Windows Analysis Report
Airbornemx SWIFT COPY _ Wednesday May 2024..rtf

Overview

General Information

Sample name: Airbornemx SWIFT COPY _ Wednesday May 2024..rtf
Analysis ID: 1445932
MD5: a6c02d391b207b84472b7ac9b4c0de7c
SHA1: bc1dbeeb82a0f9b4f7e7fa22a6065d62293f30af
SHA256: e75d58fd1c42faeecdc4e88bd1309f532f109e760555810656062b15ba66faee
Infos:

Detection

HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
AI detected suspicious javascript
HTML page contains suspicious base64 encoded javascript
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Detected non-DNS traffic on DNS port
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML title does not match URL
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Invalid T&C link found
JA3 SSL client fingerprint seen in connection with other malware
Stores files to the Windows start menu directory

Classification

Phishing
barindex
AI detected phishing page
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu' is highly suspicious and does not match the legitimate domain name associated with Microsoft. The page contains a login form, which is a common element in phishing sites. The domain name 'eleteriod.com' is not related to Microsoft, indicating that this is likely a phishing attempt. DOM: 2.3.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 2.3.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_356, type: DROPPED
AI detected suspicious javascript
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu LLM: Score: 7 Reasons: The code contains several red flags that suggest it could be malicious. It collects user agent information, which can be used for fingerprinting. It also includes functionality for socket communication, which could be used to exfiltrate data. The presence of obfuscated variables and email addresses further raises suspicion. However, without more context or evidence of harmful actions, it is not definitively malicious. DOM: 2.3.pages.csv
HTML page contains suspicious base64 encoded javascript
Source: https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20= HTTP Parser: Base64 decoded: <script>
Phishing site detected (based on image similarity)
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden URLs or javascript code
Source: https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20= HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...
HTML title does not match URL
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: Title: 05ZUn3IVER does not match URL
Invalid T&C link found
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: Invalid link: Terms of use
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: Invalid link: Privacy & cookies
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: <input type="password" .../> found
Source: https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20= HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normal HTTP Parser: No favicon
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: No favicon
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: No <meta name="author".. found
Source: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:59885 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:59927 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:59928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:59929 version: TLS 1.2
Source: winword.exe Memory has grown: Private usage: 4MB later: 72MB
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.17:59863 -> 1.1.1.1:53
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View IP Address: 151.101.2.137 151.101.2.137
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View IP Address: 188.114.97.3 188.114.97.3
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RxOb4T5Cgy5kgHP&MD=9AUd9Nh3 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /k3hof49809/ HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/695da7821231/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l6agz47874.eleteriod.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=887eb68febf4728a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/k3hof49809/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkRYWmQ0TnFNcWw1UGMwek4zYWdZQ0E9PSIsInZhbHVlIjoibW5TdENxMXpQbUhWUVVVcWFXcFhUQmc3UXpacWhLZUVkV29iY2ovMjlMUEJNd2EwQjQwcTNYdGNuVnF2Q1locVlSQTgydjZlSGRwdGJib1lWelVBOE81YjBkeTU0emxQVDdhSGYxcE40eUpjOTRkTnZBb2tIU3BvQ3FVRmtlRjUiLCJtYWMiOiJjMTAyMmRkMjA3NTk3YjNhY2U0Zjg2YzE4ZGVjYjc2NWVlODEyMjk4NjcxYTQxZjI5MzIzMGJlNTY2NGMyNGZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InAvcXlFODBrbkZ1bDA0NStDeUVvb1E9PSIsInZhbHVlIjoiRUJSSjdzaGRrMnVQS1hub1FrWHJ4aS83d3lKRGR6cE9ZeW9GeitWWXlPWXJuc25qZHg5MU56ZWdmMC96NmFRVUxMTGJvRHEraVpYSUoxZ2lEb2pjVmR1SW01T1U4OTJTVFBHMGdKeUtzak5RUjhGd0g4T2E2Q3ZydkV5UWpQdDUiLCJtYWMiOiI5NDE3NWJmYzMzMDUyNWRiNGY2OGZmNmM5MWJmMjU4OThhNjMyZjQyODllYWZlZDQ3ZGRhNGZmOWU0ZDQyNGM4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1805048405:1716398150:X45MG1wplxtOLBIWwajWeE9aw9tmayvdMiPEFXoWqXM/887eb68febf4728a/60ba1c6e58abf92 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/887eb68febf4728a/1716400905710/4539064854afb4f32570c5bc254e9c2c21c56b69a3fe49046984c2bf6f485953/Gi_dQDPtKhTCYfB HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/887eb68febf4728a/1716400905715/yORtcSm8PD7IuNp HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/887eb68febf4728a/1716400905715/yORtcSm8PD7IuNp HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1805048405:1716398150:X45MG1wplxtOLBIWwajWeE9aw9tmayvdMiPEFXoWqXM/887eb68febf4728a/60ba1c6e58abf92 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1805048405:1716398150:X45MG1wplxtOLBIWwajWeE9aw9tmayvdMiPEFXoWqXM/887eb68febf4728a/60ba1c6e58abf92 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /k3hof49809/ HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://l6agz47874.eleteriod.com/k3hof49809/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImttalYvUFRTRkZBMlhpY202VG04RXc9PSIsInZhbHVlIjoiczQ4RVpsZ0JGL2wvcTRDd2ZyYzhicDJtT0M1STAvN2JwVXE4U1hURlk5WDRIR3B0L0ZlU2RHMS9ZOHN0eUtYQWZZVkhES1dwMDVOdFN3UjlYdWZUK0FidjFoZVhjYUZaRDQyN1NFeVdnSWt6VStPek9kSFFvK0lpZHc1Vyt2YzQiLCJtYWMiOiI2YzNkMTQ4ZWE0MmU3NjlmOGUwZjRiOTA0NDA2N2E4ODlkOWU5NTZjMjhlMGM2NjYxNDE2NTQ0ZDhhZDJmMDA3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBZQTF5aHd4Qmc2RVJva0tHYktZY2c9PSIsInZhbHVlIjoia1haKzR6QjIvdkF0bGcyeStlNW1DUGVicm9mWVJ5UWI5ZmtTemFIQmdlWnV3c2JWc0hpODlZVnM2RjVlNG1WRGM2dkdBOHZLekVya2xWclJkdGhnd3NqUjJ1SXlKVTJFWnVSWnVQbzNnUmJURHdDTktqQ283YWh1V2ZRYWFQbVUiLCJtYWMiOiIzMDdkNGJmNDljMmNmYTNlN2U3ZmM0M2M3ZjlhMGU3Njg2ZThmZmMwZjkzMTc1YjNhMTVhNDhhNTA3YWU3MGEyIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /nmZPXExYNWLex4mM7631aNGhsiAsiJXNjNRAer HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImttalYvUFRTRkZBMlhpY202VG04RXc9PSIsInZhbHVlIjoiczQ4RVpsZ0JGL2wvcTRDd2ZyYzhicDJtT0M1STAvN2JwVXE4U1hURlk5WDRIR3B0L0ZlU2RHMS9ZOHN0eUtYQWZZVkhES1dwMDVOdFN3UjlYdWZUK0FidjFoZVhjYUZaRDQyN1NFeVdnSWt6VStPek9kSFFvK0lpZHc1Vyt2YzQiLCJtYWMiOiI2YzNkMTQ4ZWE0MmU3NjlmOGUwZjRiOTA0NDA2N2E4ODlkOWU5NTZjMjhlMGM2NjYxNDE2NTQ0ZDhhZDJmMDA3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBZQTF5aHd4Qmc2RVJva0tHYktZY2c9PSIsInZhbHVlIjoia1haKzR6QjIvdkF0bGcyeStlNW1DUGVicm9mWVJ5UWI5ZmtTemFIQmdlWnV3c2JWc0hpODlZVnM2RjVlNG1WRGM2dkdBOHZLekVya2xWclJkdGhnd3NqUjJ1SXlKVTJFWnVSWnVQbzNnUmJURHdDTktqQ283YWh1V2ZRYWFQbVUiLCJtYWMiOiIzMDdkNGJmNDljMmNmYTNlN2U3ZmM0M2M3ZjlhMGU3Njg2ZThmZmMwZjkzMTc1YjNhMTVhNDhhNTA3YWU3MGEyIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /k3hof49809/?NYtodd.france@airbornemx.com HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l6agz47874.eleteriod.com/k3hof49809/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilk0WkoyMGhGcDNKTXhXd0NtTDJqQmc9PSIsInZhbHVlIjoia2dlZ2pObDBTbFpMOUNxbUJreGFVNmFsc0NqdjI3bS8wWXR6eW9DSUVGZkt4MDJjbitVY05jRWloaE5vS3U3c3RvdU5iMUZLa1ROQlkzU01tSDI2N0QyYjdWSXVBU2hGYlhtamlWd2VlRlBFYlZmVE1PNkd3RXJEdzVmMG1hY3EiLCJtYWMiOiJjMzBkMDYwYTVmMWEwNGZkYTc3ZmRhYjhjYmE1YTNiZDk0ZThkYzk4YmQ4YTM2ZTE5ZTliOTIzMzE0YTg1NDIwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InpmWmdTOWFaSkxxTjZFQlV5M3lxeWc9PSIsInZhbHVlIjoiNC9KRmh2NHAvZ0xmUGtPUTBCSEc5a25PSnZlalloaFdkTzhSNU9OUy9zS0dycVJFbnU2aE84L09nTWxGWXJHVlJ3b3FoRFk0S1Q2WkJ3SWs2QUc5dkRVRk5XQmt1aXZ5YXFSeWFnS3p2cEM4QXc3elZnbTZueHZMdytKTGZ3RUYiLCJtYWMiOiI1NWNhYjNhZTc2MjY3NmJmZGFmMGRmOWY4YzBhNjkxNWNiN2VkY2JiZDNmZjIyMjhlMDA0ZjA4MzkwNjdkMWI2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RxOb4T5Cgy5kgHP&MD=9AUd9Nh3 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l6agz47874.eleteriod.com/k3hof49809/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImdPK1EvN3Fjc1FsaVQ1ZjFjYWVDdlE9PSIsInZhbHVlIjoiejBGZC8rbktjV1pWTkhteVlCbGNVQVl0eTBUbHE3eW5EWEN1L2ZETkRTdmRVNDlaTEVWQ3RHOHM4UjdNc1lWc2s3QUYyN3h0TDI1dlZQVVBNcHVaZEhWRmdvWnExTFVOblhIMCtoWmRtSXM1RG5tazdHSlhHbkczV0svSzhzYnEiLCJtYWMiOiI3NmU2MmJiZmViZmZiOWRlMGZmNWVmNmU5N2Q5NTcwZWFiNjM0MTA4MjU0ODBlMWMxMWQyOWI3OTBjYzQ5ZjEwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijk2emZOMzZRdGlQcm80eXRIODlvK1E9PSIsInZhbHVlIjoiQlZadi9FRTZ6bkg4QlVqcUcrTENRYndvNlNVTmU2dEZjZ1prU3dWT0phclVNVHZsKzJhZ0RjV1pZMy9rNSsvdXg2WW9STmFQTnI1QWQwa3Q5TUJPenEzaS8rQWlwZnQxZFVKNTlmS3k3RWdhTC91V1BCMk0yWHNoVHk3N1ZrVXkiLCJtYWMiOiJlMTMyNjVlODAxNzFlNGNhYWFkMzllZGJmZjAzYTZkZDdkZjFjZDE2NDY1OTFjMjBlMTAyZmYzNjRiMDJmZTg3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /12HIw9eOWu0absr2Ad26720 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /aberie6jZkbpqVFEef25 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /pqOXwEJDxFZyzN1auv36 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l6agz47874.eleteriod.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /12GxD1xKYiaDaUT560Micgpqr50 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l6agz47874.eleteriod.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /56RriKccTQyAhplO4d67VmBjviYuv59 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l6agz47874.eleteriod.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /23tBEhtKGMgm89BkdRhzvw70 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l6agz47874.eleteriod.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /90FwFNCSlKcg1gKnc9avIcdQUX4h1cyz71 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l6agz47874.eleteriod.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /cdHTrgIfxVnMGL3mur53GZppEX78Gw6Ke7xoztQTkl93 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l6agz47874.eleteriod.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijzMs0cz14Ykf4YeICAFuTHWbFbbJHCA5mZLgEiNPVxzipqrcsEibC8DNKk2zdEbovEab228 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mnE9XqQd7cwqeoHDOHNYdiJtyPkloVeKQZ2voYzCFSgjKIkn2oSmCsuv216 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: l6agz47874.eleteriod.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l6agz47874.eleteriod.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3DSec-WebSocket-Key: fjPBPT6nCwolhRAu0sbhZw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /56P6RmVW07q5q2IzmAMROCmNGghm8kh7E6A89106 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxmjNuYi8NFj9axNCKeelVGasqrjFfWilIrHNE12129 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijzMs0cz14Ykf4YeICAFuTHWbFbbJHCA5mZLgEiNPVxzipqrcsEibC8DNKk2zdEbovEab228 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ophIsbkVflkPH6ucNNqWgQgh74rwHxeV0m3bqXIY45140 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mnE9XqQd7cwqeoHDOHNYdiJtyPkloVeKQZ2voYzCFSgjKIkn2oSmCsuv216 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQ5YldhWitWK2N4dUkvSmFlV2k1aFE9PSIsInZhbHVlIjoiT2JEQkl6dmUrMTJQWEc4T1NUTGFra3VCUkIxRmNqSUVwR3BXZmpXa3IzdTBGNHZQWXcyV2dkLzhkNlFVUVhIN3ZRekcrYWJVaGtkcGV6RTNoMWxvWlFWaVFGN254dGNJeGdaV2ZranFFalJGdVhIQVZmV01LcXBpU3pOYXlZZkciLCJtYWMiOiIzYzE5MmU0Y2NjOGUwMDNlYjFjNTljMjBkODIyZjhiZTFkYjM3NDZmN2RkMGVkOThlZDljMTU2MjU3NjQzY2E4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlIvY0dKQTVkSzFXY0JhVkZvWEc2SGc9PSIsInZhbHVlIjoiUEZDUDNKTlFxdnNPOEZhTDN2dnpGbnFhSXlNR2s1dE9OM21FMGY3MnlHUTdOOFNtMWZtek1xWUFmbUJqOW9FMlppZzlSeUZzUjNHS3ljNUwyTGV0bkYvNXRscVY5OU9hZ0o2U0MxSGZsRjBZaHh0aXY5NFAxTHN0WjZLYXNTTksiLCJtYWMiOiJhOGRjYmMwYmFiOGRlNjU5NTFlYzgzYmViZjQ5ODU0MzUyMDBhNzZjMmU0MGNlYjlmNzRjNTU1NGMwZGRjNTU2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mnrFuJOn3OoQnVImGSxPaFLthftkl2i6STz3nocxfNzRiIw78143 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qx5mRFu84Dkooz0S7iCXX5u3ULbpS6gxNUAos30PWFpXi1HB7RPBsgb HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijOG38jlE3Csa6VPdagQNh1ZGRw9wxNGNrENQrVC1wpG35UrCP3956170 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wx16mHgG3zIkcRUoCPQGlNSI17mnjc9bKeDSCBaBsqf6F90180 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rst8N6cnlCxOsMQhnswMwlUCaOLMUL9Kjbcu86gh0Bc8CZGqwwMNYgEYsXQoW0SG47ef196 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ophIsbkVflkPH6ucNNqWgQgh74rwHxeV0m3bqXIY45140 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghIwflouldIy5KfULABLPvrbjLWsGG8mn1W21fyM416lcWoJkBUvXYak5v3FPkLDoef203 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxmjNuYi8NFj9axNCKeelVGasqrjFfWilIrHNE12129 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qrVD5kJZloQSesAn3G3goFnI5CufOEbJOuztggbUKlWDbs12uhS3VGXPOyeiAat4cm4bAef240 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijOG38jlE3Csa6VPdagQNh1ZGRw9wxNGNrENQrVC1wpG35UrCP3956170 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvQfEFbBsA1PWjqjC2AsB3Sf3dRFflrh48dP0d45iW8WDARjIzdLtY2l8Xc5J58nzR6zokJzgh260 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpquAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mnrFuJOn3OoQnVImGSxPaFLthftkl2i6STz3nocxfNzRiIw78143 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wx16mHgG3zIkcRUoCPQGlNSI17mnjc9bKeDSCBaBsqf6F90180 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rst8N6cnlCxOsMQhnswMwlUCaOLMUL9Kjbcu86gh0Bc8CZGqwwMNYgEYsXQoW0SG47ef196 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghIwflouldIy5KfULABLPvrbjLWsGG8mn1W21fyM416lcWoJkBUvXYak5v3FPkLDoef203 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qrVD5kJZloQSesAn3G3goFnI5CufOEbJOuztggbUKlWDbs12uhS3VGXPOyeiAat4cm4bAef240 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvQfEFbBsA1PWjqjC2AsB3Sf3dRFflrh48dP0d45iW8WDARjIzdLtY2l8Xc5J58nzR6zokJzgh260 HTTP/1.1Host: l6agz47874.eleteriod.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: l6agz47874.eleteriod.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l6agz47874.eleteriod.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3DSec-WebSocket-Key: LsedKZoIcbErJJT9E6jUMQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: l6agz47874.eleteriod.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l6agz47874.eleteriod.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3DSec-WebSocket-Key: Q4Eaqzm5qCcAMYL5zpkxyA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAXdFG2zXJUebwUgguGYWWbHRMsnS%2B4IfSJ9%2BCMd1QcLvOUKxuUSRpoToucJiIKN2Uig6kxTP7vIdH5DZZ1J1cmAGXijsrrU8WEAcKfFtMGb/hlvt6wZ5Xe/5Vnzei%2BbUCV24DETulkPCOkxstvI/Tf5heKDuj7x6JR5SuVsgZp3gqkWaN1cDvwjhfvoTMNtajKUZQb3NKEwFF1S%2Bs6tQxVdHO1AwypUjrjWphX2YWX0qu9WxxlouyEKb1GN/x8pEzxMkNl4YJjo/O709R/jdrqM/z08QQGyTZwb1ssFiu5kMcGRYf17HwRiztous9d%2BeWuGM/UxkYuN6WqtmX%2BqU0lIDZgAACKgQE27m1mYWqAH8eGq7gEmi9vK%2BplDA7hPkTr7Db5xxhKrEmVQDndkmjb30nAOh/N49GoGe0rAdnt0xddy3UFOwx29EbBE68p6nnZRYPPTNMXklCuCxwuPhIIG2SYw8v/LZGbHf8oYpZuSew4Ji1LmNS9LO2qH4qo0q3HUBzX/KNOoj/AA3mkpdwOGrd9O5uiHrGnpPUl5nnA11y70TeZqyFQ9/zi2Io9Z6qsHUc%2BCByhqAPYo8QhbjRbfyG6FqtXWuB6UAWKCauO6HPc93RNQtUnImZt0c3J2wDVOWxUEKBj45BPnEUfSjumszcYxM1yYkVtoecYAlHkY6su8QNH4TWu0Jihg0R7pSPIMh6SlgR6ZB346gKPQ3%2BDKbGakiiqSjUApfEnEcysx%2BgfcCUBf4gb8XgbasTZ25/DWXzlV3iZ82d1bn%2Bgxa%2B0unzgauO1RUx7AWra3u9smmqwt%2BVG/V%2BUO5enr9sajC12nqTJuNTXCrI1NQ3uSu%2B2P7KSVBrlIoswUcKF1JDx5IROBXMCY7AVmebQ422xJl2Esei2YVPY//7X6E6CUxo99vEzLn5Nbu2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1716400950User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 6A97F568F31A49E68974184EE4BAC773X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: l6agz47874.eleteriod.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l6agz47874.eleteriod.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3DSec-WebSocket-Key: CUfZK1E4poc18IHvNngsIQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: l6agz47874.eleteriod.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l6agz47874.eleteriod.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3DSec-WebSocket-Key: m39/iTEHBOJZgQigJUiDXQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: l6agz47874.eleteriod.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://l6agz47874.eleteriod.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhzWW1LWHZaeXlIbnBkYVZMZzcxeFE9PSIsInZhbHVlIjoiMkQ2K3l1V3RuK0xCeFRBdHU2MEI1dmJwbjBnNGdEdnR0SkJmZ2x1c1JOMlVSc2xWZFRtVFd1aDV3dWF2clZuRS84dCtTcmpDK3Y1TzcxVjhNOE9Yb1VFOVFORmROVTBZbkhaaVhNQ2JaMDdIVW9TcFQxMFVGekdUZ0hBNFJSRXEiLCJtYWMiOiI2ZDliM2Y5YTMxZjAwY2Y5MDIxM2QxN2Q2ZTZlMDNlNGI4NGI2ZjFlYzNlOGQ0NTgwYmY3ZGQ5ODNkOWJmZTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijgwazd0azVpZ3ZWMTRrT2dqUDhPeGc9PSIsInZhbHVlIjoiZ2lmVWpZRFRrcVdWYU5CTzZWNWRWUGhNNnA3ZmE0NGNNbUhlcFJEMDNFaE1Bb3ZpcnZobXY2MUs4anlXekJlQXQ4UEtjVWFmc05qUTJRczc1M0E1Wkp5MXhUeThtWStLdDVCMklsL3IxSC96TTNNZlo4UHZhSGIvYVFHVE9xdXAiLCJtYWMiOiI4N2ExOTg1NTQ3Y2M0YmNlNWIxNTg1MTlhM2I2YjljNjBlNWNmNTM0MzA3MzcyMjE5ZDMxODU2Zjg1OWFhMTY3IiwidGFnIjoiIn0%3DSec-WebSocket-Key: aSVMZuhgikmYM+al6D/0Pg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic DNS traffic detected: DNS query: l6agz47874.eleteriod.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: cdn.socket.io
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 18:01:46 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: ntR2hJBVBgQvhgwzVtBIEg==$3hHYbZpDYMLu55b282m5Bw==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 887eb6a378b31931-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 18:01:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2F%2F8fwA2vqs0hV6X0YqxGjR8hNSV4ALUkWJ9ZqXpcwgvn3H2XftGw5hRayQGVWETcok%2BOJCsdFnBTe1MguSvFO6edSx8zGPhbbDQK0ZZAI9Pvf6EskfaNztiJqInHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: MISSServer: cloudflareCF-RAY: 887eb69c4a7e0f4f-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 18:01:50 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: bJNWeR6Mx6KJi26VZ8zlwQ==$QuCqQ3ZoWMg/jCSs03f3Xw==Server: cloudflareCF-RAY: 887eb6b9a95e191b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 18:01:59 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: kT3T1djzdOP0dQxROqgjmQ==$xMNjfwv62KNOiKqynHhkfQ==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 887eb6f13b4f8c8d-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 18:02:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OQvzM6oCr283x2CCG8k6QASNgqXPqG4IGodvOOdZJ6VagY3SgjGTcAShCT4aVGUVFLZaA25gpHKVTLGP6IMuRGU2OB91YvnBe8ymkHHMygPo9UeVxy1g5JvQ5Wwsmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 887eb6fe0c7f17e1-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 18:02:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03ournybIm5fwVsi%2BnHoJXAeBfPt9vrrs%2B21q%2BfVieYahpeuXDgyAx9KLptdbEDBzO4s2Yu2AtiPsrnOsOq%2BgonVz4up9Q6OSblepM9tYcQAu1ZNTeCxReNJfEFKGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 887eb743ddae4358-EWR
Source: Airbornemx SWIFT COPY _ Wednesday May 2024..rtf String found in binary or memory: https://airbornemx.com/Scanned_from_Xexox_Multifun...
Source: Airbornemx SWIFT COPY _ Wednesday May 2024..rtf String found in binary or memory: https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20=
Source: chromecache_351.6.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_351.6.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__en.js
Source: unknown Network traffic detected: HTTP traffic on port 59890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 59905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59907
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 59894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59903
Source: unknown Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59902
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59905
Source: unknown Network traffic detected: HTTP traffic on port 59871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59873
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59870
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59917
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59919
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59915
Source: unknown Network traffic detected: HTTP traffic on port 59931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59877
Source: unknown Network traffic detected: HTTP traffic on port 59891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59910
Source: unknown Network traffic detected: HTTP traffic on port 59913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59876
Source: unknown Network traffic detected: HTTP traffic on port 59877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59878
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59911
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59883
Source: unknown Network traffic detected: HTTP traffic on port 59934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59880
Source: unknown Network traffic detected: HTTP traffic on port 59907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59881
Source: unknown Network traffic detected: HTTP traffic on port 59928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 59888 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59929
Source: unknown Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59928
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59925
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59921
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59887
Source: unknown Network traffic detected: HTTP traffic on port 59892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59920
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59922
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59894
Source: unknown Network traffic detected: HTTP traffic on port 59910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59897
Source: unknown Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59891
Source: unknown Network traffic detected: HTTP traffic on port 59937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59890
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59892
Source: unknown Network traffic detected: HTTP traffic on port 59904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59935
Source: unknown Network traffic detected: HTTP traffic on port 59872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59937
Source: unknown Network traffic detected: HTTP traffic on port 59897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59933
Source: unknown Network traffic detected: HTTP traffic on port 59909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59886 -> 443
Source: unknown HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:59885 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:59927 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:59928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:59929 version: TLS 1.2
Document contains embedded VBA macros
Source: iso690.xsl.0.dr OLE indicator, VBA macros: true
Source: gb.xsl.0.dr OLE indicator, VBA macros: true
Source: sist02.xsl.0.dr OLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.dr OLE indicator, VBA macros: true
Source: harvardanglia2008officeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: turabian.xsl.0.dr OLE indicator, VBA macros: true
Source: gosttitle.xsl.0.dr OLE indicator, VBA macros: true
Source: chicago.xsl.0.dr OLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: gostname.xsl.0.dr OLE indicator, VBA macros: true
Source: iso690nmerical.xsl.0.dr OLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.dr OLE indicator, VBA macros: true
Document misses a certain OLE stream usually present in this Microsoft Office document type
Source: ~DFC8B2898F20CC214B.TMP.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gb.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: harvardanglia2008officeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gosttitle.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: mal72.phis.winRTF@23/308@22/12
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\Office Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\{58C547B7-7916-4CBB-AEF1-7F9E8F5B6977} - OProcSessId.dat Jump to behavior
Source: Element design set.dotx.0.dr OLE indicator, Word Document stream: true
Source: Equations.dotx.0.dr OLE indicator, Word Document stream: true
Source: Insight design set.dotx.0.dr OLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr OLE indicator, Word Document stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\Airbornemx SWIFT COPY _ Wednesday May 2024..rtf" /o ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,11068479101874162425,8933108518678558561,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20= Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,11068479101874162425,8933108518678558561,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Airbornemx SWIFT COPY _ Wednesday May 2024..LNK.0.dr LNK file: ..\..\..\..\..\Desktop\Airbornemx SWIFT COPY _ Wednesday May 2024..rtf
Source: Google Drive.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: Element design set.dotx.0.dr Initial sample: OLE indicators vbamacros = False
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1445932 Sample: Airbornemx SWIFT COPY _ Wed... Startdate: 22/05/2024 Architecture: WINDOWS Score: 72 27 AI detected phishing page 2->27 29 Yara detected HtmlPhish10 2->29 31 HTML page contains suspicious base64 encoded javascript 2->31 33 3 other signatures 2->33 7 WINWORD.EXE 135 457 2->7         started        process3 process4 9 chrome.exe 9 7->9         started        dnsIp5 15 192.168.2.17, 138, 443, 49584 unknown unknown 9->15 17 192.168.2.5 unknown unknown 9->17 19 239.255.255.250 unknown Reserved 9->19 12 chrome.exe 9->12         started        process6 dnsIp7 21 l6agz47874.eleteriod.com 188.114.97.3, 443, 49767, 59866 CLOUDFLARENETUS European Union 12->21 23 www.google.com 172.217.16.196, 443, 49777, 59932 GOOGLEUS United States 12->23 25 8 other IPs or domains 12->25
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
216.58.212.164
 unknown United States
15169 GOOGLEUS false
104.17.3.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
13.227.219.47
 d2vgu95hoyrpkh.cloudfront.net United States
16509 AMAZON-02US false
151.101.2.137
 code.jquery.com United States
54113 FASTLYUS false
239.255.255.250
 unknown Reserved
unknown unknown false
188.114.97.3
 l6agz47874.eleteriod.com European Union
13335 CLOUDFLARENETUS true
188.114.96.3
 unknown European Union
13335 CLOUDFLARENETUS false
172.217.16.196
 www.google.com United States
15169 GOOGLEUS false
104.17.2.184
 unknown United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.17
192.168.2.5

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
code.jquery.com 151.101.2.137 true
d2vgu95hoyrpkh.cloudfront.net 13.227.219.47 true
l6agz47874.eleteriod.com 188.114.97.3 true
challenges.cloudflare.com 104.17.3.184 true
www.google.com 172.217.16.196 true
cdn.socket.io unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://l6agz47874.eleteriod.com/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://l6agz47874.eleteriod.com/nmZPXExYNWLex4mM7631aNGhsiAsiJXNjNRAer false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/887eb68febf4728a/1716400905710/4539064854afb4f32570c5bc254e9c2c21c56b69a3fe49046984c2bf6f485953/Gi_dQDPtKhTCYfB false
  • Avira URL Cloud: safe
 unknown
https://l6agz47874.eleteriod.com/ophIsbkVflkPH6ucNNqWgQgh74rwHxeV0m3bqXIY45140 false
  • Avira URL Cloud: safe
 unknown
https://code.jquery.com/jquery-3.6.0.min.js false
  • URL Reputation: safe
 unknown
https://l6agz47874.eleteriod.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket false
  • Avira URL Cloud: safe
 unknown
https://l6agz47874.eleteriod.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js false
  • Avira URL Cloud: safe
 unknown
https://l6agz47874.eleteriod.com/cdHTrgIfxVnMGL3mur53GZppEX78Gw6Ke7xoztQTkl93 false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=887eb68febf4728a false
  • Avira URL Cloud: safe
 unknown
https://l6agz47874.eleteriod.com/56P6RmVW07q5q2IzmAMROCmNGghm8kh7E6A89106 false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1805048405:1716398150:X45MG1wplxtOLBIWwajWeE9aw9tmayvdMiPEFXoWqXM/887eb68febf4728a/60ba1c6e58abf92 false
  • Avira URL Cloud: safe
 unknown
https://l6agz47874.eleteriod.com/GIUVBENOELELFZHVJGRJARAEcuklweeqftuggnrbfef?avdpyfnsaihevlyllklgbgppwzgvijsyuartpqu true
    		unknown
    https://l6agz47874.eleteriod.com/ijOG38jlE3Csa6VPdagQNh1ZGRw9wxNGNrENQrVC1wpG35UrCP3956170 false
    • Avira URL Cloud: safe
    		 unknown
    https://l6agz47874.eleteriod.com/k3hof49809/#dG9kZC5mcmFuY2VAYWlyYm9ybmVteC5jb20= true
      		unknown
      https://l6agz47874.eleteriod.com/wx16mHgG3zIkcRUoCPQGlNSI17mnjc9bKeDSCBaBsqf6F90180 false
      • Avira URL Cloud: safe
      		 unknown
      https://l6agz47874.eleteriod.com/uvQfEFbBsA1PWjqjC2AsB3Sf3dRFflrh48dP0d45iW8WDARjIzdLtY2l8Xc5J58nzR6zokJzgh260 false
      • Avira URL Cloud: safe
      		 unknown
      https://l6agz47874.eleteriod.com/mnE9XqQd7cwqeoHDOHNYdiJtyPkloVeKQZ2voYzCFSgjKIkn2oSmCsuv216 false
      • Avira URL Cloud: safe
      		 unknown
      https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js false
      • Avira URL Cloud: safe
      		 unknown
      https://l6agz47874.eleteriod.com/k3hof49809/?NYtodd.france@airbornemx.com false
      • Avira URL Cloud: safe
      		 unknown
      https://l6agz47874.eleteriod.com/aberie6jZkbpqVFEef25 false
      • Avira URL Cloud: safe
      		 unknown
      https://l6agz47874.eleteriod.com/ghIwflouldIy5KfULABLPvrbjLWsGG8mn1W21fyM416lcWoJkBUvXYak5v3FPkLDoef203 false
      • Avira URL Cloud: safe
      		 unknown
      https://l6agz47874.eleteriod.com/k3hof49809/ false
      • Avira URL Cloud: safe
      		 unknown
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8xyog/0x4AAAAAAAawZipfMclJYEh2/auto/normal false
        		unknown
        https://l6agz47874.eleteriod.com/90FwFNCSlKcg1gKnc9avIcdQUX4h1cyz71 false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/qx5mRFu84Dkooz0S7iCXX5u3ULbpS6gxNUAos30PWFpXi1HB7RPBsgb false
        • Avira URL Cloud: safe
        		 unknown
        https://cdn.socket.io/4.6.0/socket.io.min.js false
        • URL Reputation: safe
        		 unknown
        https://l6agz47874.eleteriod.com/12GxD1xKYiaDaUT560Micgpqr50 false
        • Avira URL Cloud: safe
        		 unknown
        https://www.google.com/recaptcha/api.js false
        • Avira URL Cloud: safe
        		 unknown
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/887eb68febf4728a/1716400905715/yORtcSm8PD7IuNp false
        • Avira URL Cloud: safe
        		 unknown
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/12HIw9eOWu0absr2Ad26720 false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/pqOXwEJDxFZyzN1auv36 false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/wxmjNuYi8NFj9axNCKeelVGasqrjFfWilIrHNE12129 false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/ijzMs0cz14Ykf4YeICAFuTHWbFbbJHCA5mZLgEiNPVxzipqrcsEibC8DNKk2zdEbovEab228 false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/56RriKccTQyAhplO4d67VmBjviYuv59 false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/rst8N6cnlCxOsMQhnswMwlUCaOLMUL9Kjbcu86gh0Bc8CZGqwwMNYgEYsXQoW0SG47ef196 false
        • Avira URL Cloud: safe
        		 unknown
        https://a.nel.cloudflare.com/report/v4?s=EAX%2FRU%2Bc7z2xxx%2FJ9wQlhyY7eqZcpLaGFfqm%2FpsPPQF%2FQfgPXygs2%2B54S9fdCZrRITVHyGwXx31xb6uu6g3XHuVjt0d8scfaSaecMWxgWl59qtw9o5ybzegDv2ylYQ%3D%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://l6agz47874.eleteriod.com/23tBEhtKGMgm89BkdRhzvw70 false
        • Avira URL Cloud: safe
        		 unknown