Edit tour

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==

Overview

General Information

Sample URL:	https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==
Analysis ID:	1446096
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious javascript

Phishing site detected (based on shot match)

HTML page contains hidden URLs or javascript code

Classification

Process Tree

System is w7x64

chrome.exe (PID: 1960 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1072 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1296,i,15652934967299704793,8133894200337167892,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 2996 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious javascript

Source: https://www.odessatypical.site/?2NLW=CRGS

LLM: Score: 8 Reasons: The code appears to be obfuscated, which is a common technique used to hide malicious intent. It includes references to various HTML elements and properties that could be used for phishing or other malicious activities. The presence of functions like 'requestIdleCallback', 'setImmediate', and 'send' without clear context raises suspicion. Additionally, the inclusion of URLs and potential tracking elements suggests it could be part of a larger malicious script. DOM: 0.3.pages.csv

Phishing site detected (based on shot match)

Source: https://www.odessatypical.site/?2NLW=CRGS	Matcher: Template: captcha matched
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg	Matcher: Template: captcha matched
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg	Matcher: Template: captcha matched
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	Matcher: Template: captcha matched

Source: https://www.odessatypical.site/?2NLW=CRGS

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	HTTP Parser: No favicon

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1960_984804291	Jump to behavior

Source: global traffic	HTTP traffic detected: GET /s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw== HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/Yl14V-89qjBdw-CF9OftziVJQ5zqY3w9W90Ovsyfob0XOn0CmU_hML-A3D76aECvg1hdolbKMaBjPW4ybsl3FDhpoUKqLFw9V06tTjsbxUAL8nsR4Vu8WrdpEPtlsePM3KVN5b986R43zK8MU3hJeNc6vcb5d9rVglXgHGwLiCtlDz8vz8fBblpRhTFvU_GkNC8N9dxasGb_TSjy097AVaU8nV_Fc2uYSv5uMhJX363Ziai-WhyKaRlvYIx3Jj535BWfaRafWCcC-cj7445J86_uct13PuGAjDU19y9jAHeR-O3JD7oZMFuuISRKZRDFHFJeZT2_LSKQyjKNFC_HT8zRXzCsnnVqORFG50D2AtqWjzIy6vC3uieIbLEIDYJbJAg62mW4AwwGdAKr3HwgHtmF4KyrfEvmXPp_XD3QwfJ-OofBOD6gEuvPonjcIlbUwC4sUIZMpDchewO2u5HB6H3L25NCUVxpm7cvbHF7Iv9cXLQzvYogyxg3AD5uB1b4vfmTv6AIsL1pAUGN5L-QLd9FFLHTRYg56uV7ElSLB7K9e8N6wdarcPBJrMoaMB6xwD1MnHmNW0M0Y-9PD1O65kHmrkYtPx_lDK4IBQ8YpvNsySFmLue4WjQgpGDqRr11W59GvDT2naH1Oevczf2Sx-vyZjBO3blRmDLiuObosc6nT8y0TmPBNq0zA2xQU3D2ztQvB_6RqqgRzCIOgEftw8vj3633znsp8H3IX8hQtBSQGEUBR2MoSnK2WvZmJfr3tx7SrMmqLFbOl_u2-Q4VVziSxFW0TsXxQ5ugeaKu1SYYRWPF__oY70umJpUNefwhNVTeP7MFWbfwl9J4qczVMSzHRRyhIUXmOgCL1VnVxb72kqboLetZ-Jy8CA-mnT77wcMqKcjudWBwW8yWGVXgDM1PrFKaaBuavVGTjMMWDEm9J65NQscY36UN4f-_-Vti36Zq5dQTi4-4r-mdTzHxnfhlRAfbIf0ANroNEpsSaN9H8VUo5s3TbGHB_jLrmkiBqZn8HoI3jXu-E8WIcENULpQORdH7758x8X2JbXTbZaFdSyIkuDm13hnwnRWrfR4dZlfspF34WWe7IHzhfW4wC-R8E4HIKIfeD4OHQDOs70khmJeKHW_ARKtdekAaZuCTwYb0Nz0Xp8jV_GxGCKKfZae-ubPbzmUDSAOwMD4ALnea3MoNRgKPoAnGjqsGZfYXxy1HVw0OJODbh9w--IM-xTIHsNwJhTN_LyMqZ_aXEfq9moCyXmGURY8YkXsziWQLV-uYEHbqF5NR8QUlDy_ozN9EOeFQGDg6qnKz_3y_I5dzc9MeXxizkPgJqlPEDxNbsaxqDPa2nmBiNK6BPp5-yxMvLN0XsU-zsDti9PKiTf3fGoDPrYBUC0fRuD6hmsadvSYNwR5KjJ9p7EByqi3558wDPgG_6DpOQUaMgcq-_JdD8yVaDrGcpWwjQPEiistrXnbUG8YylNSww_cscK7O0R6VUlkJlSNMDdNAhrTEtY2TbCOHrl8pRql3cT6AQRMQ9fJVPzZJ9UN25hW3IqknKqZL3gFFc23oijD1U0p5bSjf6d3UzNRAbQ7KcNXYEKQNja6aZmCah_uxspFyYFhcgrJbGNewP6CuPNTV6Og5CERLAWCbqsqEgiRZWH58it1SFpi3YM9tIWwoI2ZKPzRs2Xg9LwywVCv_lfJEgo6GJb1ISFlHYAOooreHrXj1peOTL9EybMte4yXCJMhcc1ai6TXYtqGTNnLI7vew6KO0V9IAcOS7ApvX1eCr6iwoC1KzsM70GD7t1gZtgYHoFltZTMgiu9g94Nn_bwSXXIMkG1DAsMnfabe4NAl4Y7KwyTVpUBjEVC623rnXfU0qY31nU4fqzQ3RP2g3GDBh9OzGxc-oqXD4WFQX4GRlEta0qqTmjTMc5klTAef-tVYEKXBT0lFrE4TTH0hP08WIPWYQvhY HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mm/ HTTP/1.1Host: shiftdriversfit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?2NLW=CRGS HTTP/1.1Host: www.odessatypical.siteConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://shiftdriversfit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.odessatypical.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.odessatypical.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.odessatypical.site/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0; CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5yLICY_6cfbVj6gskNjevVu7oVeqaFJ0XX2KUqcfMAviI6iGH-YmgKT--NyOsGsRxfat5Mg6MUR4Are2dbjhJdR1EgKH7c5Dba2V7039FxJKPAxrF8Jzt8AoNaqup9tbEQTWTJwNSPkK1yo765RKVP6q3OniHvBgRBd7AzSn08UcbvTf1D48jKcASnDeX7dvsTyiHI&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmozAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5yLICY_6cfbVj6gskNjevVu7oVeqaFJ0XX2KUqcfMAviI6iGH-YmgKT--NyOsGsRxfat5Mg6MUR4Are2dbjhJdR1EgKH7c5Dba2V7039FxJKPAxrF8Jzt8AoNaqup9tbEQTWTJwNSPkK1yo765RKVP6q3OniHvBgRBd7AzSn08UcbvTf1D48jKcASnDeX7dvsTyiHI&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0; CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: shiftdriversfit.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.odessatypical.site

Source: unknown

HTTP traffic detected: POST /recaptcha/api2/reload?k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 7613sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmozAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_99.1.dr	String found in binary or memory: https://google.com
Source: chromecache_103.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_103.1.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_103.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_93.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: chromecache_106.1.dr, chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_100.1.dr, chromecache_103.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.
Source: chromecache_106.1.dr, chromecache_98.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js
Source: chromecache_99.1.dr	String found in binary or memory: https://www.odessatypical.site/?2NLW=CRGS

Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 49181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49181
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49176
Source: unknown	Network traffic detected: HTTP traffic on port 49182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49190
Source: unknown	Network traffic detected: HTTP traffic on port 49169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443

Source: classification engine

Classification label: mal48.phis.win@24/40@18/7

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1296,i,15652934967299704793,8133894200337167892,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw=="
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1296,i,15652934967299704793,8133894200337167892,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1960_984804291	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://developers.google.com/recaptcha/docs/faq#localhost_support	0%	URL Reputation	safe
https://support.google.com/recaptcha#6262736	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://www.apache.org/licenses/	0%	URL Reputation	safe
https://support.google.com/recaptcha/?hl=en#6223828	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca	0%	URL Reputation	safe
https://support.google.com/recaptcha/#6175971	0%	URL Reputation	safe
https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.	0%	URL Reputation	safe
https://support.google.com/recaptcha	0%	URL Reputation	safe
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5yLICY_6cfbVj6gskNjevVu7oVeqaFJ0XX2KUqcfMAviI6iGH-YmgKT--NyOsGsRxfat5Mg6MUR4Are2dbjhJdR1EgKH7c5Dba2V7039FxJKPAxrF8Jzt8AoNaqup9tbEQTWTJwNSPkK1yo765RKVP6q3OniHvBgRBd7AzSn08UcbvTf1D48jKcASnDeX7dvsTyiHI&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	0%	Avira URL Cloud	safe
https://cloud.google.com/recaptcha-enterprise/billing-information	0%	Avira URL Cloud	safe
https://cloud.google.com/contact	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/reload?k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	0%	Avira URL Cloud	safe
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
https://shiftdriversfit.com/mm/	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api.js	0%	Avira URL Cloud	safe
https://www.google.com/js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/	0%	Avira URL Cloud	safe
https://google.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.185.206	true	false	unknown
url.us.m.mimecastprotect.com	207.211.31.64	true	false	unknown
www.google.com	172.217.18.100	true	false	unknown
shiftdriversfit.com	209.124.66.28	true	false	unknown
www.odessatypical.site	146.190.231.136	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://shiftdriversfit.com/mm/	false	Avira URL Cloud: safe	unknown
https://www.google.com/js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30	false	Avira URL Cloud: safe	unknown
https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==	false		unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://www.odessatypical.site/?2NLW=CRGS	true		unknown
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5yLICY_6cfbVj6gskNjevVu7oVeqaFJ0XX2KUqcfMAviI6iGH-YmgKT--NyOsGsRxfat5Mg6MUR4Are2dbjhJdR1EgKH7c5Dba2V7039FxJKPAxrF8Jzt8AoNaqup9tbEQTWTJwNSPkK1yo765RKVP6q3OniHvBgRBd7AzSn08UcbvTf1D48jKcASnDeX7dvsTyiHI&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg	true		unknown
https://www.google.com/recaptcha/api.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/reload?k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha#6262736	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://cloud.google.com/recaptcha-enterprise/billing-information	chromecache_100.1.dr, chromecache_103.1.dr	false	Avira URL Cloud: safe	unknown
https://recaptcha.net	chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://www.apache.org/licenses/	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha/?hl=en#6223828	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://cloud.google.com/contact	chromecache_100.1.dr, chromecache_103.1.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_103.1.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha/#6175971	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.	chromecache_100.1.dr, chromecache_103.1.dr	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/api2/	chromecache_106.1.dr, chromecache_100.1.dr, chromecache_103.1.dr	false	Avira URL Cloud: safe	unknown
https://google.com	chromecache_99.1.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha	chromecache_103.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
209.124.66.28	shiftdriversfit.com	United States	55293	A2HOSTINGUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
207.211.31.64	url.us.m.mimecastprotect.com	United States	14135	NAVISITE-EAST-2US	false
146.190.231.136	www.odessatypical.site	United States	702	UUNETUS	false
172.217.18.100	www.google.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446096
Start date and time:	2024-05-22 22:11:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	4
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@24/40@18/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): vga.dll, WMIADAP.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.184.238, 142.251.168.84, 34.104.35.123, 142.250.186.35, 172.217.23.106, 142.250.185.74, 142.250.185.106, 142.250.185.138, 216.58.206.42, 142.250.185.170, 142.250.185.234, 142.250.184.234, 142.250.185.202, 142.250.181.234, 142.250.186.42, 142.250.186.74, 216.58.206.74, 172.217.18.10, 142.250.186.106, 172.217.16.202, 172.217.16.195, 142.250.184.227
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==

Input	Output
URL: https://www.odessatypical.site/?2NLW=CRGS Model: gpt-4o	```json { "riskscore": 8, "reasons": "The code appears to be obfuscated, which is a common technique used to hide malicious intent. It includes references to various HTML elements and properties that could be used for phishing or other malicious activities. The presence of functions like 'requestIdleCallback', 'setImmediate', and 'send' without clear context raises suspicion. Additionally, the inclusion of URLs and potential tracking elements suggests it could be part of a larger malicious script." }
function a0y(q,O){var C=a0T();return a0y=function(F,T){F=F-0x1a6;var y=C[F];return y;},a0y(q,O);}function a0T(){var rA=['classList','','','whiteSpace','ZpTKC','hasOwnProperty','TouchEvent','333473XOteKC','DGBiR','CtoLL','print','LOW_FLOAT','Serifa','#barraPublicidade','description','','pmVZK','word','CONFIGURABLE','log10','EXISTS','JHmxD','Object\x20already\x20initialized','WAppU','requestIdleCallback','','setImmediate','send','Fhcgb','rejectionhandled','.sb-box-pubbliredazionale','prhWB','JFRVJ','RegExp#exec\x20called\x20on\x20incompatible\x20receiver','ZsLZs','417035vCYWtm','Arial\x20Unicode\x20MS','setter','offsetHeight','set\x20','2206510gLBMfe','','','ayqzq','/npm-monitoring','expm1','__gCrWeb','availLeft','[object\x20WebPageNamespace]','DRGnZ','.as-oil','sinh','','race','trNew','webgl2','default','BvMpc','LkZyZ','AsyncFunction','Aknpv','','fillText','','fxUNo','24DQcAgP','frllC','uQgMm','knee','','stat','.o--cookies--container','querySelector','div[class$=\x22-hide\x22][zoompage-fontsize][style=\x22display:\x20block;\x22]','CSSPrimitiveValue','write','Unhandled\x20promise\x20rejection','flags','#Publicidade','isArray','fromCharCode','TypeError','ufWmi','pow','ontypechange','platform','nextTick','none','about:blank','webglCreateContextError','propertyIsEnumerable','LOW_INT','arc','Notification','matches','reason','CONSTRUCTOR','hhxdf','submit','Copy\x20the\x20text\x20below\x20to\x20get\x20the\x20debug\x20data:\x0a\x0a```\x0aversion:\x20','Clarendon','OIFwv','RegExp','host','userLanguage','visibility','serviceWorker','toJSON','','gkekb','create','rect','','oArcm','QObject','Levenim\x20MT','','IS_RECORD','tkNEb','pGhXd','','toStringTag','1.25','\x0atimeBetweenLoadAndGet:\x20','Null','suspended','','then','arity','loopEnd','innerWidth','kmHnE','rgba(102,\x20204,\x200,\x200.2)','context','NaN','iPad','kRJSe','QRqbK','notifications','Meiryo\x20UI','NeCqG','vDKxH','contentWindow','webkit','oTgyP','.cnt-publi','multiline','oHoLC','amp-embed[type=\x2224smi\x22]','atiuW','hRlRZ','unscopables','onreadystatechange','pdfViewerEnabled','CanvasCaptureMediaStream','Math','(forced-colors:\x20','puffinDevice','.right-and-left-sponsers','Symbol','AYiXD','HWorq','resolvedOptions','HaczZ','hasIndices','PROPER','','gkrmb','McdkR','MeSpG','pxvFm','InvalidAccessError','gMULW','\x20is\x20not\x20an\x20object','#cookies-policy-sticky','tMnZg','getSupportedExtensions','Generator\x20is\x20already\x20executing.','attributionsourceid','','Can\x27t\x20set\x20','fydne','','exp','','oprt','$(?!\x5cs)','okPbg','sham','','TpeLY','String\x20Iterator','tZAHA','onload','','frequency','global','dotAll','','symbol-to-string-registry','zQBJv','values','KmSlv','mozFullScreenElement','style','','psLmX','BYFsz','','','some','YOHjH','attributionSourceId','clientWidth','getContext','textSizeAdjust','','samsungAr','reverse','48px','configurable','upbUP','XOtUL','assign','acosh','YVtocmVmPSJodHRwOi8vd3d3LnNhbGlkemluaS5sdi8iXVtzdHlsZT0iZGlzcGxheTogYmxvY2s7IHdpZHRoOiA4OHB4OyBoZWlnaHQ6IDMxcH

URL: https://www.odessatypical.site/?2NLW=CRGS Model: gpt-4o

```json
{
  "riskscore": 8,
  "reasons": "The code appears to be obfuscated, which is a common technique used to hide malicious intent. It includes references to various HTML elements and properties that could be used for phishing or other malicious activities. The presence of functions like 'requestIdleCallback', 'setImmediate', and 'send' without clear context raises suspicion. Additionally, the inclusion of URLs and potential tracking elements suggests it could be part of a larger malicious script."
}

function a0y(q,O){var C=a0T();return a0y=function(F,T){F=F-0x1a6;var y=C[F];return y;},a0y(q,O);}function a0T(){var rA=['classList','','','whiteSpace','ZpTKC','hasOwnProperty','TouchEvent','333473XOteKC','DGBiR','CtoLL','print','LOW_FLOAT','Serifa','#barraPublicidade','description','','pmVZK','word','CONFIGURABLE','log10','EXISTS','JHmxD','Object\x20already\x20initialized','WAppU','requestIdleCallback','','setImmediate','send','Fhcgb','rejectionhandled','.sb-box-pubbliredazionale','prhWB','JFRVJ','RegExp#exec\x20called\x20on\x20incompatible\x20receiver','ZsLZs','417035vCYWtm','Arial\x20Unicode\x20MS','setter','offsetHeight','set\x20','2206510gLBMfe','','','ayqzq','/npm-monitoring','expm1','__gCrWeb','availLeft','[object\x20WebPageNamespace]','DRGnZ','.as-oil','sinh','','race','trNew','webgl2','default','BvMpc','LkZyZ','AsyncFunction','Aknpv','','fillText','','fxUNo','24DQcAgP','frllC','uQgMm','knee','','stat','.o--cookies--container','querySelector','div[class$=\x22-hide\x22][zoompage-fontsize][style=\x22display:\x20block;\x22]','CSSPrimitiveValue','write','Unhandled\x20promise\x20rejection','flags','#Publicidade','isArray','fromCharCode','TypeError','ufWmi','pow','ontypechange','platform','nextTick','none','about:blank','webglCreateContextError','propertyIsEnumerable','LOW_INT','arc','Notification','matches','reason','CONSTRUCTOR','hhxdf','submit','Copy\x20the\x20text\x20below\x20to\x20get\x20the\x20debug\x20data:\x0a\x0a```\x0aversion:\x20','Clarendon','OIFwv','RegExp','host','userLanguage','visibility','serviceWorker','toJSON','','gkekb','create','rect','','oArcm','QObject','Levenim\x20MT','','IS_RECORD','tkNEb','pGhXd','','toStringTag','1.25','\x0atimeBetweenLoadAndGet:\x20','Null','suspended','','then','arity','loopEnd','innerWidth','kmHnE','rgba(102,\x20204,\x200,\x200.2)','context','NaN','iPad','kRJSe','QRqbK','notifications','Meiryo\x20UI','NeCqG','vDKxH','contentWindow','webkit','oTgyP','.cnt-publi','multiline','oHoLC','amp-embed[type=\x2224smi\x22]','atiuW','hRlRZ','unscopables','onreadystatechange','pdfViewerEnabled','CanvasCaptureMediaStream','Math','(forced-colors:\x20','puffinDevice','.right-and-left-sponsers','Symbol','AYiXD','HWorq','resolvedOptions','HaczZ','hasIndices','PROPER','','gkrmb','McdkR','MeSpG','pxvFm','InvalidAccessError','gMULW','\x20is\x20not\x20an\x20object','#cookies-policy-sticky','tMnZg','getSupportedExtensions','Generator\x20is\x20already\x20executing.','attributionsourceid','','Can\x27t\x20set\x20','fydne','','exp','','oprt','$(?!\x5cs)','okPbg','sham','','TpeLY','String\x20Iterator','tZAHA','onload','','frequency','global','dotAll','','symbol-to-string-registry','zQBJv','values','KmSlv','mozFullScreenElement','style','','psLmX','BYFsz','','','some','YOHjH','attributionSourceId','clientWidth','getContext','textSizeAdjust','','samsungAr','reverse','48px','configurable','upbUP','XOtUL','assign','acosh','YVtocmVmPSJodHRwOi8vd3d3LnNhbGlkemluaS5sdi8iXVtzdHlsZT0iZGlzcGxheTogYmxvY2s7IHdpZHRoOiA4OHB4OyBoZWlnaHQ6IDMxcH

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (678)
Category:	downloaded
Size (bytes):	530210
Entropy (8bit):	5.701859595512278
Encrypted:	false
SSDEEP:	6144:wtuhY6tUEBBO4ljvqsGt8Wo8YmQw25s+zL+tmSmmX2t54zvnC:wtuYUv/otyq8LQu4za
MD5:	2976EE1346F476EF821A24E820DE8EFE
SHA1:	D8A3EAB47B8B5A991CFC046FBD93D293C5776884
SHA-256:	7A86A2EB9FE176A0E5F88A81F7170A8AEA01AD4AB9949E68682CCD0664C9FF2B
SHA-512:	FB7267E1C3A2E26A6AEF6CC62DC7363270665795D5C0DF162A5D8AA42BA7F68CFB8C06DA96FAD2AA5B10117784FA69B8D7AA21247B2DB2F520F4B82B046265C7
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././.. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././*.. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that contro

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 22, 2024 22:12:15.307775974 CEST	53	54821	8.8.8.8	192.168.2.22
May 22, 2024 22:12:15.344062090 CEST	53	52781	8.8.8.8	192.168.2.22
May 22, 2024 22:12:16.461723089 CEST	53	62672	8.8.8.8	192.168.2.22
May 22, 2024 22:12:19.650087118 CEST	58105	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:19.656682968 CEST	53	58105	8.8.8.8	192.168.2.22
May 22, 2024 22:12:19.660303116 CEST	64928	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:19.666826010 CEST	53	64928	8.8.8.8	192.168.2.22
May 22, 2024 22:12:19.724035025 CEST	57390	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:19.729371071 CEST	58095	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:19.766959906 CEST	53	57390	8.8.8.8	192.168.2.22
May 22, 2024 22:12:19.798389912 CEST	53	58095	8.8.8.8	192.168.2.22
May 22, 2024 22:12:33.551136971 CEST	53	54422	8.8.8.8	192.168.2.22
May 22, 2024 22:12:36.939363003 CEST	56329	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:36.939590931 CEST	63469	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:36.999367952 CEST	53	56329	8.8.8.8	192.168.2.22
May 22, 2024 22:12:36.999378920 CEST	53	63469	8.8.8.8	192.168.2.22
May 22, 2024 22:12:38.795772076 CEST	51828	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:38.801979065 CEST	53406	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:38.802174091 CEST	53	51828	8.8.8.8	192.168.2.22
May 22, 2024 22:12:38.811979055 CEST	53	53406	8.8.8.8	192.168.2.22
May 22, 2024 22:12:38.812520981 CEST	56345	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:38.844989061 CEST	51870	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:38.852161884 CEST	53	56345	8.8.8.8	192.168.2.22
May 22, 2024 22:12:38.870675087 CEST	53	51870	8.8.8.8	192.168.2.22
May 22, 2024 22:12:40.309323072 CEST	64956	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:40.309516907 CEST	54521	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:40.363744020 CEST	53	64956	8.8.8.8	192.168.2.22
May 22, 2024 22:12:40.363759995 CEST	53	54521	8.8.8.8	192.168.2.22
May 22, 2024 22:12:40.787645102 CEST	53	64687	8.8.8.8	192.168.2.22
May 22, 2024 22:12:41.445034027 CEST	53	56207	8.8.8.8	192.168.2.22
May 22, 2024 22:12:43.119285107 CEST	51014	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:43.119338989 CEST	49690	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:43.125848055 CEST	53	51014	8.8.8.8	192.168.2.22
May 22, 2024 22:12:43.132087946 CEST	53	49690	8.8.8.8	192.168.2.22
May 22, 2024 22:12:43.460109949 CEST	53	53060	8.8.8.8	192.168.2.22
May 22, 2024 22:12:44.266046047 CEST	53	63950	8.8.8.8	192.168.2.22
May 22, 2024 22:12:46.267395020 CEST	53	49478	8.8.8.8	192.168.2.22
May 22, 2024 22:12:47.240921974 CEST	53	58754	8.8.8.8	192.168.2.22
May 22, 2024 22:12:51.595830917 CEST	53	64215	8.8.8.8	192.168.2.22
May 22, 2024 22:12:57.963804007 CEST	65080	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:57.963956118 CEST	50702	53	192.168.2.22	8.8.8.8
May 22, 2024 22:12:57.985548973 CEST	53	50702	8.8.8.8	192.168.2.22
May 22, 2024 22:12:57.985559940 CEST	53	65080	8.8.8.8	192.168.2.22
May 22, 2024 22:13:09.227557898 CEST	53	51384	8.8.8.8	192.168.2.22
May 22, 2024 22:13:15.042941093 CEST	53	60971	8.8.8.8	192.168.2.22
May 22, 2024 22:13:19.698837996 CEST	59514	53	192.168.2.22	8.8.8.8
May 22, 2024 22:13:19.699170113 CEST	53077	53	192.168.2.22	8.8.8.8
May 22, 2024 22:13:19.706264973 CEST	53	59514	8.8.8.8	192.168.2.22
May 22, 2024 22:13:19.719528913 CEST	53	53077	8.8.8.8	192.168.2.22

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 22, 2024 22:12:15.307845116 CEST	192.168.2.22	8.8.8.8	d04c	(Port unreachable)	Destination Unreachable
May 22, 2024 22:12:19.803229094 CEST	192.168.2.22	8.8.8.8	d04a	(Port unreachable)	Destination Unreachable
May 22, 2024 22:12:43.460184097 CEST	192.168.2.22	8.8.8.8	d04e	(Port unreachable)	Destination Unreachable
May 22, 2024 22:12:47.240988970 CEST	192.168.2.22	8.8.8.8	d03e	(Port unreachable)	Destination Unreachable
May 22, 2024 22:13:19.719715118 CEST	192.168.2.22	8.8.8.8	d01d	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:20 UTC	716	OUT	GET /s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw== HTTP/1.1 Host: url.us.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:21 UTC	2200	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 22 May 2024 20:12:21 GMT Content-Length: 0 Connection: close Location: https://url.us.m.mimecastprotect.com/r/Yl14V-89qjBdw-CF9OftziVJQ5zqY3w9W90Ovsyfob0XOn0CmU_hML-A3D76aECvg1hdolbKMaBjPW4ybsl3FDhpoUKqLFw9V06tTjsbxUAL8nsR4Vu8WrdpEPtlsePM3KVN5b986R43zK8MU3hJeNc6vcb5d9rVglXgHGwLiCtlDz8vz8fBblpRhTFvU_GkNC8N9dxasGb_TSjy097AVaU8nV_Fc2uYSv5uMhJX363Ziai-WhyKaRlvYIx3Jj535BWfaRafWCcC-cj7445J86_uct13PuGAjDU19y9jAHeR-O3JD7oZMFuuISRKZRDFHFJeZT2_LSKQyjKNFC_HT8zRXzCsnnVqORFG50D2AtqWjzIy6vC3uieIbLEIDYJbJAg62mW4AwwGdAKr3HwgHtmF4KyrfEvmXPp_XD3QwfJ-OofBOD6gEuvPonjcIlbUwC4sUIZMpDchewO2u5HB6H3L25NCUVxpm7cvbHF7Iv9cXLQzvYogyxg3AD5uB1b4vfmTv6AIsL1pAUGN5L-QLd9FFLHTRYg56uV7ElSLB7K9e8N6wdarcPBJrMoaMB6xwD1MnHmNW0M0Y-9PD1O65kHmrkYtPx_lDK4IBQ8YpvNsySFmLue4WjQgpGDqRr11W59GvDT2naH1Oevczf2Sx-vyZjBO3blRmDLiuObosc6nT8y0TmPBNq0zA2xQU3D2ztQvB_6RqqgRzCIOgEftw8vj3633znsp8H3IX8hQtBSQGEUBR2MoSnK2WvZmJfr3tx7SrMmqLFbOl_u2-Q4VVziSxFW0TsXxQ5ugeaKu1SYYRWPF__oY70umJpUNefwhNVTeP7MFWbfwl9J4qczVMSzHRRyhIUXmOgCL1VnVxb72kqboLetZ-Jy8CA-mnT77wcMqKcjudWBwW8yWGVXgDM1PrFKaaBuavVGTjMMWDEm9J65NQscY36UN4f-_-Vti36Zq5dQTi4-4r-m [TRUNCATED] Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:21 UTC	2637	OUT	GET /r/Yl14V-89qjBdw-CF9OftziVJQ5zqY3w9W90Ovsyfob0XOn0CmU_hML-A3D76aECvg1hdolbKMaBjPW4ybsl3FDhpoUKqLFw9V06tTjsbxUAL8nsR4Vu8WrdpEPtlsePM3KVN5b986R43zK8MU3hJeNc6vcb5d9rVglXgHGwLiCtlDz8vz8fBblpRhTFvU_GkNC8N9dxasGb_TSjy097AVaU8nV_Fc2uYSv5uMhJX363Ziai-WhyKaRlvYIx3Jj535BWfaRafWCcC-cj7445J86_uct13PuGAjDU19y9jAHeR-O3JD7oZMFuuISRKZRDFHFJeZT2_LSKQyjKNFC_HT8zRXzCsnnVqORFG50D2AtqWjzIy6vC3uieIbLEIDYJbJAg62mW4AwwGdAKr3HwgHtmF4KyrfEvmXPp_XD3QwfJ-OofBOD6gEuvPonjcIlbUwC4sUIZMpDchewO2u5HB6H3L25NCUVxpm7cvbHF7Iv9cXLQzvYogyxg3AD5uB1b4vfmTv6AIsL1pAUGN5L-QLd9FFLHTRYg56uV7ElSLB7K9e8N6wdarcPBJrMoaMB6xwD1MnHmNW0M0Y-9PD1O65kHmrkYtPx_lDK4IBQ8YpvNsySFmLue4WjQgpGDqRr11W59GvDT2naH1Oevczf2Sx-vyZjBO3blRmDLiuObosc6nT8y0TmPBNq0zA2xQU3D2ztQvB_6RqqgRzCIOgEftw8vj3633znsp8H3IX8hQtBSQGEUBR2MoSnK2WvZmJfr3tx7SrMmqLFbOl_u2-Q4VVziSxFW0TsXxQ5ugeaKu1SYYRWPF__oY70umJpUNefwhNVTeP7MFWbfwl9J4qczVMSzHRRyhIUXmOgCL1VnVxb72kqboLetZ-Jy8CA-mnT77wcMqKcjudWBwW8yWGVXgDM1PrFKaaBuavVGTjMMWDEm9J65NQscY36UN4f-_-Vti36Zq5dQTi4-4r-mdTzHxnfhlRAfbIf0ANroNEpsSaN9H8VUo5s3TbGHB_ [TRUNCATED] Host: url.us.m.mimecastprotect.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:36 UTC	302	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 22 May 2024 20:12:36 GMT Content-Length: 0 Connection: close Location: https://shiftdriversfit.com/mm/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:37 UTC	666	OUT	GET /mm/ HTTP/1.1 Host: shiftdriversfit.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:38 UTC	485	IN	HTTP/1.1 200 OK Connection: close x-powered-by: PHP/8.1.28 content-type: text/html; charset=UTF-8 content-length: 836 date: Wed, 22 May 2024 20:12:38 GMT server: LiteSpeed strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-05-22 20:12:38 UTC	836	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 6d 61 69 6e 5f 6c 69 6e 6b 20 3d 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 64 65 73 73 61 74 79 70 69 63 61 6c 2e 73 69 74 65 2f 3f 32 4e 4c 57 3d 43 52 47 53 22 3b 0a 0a 0a 20 20 20 20 69 66 20 28 21 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 29 20 7b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f 2f 67 6f 6f 67 6c 65 2e 63 6f 6d 22 3b 0a 20 20 20 20 7d 0a 20 20 20 20 76 61 72 20 66 72 61 67 6d 65 6e 74 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 69 6e 67 28 31 29 3b 0a 0a 0a 20 20 20 20 69 66 20 28 66 72 61 67 6d 65 6e 74 2e 6c 65 6e 67 74 68 20 3c 20 33 29 20 7b 0a 20 20 20 20 20 20 20 Data Ascii: <script> var main_link = "https://www.odessatypical.site/?2NLW=CRGS"; if (!window.location.hash) { location.href = "https://google.com"; } var fragment = window.location.hash.substring(1); if (fragment.length < 3) {

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:39 UTC	701	OUT	GET /?2NLW=CRGS HTTP/1.1 Host: www.odessatypical.site Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://shiftdriversfit.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:40 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 May 2024 20:12:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-05-22 20:12:40 UTC	16203	IN	Data Raw: 37 37 66 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 79 28 71 2c 4f 29 7b 76 61 72 20 43 3d 61 30 54 28 29 3b 72 65 74 75 72 6e 20 61 30 79 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 54 29 7b 46 3d 46 2d 30 78 31 61 36 3b 76 61 72 20 79 3d 43 5b 46 5d 3b 72 65 74 75 72 6e 20 79 3b 7d 2c 61 30 79 28 71 2c 4f 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 61 30 54 28 29 7b 76 61 72 20 72 41 3d 5b 27 63 6c 61 73 73 4c 69 73 74 27 2c 27 27 2c 27 27 2c 27 77 68 69 74 65 53 70 61 63 65 27 2c 27 5a 70 54 4b 43 27 2c 27 68 61 73 4f 77 6e 50 72 6f 70 65 Data Ascii: 77f6<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0y(q,O){var C=a0T();return a0y=function(F,T){F=F-0x1a6;var y=C[F];return y;},a0y(q,O);}function a0T(){var rA=['classList','','','whiteSpace','ZpTKC','hasOwnPrope
2024-05-22 20:12:40 UTC	14515	IN	Data Raw: 27 2c 27 44 4f 4d 52 65 63 74 4c 69 73 74 27 2c 27 7a 6f 6f 6d 27 2c 27 6e 6f 2d 70 72 65 66 65 72 65 6e 63 65 27 2c 27 31 32 4b 75 4f 63 4d 6c 27 2c 27 66 61 69 6c 27 2c 27 76 6b 4e 78 43 27 2c 27 70 61 67 65 58 4f 66 66 73 65 74 27 2c 27 32 30 33 30 37 35 61 43 57 59 41 53 27 2c 27 4c 65 74 74 65 72 5c 78 32 30 47 6f 74 68 69 63 27 2c 27 23 73 6f 76 72 6e 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 27 5e 28 3f 3a 27 2c 27 6e 6a 73 79 42 27 2c 27 6c 6d 52 54 74 27 2c 27 63 6f 6d 70 6f 6e 65 6e 74 73 27 2c 27 23 30 36 39 27 2c 27 73 74 61 74 65 27 2c 27 66 75 6e 63 74 69 6f 6e 27 2c 27 4c 74 59 65 59 27 2c 27 72 65 70 6c 61 63 65 27 2c 27 71 75 65 75 65 4d 69 63 72 6f 74 61 73 6b 27 2c 27 4d 59 52 49 41 44 5c 78 32 30 50 52 4f 27 2c 27 72 65 6e 64 65 72 65 64 42 Data Ascii: ','DOMRectList','zoom','no-preference','12KuOcMl','fail','vkNxC','pageXOffset','203075aCWYAS','Letter\x20Gothic','#sovrn_container','^(?:','njsyB','lmRTt','components','#069','state','function','LtYeY','replace','queueMicrotask','MYRIAD\x20PRO','renderedB
2024-05-22 20:12:40 UTC	16384	IN	Data Raw: 63 38 30 33 0d 0a 29 7b 76 61 72 20 62 3d 4a 28 30 78 33 61 61 29 2c 68 3d 4a 28 30 78 31 30 65 65 29 3b 4c 5b 46 6c 28 30 78 33 33 62 29 5d 3d 21 62 26 26 21 68 26 26 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 46 6c 28 30 78 32 31 31 29 3d 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 3b 7d 65 6c 73 65 7b 69 66 28 21 42 28 61 29 7c 7c 5a 28 63 29 29 72 65 74 75 72 6e 20 47 3b 76 61 72 20 52 2c 78 3d 6a 28 59 2c 49 29 3b 69 66 28 78 29 7b 69 66 28 76 6f 69 64 20 30 78 30 3d 3d 3d 4c 26 26 28 44 3d 46 6c 28 30 78 35 38 35 29 29 2c 52 3d 45 28 78 2c 6c 2c 66 29 2c 21 4b 28 52 29 7c 7c 48 28 52 29 29 72 65 74 75 72 6e 20 52 3b 74 68 72 6f 77 20 6e 65 77 20 55 28 46 6c 28 30 78 35 31 37 29 29 3b 7d 72 65 74 75 72 6e 20 76 6f Data Ascii: c803){var b=J(0x3aa),h=J(0x10ee);L[Fl(0x33b)]=!b&&!h&&'object'==typeof window&&Fl(0x211)==typeof document;}else{if(!B(a)\|\|Z(c))return G;var R,x=j(Y,I);if(x){if(void 0x0===L&&(D=Fl(0x585)),R=E(x,l,f),!K(R)\|\|H(R))return R;throw new U(Fl(0x517));}return vo
2024-05-22 20:12:40 UTC	16384	IN	Data Raw: 30 79 2c 59 3d 42 2b 79 42 28 30 78 34 66 34 29 3b 72 65 74 75 72 6e 20 70 5b 79 42 28 30 78 33 66 36 29 5d 3d 68 28 62 2c 7b 27 6e 65 78 74 27 3a 52 28 2b 21 6a 2c 5a 29 7d 29 2c 78 28 70 2c 59 2c 21 30 78 31 2c 21 30 78 30 29 2c 6b 5b 59 5d 3d 57 2c 70 3b 7d 3b 7d 2c 30 78 31 36 31 65 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 4a 2c 52 29 7b 76 61 72 20 79 61 3d 61 30 79 2c 6b 3d 52 28 30 78 32 31 61 34 29 2c 57 3d 52 28 30 78 37 30 66 29 2c 42 3d 52 28 30 78 32 35 35 35 29 2c 5a 3d 52 28 30 78 38 30 30 29 2c 6a 3d 52 28 30 78 35 63 62 29 2c 59 3d 52 28 30 78 34 31 30 29 2c 49 3d 52 28 30 78 63 36 64 29 2c 4d 3d 52 28 30 78 37 61 31 29 2c 7a 3d 52 28 30 78 38 65 35 29 2c 51 3d 52 28 30 78 32 33 34 64 29 2c 41 3d 52 28 30 78 31 65 65 61 29 2c 56 3d 52 28 30 78 Data Ascii: 0y,Y=B+yB(0x4f4);return p[yB(0x3f6)]=h(b,{'next':R(+!j,Z)}),x(p,Y,!0x1,!0x0),k[Y]=W,p;};},0x161e:function(G,J,R){var ya=a0y,k=R(0x21a4),W=R(0x70f),B=R(0x2555),Z=R(0x800),j=R(0x5cb),Y=R(0x410),I=R(0xc6d),M=R(0x7a1),z=R(0x8e5),Q=R(0x234d),A=R(0x1eea),V=R(0x
2024-05-22 20:12:40 UTC	16384	IN	Data Raw: 69 6f 6e 28 6a 29 7b 76 61 72 20 59 3d 52 2b 2b 2c 49 3d 21 30 78 31 3b 78 2b 2b 2c 68 28 68 2c 68 2c 6a 29 5b 27 74 68 65 6e 27 5d 28 66 75 6e 63 74 69 6f 6e 28 4d 29 7b 49 7c 7c 28 49 3d 21 30 78 30 2c 75 5b 59 5d 3d 4d 2c 2d 2d 78 7c 7c 75 28 75 29 29 3b 7d 2c 78 29 3b 7d 29 2c 2d 2d 78 7c 7c 6b 28 75 29 3b 7d 7d 2c 30 78 32 36 30 38 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 73 67 3d 61 30 79 2c 62 3d 4a 28 30 78 37 30 66 29 2c 68 3d 4a 28 30 78 31 36 37 62 29 2c 75 3d 4a 28 30 78 31 32 63 66 29 2c 52 3d 4a 28 30 78 31 39 66 64 29 2c 78 3d 52 65 67 45 78 70 5b 73 67 28 30 78 33 66 36 29 5d 3b 4c 5b 73 67 28 30 78 33 33 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 76 61 72 20 73 56 3d 73 67 2c 57 3d 6b 5b 73 56 28 30 78 35 39 61 Data Ascii: ion(j){var Y=R++,I=!0x1;x++,h(h,h,j)['then'](function(M){I\|\|(I=!0x0,u[Y]=M,--x\|\|u(u));},x);}),--x\|\|k(u);}},0x2608:function(L,G,J){var sg=a0y,b=J(0x70f),h=J(0x167b),u=J(0x12cf),R=J(0x19fd),x=RegExp[sg(0x3f6)];L[sg(0x33b)]=function(k){var sV=sg,W=k[sV(0x59a
2024-05-22 20:12:40 UTC	2059	IN	Data Raw: 36 29 29 7b 76 61 72 20 62 3d 4a 28 30 78 31 37 65 29 2c 68 3d 4a 28 30 78 38 30 30 29 5b 47 71 28 30 78 35 36 31 29 5d 2c 52 3d 4a 28 30 78 31 32 39 61 29 2c 78 3d 4a 28 30 78 66 31 38 29 2c 6b 3d 46 75 6e 63 74 69 6f 6e 5b 47 71 28 30 78 33 66 36 29 5d 2c 57 3d 52 28 6b 5b 47 71 28 30 78 35 32 35 29 5d 29 2c 70 3d 2f 66 75 6e 63 74 69 6f 6e 5c 62 28 3f 3a 5c 73 7c 5c 2f 5c 2a 5b 5c 53 5c 73 5d 2a 3f 5c 2a 5c 2f 7c 5c 2f 5c 2f 5b 5e 5c 6e 5c 72 5d 2a 5b 5c 6e 5c 72 5d 2b 29 2a 28 5b 5e 5c 73 28 2f 5d 2a 29 2f 2c 42 3d 52 28 70 5b 47 71 28 30 78 34 38 63 29 5d 29 3b 62 26 26 21 68 26 26 78 28 6b 2c 47 71 28 30 78 34 39 65 29 2c 7b 27 63 6f 6e 66 69 67 75 72 61 62 6c 65 27 3a 21 30 78 30 2c 27 67 65 74 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 47 Data Ascii: 6)){var b=J(0x17e),h=J(0x800)[Gq(0x561)],R=J(0x129a),x=J(0xf18),k=Function[Gq(0x3f6)],W=R(k[Gq(0x525)]),p=/function\b(?:\s\|\/\[\S\s]?\\/\|\/\/[^\n\r][\n\r]+)([^\s(/])/,B=R(p[Gq(0x48c)]);b&&!h&&x(k,Gq(0x49e),{'configurable':!0x0,'get':function(){var G
2024-05-22 20:12:40 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 72 67 75 6d 65 6e 74 73 29 2c 71 43 3d 5a 28 71 34 3f 71 36 3a 44 2c 6e 75 6c 6c 2c 71 4f 29 3b 72 65 74 75 72 6e 20 71 35 26 26 47 73 28 30 78 32 62 63 29 3d 3d 74 79 70 65 6f 66 20 71 43 3f 58 28 71 43 2c 71 31 2c 71 37 29 3a 71 43 3b 7d 7d 29 3b 7d 2c 30 78 32 35 65 32 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 47 4c 3d 61 30 79 2c 62 3d 4a 28 30 78 32 31 61 34 29 2c 52 3d 4a 28 30 78 31 32 39 61 29 2c 78 3d 4a 28 30 78 62 62 64 29 2c 6b 3d 4a 28 30 78 39 37 65 29 2c 57 3d 4a 28 30 78 31 66 38 33 29 2c 42 3d 4a 28 30 78 32 31 31 39 29 2c 5a 3d 52 61 6e 67 65 45 72 72 6f 72 2c 6a 3d 53 74 72 69 6e 67 2c 59 3d 4d 61 74 68 5b 47 4c 28 30 78 32 39 64 29 5d 2c 49 3d 52 28 57 29 2c 4d 3d 52 28 27 27 5b 47 4c 28 30 78 32 Data Ascii: 4000rguments),qC=Z(q4?q6:D,null,qO);return q5&&Gs(0x2bc)==typeof qC?X(qC,q1,q7):qC;}});},0x25e2:function(L,G,J){var GL=a0y,b=J(0x21a4),R=J(0x129a),x=J(0xbbd),k=J(0x97e),W=J(0x1f83),B=J(0x2119),Z=RangeError,j=String,Y=Math[GL(0x29d)],I=R(W),M=R(''[GL(0x2
2024-05-22 20:12:40 UTC	8	IN	Data Raw: 65 29 2c 57 3d 4a 0d 0a Data Ascii: e),W=J
2024-05-22 20:12:40 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 28 30 78 32 30 63 35 29 2c 42 3d 4a 28 30 78 31 32 39 61 29 2c 5a 3d 4a 28 30 78 31 36 37 62 29 2c 6a 3d 4a 28 30 78 35 63 62 29 2c 59 3d 4a 28 30 78 31 32 63 66 29 2c 49 3d 4a 28 30 78 31 38 37 35 29 2c 4d 3d 4a 28 30 78 66 31 38 29 2c 7a 3d 4a 28 30 78 31 61 34 36 29 2c 51 3d 57 5b 6f 54 28 30 78 35 65 63 29 5d 2c 41 3d 51 26 26 51 5b 6f 54 28 30 78 33 66 36 29 5d 3b 69 66 28 6b 26 26 6a 28 51 29 26 26 28 21 28 6f 54 28 30 78 35 35 62 29 69 6e 20 41 29 7c 7c 76 6f 69 64 20 30 78 30 21 3d 3d 51 28 29 5b 6f 54 28 30 78 35 35 62 29 5d 29 29 7b 76 61 72 20 56 3d 7b 7d 2c 4e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 79 3d 6f 54 2c 58 3d 61 72 67 75 6d 65 6e 74 73 5b 6f 79 28 30 78 34 64 39 29 5d 3c 30 78 31 7c 7c 76 6f 69 64 20 30 Data Ascii: 4000(0x20c5),B=J(0x129a),Z=J(0x167b),j=J(0x5cb),Y=J(0x12cf),I=J(0x1875),M=J(0xf18),z=J(0x1a46),Q=W[oT(0x5ec)],A=Q&&Q[oT(0x3f6)];if(k&&j(Q)&&(!(oT(0x55b)in A)\|\|void 0x0!==Q()[oT(0x55b)])){var V={},N=function(){var oy=oT,X=arguments[oy(0x4d9)]<0x1\|\|void 0
2024-05-22 20:12:40 UTC	8	IN	Data Raw: 5d 28 53 74 72 69 0d 0a Data Ascii: ](Stri

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:41 UTC	602	OUT	GET /recaptcha/api.js HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.odessatypical.site/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:41 UTC	528	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Expires: Wed, 22 May 2024 20:12:41 GMT Date: Wed, 22 May 2024 20:12:41 GMT Cache-Control: private, max-age=300 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-22 20:12:41 UTC	862	IN	Data Raw: 35 38 36 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 67 72 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f 5f 72 65 63 61 70 74 63 68 61 5f 61 70 69 27 5d 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 Data Ascii: 586/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.g
2024-05-22 20:12:41 UTC	559	IN	Data Raw: 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 2e 67 65 74 56 61 6c 75 65 28 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 69 66 28 6c 21 3d 3d 27 74 72 65 61 74 6d 65 6e 74 5f 31 2e 31 27 26 26 6c 21 3d 3d 27 74 72 65 61 74 6d 65 6e 74 5f 31 2e 32 27 26 26 6c 21 3d 3d 27 63 6f 6e 74 72 6f 6c 5f 31 2e 31 27 29 7b 64 2e 68 65 61 64 2e 70 72 65 70 65 6e 64 28 6d 29 3b 7d 7d 29 3b 7d 65 6c 73 65 7b 64 2e 68 65 61 64 2e 70 72 65 70 65 6e 64 28 6d 29 3b 7d 70 6f 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 72 65 6c 65 61 73 65 73 2f 38 6b 38 35 51 42 49 2d 71 7a 78 6d 65 6e 44 76 33 31 38 41 5a 48 33 30 2f 72 65 63 61 70 74 63 68 61 5f 5f 65 6e 2e 6a 73 27 3b 70 6f 2e 63 72 6f 73 73 Data Ascii: recationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m);}});}else{d.head.prepend(m);}po.src='https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js';po.cross
2024-05-22 20:12:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:43 UTC	931	OUT	GET /recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.odessatypical.site/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:44 UTC	891	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 22 May 2024 20:12:44 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-Ot2gKV_ipMJSyAERRbUSZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-22 20:12:44 UTC	499	IN	Data Raw: 32 61 65 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 74 69 74 6c 65 3e 72 65 43 41 50 54 43 48 41 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 2d 65 78 74 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b Data Ascii: 2ae2<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>reCAPTCHA</title><style type="text/css">/* cyrillic-ext */@font-face {
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 35 6d 78 4b 4f 7a 59 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 30 31 2c 20 55 2b 30 34 30 30 2d 30 34 35 46 2c 20 55 2b 30 34 39 30 2d 30 34 39 31 2c 20 55 2b 30 34 42 30 2d 30 34 Data Ascii: FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2'); unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 34 6d 78 4b 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b Data Ascii: EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2) format('woff2');
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 37 30 2d 30 33 37 37 2c 20 55 2b 30 33 37 41 2d 30 33 37 46 2c 20 55 2b 30 33 38 34 2d 30 33 38 41 2c 20 55 2b 30 33 38 43 2c 20 55 2b 30 33 38 45 2d 30 33 41 31 2c 20 55 2b 30 33 41 33 2d 30 33 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f Data Ascii: 4EsA.woff2) format('woff2'); unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;}/* vietnamese */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 500; src: url(//fonts.gstatic.com/s/robo
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 34 36 30 2d 30 35 32 46 2c 20 55 2b 31 43 38 30 2d 31 43 38 38 2c 20 55 2b 32 30 42 34 2c 20 55 2b 32 44 45 30 2d 32 44 46 46 2c 20 55 2b 41 36 34 30 2d 41 36 39 46 2c 20 55 2b 46 45 32 45 2d 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6c 43 6e Data Ascii: format('woff2'); unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 900; src: url(//fonts.gstatic.com/s/roboto/v18/KFOlCn
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 6e 71 45 75 39 32 46 72 31 4d 6d 59 55 74 66 43 68 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 31 30 30 2d 30 32 41 46 2c 20 55 2b 30 33 30 34 2c 20 55 2b 30 33 30 38 2c 20 55 2b 30 33 32 39 2c 20 55 2b 31 45 30 30 2d 31 45 39 46 2c 20 55 2b 31 45 46 32 2d 31 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 Data Ascii: nqEu92Fr1MmYUtfChc4EsA.woff2) format('woff2'); unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-s
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 4f 45 67 4d 54 77 65 4a 71 6c 54 57 69 2d 39 4b 65 67 57 4d 76 61 79 67 35 4e 34 39 68 6a 6a 78 78 46 59 64 67 6a 69 74 79 6d 33 48 6a 63 43 5f 32 38 47 62 61 41 44 56 53 4c 4e 50 36 77 63 71 53 59 49 5f 37 78 59 50 42 34 62 31 6e 73 52 56 53 42 79 64 4b 43 4e 58 79 65 6d 77 42 6d 35 2d 37 72 57 59 52 53 5f 36 6e 41 36 6f 73 4b 36 33 4c 46 59 53 4e 6b 75 36 47 66 49 53 46 53 41 6a 53 34 55 4c 65 35 58 78 70 78 33 49 79 38 77 66 48 74 6d 36 4c 7a 6a 43 62 4f 4f 5a 75 63 46 61 41 73 6e 38 30 49 74 4d 72 6d 36 31 43 65 6b 63 4f 47 38 4f 41 63 36 37 46 53 51 58 67 66 39 37 38 66 53 39 6e 6b 36 57 55 57 2d 33 46 54 46 6e 72 67 39 30 31 66 73 53 55 47 33 6a 34 72 67 73 58 6e 39 57 78 55 2d 31 6b 43 4f 72 75 34 69 61 50 4a 73 5a 73 2d 62 36 5a 52 56 51 5a 38 37 Data Ascii: OEgMTweJqlTWi-9KegWMvayg5N49hjjxxFYdgjitym3HjcC_28GbaADVSLNP6wcqSYI_7xYPB4b1nsRVSBydKCNXyemwBm5-7rWYRS_6nA6osK63LFYSNku6GfISFSAjS4ULe5Xxpx3Iy8wfHtm6LzjCbOOZucFaAsn80ItMrm61CekcOG8OAc67FSQXgf978fS9nk6WUW-3FTFnrg901fsSUG3j4rgsXn9WxU-1kCOru4iaPJsZs-b6ZRVQZ87
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 76 69 42 6f 2d 70 56 63 37 46 50 57 70 71 4b 59 45 57 53 71 55 48 36 62 69 66 33 43 6c 6f 4d 74 6e 71 4f 68 79 77 5a 47 5a 76 74 6b 58 59 57 71 6a 74 43 66 43 53 74 65 67 43 59 49 6e 74 58 73 43 5a 76 69 50 57 57 57 33 62 42 72 57 76 33 67 31 6b 70 6a 4c 50 55 42 42 4e 47 57 77 44 30 44 70 51 4d 74 4d 65 62 53 32 52 54 63 51 75 55 4c 4b 35 33 56 6d 6e 70 36 36 4c 6d 65 2d 58 37 53 6e 71 41 56 56 6d 4b 5f 39 52 38 5a 7a 77 5a 6c 4a 54 77 33 4a 42 6d 77 4f 63 52 78 6c 4d 57 41 64 6f 62 57 70 5f 74 43 38 73 62 57 63 61 4c 46 35 56 46 48 36 64 63 73 54 6b 42 2d 77 6e 31 38 49 43 6f 54 4f 39 6f 61 4c 73 56 7a 48 74 63 49 48 50 6d 58 49 59 43 4d 58 56 65 77 57 7a 69 48 72 75 36 6e 33 50 6f 42 33 36 5f 37 33 45 37 31 33 47 39 75 49 66 73 4d 73 35 67 78 6a 49 5a Data Ascii: viBo-pVc7FPWpqKYEWSqUH6bif3CloMtnqOhywZGZvtkXYWqjtCfCStegCYIntXsCZviPWWW3bBrWv3g1kpjLPUBBNGWwD0DpQMtMebS2RTcQuULK53Vmnp66Lme-X7SnqAVVmK_9R8ZzwZlJTw3JBmwOcRxlMWAdobWp_tC8sbWcaLF5VFH6dcsTkB-wn18ICoTO9oaLsVzHtcIHPmXIYCMXVewWziHru6n3PoB36_73E713G9uIfsMs5gxjIZ
2024-05-22 20:12:44 UTC	757	IN	Data Raw: 46 4b 4d 6b 74 43 64 57 78 57 55 6e 56 32 5a 6b 39 79 5a 57 64 57 4d 31 6c 68 4b 32 30 33 64 44 68 4a 64 6c 64 59 65 56 70 34 57 55 4e 6f 61 6b 51 76 56 6d 46 6d 52 47 6b 76 56 6e 68 79 64 6d 70 44 4b 33 68 75 51 31 4a 69 5a 6a 68 31 57 48 5a 70 62 48 68 74 57 54 4d 33 54 32 74 43 56 58 5a 36 5a 6b 52 5a 57 57 4a 42 52 30 49 77 52 69 74 55 53 6e 52 69 55 30 55 35 52 33 64 42 52 58 46 49 51 6e 6b 72 53 6b 67 33 63 6a 46 4d 52 32 39 34 53 33 4e 76 4f 58 46 78 64 47 68 45 5a 33 4e 6c 5a 46 46 32 4e 58 45 77 59 30 74 52 55 6d 39 4a 57 46 46 74 54 58 55 79 59 33 70 58 64 54 46 68 5a 45 56 33 63 30 67 33 61 57 78 48 64 7a 59 72 59 54 42 61 55 45 46 4c 64 47 78 32 56 46 6b 72 63 54 68 6b 54 33 56 31 62 7a 5a 36 61 57 68 6e 61 6a 64 52 64 6d 78 36 62 57 74 43 56 Data Ascii: FKMktCdWxWUnV2Zk9yZWdWM1lhK203dDhJdldYeVp4WUNoakQvVmFmRGkvVnhydmpDK3huQ1JiZjh1WHZpbHhtWTM3T2tCVXZ6ZkRZWWJBR0IwRitUSnRiU0U5R3dBRXFIQnkrSkg3cjFMR294S3NvOXFxdGhEZ3NlZFF2NXEwY0tRUm9JWFFtTXUyY3pXdTFhZEV3c0g3aWxHdzYrYTBaUEFLdGx2VFkrcThkT3V1bzZ6aWhnajdRdmx6bWtCV
2024-05-22 20:12:44 UTC	1390	IN	Data Raw: 32 63 37 65 0d 0a 58 4e 53 62 33 6c 53 57 6b 56 43 55 6b 46 73 4e 6c 41 72 4d 58 4a 44 55 44 56 50 53 30 74 54 52 32 5a 6f 4f 48 5a 36 61 45 4e 61 62 6b 31 4c 54 6d 70 55 56 45 74 55 4e 30 31 70 55 47 63 34 57 6e 64 69 64 33 4e 77 55 6b 5a 78 63 54 56 4a 63 56 67 7a 54 54 4a 46 52 45 77 72 64 6c 6b 30 53 6c 42 4f 51 57 78 75 57 6d 49 78 4c 31 70 47 59 6e 56 77 56 31 52 46 55 6b 4e 4b 55 33 4a 35 61 6d 5a 36 5a 6b 78 32 53 47 56 4e 5a 31 4e 79 55 57 6c 6c 4d 7a 6c 31 4e 55 70 61 52 30 74 48 51 6d 64 4d 57 44 68 74 61 6b 5a 4b 61 7a 42 50 4f 55 39 33 55 6b 4a 57 63 45 31 50 52 47 31 69 52 69 74 34 57 57 74 42 4f 44 64 4f 5a 6b 6c 49 64 6a 68 70 63 6d 4d 31 4d 30 52 33 62 6a 4e 36 52 7a 52 4d 55 47 31 55 55 44 51 72 4f 55 4e 33 4d 6e 64 61 63 7a 6c 53 56 46 Data Ascii: 2c7eXNSb3lSWkVCUkFsNlArMXJDUDVPS0tTR2ZoOHZ6aENabk1LTmpUVEtUN01pUGc4Wndid3NwUkZxcTVJcVgzTTJFREwrdlk0SlBOQWxuWmIxL1pGYnVwV1RFUkNKU3J5amZ6Zkx2SGVNZ1NyUWllMzl1NUpaR0tHQmdMWDhtakZKazBPOU93UkJWcE1PRG1iRit4WWtBODdOZklIdjhpcmM1M0R3bjN6RzRMUG1UUDQrOUN3MndaczlSVF

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:46 UTC	825	OUT	GET /recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: worker Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:47 UTC	655	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Expires: Wed, 22 May 2024 20:12:47 GMT Date: Wed, 22 May 2024 20:12:47 GMT Cache-Control: private, max-age=300 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-22 20:12:47 UTC	108	IN	Data Raw: 36 36 0d 0a 69 6d 70 6f 72 74 53 63 72 69 70 74 73 28 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 72 65 6c 65 61 73 65 73 2f 38 6b 38 35 51 42 49 2d 71 7a 78 6d 65 6e 44 76 33 31 38 41 5a 48 33 30 2f 72 65 63 61 70 74 63 68 61 5f 5f 65 6e 2e 6a 73 27 29 3b 0d 0a Data Ascii: 66importScripts('https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js');
2024-05-22 20:12:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:46 UTC	813	OUT	GET /js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz&co=aHR0cHM6Ly93d3cub2Rlc3NhdHlwaWNhbC5zaXRlOjQ0Mw..&hl=en&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=8e0c9l6h8lfg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:47 UTC	811	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs" Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} Content-Length: 18217 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 21 May 2024 21:08:21 GMT Expires: Wed, 21 May 2025 21:08:21 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 14 May 2024 11:30:00 GMT Content-Type: text/javascript Vary: Accept-Encoding Age: 83066 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-22 20:12:47 UTC	579	IN	Data Raw: 2f 2a 20 41 6e 74 69 2d 73 70 61 6d 2e 20 57 61 6e 74 20 74 6f 20 73 61 79 20 68 65 6c 6c 6f 3f 20 43 6f 6e 74 61 63 74 20 28 62 61 73 65 36 34 29 20 59 6d 39 30 5a 33 56 68 63 6d 51 74 59 32 39 75 64 47 46 6a 64 45 42 6e 62 32 39 6e 62 47 55 75 59 32 39 74 20 2a 2f 20 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6d 3d 66 75 6e 63 74 69 6f 6e 28 76 29 7b 72 65 74 75 72 6e 20 76 7d 2c 56 3d 66 75 6e 63 74 69 6f 6e 28 76 2c 63 29 7b 69 66 28 63 3d 28 76 3d 6e 75 6c 6c 2c 5a 2e 74 72 75 73 74 65 64 54 79 70 65 73 29 2c 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 76 3b 74 72 79 7b 76 3d 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 62 67 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 6d 2c 63 72 65 61 74 65 53 63 72 69 70 Data Ascii: /* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var m=function(v){return v},V=function(v,c){if(c=(v=null,Z.trustedTypes),!c\|\|!c.createPolicy)return v;try{v=c.createPolicy("bg",{createHTML:m,createScrip
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 65 2d 32 2e 30 27 2c 0a 27 2a 2f 27 2c 0a 27 76 61 72 20 76 32 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 29 7b 72 65 74 75 72 6e 5b 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 7d 2c 28 76 28 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 28 63 29 7d 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 5d 7d 2c 63 32 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 29 7b 72 65 74 75 72 6e 20 76 3d 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 76 3c 63 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 66 61 6c 73 65 2c 76 61 6c 75 65 3a 63 5b 76 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 74 72 75 65 7d 7d 7d 2c 6b 56 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 29 7b 66 75 6e 63 74 69 6f 6e 20 6d 28 29 7b 74 68 69 73 2e 4e 3d 74 68 69 73 2e 6c 3d 74 68 69 73 2e 6e 3d 30 7d 72 65 74 Data Ascii: e-2.0','*/','var v2=function(c,v){return[function(){return c},(v(function(m){m(c)}),function(){})]},c2=function(c,v){return v=0,function(){return v<c.length?{done:false,value:c[v++]}:{done:true}}},kV=function(c,v){function m(){this.N=this.l=this.n=0}ret
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 2c 65 29 7c 30 29 2d 34 3e 3e 33 2c 6c 2e 47 55 29 21 3d 6b 29 7b 6b 3d 5b 30 2c 30 2c 59 5b 31 5d 2c 59 5b 56 3d 28 28 6c 2e 47 55 3d 6b 2c 6b 29 3c 3c 33 29 2d 34 2c 32 5d 5d 3b 74 72 79 7b 6c 2e 76 57 3d 61 56 28 59 56 28 6c 2c 56 29 2c 59 56 28 6c 2c 28 56 7c 30 29 2b 34 29 2c 6b 29 7d 63 61 74 63 68 28 61 29 7b 74 68 72 6f 77 20 61 3b 7d 7d 6c 2e 70 75 73 68 28 6c 2e 76 57 5b 65 26 37 5d 5e 43 29 7d 2c 59 3d 41 28 32 33 37 2c 63 29 29 3a 76 3d 66 75 6e 63 74 69 6f 6e 28 43 29 7b 6c 2e 70 75 73 68 28 43 29 7d 2c 5a 26 26 76 28 5a 26 32 35 35 29 2c 63 3d 6d 2e 6c 65 6e 67 74 68 2c 5a 3d 30 3b 5a 3c 63 3b 5a 2b 2b 29 76 28 6d 5b 5a 5d 29 7d 2c 59 56 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 29 7b 72 65 74 75 72 6e 20 63 5b 76 5d 3c 3c 32 34 7c 63 5b 28 76 Data Ascii: ,e)\|0)-4>>3,l.GU)!=k){k=[0,0,Y[1],Y[V=((l.GU=k,k)<<3)-4,2]];try{l.vW=aV(YV(l,V),YV(l,(V\|0)+4),k)}catch(a){throw a;}}l.push(l.vW[e&7]^C)},Y=A(237,c)):v=function(C){l.push(C)},Z&&v(Z&255),c=m.length,Z=0;Z<c;Z++)v(m[Z])},YV=function(c,v){return c[v]<<24\|c[(v
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 22 2c 76 26 26 28 76 2e 6d 65 73 73 61 67 65 26 26 28 63 2b 3d 76 2e 6d 65 73 73 61 67 65 29 2c 76 2e 73 74 61 63 6b 26 26 28 63 2b 3d 22 3a 22 2b 76 2e 73 74 61 63 6b 29 29 2c 76 3d 41 28 33 31 37 2c 6d 29 2c 33 3c 76 5b 30 5d 29 29 7b 6d 2e 6f 3d 28 76 3d 28 63 3d 28 76 5b 30 5d 2d 3d 28 28 63 3d 63 2e 73 6c 69 63 65 28 30 2c 28 76 5b 30 5d 7c 30 29 2d 33 29 2c 63 2e 6c 65 6e 67 74 68 29 7c 30 29 2b 33 2c 67 4a 28 63 29 29 2c 6d 2e 6f 29 2c 6d 29 3b 74 72 79 7b 50 28 6d 2c 31 33 39 2c 5b 39 35 5d 29 2c 50 28 6d 2c 32 35 31 2c 74 28 63 2e 6c 65 6e 67 74 68 2c 32 29 2e 63 6f 6e 63 61 74 28 63 29 2c 39 29 7d 66 69 6e 61 6c 6c 79 7b 6d 2e 6f 3d 76 7d 7d 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 29 7b 76 2e 68 3d 28 28 76 2e 68 3f 76 2e 68 2b 22 7e 22 Data Ascii: ",v&&(v.message&&(c+=v.message),v.stack&&(c+=":"+v.stack)),v=A(317,m),3<v[0])){m.o=(v=(c=(v[0]-=((c=c.slice(0,(v[0]\|0)-3),c.length)\|0)+3,gJ(c)),m.o),m);try{P(m,139,[95]),P(m,251,t(c.length,2).concat(c),9)}finally{m.o=v}}},f=function(c,v){v.h=((v.h?v.h+"~"
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 65 6c 73 65 20 56 3d 44 58 28 63 2c 6b 29 3b 72 65 74 75 72 6e 20 56 7d 6c 26 26 59 26 26 6c 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 59 2c 43 2c 4c 29 7d 7d 72 65 74 75 72 6e 20 43 7d 2c 69 6b 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 2c 6d 2c 5a 2c 6c 2c 59 2c 43 2c 6b 29 7b 72 65 74 75 72 6e 28 28 6b 3d 28 6d 3d 5b 36 36 2c 2d 32 34 2c 28 43 3d 4e 56 2c 32 33 29 2c 2d 32 30 2c 28 6c 3d 5a 26 37 2c 33 34 29 2c 2d 35 37 2c 6d 2c 36 37 2c 36 36 2c 38 37 5d 2c 67 5b 76 2e 43 5d 28 76 2e 55 69 29 29 2c 6b 29 5b 76 2e 43 5d 3d 66 75 6e 63 74 69 6f 6e 28 56 29 7b 59 3d 28 6c 2b 3d 36 2b 37 2a 5a 2c 56 29 2c 6c 26 3d 37 7d 2c 6b 29 2e 63 6f 6e 63 61 74 3d 66 75 6e 63 74 69 6f 6e 28 56 29 7b 72 65 74 75 72 6e 28 59 3d 28 56 3d 28 56 3d 28 56 Data Ascii: else V=DX(c,k);return V}l&&Y&&l.removeEventListener(Y,C,L)}}return C},ik=function(c,v,m,Z,l,Y,C,k){return((k=(m=[66,-24,(C=NV,23),-20,(l=Z&7,34),-57,m,67,66,87],g[v.C](v.Ui)),k)[v.C]=function(V){Y=(l+=6+7*Z,V),l&=7},k).concat=function(V){return(Y=(V=(V=(V
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 26 26 21 63 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 28 22 73 70 6c 69 63 65 22 29 29 72 65 74 75 72 6e 22 61 72 72 61 79 22 3b 69 66 28 22 5b 6f 62 6a 65 63 74 20 46 75 6e 63 74 69 6f 6e 5d 22 3d 3d 76 7c 7c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 63 2e 63 61 6c 6c 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 63 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 26 26 21 63 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 28 22 63 61 6c 6c 22 29 29 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 7d 65 6c 73 65 20 72 65 74 75 72 6e 22 6e 75 6c 6c 22 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d Data Ascii: propertyIsEnumerable&&!c.propertyIsEnumerable("splice"))return"array";if("[object Function]"==v\|\|"undefined"!=typeof c.call&&"undefined"!=typeof c.propertyIsEnumerable&&!c.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"=
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 31 36 3a 32 31 31 29 2c 76 29 2c 76 2e 57 29 29 2c 76 2e 48 29 2e 70 75 73 68 28 5b 66 75 2c 63 2c 6d 3f 5a 2b 31 3a 5a 2c 76 2e 4c 2c 76 2e 55 5d 29 2c 41 41 29 2c 30 29 7d 2c 49 56 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 2c 6d 2c 5a 29 7b 74 72 79 7b 5a 3d 63 5b 28 28 76 7c 30 29 2b 32 29 25 33 5d 2c 63 5b 76 5d 3d 28 63 5b 76 5d 7c 30 29 2d 28 63 5b 28 28 76 7c 30 29 2b 31 29 25 33 5d 7c 30 29 2d 28 5a 7c 30 29 5e 28 31 3d 3d 76 3f 5a 3c 3c 6d 3a 5a 3e 3e 3e 6d 29 7d 63 61 74 63 68 28 6c 29 7b 74 68 72 6f 77 20 6c 3b 7d 7d 2c 44 58 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 2c 6d 2c 5a 2c 6c 29 7b 69 66 28 28 6c 3d 76 5b 30 5d 2c 6c 29 3d 3d 58 69 29 63 2e 55 3d 74 72 75 65 2c 63 2e 48 57 3d 32 35 2c 63 2e 69 28 76 29 3b 65 6c 73 65 20 69 66 28 6c 3d 3d 4a Data Ascii: 16:211),v),v.W)),v.H).push([fu,c,m?Z+1:Z,v.L,v.U]),AA),0)},IV=function(c,v,m,Z){try{Z=c[((v\|0)+2)%3],c[v]=(c[v]\|0)-(c[((v\|0)+1)%3]\|0)-(Z\|0)^(1==v?Z<<m:Z>>>m)}catch(l){throw l;}},DX=function(c,v,m,Z,l){if((l=v[0],l)==Xi)c.U=true,c.HW=25,c.i(v);else if(l==J
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 5a 2d 6c 7d 29 2c 74 68 69 73 2e 6e 29 2c 74 68 69 73 2e 44 5b 74 68 69 73 2e 44 2e 6c 65 6e 67 74 68 3e 3e 31 5d 5d 7d 29 2c 63 3d 6e 65 77 20 6d 2c 76 3d 6e 65 77 20 6d 2c 5b 66 75 6e 63 74 69 6f 6e 28 5a 29 7b 28 63 2e 50 57 28 5a 29 2c 76 29 2e 50 57 28 5a 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 5a 29 7b 72 65 74 75 72 6e 20 76 3d 28 5a 3d 63 2e 57 57 28 29 2e 63 6f 6e 63 61 74 28 76 2e 57 57 28 29 29 2c 6e 65 77 20 6d 29 2c 5a 7d 5d 7d 2c 61 56 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 76 2c 6d 2c 5a 2c 6c 29 7b 66 6f 72 28 6d 3d 6d 5b 5a 3d 28 6c 3d 30 2c 6d 5b 33 5d 29 7c 30 2c 32 5d 7c 30 3b 31 35 3e 6c 3b 6c 2b 2b 29 76 3d 76 3e 3e 3e 38 7c 76 3c 3c 32 34 2c 76 2b 3d 63 7c 30 2c 76 5e 3d 6d 2b 33 30 34 36 2c 5a 3d 5a 3e 3e 3e 38 7c 5a 3c 3c 32 34 2c 63 3d Data Ascii: Z-l}),this.n),this.D[this.D.length>>1]]}),c=new m,v=new m,[function(Z){(c.PW(Z),v).PW(Z)},function(Z){return v=(Z=c.WW().concat(v.WW()),new m),Z}]},aV=function(c,v,m,Z,l){for(m=m[Z=(l=0,m[3])\|0,2]\|0;15>l;l++)v=v>>>8\|v<<24,v+=c\|0,v^=m+3046,Z=Z>>>8\|Z<<24,c=
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 2e 74 69 6d 65 4f 72 69 67 69 6e 7c 7c 28 63 2e 74 69 6d 69 6e 67 7c 7c 7b 7d 29 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 7c 7c 30 29 2c 30 29 29 2c 30 29 29 2c 76 29 2c 66 75 6e 63 74 69 6f 6e 28 6b 2c 56 2c 65 29 7b 4e 28 66 61 6c 73 65 2c 6b 2c 74 72 75 65 2c 56 29 7c 7c 28 56 3d 46 28 6b 29 2c 65 3d 46 28 6b 29 2c 75 28 65 2c 6b 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 65 76 61 6c 28 61 29 7d 28 4c 75 28 41 28 56 2c 6b 2e 6f 29 29 29 29 29 7d 29 2c 76 29 2c 66 75 6e 63 74 69 6f 6e 28 6b 2c 56 2c 65 2c 61 2c 48 29 7b 75 28 28 48 3d 41 28 28 65 3d 28 61 3d 28 61 3d 28 48 3d 28 65 3d 28 56 3d 46 28 6b 29 2c 46 28 6b 29 29 2c 46 28 6b 29 29 2c 46 28 6b 29 29 2c 41 28 61 2c 6b 29 29 2c 41 28 65 2c 6b 29 29 2c 48 29 2c 6b 29 2c 56 Data Ascii: .timeOrigin\|\|(c.timing\|\|{}).navigationStart\|\|0),0)),0)),v),function(k,V,e){N(false,k,true,V)\|\|(V=F(k),e=F(k),u(e,k,function(a){return eval(a)}(Lu(A(V,k.o)))))}),v),function(k,V,e,a,H){u((H=A((e=(a=(a=(H=(e=(V=F(k),F(k)),F(k)),F(k)),A(a,k)),A(e,k)),H),k),V
2024-05-22 20:12:47 UTC	1390	IN	Data Raw: 71 3d 30 3d 3d 48 3f 6e 65 77 20 65 5b 71 5d 3a 31 3d 3d 48 3f 6e 65 77 20 65 5b 71 5d 28 61 5b 30 5d 29 3a 32 3d 3d 48 3f 6e 65 77 20 65 5b 71 5d 28 61 5b 30 5d 2c 61 5b 31 5d 29 3a 33 3d 3d 48 3f 6e 65 77 20 65 5b 71 5d 28 61 5b 30 5d 2c 61 5b 31 5d 2c 61 5b 32 5d 29 3a 34 3d 3d 48 3f 6e 65 77 20 65 5b 71 5d 28 61 5b 30 5d 2c 61 5b 31 5d 2c 61 5b 32 5d 2c 61 5b 33 5d 29 3a 32 28 29 2c 75 28 56 2c 6b 2c 71 29 29 7d 29 29 2c 76 2e 74 70 3d 30 2c 76 2e 52 51 3d 30 2c 30 29 29 2c 31 31 34 29 2c 76 2c 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 78 56 28 33 2c 6b 29 7d 29 2c 76 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 5b 30 2c 30 2c 30 5d 29 29 2c 5b 32 30 34 38 5d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 6b 2c 56 2c 65 2c 61 2c 48 29 7b 28 56 3d 46 28 28 48 3d 46 Data Ascii: q=0==H?new e[q]:1==H?new e[q](a[0]):2==H?new e[q](a[0],a[1]):3==H?new e[q](a[0],a[1],a[2]):4==H?new e[q](a[0],a[1],a[2],a[3]):2(),u(V,k,q))})),v.tp=0,v.RQ=0,0)),114),v,function(k){xV(3,k)}),v),function(){}),[0,0,0])),[2048])),function(k,V,e,a,H){(V=F((H=F

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
Category:	downloaded
Size (bytes):	15340
Entropy (8bit):	7.983406336508752
Encrypted:	false
SSDEEP:	384:F2gPJde0V2iGrQyD8b3k/tigCdeNqOUd47SH0tsGm:4gPVV2NQE8b3ldeNWH0Wb
MD5:	19B7A0ADFDD4F808B53AF7E2CE2AD4E5
SHA1:	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
SHA-256:	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
SHA-512:	49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Preview:	wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..\|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI\|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^...N....h.._.....c.%."..S.2.16B...o.2}.pmU[.\|.LI....2.....OWQLO1-....s..8.(...".\|6...6R.. ..M-.zO.}w)..v..mXxX...c..3#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	7.983966851275127
Encrypted:	false
SSDEEP:	384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzi:jslQ+LhUoTB0Qr6Qjkg/DmcJufzi
MD5:	285467176F7FE6BB6A9C6873B3DAD2CC
SHA1:	EA04E4FF5142DDD69307C183DEF721A160E0A64E
SHA-256:	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
SHA-512:	5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Preview:	wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......\|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v..7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....\|...H....Fk.-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..\|..d...\|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:48 UTC	846	OUT	GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.odessatypical.site/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:49 UTC	891	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 22 May 2024 20:12:48 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-KGLLM3U5s8wF4gJAHye8iQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-22 20:12:49 UTC	499	IN	Data Raw: 31 64 31 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 74 69 74 6c 65 3e 72 65 43 41 50 54 43 48 41 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 2d 65 78 74 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 Data Ascii: 1d14<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>reCAPTCHA</title><style type="text/css">/* cyrillic-ext */@font-face
2024-05-22 20:12:49 UTC	1390	IN	Data Raw: 2d 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 35 6d 78 4b 4f 7a 59 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 30 31 2c 20 55 2b 30 34 30 30 2d 30 34 35 46 2c 20 55 2b 30 34 39 30 2d 30 34 39 31 2c 20 55 2b 30 34 42 30 2d 30 Data Ascii: -FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2'); unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-0
2024-05-22 20:12:49 UTC	1390	IN	Data Raw: 31 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 34 6d 78 4b 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 Data Ascii: 1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2) format('woff2')
2024-05-22 20:12:49 UTC	1390	IN	Data Raw: 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 37 30 2d 30 33 37 37 2c 20 55 2b 30 33 37 41 2d 30 33 37 46 2c 20 55 2b 30 33 38 34 2d 30 33 38 41 2c 20 55 2b 30 33 38 43 2c 20 55 2b 30 33 38 45 2d 30 33 41 31 2c 20 55 2b 30 33 41 33 2d 30 33 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 Data Ascii: c4EsA.woff2) format('woff2'); unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;}/* vietnamese */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 500; src: url(//fonts.gstatic.com/s/rob
2024-05-22 20:12:49 UTC	1390	IN	Data Raw: 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 34 36 30 2d 30 35 32 46 2c 20 55 2b 31 43 38 30 2d 31 43 38 38 2c 20 55 2b 32 30 42 34 2c 20 55 2b 32 44 45 30 2d 32 44 46 46 2c 20 55 2b 41 36 34 30 2d 41 36 39 46 2c 20 55 2b 46 45 32 45 2d 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6c 43 Data Ascii: ) format('woff2'); unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 900; src: url(//fonts.gstatic.com/s/roboto/v18/KFOlC
2024-05-22 20:12:49 UTC	1390	IN	Data Raw: 43 6e 71 45 75 39 32 46 72 31 4d 6d 59 55 74 66 43 68 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 31 30 30 2d 30 32 41 46 2c 20 55 2b 30 33 30 34 2c 20 55 2b 30 33 30 38 2c 20 55 2b 30 33 32 39 2c 20 55 2b 31 45 30 30 2d 31 45 39 46 2c 20 55 2b 31 45 46 32 2d 31 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d Data Ascii: CnqEu92Fr1MmYUtfChc4EsA.woff2) format('woff2'); unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-
2024-05-22 20:12:49 UTC	3	IN	Data Raw: 3e 0d 0a Data Ascii: >
2024-05-22 20:12:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:57 UTC	832	OUT	POST /recaptcha/api2/reload?k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 7613 sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Type: application/x-protobuffer Accept: / Origin: https://www.google.com X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-22 20:12:57 UTC	7613	OUT	Data Raw: 0a 18 38 6b 38 35 51 42 49 2d 71 7a 78 6d 65 6e 44 76 33 31 38 41 5a 48 33 30 12 b9 0f 30 33 41 46 63 57 65 41 34 5f 58 6d 57 59 76 38 39 42 44 38 37 46 42 48 73 71 76 36 55 75 46 47 43 46 79 74 4f 31 6b 42 4c 79 76 55 43 50 6d 56 6a 31 5a 74 36 70 66 4a 68 55 39 52 74 70 56 41 42 77 34 43 2d 64 73 76 2d 62 6e 6e 53 48 30 58 59 52 66 53 4e 6c 50 6a 36 4d 77 78 39 37 4a 76 51 37 38 50 50 42 65 6c 4d 4c 53 4f 44 61 67 7a 6c 55 75 2d 57 69 44 50 4d 61 61 57 69 4a 4d 31 36 66 72 70 79 59 43 6d 54 70 67 6f 53 77 65 6f 35 67 4e 64 71 73 62 64 73 70 5a 72 71 31 6c 52 43 59 67 69 4f 77 4e 58 32 79 66 78 42 36 4e 42 4f 6c 78 66 47 74 35 47 4b 50 7a 64 45 61 61 66 4a 76 71 52 77 42 47 51 7a 51 78 6e 59 72 6d 57 65 5a 7a 73 5f 2d 4c 30 76 49 64 4c 72 37 6d 54 50 6e Data Ascii: 8k85QBI-qzxmenDv318AZH3003AFcWeA4_XmWYv89BD87FBHsqv6UuFGCFytO1kBLyvUCPmVj1Zt6pfJhU9RtpVABw4C-dsv-bnnSH0XYRfSNlPj6Mwx97JvQ78PPBelMLSODagzlUu-WiDPMaaWiJM16frpyYCmTpgoSweo5gNdqsbdspZrq1lRCYgiOwNX2yfxB6NBOlxfGt5GKPzdEaafJvqRwBGQzQxnYrmWeZzs_-L0vIdLr7mTPn
2024-05-22 20:12:57 UTC	696	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Date: Wed, 22 May 2024 20:12:57 GMT Expires: Wed, 22 May 2024 20:12:57 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0;Path=/recaptcha;Expires=Mon, 18-Nov-2024 20:12:57 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-22 20:12:57 UTC	570	IN	Data Raw: 32 33 33 0d 0a 29 5d 7d 27 0a 5b 22 72 72 65 73 70 22 2c 22 30 33 41 46 63 57 65 41 35 74 38 49 5a 68 63 6c 47 48 58 6d 48 64 67 31 4b 42 70 47 63 65 67 59 6e 68 75 38 62 68 44 47 57 58 41 6f 65 38 50 70 6d 76 66 6d 33 31 52 62 68 58 39 78 2d 53 52 45 49 38 47 42 68 66 34 6f 49 67 5a 73 79 61 4d 64 70 62 7a 79 71 7a 50 5a 49 70 5a 6d 5a 6f 35 5f 34 52 5a 76 37 57 36 4d 56 30 58 54 71 76 70 4a 59 6b 6f 39 63 39 6a 62 72 34 35 32 73 69 45 75 4d 39 33 76 35 75 68 4a 6f 5f 6e 50 41 46 36 73 47 70 6f 30 6f 33 32 6c 57 6e 5a 65 4d 47 2d 4e 34 6e 37 58 41 49 2d 6a 66 53 4b 6d 7a 4a 7a 6f 4b 31 7a 58 74 73 47 6a 33 31 31 4b 48 79 52 61 45 61 34 44 55 75 68 43 43 42 59 33 43 53 4f 42 64 7a 58 68 6f 64 49 34 76 48 43 32 4c 37 43 36 58 73 4a 4a 74 57 44 66 6a 79 41 Data Ascii: 233)]}'["rresp","03AFcWeA5t8IZhclGHXmHdg1KBpGcegYnhu8bhDGWXAoe8Ppmvfm31RbhX9x-SREI8GBhf4oIgZsyaMdpbzyqzPZIpZmZo5_4RZv7W6MV0XTqvpJYko9c9jbr452siEuM93v5uhJo_nPAF6sGpo0o32lWnZeMG-N4n7XAI-jfSKmzJzoK1zXtsGj311KHyRaEa4DUuhCCBY3CSOBdzXhodI4vHC2L7C6XsJJtWDfjyA
2024-05-22 20:12:57 UTC	1390	IN	Data Raw: 61 32 65 0d 0a 50 50 5a 47 75 66 51 66 6a 5a 62 6c 59 30 5f 30 51 45 53 31 64 44 70 74 6d 57 50 68 5f 64 55 57 32 32 61 58 67 44 6c 71 45 6d 79 68 55 73 63 34 4e 4e 74 5a 48 32 5a 57 38 6c 41 4d 56 65 4e 6b 38 55 47 4b 62 6a 4c 6f 47 69 6a 50 73 53 46 43 58 64 6c 63 64 65 34 79 68 63 69 50 6b 59 78 4e 59 4f 75 34 5f 49 34 30 51 53 58 61 54 38 61 2d 6c 6c 41 35 66 78 38 71 4f 32 7a 4e 6b 65 57 75 6c 35 2d 4f 2d 6a 63 76 37 67 72 6b 4e 32 73 43 6e 34 6f 6f 38 4f 38 45 50 59 4f 6b 51 39 56 56 72 76 39 67 6e 72 64 44 55 75 4f 64 49 5f 76 2d 54 70 31 62 30 75 4e 32 6a 63 62 34 32 7a 72 53 36 50 70 6a 6b 55 68 44 4e 6f 46 53 68 57 7a 4c 35 4c 6a 42 55 59 52 64 4a 77 56 38 5f 69 61 62 32 56 53 66 72 6e 45 59 52 6d 36 47 51 43 5a 79 48 4b 61 4c 44 4d 4e 37 68 5a Data Ascii: a2ePPZGufQfjZblY0_0QES1dDptmWPh_dUW22aXgDlqEmyhUsc4NNtZH2ZW8lAMVeNk8UGKbjLoGijPsSFCXdlcde4yhciPkYxNYOu4_I40QSXaT8a-llA5fx8qO2zNkeWul5-O-jcv7grkN2sCn4oo8O8EPYOkQ9VVrv9gnrdDUuOdI_v-Tp1b0uN2jcb42zrS6PpjkUhDNoFShWzL5LjBUYRdJwV8_iab2VSfrnEYRm6GQCZyHKaLDMN7hZ
2024-05-22 20:12:57 UTC	1223	IN	Data Raw: 53 4c 65 61 56 34 4f 5f 54 45 2d 5f 45 5f 62 4a 5f 38 43 35 61 57 6d 4c 56 5a 2d 66 55 47 42 59 65 75 58 44 52 4b 4c 30 69 39 5f 78 58 4f 64 6f 76 46 4f 66 68 71 70 6c 71 71 71 71 41 67 73 47 79 69 6b 71 35 55 72 37 54 2d 71 46 7a 5a 48 55 6a 35 6d 6c 75 53 64 5a 67 32 72 69 50 43 61 54 57 65 32 78 54 6c 42 62 55 74 72 71 32 46 4c 46 6a 38 62 45 72 43 71 45 55 2d 64 5a 70 50 50 6b 55 31 31 78 61 30 56 6e 30 45 54 44 38 63 6a 62 35 58 6d 4f 63 33 73 7a 43 30 55 39 59 68 50 65 71 4d 55 54 5a 5f 44 50 67 5a 61 74 4c 74 34 6a 33 44 44 47 67 5f 39 50 68 2d 64 63 6e 32 2d 46 66 73 65 41 49 56 33 5a 75 37 73 6d 61 37 4b 70 58 47 30 68 48 55 7a 4c 36 4f 35 67 61 6c 39 70 55 6a 57 78 48 78 4b 6a 79 6e 50 56 36 35 5f 37 55 30 68 2d 42 5a 6b 53 47 65 75 38 63 77 64 Data Ascii: SLeaV4O_TE-_E_bJ_8C5aWmLVZ-fUGBYeuXDRKL0i9_xXOdovFOfhqplqqqqAgsGyikq5Ur7T-qFzZHUj5mluSdZg2riPCaTWe2xTlBbUtrq2FLFj8bErCqEU-dZpPPkU11xa0Vn0ETD8cjb5XmOc3szC0U9YhPeqMUTZ_DPgZatLt4j3DDGg_9Ph-dcn2-FfseAIV3Zu7sma7KpXG0hHUzL6O5gal9pUjWxHxKjynPV65_7U0h-BZkSGeu8cwd
2024-05-22 20:12:57 UTC	1390	IN	Data Raw: 31 35 63 31 0d 0a 4b 4a 51 34 65 54 36 61 34 30 5f 5a 54 75 71 48 6a 75 64 4d 5f 32 59 59 6b 62 67 48 76 4c 6b 6c 36 56 73 79 48 62 65 39 51 35 64 30 57 74 2d 73 67 4c 66 61 36 6d 4e 36 56 34 61 61 51 4a 46 74 6f 38 65 34 32 6a 6f 38 34 35 56 33 64 58 48 49 39 72 4c 71 73 4b 5f 38 7a 6c 35 43 4e 66 75 33 30 4c 5a 36 49 77 37 61 5a 4c 42 53 54 41 30 72 70 70 52 62 45 72 52 58 6e 4d 7a 76 51 57 68 6d 35 73 2d 55 46 64 63 6f 63 6e 6a 53 59 72 77 69 67 79 47 73 30 78 41 4a 48 69 4a 4b 4d 4a 65 30 61 67 70 79 6b 4c 58 35 75 6d 4b 73 4f 74 5a 56 68 53 49 32 61 47 67 71 68 61 63 42 4d 43 2d 36 50 6f 6b 39 32 78 62 73 50 2d 32 48 54 51 33 52 46 41 36 47 7a 50 54 4b 67 43 55 37 78 4b 77 6b 61 4f 33 5a 52 63 49 4d 6e 42 52 4b 4d 4c 39 64 57 44 49 61 66 39 4a 4e 2d Data Ascii: 15c1KJQ4eT6a40_ZTuqHjudM_2YYkbgHvLkl6VsyHbe9Q5d0Wt-sgLfa6mN6V4aaQJFto8e42jo845V3dXHI9rLqsK_8zl5CNfu30LZ6Iw7aZLBSTA0rppRbErRXnMzvQWhm5s-UFdcocnjSYrwigyGs0xAJHiJKMJe0agpykLX5umKsOtZVhSI2aGgqhacBMC-6Pok92xbsP-2HTQ3RFA6GzPTKgCU7xKwkaO3ZRcIMnBRKML9dWDIaf9JN-
2024-05-22 20:12:57 UTC	1390	IN	Data Raw: 64 61 74 61 22 2c 22 4c 79 39 33 64 33 63 75 5a 32 39 76 5a 32 78 6c 4c 6d 4e 76 62 53 39 71 63 79 39 69 5a 79 39 35 4e 55 6c 76 57 47 70 76 4c 56 39 6c 54 56 39 66 52 6c 6f 33 51 6e 46 73 64 30 52 48 4d 45 5a 58 55 58 5a 43 62 6b 68 4f 53 6b 78 47 51 57 68 55 4e 46 46 59 61 48 70 42 4c 6d 70 7a 22 2c 22 22 2c 22 53 48 64 44 4d 57 46 5a 53 57 4e 51 65 6e 4e 6d 56 30 35 34 59 55 67 30 4d 6b 46 32 64 58 42 32 64 32 74 71 4d 6e 59 30 56 45 5a 34 64 6e 6c 78 64 7a 52 34 55 44 56 68 57 6c 5a 76 55 32 64 31 59 6d 56 76 62 56 70 36 56 56 52 32 4b 30 74 5a 4d 57 6c 68 53 6c 4e 69 54 55 77 33 64 46 68 76 63 7a 42 4c 4d 47 39 32 64 6a 52 34 4d 46 6b 77 63 6e 42 5a 54 6d 74 58 5a 47 6c 30 53 55 46 78 65 54 46 54 4e 45 35 54 53 54 46 59 52 48 52 57 51 7a 41 78 64 46 Data Ascii: data","Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy95NUlvWGpvLV9lTV9fRlo3QnFsd0RHMEZXUXZCbkhOSkxGQWhUNFFYaHpBLmpz","","SHdDMWFZSWNQenNmV054YUg0MkF2dXB2d2tqMnY0VEZ4dnlxdzR4UDVhWlZvU2d1YmVvbVp6VVR2K0tZMWlhSlNiTUw3dFhvczBLMG92djR4MFkwcnBZTmtXZGl0SUFxeTFTNE5TSTFYRHRWQzAxdF
2024-05-22 20:12:57 UTC	1390	IN	Data Raw: 45 64 51 56 47 4d 35 57 55 52 48 4e 44 68 57 52 57 74 51 4d 56 42 74 53 6c 6b 7a 64 58 56 57 57 6d 68 57 55 54 67 35 59 33 4a 45 65 58 6b 76 65 47 52 58 53 7a 64 34 4c 7a 64 36 62 6b 52 45 52 6e 51 78 57 58 64 31 61 6b 39 51 57 44 6c 4b 5a 48 46 55 64 6c 6c 45 57 54 4a 6d 56 6e 42 61 5a 32 63 35 63 6b 31 43 55 54 42 59 4d 57 4d 35 52 55 4a 45 53 6c 5a 68 4f 47 45 30 53 56 64 6d 57 55 35 51 63 32 64 4f 53 7a 4d 30 53 58 49 7a 53 6d 55 79 56 6a 63 77 55 32 45 79 54 45 39 47 63 6b 4a 79 64 6a 52 56 56 45 5a 50 61 54 5a 52 53 56 70 68 55 55 35 69 4e 7a 42 35 4d 46 52 51 53 31 4a 46 63 43 74 6f 54 55 67 31 65 48 55 33 62 47 31 6b 61 6c 51 31 65 6b 31 34 65 47 74 73 56 55 52 49 62 57 56 43 63 57 74 4f 64 57 5a 7a 65 56 46 36 4c 30 35 4e 55 32 31 57 65 46 70 44 Data Ascii: EdQVGM5WURHNDhWRWtQMVBtSlkzdXVWWmhWUTg5Y3JEeXkveGRXSzd4Lzd6bkRERnQxWXd1ak9QWDlKZHFUdllEWTJmVnBaZ2c5ck1CUTBYMWM5RUJESlZhOGE0SVdmWU5Qc2dOSzM0SXIzSmUyVjcwU2EyTE9GckJydjRVVEZPaTZRSVphUU5iNzB5MFRQS1JFcCtoTUg1eHU3bG1kalQ1ek14eGtsVURIbWVCcWtOdWZzeVF6L05NU21WeFpD
2024-05-22 20:12:57 UTC	1390	IN	Data Raw: 73 5a 44 45 31 55 55 4e 68 52 6b 4d 35 64 57 73 78 4e 44 56 35 59 32 68 53 64 6a 46 78 4d 46 70 6b 64 6a 68 69 62 48 6c 69 56 57 39 4d 57 6d 64 6c 52 6e 68 54 51 6d 68 6d 63 46 42 6a 4e 6c 4a 6c 64 45 34 32 63 54 42 51 5a 32 70 52 61 47 56 50 64 45 68 4f 59 6c 46 34 61 56 70 45 55 6c 5a 50 4b 32 5a 45 54 46 4a 6e 4c 32 31 57 5a 6a 4a 78 4d 32 4d 35 55 56 4e 48 55 32 70 36 4e 31 6b 35 53 54 52 79 65 47 34 31 62 7a 68 35 52 46 4a 71 51 6b 52 33 51 31 67 72 4e 6a 64 30 52 56 63 30 54 7a 67 32 57 6b 6c 51 55 46 68 34 61 54 49 72 64 58 70 70 5a 43 74 49 62 33 56 56 5a 7a 46 35 64 56 4d 34 61 55 78 69 53 47 78 58 64 44 49 33 56 32 78 54 4d 30 30 31 54 32 5a 4a 56 6a 68 6d 53 56 5a 43 64 6d 30 72 54 7a 63 32 65 57 4a 32 4f 55 35 73 61 7a 68 42 56 33 68 42 53 56 Data Ascii: sZDE1UUNhRkM5dWsxNDV5Y2hSdjFxMFpkdjhibHliVW9MWmdlRnhTQmhmcFBjNlJldE42cTBQZ2pRaGVPdEhOYlF4aVpEUlZPK2ZETFJnL21WZjJxM2M5UVNHU2p6N1k5STRyeG41bzh5RFJqQkR3Q1grNjd0RVc0Tzg2WklQUFh4aTIrdXppZCtIb3VVZzF5dVM4aUxiSGxXdDI3V2xTM001T2ZJVjhmSVZCdm0rTzc2eWJ2OU5sazhBV3hBSV
2024-05-22 20:12:57 UTC	17	IN	Data Raw: 57 63 7a 59 54 64 4e 52 57 39 6f 4f 45 38 76 0d 0a Data Ascii: WczYTdNRW9oOE8v
2024-05-22 20:12:57 UTC	1390	IN	Data Raw: 32 38 64 65 0d 0a 65 47 74 73 4d 55 34 34 56 6d 38 31 54 6e 6f 32 56 6d 70 30 59 32 70 77 61 46 64 70 64 6c 46 79 5a 31 49 33 56 48 51 30 54 32 5a 35 4f 44 63 78 56 45 64 51 57 6a 4a 43 51 31 42 4d 65 45 31 6d 5a 44 6c 76 53 55 4e 51 4f 45 63 77 62 47 5a 43 4b 32 78 76 52 45 39 4d 65 45 5a 53 62 6b 68 56 55 6b 55 78 4f 58 42 69 53 55 68 6e 63 45 6c 35 63 30 77 35 56 6d 68 6c 63 33 45 34 55 58 64 4c 64 57 52 49 4e 30 64 49 4d 31 70 36 59 6d 39 71 62 55 64 7a 64 31 59 33 52 6b 35 47 56 6d 4e 4f 4f 44 4a 44 61 6c 4d 32 61 33 42 44 65 56 68 77 65 44 56 75 64 6a 42 6d 4e 79 39 61 64 55 78 32 62 33 64 59 61 55 78 51 61 47 73 72 54 54 52 6e 52 6d 64 43 64 6c 64 46 64 32 6f 79 55 58 46 76 64 57 52 32 54 7a 52 68 65 69 74 47 4b 33 67 32 57 45 51 34 63 56 70 7a 63 Data Ascii: 28deeGtsMU44Vm81Tno2Vmp0Y2pwaFdpdlFyZ1I3VHQ0T2Z5ODcxVEdQWjJCQ1BMeE1mZDlvSUNQOEcwbGZCK2xvRE9MeEZSbkhVUkUxOXBiSUhncEl5c0w5Vmhlc3E4UXdLdWRIN0dIM1p6Ym9qbUdzd1Y3Rk5GVmNOODJDalM2a3BDeVhweDVudjBmNy9adUx2b3dYaUxQaGsrTTRnRmdCdldFd2oyUXFvdWR2TzRheitGK3g2WEQ4cVpzc

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:59 UTC	864	OUT	GET /recaptcha/api2/reload?k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0; CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA
2024-05-22 20:12:59 UTC	518	IN	HTTP/1.1 405 HTTP method GET is not supported by this URL Content-Type: text/html; charset=UTF-8 Date: Wed, 22 May 2024 20:12:59 GMT Expires: Wed, 22 May 2024 20:12:59 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-22 20:12:59 UTC	244	IN	Data Raw: 65 65 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 48 54 54 50 20 6d 65 74 68 6f 64 20 47 45 54 20 69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 69 73 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 21 2d 2d 20 47 53 45 20 44 65 66 61 75 6c 74 20 45 72 72 6f 72 20 2d 2d 3e 0a 3c 48 31 3e 48 54 54 50 20 6d 65 74 68 6f 64 20 47 45 54 20 69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 69 73 20 55 52 4c 3c 2f 48 31 3e 0a 3c 48 32 3e 45 72 72 6f 72 20 34 30 35 3c 2f 48 32 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: ee<HTML><HEAD><TITLE>HTTP method GET is not supported by this URL</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000">... GSE Default Error --><H1>HTTP method GET is not supported by this URL</H1><H2>Error 405</H2></BODY></HTML>
2024-05-22 20:12:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:12:59 UTC	1121	OUT	GET /recaptcha/api2/payload?p=06AFcWeA5yLICY_6cfbVj6gskNjevVu7oVeqaFJ0XX2KUqcfMAviI6iGH-YmgKT--NyOsGsRxfat5Mg6MUR4Are2dbjhJdR1EgKH7c5Dba2V7039FxJKPAxrF8Jzt8AoNaqup9tbEQTWTJwNSPkK1yo765RKVP6q3OniHvBgRBd7AzSn08UcbvTf1D48jKcASnDeX7dvsTyiHI&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0
2024-05-22 20:12:59 UTC	419	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Expires: Wed, 22 May 2024 20:12:59 GMT Date: Wed, 22 May 2024 20:12:59 GMT Cache-Control: private, max-age=30 Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-22 20:12:59 UTC	6	IN	Data Raw: 37 37 41 39 0d 0a Data Ascii: 77A9
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0a 0b 09 0c 11 0f 12 12 11 0f 11 10 13 16 1c 17 13 14 1a 15 10 11 18 21 18 1a 1c 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 01 2c 01 2c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFC!"$"$C,,"}!1AQa"q2
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: 3f 9d 51 8f c4 53 3d 8d d8 92 13 76 23 43 92 66 c2 ba 67 24 60 7d de a4 8e b5 c8 dd 5e 69 d6 b9 b9 d3 63 bc 49 9c 92 86 56 52 13 92 3b 0e 48 fc 2b 44 ae 4b dc ee f4 ad 5d ae a0 bc b8 fd e3 90 77 04 23 ee f1 d0 11 db fa e6 be cd fb 5a 91 c3 03 f4 35 f0 3f 87 2e 6f a6 69 b5 1b 77 69 5d 76 89 23 70 4e f6 3d 40 c7 3d 81 cf bd 7d e2 52 6d cc 18 44 cb d8 e4 8f f1 ab 8a b1 95 6d 2c 58 fb 57 bd 02 e8 fa d5 61 18 1f 7e 31 9f 6e 7f a5 48 91 21 1f ea a4 1f 88 ff 00 1a bd 0c 75 26 17 24 f7 af 37 f8 fb 1e 89 fd 81 16 a1 7b 6e 26 bf 07 c8 89 52 e0 46 ee ac 7a 15 fe 30 0f 38 ec 7f 1a f4 41 1a 8e ee 3f e0 39 af 39 f8 eb a4 e8 a3 c3 97 3a fd fd d4 e9 79 6f 08 8a d1 16 41 1e e6 df 9c 0f 94 92 7f a0 ed c9 a2 c8 0f 9c 6e 2f a0 86 da 4b 3b 2d 15 46 10 ac b2 b8 f3 1d 4e 72 1b Data Ascii: ?QS=v#Cfg$`}^icIVR;H+DK]w#Z5?.oiwi]v#pN=@=}RmDm,XWa~1nH!u&$7{n&RFz08A?99:yoAn/K;-FNr
2024-05-22 20:12:59 UTC	1318	IN	Data Raw: b8 79 26 95 1b 74 02 3d a4 30 72 b8 c9 ec 47 3e d4 ef 13 68 f6 b6 da 36 93 25 83 4f 2b cc ac f2 79 ab 96 39 c0 e0 01 c0 c8 38 1c fd 4d 68 c7 04 56 d3 cf 19 29 1a c9 2a c0 ec 83 38 21 0e fc 7f 9e e2 ba 2f 17 5b ed f0 e5 ad da 58 5d 34 70 12 19 d2 23 e5 c6 14 c6 81 59 80 c0 e7 cc 02 8e 67 71 59 18 9e 08 b6 92 c6 25 84 b4 60 99 59 9c c8 30 14 6d 23 9f 5f 5e df 85 7d 9f f6 f8 b8 dc cc 99 e9 e6 21 4f e6 05 7c 6d f0 ed 56 eb 56 9a 1b 8c b0 b5 b6 96 fa 50 c9 95 29 1a ee 2b f8 81 8c fb 8a fa f6 0d 5a ce 65 2c 93 29 e3 77 5e 2b 48 3d 5b 66 55 55 d2 b1 7e 3b d8 5c ed 49 e3 63 d8 07 06 a6 59 cd 60 ae ad 69 2d a9 7b 83 13 6d 66 e3 1b b1 86 20 71 f4 ab d2 2d b4 71 46 d1 da 44 e5 b3 f7 23 19 1e fc 73 57 74 63 66 6a a4 d9 af 25 fd a5 e6 fb 55 86 8d a4 a5 fa c0 d2 cc d2 Data Ascii: y&t=0rG>h6%O+y98MhV)*8!/[X]4p#YgqY%`Y0m#_^}!O\|mVVP)+Ze,)w^+H=[fUU~;\IcY`i-{mf q-qFD#sWtcfj%U
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: 6d c6 f6 f2 ad b6 12 bd 49 1b 80 c8 f7 ae 65 7e 31 f8 77 c5 ba 92 f8 42 d6 df 51 d3 db 51 cc 36 f7 d2 b2 a0 8a 5c 7e ec e0 12 79 60 07 e3 4a 74 e7 25 a0 e1 24 9e a7 3b f1 d6 5d 7e ea 4d 07 4e d1 21 66 92 f1 a7 53 12 c8 d8 90 a8 42 33 d3 a0 dd f9 9a f1 4f 1b c1 ac 5a f8 95 57 5c b4 91 8c 48 36 ae 36 85 8f 1f 26 08 f6 c7 5f 7e 6b 47 c6 7e 23 f1 57 f6 ac 70 5f cf 79 f6 8d 2e e5 d4 83 2b 6f 46 e5 18 0f f3 da b1 ef 6e af ef ac fc d7 b9 b9 b9 44 05 5d a7 cb 30 07 91 c9 e7 68 e0 7b 63 dc 52 82 92 56 63 9b 8b d8 ea bc 28 75 89 ad a5 bf d2 1e ee dc 11 b2 43 1b 15 03 e6 c8 07 1d 87 5c 9a cd f1 34 5a c3 5d db c9 1c 93 5d c9 a9 66 ed 88 95 b6 bb 63 72 bb af dd 04 02 c7 be 32 6a ce b1 24 f6 de 0e 86 1d 2a 4b 98 64 79 82 cf b5 f0 08 28 e0 e3 1d b0 48 e7 d6 b8 a6 82 fe Data Ascii: mIe~1wBQQ6\~y`Jt%$;]~MN!fSB3OZW\H66&_~kG~#Wp_y.+oFnD]0h{cRVc(uC\4Z]]fcr2j$*Kdy(H
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: 37 4b 5b 4b 19 4a a4 b3 c8 36 9e 4f 27 71 e9 c7 6c 57 39 a4 6a 1a d6 a3 25 cd a0 d7 af d6 2b 43 1c 71 45 1d cb aa 46 a3 23 8f 98 0e df a5 79 f7 80 52 6d 67 c4 32 c5 a8 5e 4e fb ad f7 16 76 dc 78 91 08 eb 5e 87 e0 3b 78 9a f7 51 00 92 64 97 e6 dc 73 90 0b 60 7e 79 ac ab 55 9c 53 77 d5 23 7a 34 a9 b9 c6 3c ba 36 2d fe 93 ac dc ba 79 fa f5 e5 c7 96 49 51 25 dc ad b7 8c 71 c9 c6 6a c5 8d ff 00 8c 2c e1 78 ad 3c 45 aa 46 77 31 71 1d f4 8b b9 cb 65 9b ef 0c e7 39 26 99 ab f8 92 d3 4c d6 1f 4f 9e da 69 65 84 80 5d 48 23 25 41 ef 8c 71 9a d5 8e 58 86 f9 42 9f 27 74 9b d8 28 27 2a 71 8c 1f 5c 1f ca b9 56 22 bc 55 e4 76 cb 0b 86 94 94 61 f3 39 cd 4a 3d 72 6b e1 a8 5e cf 7d 3c e4 0d d3 99 9d dc 8e 9c b6 73 d3 f9 d5 19 ac 2d 91 88 92 d1 57 18 ea 08 3d ff 00 c2 ba 0d Data Ascii: 7K[KJ6O'qlW9j%+CqEF#yRmg2^Nvx^;xQds`~yUSw#z4<6-yIQ%qj,x<EFw1qe9&LOie]H#%AqXB't('*q\V"Uva9J=rk^}<s-W=
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: 93 84 56 b6 2a 09 4d a4 dd 8f 46 b0 7b cb ed 45 f4 db 3b 8b 8b 69 4c 42 44 06 5d fb 49 00 e3 38 19 e7 23 38 1d 2a 5d 12 0b b6 d3 f5 2f ed 28 ee 05 dc 4b 22 b9 94 12 ea de 57 f0 83 db 18 c6 3a f5 ad 1f 0f 6b d6 36 fa 4a ea 77 53 d8 45 35 b4 10 db 9c 80 5d f2 58 1e 07 39 f9 d0 64 8e c7 ae 2b 7b 59 9a ce 7d 45 56 33 e6 2d c4 45 4b 20 c7 38 6e a7 e8 31 58 d4 d3 64 12 8e 8e da d8 f2 f8 e1 b9 bb 43 19 33 43 1c 51 81 90 c7 23 1c e7 19 f5 ae ab 4f f0 95 d7 d9 13 7e ab 3e e2 32 76 b6 dc 67 d4 67 ad 67 68 56 4f 1e 8f 71 2c aa 63 32 44 76 96 3c e0 03 fe 35 ea 91 c4 81 06 e8 54 9c 0e 76 8e 78 a7 36 96 e5 c7 53 cd f5 fd 36 f3 fb 5e 59 a7 b6 b8 b4 0c 49 4f dd 85 f2 d4 2f 19 c0 c0 e9 f9 d6 44 2b 15 dd cc 51 bd ca cc 85 5b e6 01 72 0f 00 8c e3 a7 f8 d7 d4 37 ba 45 95 d0 Data Ascii: VMF{E;iLBD]I8#8]/(K"W:k6JwSE5]X9d+{Y}EV3-EK 8n1XdC3CQ#O~>2vggghVOq,c2Dv<5Tvx6S6^YIO/D+Q[r7E
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: e7 b7 61 5f 3a 41 f0 df 5d b9 48 ae 21 7b 49 e2 2a 40 64 98 73 fe 71 5f 4c c7 0c a1 be 74 f2 c7 ab 1a f2 4b 5b 1d 2a d6 e1 4d b5 dd f5 b0 07 38 65 46 56 f7 23 75 43 ae a0 f4 67 2d 48 35 6b 9e 73 37 c3 af 15 58 5b df dc 2d b2 20 6c 38 90 5c 2a 85 40 0e ec 9c f0 08 eb 56 f4 eb 4f 0a cc 88 9a f7 8a c5 94 d6 e1 0a 41 0c 59 52 06 19 76 92 39 3f ed 36 33 9e b5 e9 d2 49 60 63 31 26 a7 20 0e a4 15 16 ca d9 cf 5e 0d 79 7d ef c3 fd 11 f5 e5 92 0b 6d 55 6c 49 01 c2 3c 6a 3a 76 1d 71 f8 d6 f0 c7 45 47 96 6f 43 96 a5 34 9d e2 74 36 9e 39 d3 f4 4d 31 f4 ed 22 d9 ed ad e4 62 a6 e6 08 ff 00 d7 36 3a 34 bd ce 3e b5 86 7c 71 2c 56 29 6f 23 b4 b8 1f 3b 05 45 24 8e 72 3e 4e 39 ae 91 3c 35 a1 ae 8a ba 3b 5e 6a 4d 65 1c de 6a 44 52 30 c1 bf de dd 92 3a f1 58 f7 fe 0b d2 25 fd Data Ascii: a_:A]H!{I@dsq_LtK[M8eFV#uCg-H5ks7X[- l8\*@VOAYRv9?63I`c1& ^y}mUlI<j:vqEGoC4t69M1"b6:4>\|q,V)o#;E$r>N9<5;^jMejDR0:X%
2024-05-22 20:12:59 UTC	1390	IN	Data Raw: 38 f5 15 66 2d 32 c8 db c9 14 71 ac 51 ba 87 77 53 bb cc c6 06 79 e0 75 03 07 03 9e 2a e0 d6 db 9a 29 49 2b 26 3e 0d 37 c3 f7 25 35 06 d1 ec 19 9d 37 24 9b 33 9f 98 12 31 df 19 3c fe 15 56 4d 17 44 95 6e 61 9e 28 54 03 b9 0a 12 b9 19 e0 28 39 cf 3f ce 9d 63 a8 69 51 db 4a c2 56 f2 e0 c1 0a 46 14 0d d8 08 54 f1 eb 9f 6c d5 5d 7a c7 4d 86 e2 3b c9 60 9a 03 b8 0f 32 d9 d8 2a b0 61 9e 0f cb 86 2d 8c d1 18 d4 52 d5 b5 d8 76 be ac ad 79 e1 6b 5d 4b 45 8e dd a7 ba b7 54 ff 00 54 ac a1 c8 c9 ce 08 1f 7b 82 2b 6b c2 7e 18 d2 b4 a4 97 88 5a 17 70 52 59 58 95 03 1d f0 3f a5 73 da 6e bb b3 5e d4 7c 8b 93 70 90 2e 23 50 37 a3 e3 19 3d 07 cc 39 ed 50 4d e2 78 2c 8a c9 6b 7b 3c b0 2c bb 42 6d 60 f0 2e 4f 52 72 18 60 10 33 cf d6 bb 20 eb de d7 2a 15 ad a9 eb b1 e9 30 de Data Ascii: 8f-2qQwSyu)I+&>7%57$31<VMDna(T(9?ciQJVFTl]zM;`2a-Rvyk]KETT{+k~ZpRYX?sn^\|p.#P7=9PMx,k{<,Bm`.ORr`3 *0
2024-05-22 20:12:59 UTC	1244	IN	Data Raw: 2f 93 81 21 7d a7 68 72 3d 4f 56 eb ed 51 78 3a da ee f6 c0 ea 57 9e 29 83 4f 69 89 41 67 3e 0c 81 46 47 0d b8 64 f3 80 76 f1 ce 31 5d 4e b7 67 6f ab 58 bd 9d cb ba 23 32 b6 53 83 95 39 07 a7 a8 af 3f d6 74 39 f4 8d 5d 64 86 e8 5c c7 0c 2f 77 89 78 3b 54 e0 8e 01 e7 e6 e2 b6 c3 e0 70 8a 56 a8 ac be 66 75 2a 54 51 f7 15 d9 bd a7 e9 b1 78 a3 c3 37 92 cc a2 d2 78 67 31 47 71 1b 1d db 97 e6 24 fa 9c 31 1c 9e 33 5c ed df 88 05 9e 9e ba 5d dd a8 ba 26 30 16 56 9b 6b 21 04 91 8e 3b 13 fe 71 59 3a bf 87 3c 40 97 f0 24 57 12 c2 97 6e 5f 10 c8 41 5c f2 c3 b6 78 c5 2c be 13 d7 5a e8 4f 73 12 3c 79 19 42 c4 10 07 1e a7 9e f5 9b c1 61 de 91 5b 79 b2 94 e6 95 d9 b1 e2 0b 1b 3f 0f 69 ab ab 47 16 27 52 81 84 43 62 ba b9 24 a9 1f 46 db 90 41 e0 1a c3 92 fa eb 56 d1 e7 d3 Data Ascii: /!}hr=OVQx:W)OiAg>FGdv1]NgoX#2S9?t9]d\/wx;TpVfu*TQx7xg1Gq$13\]&0Vk!;qY:<@$Wn_A\x,ZOs<yBa[y?iG'RCb$FAV

Timestamp	Bytes transferred	Direction	Data
2024-05-22 20:13:00 UTC	1074	OUT	GET /recaptcha/api2/payload?p=06AFcWeA5yLICY_6cfbVj6gskNjevVu7oVeqaFJ0XX2KUqcfMAviI6iGH-YmgKT--NyOsGsRxfat5Mg6MUR4Are2dbjhJdR1EgKH7c5Dba2V7039FxJKPAxrF8Jzt8AoNaqup9tbEQTWTJwNSPkK1yo765RKVP6q3OniHvBgRBd7AzSn08UcbvTf1D48jKcASnDeX7dvsTyiHI&k=6Lf-7OQpAAAAALoL2NPh5TzfjYv6So8ra_d8pmoz HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlqHLAQiFoM0BCLjIzQE= Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _GRECAPTCHA=09AOn7T8bjb2T6JFv_WCQUvgssFZuCMCxRw1xjKxIyVNgu3vDRvHT1Npk4Vgoe1alRH-f-EzJ38pFiriG4MoVJkQ0; CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA
2024-05-22 20:13:00 UTC	419	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Expires: Wed, 22 May 2024 20:13:00 GMT Date: Wed, 22 May 2024 20:13:00 GMT Cache-Control: private, max-age=30 Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 37 37 41 39 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0a 0b 09 0c 11 0f 12 12 11 0f 11 10 13 16 1c 17 13 14 1a 15 10 11 18 21 18 1a 1c 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 01 2c 01 2c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 Data Ascii: 77A9JFIFC!"$"$C,,"}!1AQa"q
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 50 4e 40 f7 c7 5e 3f 9d 51 8f c4 53 3d 8d d8 92 13 76 23 43 92 66 c2 ba 67 24 60 7d de a4 8e b5 c8 dd 5e 69 d6 b9 b9 d3 63 bc 49 9c 92 86 56 52 13 92 3b 0e 48 fc 2b 44 ae 4b dc ee f4 ad 5d ae a0 bc b8 fd e3 90 77 04 23 ee f1 d0 11 db fa e6 be cd fb 5a 91 c3 03 f4 35 f0 3f 87 2e 6f a6 69 b5 1b 77 69 5d 76 89 23 70 4e f6 3d 40 c7 3d 81 cf bd 7d e2 52 6d cc 18 44 cb d8 e4 8f f1 ab 8a b1 95 6d 2c 58 fb 57 bd 02 e8 fa d5 61 18 1f 7e 31 9f 6e 7f a5 48 91 21 1f ea a4 1f 88 ff 00 1a bd 0c 75 26 17 24 f7 af 37 f8 fb 1e 89 fd 81 16 a1 7b 6e 26 bf 07 c8 89 52 e0 46 ee ac 7a 15 fe 30 0f 38 ec 7f 1a f4 41 1a 8e ee 3f e0 39 af 39 f8 eb a4 e8 a3 c3 97 3a fd fd d4 e9 79 6f 08 8a d1 16 41 1e e6 df 9c 0f 94 92 7f a0 ed c9 a2 c8 0f 9c 6e 2f a0 86 da 4b 3b 2d 15 46 10 ac b2 Data Ascii: PN@^?QS=v#Cfg$`}^icIVR;H+DK]w#Z5?.oiwi]v#pN=@=}RmDm,XWa~1nH!u&$7{n&RFz08A?99:yoAn/K;-F
2024-05-22 20:13:00 UTC	1324	IN	Data Raw: f4 db 95 b5 8e 05 b8 79 26 95 1b 74 02 3d a4 30 72 b8 c9 ec 47 3e d4 ef 13 68 f6 b6 da 36 93 25 83 4f 2b cc ac f2 79 ab 96 39 c0 e0 01 c0 c8 38 1c fd 4d 68 c7 04 56 d3 cf 19 29 1a c9 2a c0 ec 83 38 21 0e fc 7f 9e e2 ba 2f 17 5b ed f0 e5 ad da 58 5d 34 70 12 19 d2 23 e5 c6 14 c6 81 59 80 c0 e7 cc 02 8e 67 71 59 18 9e 08 b6 92 c6 25 84 b4 60 99 59 9c c8 30 14 6d 23 9f 5f 5e df 85 7d 9f f6 f8 b8 dc cc 99 e9 e6 21 4f e6 05 7c 6d f0 ed 56 eb 56 9a 1b 8c b0 b5 b6 96 fa 50 c9 95 29 1a ee 2b f8 81 8c fb 8a fa f6 0d 5a ce 65 2c 93 29 e3 77 5e 2b 48 3d 5b 66 55 55 d2 b1 7e 3b d8 5c ed 49 e3 63 d8 07 06 a6 59 cd 60 ae ad 69 2d a9 7b 83 13 6d 66 e3 1b b1 86 20 71 f4 ab d2 2d b4 71 46 d1 da 44 e5 b3 f7 23 19 1e fc 73 57 74 63 66 6a a4 d9 af 25 fd a5 e6 fb 55 86 8d a4 Data Ascii: y&t=0rG>h6%O+y98MhV)*8!/[X]4p#YgqY%`Y0m#_^}!O\|mVVP)+Ze,)w^+H=[fUU~;\IcY`i-{mf q-qFD#sWtcfj%U
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 6d c6 f6 f2 ad b6 12 bd 49 1b 80 c8 f7 ae 65 7e 31 f8 77 c5 ba 92 f8 42 d6 df 51 d3 db 51 cc 36 f7 d2 b2 a0 8a 5c 7e ec e0 12 79 60 07 e3 4a 74 e7 25 a0 e1 24 9e a7 3b f1 d6 5d 7e ea 4d 07 4e d1 21 66 92 f1 a7 53 12 c8 d8 90 a8 42 33 d3 a0 dd f9 9a f1 4f 1b c1 ac 5a f8 95 57 5c b4 91 8c 48 36 ae 36 85 8f 1f 26 08 f6 c7 5f 7e 6b 47 c6 7e 23 f1 57 f6 ac 70 5f cf 79 f6 8d 2e e5 d4 83 2b 6f 46 e5 18 0f f3 da b1 ef 6e af ef ac fc d7 b9 b9 b9 44 05 5d a7 cb 30 07 91 c9 e7 68 e0 7b 63 dc 52 82 92 56 63 9b 8b d8 ea bc 28 75 89 ad a5 bf d2 1e ee dc 11 b2 43 1b 15 03 e6 c8 07 1d 87 5c 9a cd f1 34 5a c3 5d db c9 1c 93 5d c9 a9 66 ed 88 95 b6 bb 63 72 bb af dd 04 02 c7 be 32 6a ce b1 24 f6 de 0e 86 1d 2a 4b 98 64 79 82 cf b5 f0 08 28 e0 e3 1d b0 48 e7 d6 b8 a6 82 fe Data Ascii: mIe~1wBQQ6\~y`Jt%$;]~MN!fSB3OZW\H66&_~kG~#Wp_y.+oFnD]0h{cRVc(uC\4Z]]fcr2j$*Kdy(H
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 37 4b 5b 4b 19 4a a4 b3 c8 36 9e 4f 27 71 e9 c7 6c 57 39 a4 6a 1a d6 a3 25 cd a0 d7 af d6 2b 43 1c 71 45 1d cb aa 46 a3 23 8f 98 0e df a5 79 f7 80 52 6d 67 c4 32 c5 a8 5e 4e fb ad f7 16 76 dc 78 91 08 eb 5e 87 e0 3b 78 9a f7 51 00 92 64 97 e6 dc 73 90 0b 60 7e 79 ac ab 55 9c 53 77 d5 23 7a 34 a9 b9 c6 3c ba 36 2d fe 93 ac dc ba 79 fa f5 e5 c7 96 49 51 25 dc ad b7 8c 71 c9 c6 6a c5 8d ff 00 8c 2c e1 78 ad 3c 45 aa 46 77 31 71 1d f4 8b b9 cb 65 9b ef 0c e7 39 26 99 ab f8 92 d3 4c d6 1f 4f 9e da 69 65 84 80 5d 48 23 25 41 ef 8c 71 9a d5 8e 58 86 f9 42 9f 27 74 9b d8 28 27 2a 71 8c 1f 5c 1f ca b9 56 22 bc 55 e4 76 cb 0b 86 94 94 61 f3 39 cd 4a 3d 72 6b e1 a8 5e cf 7d 3c e4 0d d3 99 9d dc 8e 9c b6 73 d3 f9 d5 19 ac 2d 91 88 92 d1 57 18 ea 08 3d ff 00 c2 ba 0d Data Ascii: 7K[KJ6O'qlW9j%+CqEF#yRmg2^Nvx^;xQds`~yUSw#z4<6-yIQ%qj,x<EFw1qe9&LOie]H#%AqXB't('*q\V"Uva9J=rk^}<s-W=
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 93 84 56 b6 2a 09 4d a4 dd 8f 46 b0 7b cb ed 45 f4 db 3b 8b 8b 69 4c 42 44 06 5d fb 49 00 e3 38 19 e7 23 38 1d 2a 5d 12 0b b6 d3 f5 2f ed 28 ee 05 dc 4b 22 b9 94 12 ea de 57 f0 83 db 18 c6 3a f5 ad 1f 0f 6b d6 36 fa 4a ea 77 53 d8 45 35 b4 10 db 9c 80 5d f2 58 1e 07 39 f9 d0 64 8e c7 ae 2b 7b 59 9a ce 7d 45 56 33 e6 2d c4 45 4b 20 c7 38 6e a7 e8 31 58 d4 d3 64 12 8e 8e da d8 f2 f8 e1 b9 bb 43 19 33 43 1c 51 81 90 c7 23 1c e7 19 f5 ae ab 4f f0 95 d7 d9 13 7e ab 3e e2 32 76 b6 dc 67 d4 67 ad 67 68 56 4f 1e 8f 71 2c aa 63 32 44 76 96 3c e0 03 fe 35 ea 91 c4 81 06 e8 54 9c 0e 76 8e 78 a7 36 96 e5 c7 53 cd f5 fd 36 f3 fb 5e 59 a7 b6 b8 b4 0c 49 4f dd 85 f2 d4 2f 19 c0 c0 e9 f9 d6 44 2b 15 dd cc 51 bd ca cc 85 5b e6 01 72 0f 00 8c e3 a7 f8 d7 d4 37 ba 45 95 d0 Data Ascii: VMF{E;iLBD]I8#8]/(K"W:k6JwSE5]X9d+{Y}EV3-EK 8n1XdC3CQ#O~>2vggghVOq,c2Dv<5Tvx6S6^YIO/D+Q[r7E
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: e7 b7 61 5f 3a 41 f0 df 5d b9 48 ae 21 7b 49 e2 2a 40 64 98 73 fe 71 5f 4c c7 0c a1 be 74 f2 c7 ab 1a f2 4b 5b 1d 2a d6 e1 4d b5 dd f5 b0 07 38 65 46 56 f7 23 75 43 ae a0 f4 67 2d 48 35 6b 9e 73 37 c3 af 15 58 5b df dc 2d b2 20 6c 38 90 5c 2a 85 40 0e ec 9c f0 08 eb 56 f4 eb 4f 0a cc 88 9a f7 8a c5 94 d6 e1 0a 41 0c 59 52 06 19 76 92 39 3f ed 36 33 9e b5 e9 d2 49 60 63 31 26 a7 20 0e a4 15 16 ca d9 cf 5e 0d 79 7d ef c3 fd 11 f5 e5 92 0b 6d 55 6c 49 01 c2 3c 6a 3a 76 1d 71 f8 d6 f0 c7 45 47 96 6f 43 96 a5 34 9d e2 74 36 9e 39 d3 f4 4d 31 f4 ed 22 d9 ed ad e4 62 a6 e6 08 ff 00 d7 36 3a 34 bd ce 3e b5 86 7c 71 2c 56 29 6f 23 b4 b8 1f 3b 05 45 24 8e 72 3e 4e 39 ae 91 3c 35 a1 ae 8a ba 3b 5e 6a 4d 65 1c de 6a 44 52 30 c1 bf de dd 92 3a f1 58 f7 fe 0b d2 25 fd Data Ascii: a_:A]H!{I@dsq_LtK[M8eFV#uCg-H5ks7X[- l8\*@VOAYRv9?63I`c1& ^y}mUlI<j:vqEGoC4t69M1"b6:4>\|q,V)o#;E$r>N9<5;^jMejDR0:X%
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 38 f5 15 66 2d 32 c8 db c9 14 71 ac 51 ba 87 77 53 bb cc c6 06 79 e0 75 03 07 03 9e 2a e0 d6 db 9a 29 49 2b 26 3e 0d 37 c3 f7 25 35 06 d1 ec 19 9d 37 24 9b 33 9f 98 12 31 df 19 3c fe 15 56 4d 17 44 95 6e 61 9e 28 54 03 b9 0a 12 b9 19 e0 28 39 cf 3f ce 9d 63 a8 69 51 db 4a c2 56 f2 e0 c1 0a 46 14 0d d8 08 54 f1 eb 9f 6c d5 5d 7a c7 4d 86 e2 3b c9 60 9a 03 b8 0f 32 d9 d8 2a b0 61 9e 0f cb 86 2d 8c d1 18 d4 52 d5 b5 d8 76 be ac ad 79 e1 6b 5d 4b 45 8e dd a7 ba b7 54 ff 00 54 ac a1 c8 c9 ce 08 1f 7b 82 2b 6b c2 7e 18 d2 b4 a4 97 88 5a 17 70 52 59 58 95 03 1d f0 3f a5 73 da 6e bb b3 5e d4 7c 8b 93 70 90 2e 23 50 37 a3 e3 19 3d 07 cc 39 ed 50 4d e2 78 2c 8a c9 6b 7b 3c b0 2c bb 42 6d 60 f0 2e 4f 52 72 18 60 10 33 cf d6 bb 20 eb de d7 2a 15 ad a9 eb b1 e9 30 de Data Ascii: 8f-2qQwSyu)I+&>7%57$31<VMDna(T(9?ciQJVFTl]zM;`2a-Rvyk]KETT{+k~ZpRYX?sn^\|p.#P7=9PMx,k{<,Bm`.ORr`3 *0
2024-05-22 20:13:00 UTC	1244	IN	Data Raw: 2f 93 81 21 7d a7 68 72 3d 4f 56 eb ed 51 78 3a da ee f6 c0 ea 57 9e 29 83 4f 69 89 41 67 3e 0c 81 46 47 0d b8 64 f3 80 76 f1 ce 31 5d 4e b7 67 6f ab 58 bd 9d cb ba 23 32 b6 53 83 95 39 07 a7 a8 af 3f d6 74 39 f4 8d 5d 64 86 e8 5c c7 0c 2f 77 89 78 3b 54 e0 8e 01 e7 e6 e2 b6 c3 e0 70 8a 56 a8 ac be 66 75 2a 54 51 f7 15 d9 bd a7 e9 b1 78 a3 c3 37 92 cc a2 d2 78 67 31 47 71 1b 1d db 97 e6 24 fa 9c 31 1c 9e 33 5c ed df 88 05 9e 9e ba 5d dd a8 ba 26 30 16 56 9b 6b 21 04 91 8e 3b 13 fe 71 59 3a bf 87 3c 40 97 f0 24 57 12 c2 97 6e 5f 10 c8 41 5c f2 c3 b6 78 c5 2c be 13 d7 5a e8 4f 73 12 3c 79 19 42 c4 10 07 1e a7 9e f5 9b c1 61 de 91 5b 79 b2 94 e6 95 d9 b1 e2 0b 1b 3f 0f 69 ab ab 47 16 27 52 81 84 43 62 ba b9 24 a9 1f 46 db 90 41 e0 1a c3 92 fa eb 56 d1 e7 d3 Data Ascii: /!}hr=OVQx:W)OiAg>FGdv1]NgoX#2S9?t9]d\/wx;TpVfu*TQx7xg1Gq$13\]&0Vk!;qY:<@$Wn_A\x,ZOs<yBa[y?iG'RCb$FAV
2024-05-22 20:13:00 UTC	1390	IN	Data Raw: 8b 47 8d fc 40 f8 6d 18 99 af 3c 2a 8f 71 6c e7 98 32 0b 47 e9 83 dc 7e 39 af 2a bf b2 d4 ad 19 95 95 91 a3 3f 34 6d 90 c3 f0 35 f5 2f 8b 34 d1 61 a1 5c 48 ba 85 c5 9c 72 48 b9 72 42 e4 f4 03 38 eb d0 7a 7a f1 5c 36 9b 21 d6 4a a5 f3 e9 b7 96 c8 19 0f 9b 6a 3c e9 7d 32 d9 f9 48 f6 ae ec 3f b4 94 7d dd 51 cb 57 96 2f 5d 0f 9d ae 6e 64 7f bc cd f4 35 5c cb 29 f9 83 36 3d 6b e8 fd 67 e0 ce 87 ac c2 d2 e8 f7 1f 66 90 f3 b6 47 df 83 e8 70 01 c7 e7 5c b5 cf c0 3d 79 63 2b 6d a9 59 3e 0e 18 06 6c 0f 6e 95 a7 d6 61 17 cb 2d 19 2a 9c a5 aa d4 f2 ad 1e d9 75 16 8e d6 27 97 ed 6f 20 52 4e 36 2a 9c 0f e7 5b fa ef 84 52 20 c9 61 78 d2 cf 0a ed 68 df f8 cf 7d a7 bd 76 16 df 04 f5 fd 3e da 5d 4a e2 ea 14 8a 25 2d 88 f2 db f1 f7 ba 81 d2 b9 4d 4b ed 5a 45 cc 71 3c ac 42 Data Ascii: G@m<ql2G~9?4m5/4a\HrHrB8zz\6!Jj<}2H?}QW/]nd5\)6=kgfGp\=yc+mY>lna-u'o RN6[R axh}v>]J%-MKZEq<B

Target ID:	0
Start time:	16:12:12
Start date:	22/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13f3b0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	16:12:13
Start date:	22/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1296,i,15652934967299704793,8133894200337167892,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13f3b0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	6
Start time:	16:12:18
Start date:	22/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw=="
Imagebase:	0x13f3b0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre