06 06 02 4e fe 5c f6 01 03 4b 72 1d 12 4d 29 55 52 fe 5c 01 a4 13 1c 6b ad 81 a8 01 1c aa a5 fe e5 af 7c ad 6e 1d 0d 09 4c 90 67 68 90 4b 4a 90 69 68 8f 4c 06 00 d8 bf 10 08 fe e4 05 0e 01 01 3b f7 83 08 40 fe fe 3e 81 57 af fe a1 fe f8 fe ff fe 9f b5 52 7d 40 fc ca 05 40 89 cc 71 73 cd 86 85 ca 72 6e ca ff ff 00 aa fd c0 06 84 08 8d 02 26 03 3b 00 00 00 07 06 64 01 12 00 00 ff ff 00 aa fd c0 06 84 08 75 02 26 03 3b 00 00 00 07 06 70 02 27 00 00 ff ff 00 aa fd c0 06 84 06 14 02 06 03 3b 00 00 00 02 00 71 fd c0 06 4a Data Ascii: @qsrn$4!46!2&&'&!3>32#"&&'#326654&&#"N\KrM)UR\k\|nLghKJihL;@>WR}@@qsrn&;du&;p';qJ
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: d4 ad a1 d6 41 3d 02 02 51 4c 67 ef ff 32 62 8e 5c fe 19 04 6b fb 95 08 00 ec fd 86 74 bf b3 64 5c 85 21 20 38 bf 78 78 f4 6d a0 41 76 2d 2b 45 14 1a 3b 01 0c bf 83 d0 b9 bd 6f 02 ba fe 9e 00 01 00 aa fd c0 06 32 06 14 00 16 00 00 01 11 21 11 21 11 33 36 36 33 32 16 12 15 11 21 11 34 26 23 22 06 06 02 54 fe 56 01 96 12 34 f0 aa a1 ee 83 fe 56 90 81 55 84 4a 03 78 fc 88 06 00 fe f1 87 9c 8c fe fe b4 f9 ee 05 c6 8d 9f 4a 8d ff ff 00 aa fd c0 06 32 08 a4 02 26 04 53 00 00 00 07 08 cd 01 c0 00 11 ff ff 00 aa fd c0 06 32 08 b0 02 26 04 53 00 00 00 07 09 88 02 5e 00 a8 ff ff 00 aa fd c0 06 32 08 b0 02 26 04 53 00 00 00 07 09 a1 01 9c 00 b0 ff ff 00 aa fd c0 06 32 08 b0 02 26 04 53 00 00 00 07 09 8d 00 b4 00 a8 ff ff 00 aa fd c0 06 32 08 ae 02 26 04 53 00 00 00 Data Ascii: A=QLg2b\ktd\! 8xxmAv-+E;o2!!36632!4&#"TV4VUJxJ2&S2&S^2&S2&S2&S
2024-05-22 00:55:53 UTC	2410	IN	Data Raw: 9b 01 33 fe cd 05 8b f6 1d 01 3f 07 66 01 3e 00 03 00 57 fe 43 04 3f 08 26 00 14 00 29 00 2d 00 00 13 35 32 36 35 35 34 3e 02 33 11 22 06 06 15 11 14 06 06 04 01 22 2e 02 35 35 34 26 23 35 32 04 16 16 15 11 14 16 16 33 01 11 21 11 57 ad 86 67 b9 fe 97 76 7b 2c 38 98 fe e6 03 07 97 fe b9 67 86 ad e1 01 1a 98 38 2c 7b 76 fc 18 01 67 03 2c c9 8a 9a dd b9 df 72 26 fe c2 3d 7f 61 fe dc 4c 89 69 3d fb 17 26 72 df b9 de 9a 8a c9 3d 69 89 4d fe dc 60 7f 3d 02 f3 01 80 fe 80 00 03 00 41 fe 43 04 29 08 26 00 14 00 29 00 2d 00 00 01 15 22 06 15 15 14 0e 02 23 11 32 36 36 35 11 34 36 36 24 01 32 1e 02 15 15 14 16 33 15 22 24 26 26 35 11 34 26 26 23 01 11 21 11 04 29 ac 87 67 b9 fd 98 76 7b 2c 38 98 01 1a fc f9 98 fd b9 67 87 ac e1 fe e6 98 38 2c 7b 76 03 e8 fe 99 03 Data Ascii: 3?f>WC?&)-526554>3"".554&#523!Wgv{,8g8,{vg,r&=aLi=&r=iM`=AC)&)-"#2665466$23"$&&54&&#!)gv{,8g8,{v
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: f0 5e 01 9e 5c 04 ad 03 53 fc ad ff ff 00 92 04 ad 04 55 08 00 00 26 05 79 00 00 00 07 05 79 02 25 00 00 00 01 00 9d fe 0c 02 79 01 18 00 0b 00 00 01 07 06 02 06 07 21 36 36 12 37 37 02 79 0b 0d 49 4f 18 fe ec 0f 34 2e 06 05 01 18 6e 84 fe f9 d6 3d 3b d3 01 06 88 70 00 01 00 b3 ff e6 02 93 01 c4 00 0c 00 00 05 22 26 35 34 36 33 32 16 15 14 06 06 01 a3 63 8d 8d 63 60 90 43 6c 1a 8d 63 62 8c 8c 62 42 6d 41 ff ff 00 bc ff e6 08 20 01 c4 00 26 05 7c 0a 00 00 27 05 7c 02 cb 00 00 00 07 05 7c 05 8d 00 00 ff ff 00 bc ff e6 05 5e 01 c4 00 26 05 7c 0a 00 00 07 05 7c 02 cb 00 00 00 02 00 b3 ff e6 02 93 05 f7 00 0c 00 19 00 00 05 22 26 35 34 36 33 32 16 15 14 06 06 03 22 26 35 34 36 33 32 16 15 14 06 06 01 a3 63 8d 8d 63 60 90 43 6c 41 63 8d 8d 63 60 90 43 6c 1a 8d Data Ascii: ^\SU&yy%y!6677yIO4.n=;p"&54632cc`ClcbbBmA &\|'\|\|^&\|\|"&54632"&54632cc`ClAcc`Cl
2024-05-22 00:55:53 UTC	12982	IN	Data Raw: 5f 69 68 62 61 67 68 08 00 fa 7f 05 81 f8 00 05 7c fa 84 02 56 e7 e7 01 8d 82 e0 8e 58 8d e1 82 82 e1 8d 58 8d e0 83 f8 87 71 58 70 84 84 70 58 71 87 ff ff 00 9c ff e4 0c 9c 08 1c 00 26 05 b9 00 00 00 07 00 49 04 db 00 00 ff ff 00 9c 00 00 0b 0c 08 0e 00 26 05 b9 00 00 00 07 00 89 05 0e 00 00 ff ff 00 b2 00 00 07 6f 08 00 02 06 01 0e 00 00 ff ff 00 43 00 00 07 f6 0a d0 02 06 00 08 00 00 ff ff 00 8e ff e4 08 0c 08 1c 02 26 01 40 00 00 00 07 05 7c 02 aa 03 2b 00 02 00 e5 ff e4 06 88 05 ec 00 1c 00 25 00 00 01 15 06 04 23 22 24 26 02 35 34 12 36 24 33 32 04 12 15 06 14 17 21 11 16 16 33 32 24 01 22 06 07 11 21 11 26 26 05 d5 73 fe f6 8e 99 fe f2 cc 72 7d d5 01 09 8a c1 01 3f be 01 01 fb be 50 c8 6c 84 01 08 fe 74 68 c9 53 03 00 4c c4 01 10 90 46 56 79 d4 01 Data Ascii: _ihbagh\|VXXqXppXq&I&oC&@\|+%#"$&546$32!32$"!&&sr}?PlthSLFVy
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: fd 72 b4 a1 a9 a5 01 d4 fe 2c de fe d0 9c 9c 01 33 e2 02 8e e0 01 33 9e fe a0 01 60 9e fe cd e0 fd 72 e2 fe cd 9c 9c 01 30 de 01 d4 fe 2c a5 a9 a3 b2 02 8e b0 a1 00 03 00 b2 ff e4 0a 18 09 ee 00 07 00 1b 00 2f 00 00 01 21 35 21 17 21 15 23 07 21 11 14 02 04 23 22 24 02 35 11 21 11 14 16 33 32 36 35 01 21 11 14 02 04 23 22 24 02 35 11 21 11 14 16 33 32 36 35 04 dc fe 16 04 ec 04 fd f9 ff 4a 01 64 a6 fe e1 b6 cd fe bd b9 01 b1 91 87 88 8f 03 dc 01 aa ba fe bf cb b6 fe e3 a5 01 64 8d 87 88 94 09 30 be be b0 a4 fa b2 de fe d0 9c 9c 01 30 de 05 4e fa b2 a3 ab a9 a5 05 4e fa b2 de fe d0 9c 9c 01 30 de 05 4e fa b2 a5 a9 a9 a5 ff ff 00 b2 00 00 08 66 08 00 02 06 03 e1 00 00 00 02 01 02 00 00 06 68 05 d0 00 03 00 19 00 00 01 21 01 21 01 21 32 04 16 15 14 06 04 23 Data Ascii: r,33`r0,/!5!!#!#"$5!3265!#"$5!3265Jdd00NN0Nfh!!!2#
2024-05-22 00:55:53 UTC	16384	IN	Data Raw: 01 cf 00 00 ff ff 00 b2 00 00 09 5e 08 00 02 06 01 23 00 00 ff ff 00 b2 00 00 08 8e 08 00 00 26 00 c5 00 00 00 27 00 c5 03 16 00 00 00 07 00 c5 06 2b 00 00 ff ff 00 51 00 00 0d 55 08 00 00 26 01 cf 00 00 00 27 00 c5 07 dc 00 00 00 07 00 c5 0a f2 00 00 ff ff 00 b2 00 00 05 79 08 00 00 26 00 c5 00 00 00 07 00 c5 03 16 00 00 00 02 00 6a ff e4 03 d7 08 40 00 04 00 14 00 00 01 11 21 11 21 05 13 16 16 33 32 36 36 37 17 14 02 06 23 22 26 02 33 01 a4 fe 73 fe 20 03 20 59 1f 71 91 49 03 54 67 c8 90 20 47 01 5b 06 e5 f7 c0 0a 01 93 04 08 45 86 61 26 c3 fe d1 ad 08 00 02 00 5c 03 76 02 db 07 d3 00 0e 00 13 00 00 13 11 16 16 33 32 36 35 37 14 06 06 23 22 26 25 11 21 11 23 5c 1a 43 2d 6b 79 45 5a 9f 68 1d 2b 01 42 01 33 f2 03 7f 01 3a 0a 0d 77 71 04 9c f2 8a 05 f3 03 Data Ascii: ^#&'+QU&'y&j@!!32667#"&3s YqITg G[Ea&\v32657#"&%!#\C-kyEZh+B3:wq

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	708	OUT	GET /websafe/images/loginbg.gif HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
2024-05-22 00:55:53 UTC	971	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:55:53 GMT Content-Type: image/gif Content-Length: 51646 Connection: close Set-Cookie: AWSALB=i8OcggFeShHBA5QKP9rGmjrNxiyvMxSyFdS0F3ZrVJcejciqXKSHEcUH241WDu2hDGbXRopGzQ5VGFq0mWebjmQe+H2MNnb1aNVoNPMZIaaipxJjPfbuyh264b7n; Expires=Wed, 29 May 2024 00:55:53 GMT; Path=/ Set-Cookie: AWSALBCORS=i8OcggFeShHBA5QKP9rGmjrNxiyvMxSyFdS0F3ZrVJcejciqXKSHEcUH241WDu2hDGbXRopGzQ5VGFq0mWebjmQe+H2MNnb1aNVoNPMZIaaipxJjPfbuyh264b7n; Expires=Wed, 29 May 2024 00:55:53 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" X-Frame-Options: DENY Cache-Control: must-revalidate,max-age=1 Pragma: no-cache Set-Cookie: JSESSIONID=FD6F67336FF4919E0F4502E6DFE59DCC; Path=/websafe; Secure; HttpOnly Last-Modified: Fri, 05 Apr 2024 12:50:46 GMT ETag: "18eae4fbc88-c9be" Server: unknown
2024-05-22 00:55:53 UTC	8459	IN	Data Raw: ff d8 ff e1 00 4a 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 01 00 98 82 02 00 26 00 00 00 1a 00 00 00 00 00 00 00 73 61 6e 64 72 61 20 63 69 66 6f 2e 20 77 77 77 2e 63 69 66 6f 67 72 61 70 68 79 2e 63 6f 6d 2e 20 32 30 31 36 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 00 00 00 ff e1 04 13 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 Data Ascii: JExifII*&sandra cifo. www.cifography.com. 2016Duckyhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79
2024-05-22 00:55:53 UTC	9000	IN	Data Raw: 01 0e 16 47 a6 50 d8 27 b0 02 c8 c5 a0 ac c0 16 72 1c ba 10 b2 5e 40 34 0d 47 03 01 43 04 86 4a 7b 01 40 20 01 8a 46 00 20 18 01 31 92 89 97 3e 43 01 88 02 00 94 c7 28 4a a3 e0 80 25 11 39 2f 82 25 55 4c 01 52 82 50 70 42 e0 80 a6 10 27 91 e4 00 03 21 20 4b f2 2b 22 4f 23 80 09 1c 88 00 60 20 c8 04 48 40 48 48 0b 23 91 80 0b 52 62 3d 0a 8e 82 ca 00 84 d0 93 d8 3c d0 9d b7 02 86 00 02 6c 13 08 28 04 86 28 00 33 78 66 89 c9 36 4d 8a ac 0b 80 81 80 0b 21 23 10 00 68 c2 04 d0 14 04 a6 54 80 08 60 02 80 18 00 a4 60 20 07 e4 45 9c a2 f5 22 ce 00 a9 84 2d 75 23 52 b8 01 72 80 49 40 e0 05 12 09 40 e3 cc 20 02 46 2e 21 00 30 25 a1 a0 08 01 88 00 91 88 0a 43 12 18 00 00 00 99 05 b2 40 43 89 d4 45 20 18 00 00 04 0a ce 06 9c 80 c0 52 39 00 00 92 64 0a 14 8a 49 6c 06 Data Ascii: GP'r^@4GCJ{@ F 1>C(J%9/%ULRPpB'! K+"O#` H@HH#Rb=<l((3xf6M!#hT`` E"-u#RrI@@ F.!0%C@CE R9dIl
2024-05-22 00:55:53 UTC	9000	IN	Data Raw: a0 1b 10 d8 80 8c f5 1d 75 18 2d 40 b2 4a 24 00 00 00 02 40 00 24 68 91 72 87 00 36 13 00 c8 9c 01 a5 5c 8d 93 42 98 10 f0 2c 0d 92 44 50 d6 a2 1a d4 aa b1 31 83 02 19 2c a6 44 10 5e 35 26 59 49 04 ae a0 4a 43 81 f2 5d 4c dd 98 17 c4 a5 a9 87 26 69 db 72 ca 35 00 04 02 24 a6 48 19 f7 7e d3 9e bf 72 3b 22 45 f8 d1 05 80 01 40 12 20 08 60 20 00 28 91 c8 53 08 27 90 b9 a0 2e 04 67 cc 5c c0 d6 50 a4 ce d8 c9 1c c0 de 45 c8 c3 f2 12 fb a4 1d 1c 85 c8 e7 fc 81 cc 0e d1 88 65 08 45 09 81 2c a2 59 40 03 10 c0 42 63 13 02 44 31 10 4d f0 8c 97 09 c6 19 b3 52 27 55 13 b8 02 70 a0 e7 be a7 4a 4c c9 ce c0 2e da 72 6f 5a 41 9d 65 bc 8d 3c ea 02 75 f3 40 aa b7 62 7a 8d 01 aa 55 aa c1 0f 8e e1 55 91 35 ea 02 fa 07 35 da 03 87 a8 70 0a 96 ff 00 e4 97 b0 13 6f fb 85 6a 28 Data Ascii: u-@J$@$hr6\B,DP1,D^5&YIJC]L&ir5$H~r;"E@ ` (S'.g\PEeE,Y@BcD1MR'UpJL.roZAe<u@bzUU55poj(
2024-05-22 00:55:53 UTC	9000	IN	Data Raw: f2 01 48 60 c6 d6 bd 37 27 f3 37 ac 01 b3 d4 9e 52 cc ab 6e 5a 9b 2a ad d0 0e ae 59 d3 db d4 e7 4a a8 df b5 69 61 17 74 71 d2 ce 62 4e db 9c 54 fb 98 56 bc 98 f9 04 02 41 0f 90 73 14 09 a0 38 21 b0 86 77 f6 ad 54 da ae 3c ca 7d d4 ba b2 ab 83 8b 6a 4e da e9 1e 41 f4 5d c3 5f 11 b7 5c c6 80 70 e7 a2 1a e5 5d 0d 9f 65 ce 16 0d 2b d8 ea 80 8a ff 00 b0 eb ae 4e 8a f7 d5 b5 33 fc 75 ae b0 1c e9 5d c8 8e 95 0f 46 37 9d 72 70 be ea 5a 17 4f f6 36 60 6f c1 2c a7 ec 29 fd 2b cc 1c eb b9 93 ab 6e 59 5a 91 2a 9c 9c e7 db 05 70 aa cb 26 d2 be d4 62 eb 67 a8 69 ad bb 89 a8 5a 7a 93 5a f2 71 fa 93 c1 f4 3a 3b 5d be 2a 5e ac 83 58 8c 04 72 f4 17 2a a7 1b 99 df b8 9d 67 39 fd 45 f8 87 7e ea aa 9a ef a1 85 bb 9b 67 de 3b 70 e4 ab 2f e9 c1 0f 83 7f 71 56 60 e7 3d 7e 07 45 Data Ascii: H`7'7RnZYJiatqbNTVAs8!wT<}jNA]_\p]e+N3u]F7rpZO6`o,)+nYZp&bgiZzZq:;]^Xrg9E~g;p/qV`=~E
2024-05-22 00:55:53 UTC	9000	IN	Data Raw: c6 2d 04 03 32 ee 5a 32 5d ec aa b2 71 da ce ce 59 54 36 ec 35 66 88 45 20 36 4c de a7 3d 4e 9a e9 82 0d 96 80 4d ae a8 a6 c4 7e 6a ae a5 1a c0 ab ae 4a 90 c0 43 81 40 c1 39 d3 20 15 97 ec 2f 8f 99 09 b4 5a b0 52 6a 37 27 89 69 6e 34 04 f1 6f 71 f1 7d 4a 18 11 0c 72 ca 10 0a 7c 85 cb c9 94 00 4f 21 c8 c0 05 23 00 80 09 26 41 c1 36 f2 00 4e 59 72 42 a8 43 5a 01 72 27 64 43 ab 29 24 02 96 c6 aa 8a 80 80 18 0a 03 8a 01 81 3c 50 f8 a0 18 0a 10 68 00 4a d4 a8 22 32 05 68 38 08 12 01 f1 42 e2 54 04 00 a1 86 42 06 04 cb e8 3e 48 60 02 94 31 71 42 e0 80 a1 0b 88 43 40 25 82 c8 72 09 b0 2c 09 9e a1 c8 0a 01 48 48 0c 09 90 90 28 09 e4 c2 58 14 04 cb 1c b0 1b 44 c8 e5 89 c8 14 04 4b 45 4b 02 80 9c 86 40 a0 24 60 04 5c b8 22 c0 43 d0 8f f5 f4 65 b7 82 3f d7 78 64 1b Data Ascii: -2Z2]qYT65fE 6L=NM~jJC@9 /ZRj7'in4oq}Jr\|O!#&A6NYrBCZr'dC)$<PhJ"2h8BTB>H`1qBC@%r,HH(XDKEK@$`\"Ce?xd
2024-05-22 00:55:53 UTC	7187	IN	Data Raw: 95 64 9a 7e 3c 75 12 ca f2 ea 0b 29 27 88 c8 67 0f ca 40 76 5c 52 4b 5d 86 d4 66 72 36 de bd 13 9f 22 54 f2 d3 3d 7c 79 7c 40 2a a7 1b 60 a5 f5 42 78 59 15 57 f9 6d d3 c6 a2 51 10 b3 80 0b 37 ab f6 7b 42 65 43 1b fb 57 89 27 55 a6 20 0b ab 85 3e cc fe 9f a8 57 aa 0f 2e 82 ae 9e b9 f6 79 fb 40 6d 36 bf f2 d0 99 85 e5 af b5 e8 5c ae 5e 73 eb fd 0c f0 9b 5a 81 7a d9 ac ac 02 ce 35 c7 c9 8a b6 ca 5b 60 34 4d 2d 26 00 6b 32 ba 0a bf 2f 1e 3a 95 57 16 7d 5a d0 53 0a 3d 3d c0 2d 26 3d 70 26 d2 52 b0 5f 15 98 d1 8a b9 c3 c7 1f 87 8f 90 09 29 c3 59 42 56 4d cf f7 6f 1b f8 41 31 9d 85 30 bd 1f cc 02 21 cb 58 d3 f6 2f 1e c6 4b 5a cb c6 80 d4 ed e4 bd 40 76 87 ae 1c 47 90 28 df 5d 19 52 b3 ac 2d 88 7d 34 9f 18 03 44 bf ba 3d f8 33 aa 8f 28 cf bc ba e5 28 59 8f 98 9a Data Ascii: d~<u)'g@v\RK]fr6"T=\|y\|@*`BxYWmQ7{BeCW'U >W.y@m6\^sZz5[`4M-&k2/:W}ZS==-&=p&R_)YBVMoA10!X/KZ@vG(]R-}4D=3((Y

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:53 UTC	1181	OUT	GET /keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__540cdd740000018f9b9a646bff2e3ffff04b63f7%40localhost&s=1&f=0&d=1716339352065&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=6cECj5frbZ8ISPSxqG2ykBa8o6Zrrhi7oZ8sOvwQdubxDK3P2pYZenPFtXzdplKnUkhw/ePA43nUcX+LFqerWWTahUZGcLACWZ+5ZTYzgrU8BlFfnouhBeQ981Yo
2024-05-22 00:55:53 UTC	885	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:55:53 GMT Content-Type: text/javascript;charset=ISO-8859-1 Content-Length: 1178 Connection: close Set-Cookie: AWSALB=apI+LBAvBpr9jAvkjw4+J2Y81jl4yAA6NKczidtlcL/YjGfis5i3Ke4vuRtji6UsH/xACWIdCc/DbWejuKA6R0lFJqg7DFKIo5yD9hg7M2sdBc/4bUp4gXgQxVCb; Expires=Wed, 29 May 2024 00:55:53 GMT; Path=/ Set-Cookie: AWSALBCORS=apI+LBAvBpr9jAvkjw4+J2Y81jl4yAA6NKczidtlcL/YjGfis5i3Ke4vuRtji6UsH/xACWIdCc/DbWejuKA6R0lFJqg7DFKIo5yD9hg7M2sdBc/4bUp4gXgQxVCb; Expires=Wed, 29 May 2024 00:55:53 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" Set-Cookie: JSESSIONID=ED9F1DC64E65CC997001BE2E136CACF0; Path=/keyserver; Secure; HttpOnly Cache-Control: no-cache Pragma: no-cache Server: unknown
2024-05-22 00:55:53 UTC	1178	IN	Data Raw: 69 66 28 6c 5f 29 0d 0a 6c 5f 28 7b 0d 0a 22 52 50 43 52 65 66 22 3a 70 61 79 6c 6f 61 64 2e 72 70 63 2c 0a 22 63 61 6c 6c 62 61 63 6b 22 3a 71 72 0d 0a 2c 27 61 63 74 69 6f 6e 27 3a 27 6f 70 65 6e 27 0d 0a 2c 27 73 74 61 74 75 73 27 3a 32 31 0d 0a 2c 27 6d 65 73 73 61 67 65 27 3a 27 43 61 6e 6e 6f 74 20 69 64 65 6e 74 69 66 79 20 72 65 63 69 70 69 65 6e 74 2e 27 0d 0a 2c 27 73 74 61 74 65 27 3a 31 0d 0a 2c 27 72 65 71 54 69 6d 65 27 3a 31 37 31 36 33 33 39 33 35 32 30 36 35 0d 0a 2c 27 72 65 71 4e 75 6d 62 65 72 27 3a 31 0d 0a 2c 27 72 65 63 69 70 69 65 6e 74 49 64 65 6e 74 69 66 69 65 64 27 3a 66 61 6c 73 65 0d 0a 2c 27 73 75 63 63 65 73 73 27 3a 74 72 75 65 0d 0a 2c 27 63 6f 6f 6b 69 65 73 45 6e 61 62 6c 65 64 27 3a 74 72 75 65 0d 0a 2c 27 68 61 64 52 Data Ascii: if(l_)l_({"RPCRef":payload.rpc,"callback":qr,'action':'open','status':21,'message':'Cannot identify recipient.','state':1,'reqTime':1716339352065,'reqNumber':1,'recipientIdentified':false,'success':true,'cookiesEnabled':true,'hadR

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report securedoc_20240521T074217.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 204

Chrome Cache Entry: 205

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 210

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 216

Windows Analysis Report
securedoc_20240521T074217.html

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:54 UTC	722	OUT	GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=apI+LBAvBpr9jAvkjw4+J2Y81jl4yAA6NKczidtlcL/YjGfis5i3Ke4vuRtji6UsH/xACWIdCc/DbWejuKA6R0lFJqg7DFKIo5yD9hg7M2sdBc/4bUp4gXgQxVCb
2024-05-22 00:55:54 UTC	972	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:55:54 GMT Content-Type: image/svg+xml Content-Length: 387 Connection: close Set-Cookie: AWSALB=CAg7WJq+xe8qPGDpuHO8hgf3uxz64OvUZkrEzUVebqiClom2TxU8tIUJttVf3drah93reiuTsRS4hFxXYQpHJbxPNecCHmzGWwkyUZT6rd/7uVzifVnnu9ZYKSMA; Expires=Wed, 29 May 2024 00:55:54 GMT; Path=/ Set-Cookie: AWSALBCORS=CAg7WJq+xe8qPGDpuHO8hgf3uxz64OvUZkrEzUVebqiClom2TxU8tIUJttVf3drah93reiuTsRS4hFxXYQpHJbxPNecCHmzGWwkyUZT6rd/7uVzifVnnu9ZYKSMA; Expires=Wed, 29 May 2024 00:55:54 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" X-Frame-Options: DENY Cache-Control: must-revalidate,max-age=1 Pragma: no-cache Set-Cookie: JSESSIONID=703BFC4CBABFD4427FB6AC7523430D0C; Path=/websafe; Secure; HttpOnly Last-Modified: Fri, 05 Apr 2024 12:50:46 GMT ETag: "18eae4fbc88-183" Server: unknown
2024-05-22 00:55:54 UTC	387	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 76 67 20 69 64 3d 22 61 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 0a 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 0a 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 62 7b 66 69 6c 6c 3a 23 66 66 66 66 66 66 3b 66 69 6c 6c 2d 72 75 6c 65 3a 65 76 65 6e 6f 64 64 3b 7d 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 64 65 66 73 3e 0a 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 33 2e 38 38 31 2c 36 2e 31 33 31 63 2e 33 34 32 2d 2e 33 34 32 2c 2e 38 39 36 2d 2e 33 34 32 2c 31 2e 32 33 37 2c 30 6c 32 2e 38 38 31 2c 32 2e 38 38 31 2c 32 2e 38 38 31 2d 32 2e 38 38 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><svg id="a" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><defs><style>.b{fill:#ffffff;fill-rule:evenodd;}</style></defs><path class="b" d="M3.881,6.131c.342-.342,.896-.342,1.237,0l2.881,2.881,2.881-2.881

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:56 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 00:55:56 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=141238 Date: Wed, 22 May 2024 00:55:56 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:56 UTC	360	OUT	GET /CRES_login_bg.jpg HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:55:57 UTC	513	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 155249 Connection: close Date: Tue, 21 May 2024 15:01:34 GMT Last-Modified: Wed, 20 Sep 2023 11:59:56 GMT ETag: "c3598f2d3bf6694df3378aafc792bfee" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P1 X-Amz-Cf-Id: Ud-ObwSqF1E0ZgMbzeoDxDg6bulVpv_mcX379EeQKYf8mtpzG3jiQw== Age: 35663 Vary: Origin
2024-05-22 00:55:57 UTC	15871	IN	Data Raw: ff d8 ff e1 00 4a 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 01 00 98 82 02 00 26 00 00 00 1a 00 00 00 00 00 00 00 73 61 6e 64 72 61 20 63 69 66 6f 2e 20 77 77 77 2e 63 69 66 6f 67 72 61 70 68 79 2e 63 6f 6d 2e 20 32 30 31 36 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 00 00 00 ff e1 04 13 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 Data Ascii: JExifII*&sandra cifo. www.cifography.com. 2016Duckyhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: 80 2a 43 23 00 26 18 6d 28 97 68 f3 01 e1 13 2e da 68 1b 67 2c b0 25 55 22 80 52 03 26 da 04 83 4d 80 55 ca 45 19 d2 b8 2e 00 24 24 30 85 f0 00 76 39 dc b7 83 a1 bf 03 3a b7 21 12 a6 56 05 65 69 c2 35 aa b2 2b 21 5c fb 79 3b 20 74 e4 7a 1d 19 0c 81 cb f4 ec 3d bc 8b a1 b5 55 a5 97 ea 03 9a 2f d8 69 da 72 8e 8c 86 40 6f 42 1d 96 e2 9c 93 d5 81 72 86 46 02 10 16 04 c0 64 06 d8 22 2c d8 eb 6c 01 60 12 00 26 a7 53 36 9d 7c 8d 40 09 59 ca 61 91 35 19 5f 70 eb 69 f3 01 c8 4a 18 a2 40 60 4c 04 b4 04 f2 5a 0b d4 84 fb 93 c7 6e 84 1a c0 0c 0a 16 45 28 a0 02 61 04 34 38 14 3e 80 29 ee 61 6a 4e 51 d1 2f a8 61 81 c6 93 ea 6a ad 0a 10 f9 6b d5 18 a6 44 74 d2 91 97 a9 7e 04 56 d8 2a af 05 55 01 9d 2d b9 be c6 a0 00 00 00 27 54 c6 00 4c 76 61 2d 14 00 4e e2 80 5b 50 0c Data Ascii: C#&m(h.hg,%U"R&MUE.$$0v9:!Vei5+!\y; tz=U/ir@oBrFd",l`&S6\|@Ya5_piJ@`LZnE(a48>)ajNQ/ajkDt~VU-'TLva-N[P
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: 82 0d 64 ad c6 1b c7 f5 10 1d 1b 87 b8 e7 fa 88 3e aa 03 ad 58 a5 63 89 72 c9 bc b5 90 3a 55 8a 93 91 72 14 b9 50 1d 32 39 30 fa 88 af aa 80 da 40 c9 72 21 ef 4c 0d 56 34 2d 72 34 61 b9 0f 70 1d 2b 95 75 34 94 ce 2d e8 5b d2 f0 03 bf 22 76 c1 ca b9 9a 34 af 3a 78 65 04 e4 db 8c ca 2b 6c ad 4d 2b 28 0d 40 85 6e e5 6e 45 17 52 6e 55 49 b8 19 30 40 c6 88 18 c4 30 01 88 a4 00 0f 41 a1 58 a3 28 01 b0 20 0a 91 21 81 48 8e 5f 94 b2 79 14 a2 8e 5e 1b 46 a6 fb 97 c0 cb e8 2e e3 5c 70 9d 5f 52 23 47 c9 51 d7 91 41 cb 6e 16 b4 0d 8d 74 03 a6 f7 4d 60 95 e9 d4 e7 35 e5 58 90 35 5c 85 6f 5d 4e 34 69 5c 6b a0 1d 4d c0 56 ea da 74 30 d3 35 70 6b c6 96 b1 0c 2b 50 01 14 01 01 01 00 01 01 01 00 31 93 03 01 99 da a9 9a 11 6b 76 02 78 eb b5 b3 4b 0a 81 60 24 00 00 04 31 10 Data Ascii: d>Xcr:UrP290@r!LV4-r4ap+u4-["v4:xe+lM+(@nnERnUI0@0AX( !H_y^F.\p_R#GQAntM`5X5\o]N4i\kMVt05pk+P1kvxK`$1
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: 21 88 09 68 2a 31 2d 48 28 62 19 40 00 00 04 b2 84 c0 c5 88 6c 08 11 9f 21 a1 8f 3d b6 ae e0 44 db b9 32 db cb 30 fe e3 c0 aa 72 ee 7a 01 db 77 83 8b 66 eb 49 d9 6d 0e 1b d9 ce a0 5d f8 e3 42 6b c4 ef 87 80 f5 3d 19 75 dc b5 64 1d 2f 8a b5 ac 26 d9 c5 6e 2b 4f c0 e9 dc c8 5c 5b dc b6 c0 cb e9 5b c3 ef 37 e3 e1 4f e6 c8 ff 00 b7 af 76 69 4e 2a d7 46 ca 34 b5 28 94 25 07 25 b8 ff 00 cc 8d b9 0c eb 45 67 91 44 3a a4 a3 72 33 af 1d 17 ef 5a f6 3b 3e 8d 7b 0d 70 d3 b0 1c 6e 94 6b e6 fc 08 74 e3 8c da da 76 3d 0f a3 4e c2 fa 3c 7d 90 1e 72 af 0f 7b 69 d9 1a 55 f1 7f 9b f0 3b 7e 97 1a e9 51 c5 7b 20 3c e4 f8 55 b4 b4 cf 73 be 8e b1 85 f8 95 b7 8f 5f 4f e0 56 fa 77 40 4c f6 46 56 e4 6c df ea 57 49 47 1f 25 96 ed 40 e5 e4 73 74 d9 4a b8 5f 13 a6 9c 8a 76 a7 93 77 Data Ascii: !h1-H(b@l!=D20rzwfIm]Bk=ud/&n+O\[[7OviNF4(%%EgD:r3Z;>{pnktv=N<}r{iU;~Q{ <Us_OVw@LFVlWIG%@stJ_vw
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: 9d 4a 8d b8 07 c3 7e 90 05 a1 91 b3 91 74 41 b6 fd 80 5c c9 da b0 9c 19 da ad a8 46 96 dd d5 13 0f a0 56 1f 46 dd d7 dc 6d 5a 59 42 6e 72 54 b5 aa 1f d4 4b f6 84 5b d4 0c 1d dc cc 0d 5c 0a 4b 27 37 2f 13 a3 d6 64 e9 6f 6b 93 9f 9a dc 9c 96 5b 70 aa f3 e2 51 d8 f8 dd aa 96 03 8b 89 f1 b6 db 99 05 cf dd 15 f5 97 62 62 ab 90 cc 9b f2 ce 88 cf 79 51 b2 ae e1 fd 36 67 c5 69 b1 ad f9 2d 5d 14 91 4b e9 d9 94 e8 e2 0c be b7 27 f4 97 6b 5d d7 10 98 12 eb ba bb 51 2e ae 90 5f 1d 1f 1d 63 a8 b9 13 7a 81 73 33 e2 2b 71 a5 5f 10 ac a1 d6 ee d2 98 09 70 a6 a4 3e 8a 36 5a 1c 8e b6 7d 40 d3 e8 c0 7d 13 2b 71 d9 3d 49 d9 6e ec 0e 95 c2 92 80 b7 1c 1c fb 2f e2 4b e3 b7 59 03 ad 56 0a 93 87 65 97 71 ed b0 1d 6d 13 f4 a5 1c bb 5a ee 1f 4e de 20 6e f8 53 7a 9d 15 aa aa c1 c3 Data Ascii: J~tA\FVFmZYBnrTK[\K'7/dok[pQbbyQ6gi-]K'k]Q._czs3+q_p>6Z}@}+q=In/KYVeqmZN nSz
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: 1b b2 ea 41 84 01 b3 a2 7a 10 f8 da 03 9d b8 39 df 3d d3 84 e1 1d 37 4d 1c ff 00 52 d3 b5 24 c0 ea e2 bd ad f3 39 3a 95 eb dc e4 e2 f1 1f 28 1d 80 78 fc 37 6a ed 26 e0 d6 f6 6b 42 8f 4e 42 4f 32 af 9a df 2a fb ce 8a f1 df f7 ba fc 00 de e9 33 3a b6 98 d2 a2 d3 d4 54 be 8a 02 34 d4 ce d5 a7 51 38 fd cc cd f3 71 d3 12 a5 81 aa 85 f2 a0 6d f5 7f 71 cf 7e 66 b4 39 ef ee aa b1 79 a3 f1 22 bb 5d aa 85 f5 25 c2 39 b8 39 37 5d 43 94 77 72 38 ac 84 73 da d6 46 4e 58 f9 2a b9 e9 29 e4 f0 ed be b2 9b 72 bc 58 1e cc 03 50 78 d5 76 7d 5f e2 7a 1f f5 b6 7f 55 a6 df ca 15 d1 04 49 eb 9c 77 6d 72 4f 42 a3 8d b3 5e 24 b5 1f b9 e1 fe e1 a9 7b 52 ec 5d 38 d5 14 22 0c 9f 02 b2 76 4e 63 a1 84 ed d2 51 b5 5a 6e d5 85 9e bd 4c ed 4d a1 55 5e 46 f0 df e4 5d 79 ab 6f 4b 59 5d ce Data Ascii: Az9=7MR$9:(x7j&kBNBO23:T4Q8qmq~f9y"]%997]Cwr8sFNX)rXPxv}_zUIwmrOB^${R]8"vNcQZnLMU^F]yoKY]
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: a6 fb 1c 62 51 e7 f3 b9 e6 b4 f7 37 ff 00 b0 b6 db 55 ac 38 45 47 6d fd bb b2 a6 c7 57 b1 75 c1 7c 94 e4 d8 95 52 b5 96 a7 0f 3f b9 e4 a5 29 b6 d1 35 96 2f 73 cb 77 c3 4c e6 da f8 99 c6 b5 d1 cd c7 c8 f8 6b 56 9e e4 f2 8c af 56 bd b2 4d 46 59 95 f9 2f 4e 0a 5a b6 b2 6f c4 d3 fb 9e 55 c0 b9 37 3d ce cd 67 25 c6 4b ff 00 f9 bf f2 63 4a 7d ac 7f 98 6f dd 5d f0 ab d9 56 d9 88 6b 03 7e e2 af 85 5a d4 ab 5b 9f a5 61 14 5f 1d b6 fb 75 57 a3 6f e1 d8 c3 dd 4e f7 6e f9 34 7c bc 4f 85 3b 51 aa 4b c5 6d fc 4d 95 38 fd c5 12 ac ac 7a 67 52 74 df 9a 6a e9 db 7f f5 d5 3f bb 53 8d 56 5f 27 0f 7f 5d 7c ce be 2e 19 ae c5 ad 7d 55 fd 51 1c fc 0d 47 2d 7e 6a 7e 47 3d cf 5f da d9 c6 3c aa 65 34 49 e8 73 7b 54 ae af 5f 96 fe af e2 65 c9 ed 6c 9b 8c 9d 36 2c e6 39 26 32 ba 1e Data Ascii: bQ7U8EGmWu\|R?)5/swLkVVMFY/NZoU7=g%KcJ}o]Vk~Z[a_uWoNn4\|O;QKmM8zgRtj?SV_']\|.}UQG-~j~G=_<e4Is{T_el6,9&2
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: 8d 66 54 ea 04 5f fd ba ce 1a 69 d9 af ea c9 9b b5 e1 25 af 5f d3 3d 97 72 5c f2 3a d1 e9 12 e1 7c 57 f8 1a 2d db 53 b2 8a bf e3 f9 63 20 68 f9 12 ac f4 c7 d9 ff 00 52 eb e2 c5 ca f7 5a 5f 44 e7 45 a4 6b e3 f9 03 75 59 bc 45 9a c2 d5 d7 f8 0b 93 6d 6e ea d2 aa a5 7f 3e ff 00 c0 83 35 ba d8 ac ad 3e fd 3e c8 d2 eb e9 bd d9 b2 a4 2b 79 e8 96 7a 77 ee 4e d5 55 b9 2f 9b d5 36 c6 d7 95 f9 74 1f 58 ae 5a c6 71 d2 5f c7 fc bd 4a 2a db ab 12 a5 aa a9 c6 2a bf 54 bf 12 6c 93 5b 6e fa 7e 5a 7d ff 00 a1 bb f5 3d bd 54 2f 0f 1f 4f 56 8c 97 aa ae ca be 9d ad a9 d6 56 2a fc 67 a0 45 de b7 a2 84 f0 93 5e 32 ff 00 38 e8 cc a8 de e4 d6 be 7e 1a fc 0d 79 32 eb 48 dd 68 58 7a e7 bb e9 e2 8e 6a 52 6c dc ed 71 ea 85 d2 74 4b b2 eb e0 14 f8 af 54 eb 33 67 1b 63 a4 f4 34 ae 6d Data Ascii: fT_i%_=r\:\|W-Sc hRZ_DEkuYEmn>5>>+yzwNU/6tXZq_J*Tl[n~Z}=T/OVVgE^28~y2HhXzjRlqtKT3gc4m
2024-05-22 00:55:57 UTC	16384	IN	Data Raw: ba c6 5e 17 8a ce 8b ac 6a e0 9e 36 f8 ef e1 4f bb 5e be 1d 53 d5 68 f0 6f b5 cb 71 ea 6d c3 b2 4e 7c 7c 56 de d8 08 cf 74 45 56 d4 e3 73 c4 f8 39 9c aa c6 71 a1 53 5e 2b 55 51 4c b9 9d d3 33 f7 f5 cf 8f 73 14 ee d5 5e 23 76 af f6 ae 9f f8 79 f9 1b 72 da b6 6b 6a d2 52 c7 fe df 27 fb 5a 00 76 4d 5d 28 f5 38 4d 77 fd 17 e4 65 be b5 7b 2c a3 62 7f 7a d1 eb 98 ed aa f2 2e 97 57 70 be 57 15 ad 3a 47 55 65 f3 7f e5 e0 2e 6e 2a 25 5a bc 66 1d f5 f8 b5 fa 85 2b 7a f0 e2 5e dc d5 36 d4 77 f0 cf 51 5f d2 93 6e 73 16 ab e8 bb f9 fd e5 59 b9 5f 2e d6 d2 c4 fd eb c7 f4 72 4c ad aa 62 d5 86 d5 1a d3 c2 7a 4e b2 10 d7 25 b8 da b5 70 b2 9d 7e df b7 ac 33 6a da bf 51 c7 cb 65 ea 7f e6 8c 2f f2 cf 75 83 8f 1f f2 29 f4 c4 cf f5 3f cf a4 3d 1f 53 a2 a9 ba bb c5 7e a5 57 aa Data Ascii: ^j6O^ShoqmN\|\|VtEVs9qS^+UQL3s^#vyrkjR'ZvM](8Mwe{,bz.WpW:GUe.n*%Zf+z^6wQ_nsY_.rLbzN%p~3jQe/u)?=S~W
2024-05-22 00:55:57 UTC	8306	IN	Data Raw: 0c 87 36 c9 5a fc 00 2b 1a 3d 7a 14 94 e1 fd e2 95 6f 06 36 9b 73 a3 40 25 a4 36 35 86 d3 1d 69 bb 5c 0e 67 d2 f5 4c 03 f6 c3 d7 bc 92 9f ed bf c0 ad 54 fe e4 0d bb 2c ea 80 58 fd df 78 37 2e 2c fc 84 97 ed b6 a5 24 d3 53 a0 0a d3 4c 3d 05 31 8b 69 f8 8e 3f 6d fa 0f 47 b6 d8 48 01 37 1d ea f4 04 9d 5a ab cc 8e 1a c3 eb d4 a5 5c ed d5 01 3f 22 6b a1 7a 62 da 3f c1 09 38 cf 46 c1 cd 1a 4f 35 d0 22 ac df 1a 8d 68 c4 9b 89 71 b7 f2 09 7f 0e 82 4d 4c f4 8c c6 88 0a b3 75 ca 78 fc bc 41 56 2a da ca 62 a2 84 9a f5 27 82 a2 d9 75 ff 00 10 1b 50 92 59 fd 07 f2 fc 99 5f 6d 4c e5 27 be 8f c1 af 1f e0 5d 6a eb 9a e3 ba 01 2e af 57 d5 6b 9f b6 83 6b 6a 95 af 67 f6 d4 6b 0e 74 ee 85 7a 6e aa b5 73 e1 e3 d7 00 56 e6 d4 ac f8 0a b6 d6 1e 7a a1 3c e5 38 6b be 01 45 b3 54 Data Ascii: 6Z+=zo6s@%65i\gLT,Xx7.,$SL=1i?mGH7Z\?"kzb?8FO5"hqMLuxAV*b'uPY_mL']j.WkkjgktznsVz<8kET

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:57 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 00:55:57 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=141277 Date: Wed, 22 May 2024 00:55:57 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-22 00:55:57 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:55:57 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gXAG9K5P8KmYgYH&MD=LboOX44E HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 00:55:57 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 3fb23df5-b352-4239-8ead-d65c45e758cc MS-RequestId: 122e4347-c1ec-47f3-a3c7-0d95e072cca3 MS-CV: fwBGF6ZZ1kuVHziB.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 00:55:57 GMT Connection: close Content-Length: 24490
2024-05-22 00:55:57 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-22 00:55:57 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:56:08 UTC	722	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=google&lp=en&try=1 HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=Toghs2EnoUMAhMZefWdlj0UlJLBPdT/KbH3K8l2Kv6fY9ocOefyCRXrBhA4CqMOun6neXNYXFwjB91oKTxScx8E/ipRNvy+KxxpnMdIEuX6x1RwAZpco3fvc7bwv
2024-05-22 00:57:53 UTC	750	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:57:53 GMT Content-Type: image/gif Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=UVx/kTX++EEBKCUolUzdbD6YC/17fGzLUn5M7YsItiECduTLRB0SLYL+5QlOrKJ6+mXK6iqWvdpHmbMp/L/g9S5nAIBW8truxCEeAiXaAbdn702v3EDk/6fCpU6S; Expires=Wed, 29 May 2024 00:56:08 GMT; Path=/ Set-Cookie: AWSALBCORS=UVx/kTX++EEBKCUolUzdbD6YC/17fGzLUn5M7YsItiECduTLRB0SLYL+5QlOrKJ6+mXK6iqWvdpHmbMp/L/g9S5nAIBW8truxCEeAiXaAbdn702v3EDk/6fCpU6S; Expires=Wed, 29 May 2024 00:56:08 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: max-age=0, must-revalidate, no-cache, no-store, private Server: unknown
2024-05-22 00:57:53 UTC	205	IN	Data Raw: 63 37 0d 0a 47 49 46 38 39 61 82 00 1e 00 f0 00 00 00 81 bf ff ff ff 2c 00 00 00 00 82 00 1e 00 40 08 a6 00 01 08 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 17 06 08 50 70 e3 40 8f 02 41 8a e4 98 b1 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 95 20 3f 72 9c 39 33 e4 46 92 00 3c e2 7c c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 2f de bc 99 b4 a9 d2 a5 36 65 4a cd 49 32 a6 d3 a3 4b 75 e2 b4 0a 35 ea d5 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ed 50 ab 6e c1 c2 65 4a b5 aa 5d 9b 3b e3 9e 9c bb b5 af 57 b8 7a 4d f2 9d 4a f5 6f de c0 88 13 2b 5e cc b8 b1 e3 c7 90 cf 06 04 00 3b 0d 0a Data Ascii: c7GIF89a,@H*\#JHPp@A(S\ ?r93F<\|@JH/6eJI2Ku5`Kh]PneJ];WzMJo+^;
2024-05-22 00:57:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:56:09 UTC	718	OUT	GET /envelopeopener/pf/ZGJAVG9rZW41MDE0OjE1ODQy/sANBtkSpO65dzJ9jXA7XB3dDVt-pa0HtX2veHMGwlURFlbTmHwvK5byBj5GicATuBM6y8fo.t1CzS4LBhABXRAmfIoepxlImKQ!!/?button=ok&lp=en&try=1 HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBCORS=gpOUFEsdMSNYThtj2BIaxVWoO/yEWwTYpg831B8bAHyGWnvW6LjFRO/Cxkf0oGIUcALBqiGAXjX3WDgLc1rRAggqCEOXejA/qX2YgxwiPffW0OvMaJCQsOzS7PDI
2024-05-22 00:57:54 UTC	750	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 00:57:54 GMT Content-Type: image/gif Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=e6Kii/9Or+hxFK1E4jUfvjd+R/+Sr/9mf90fAPAB5q+a5YK5ZYsPJHN/GsQUOnh01IH79uQKu61m/1irawqjSI4lA5ngeG4AKqcU9bowgmI6m8cgnu3C3+Nxwo0G; Expires=Wed, 29 May 2024 00:56:09 GMT; Path=/ Set-Cookie: AWSALBCORS=e6Kii/9Or+hxFK1E4jUfvjd+R/+Sr/9mf90fAPAB5q+a5YK5ZYsPJHN/GsQUOnh01IH79uQKu61m/1irawqjSI4lA5ngeG4AKqcU9bowgmI6m8cgnu3C3+Nxwo0G; Expires=Wed, 29 May 2024 00:56:09 GMT; Path=/; SameSite=None; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: max-age=0, must-revalidate, no-cache, no-store, private Server: unknown
2024-05-22 00:57:54 UTC	205	IN	Data Raw: 63 37 0d 0a 47 49 46 38 39 61 82 00 1e 00 f0 00 00 00 81 bf ff ff ff 2c 00 00 00 00 82 00 1e 00 40 08 a6 00 01 08 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 17 06 08 50 70 e3 40 8f 02 41 8a e4 98 b1 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 95 20 3f 72 9c 39 33 e4 46 92 00 3c e2 7c c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 2f de bc 99 b4 a9 d2 a5 36 65 4a cd 49 32 a6 d3 a3 4b 75 e2 b4 0a 35 ea d5 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ed 50 ab 6e c1 c2 65 4a b5 aa 5d 9b 3b e3 9e 9c bb b5 af 57 b8 7a 4d f2 9d 4a f5 6f de c0 88 13 2b 5e cc b8 b1 e3 c7 90 cf 06 04 00 3b 0d 0a Data Ascii: c7GIF89a,@H*\#JHPp@A(S\ ?r93F<\|@JH/6eJI2Ku5`Kh]PneJ];WzMJo+^;
2024-05-22 00:57:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:56:35 UTC	794	OUT	GET /v3/__http://stanfordhospital.org__;!!BHlfX_zbyOAjqHI!wgyEG2JxI2P6-nnwEtViTwF0Z9cRgAzwL8Ix44wul2R1tUTK5pHKGckJKICGmfD_OJoMbm4pdzwPIsbHISCdNy7PQrF-posI2ZrPT3Y$ HTTP/1.1 Host: urldefense.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:56:35 UTC	355	IN	HTTP/1.1 302 Found Date: Wed, 22 May 2024 00:56:35 GMT Content-Length: 0 Connection: close Location: http://stanfordhospital.org Strict-Transport-Security: max-age=31536000 X-Robots-Tag: noindex, nofollow X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self';

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:56:37 UTC	643	OUT	GET / HTTP/1.1 Host: stanfordhospital.org Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 00:56:37 UTC	674	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 22 May 2024 00:56:37 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 238 Connection: close Set-Cookie: AWSALB=BPox6gTQMy5EcCqrouvOdymO2FoATjteSeDD20QTe3ksi2CADsWP6zKRN9ApyEZAdCIRiLFmcwhKNBzz5974GSYPYLe1aGjL0xT6+6u6lw3utQ/j3Zcq06+oKcPB; Expires=Wed, 29 May 2024 00:56:37 GMT; Path=/ Set-Cookie: AWSALBCORS=BPox6gTQMy5EcCqrouvOdymO2FoATjteSeDD20QTe3ksi2CADsWP6zKRN9ApyEZAdCIRiLFmcwhKNBzz5974GSYPYLe1aGjL0xT6+6u6lw3utQ/j3Zcq06+oKcPB; Expires=Wed, 29 May 2024 00:56:37 GMT; Path=/; SameSite=None; Secure Server: Apache/2.4.46 () Communique/4.3.3 X-Dispatcher: dis130 Location: https://stanfordhealthcare.org
2024-05-22 00:56:37 UTC	238	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 6e 66 6f 72 64 68 65 61 6c 74 68 63 61 72 65 2e 6f 72 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://stanfordhealthcare.org">here</a>.</p></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-05-22 00:56:38 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gXAG9K5P8KmYgYH&MD=LboOX44E HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 00:56:38 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440" MS-CorrelationId: e40978b8-541a-4308-9b1e-74c503ea90bf MS-RequestId: f3090da3-68ad-47e3-b220-928850071e49 MS-CV: ZfJ/tqNTTkuON/Bk.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 00:56:37 GMT Connection: close Content-Length: 25457
2024-05-22 00:56:38 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-22 00:56:38 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq