Edit tour

Windows Analysis Report
https://bdvonline-personas-139.pages.dev/

Overview

General Information

Sample URL:	https://bdvonline-personas-139.pages.dev/
Analysis ID:	1533140
Tags:	openphish
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected BlockedWebSite

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2460,i,14020319440236416227,15012761673439979685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bdvonline-personas-139.pages.dev/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
dropped/chromecache_137	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
dropped/chromecache_154	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
dropped/chromecache_169	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /cdn-cgi/rum? HTTP/1.1Host: www.cloudflare.comConnection: keep-aliveContent-Length: 1630sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36content-type: application/jsonAccept: */*Origin: https://www.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/learning/access-management/phishing-attack/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=Pkzzda9dyWSFGCqzzpXQOCurcfuGHzWurad9gCqunCk-1728906562-1.0.1.1-sJeRjGUfQTw.lQRkf1GBLIjg9TTNTlEtWj05iJLrO4EE9gCaSUdQq1hZz3Bx6MtNWXGDTAfzMXMNNgRTu_8SIEJC60dNFn3lk3fpnaI3DII

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 14 Oct 2024 11:49:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 9597Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: a013aae6-c603-467a-ae53-6f8578c55a8fvary: Origindate: Mon, 14 Oct 2024 11:49:33 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 68deabb4-aa61-4811-9bd0-49e549d3cb64vary: Origindate: Mon, 14 Oct 2024 11:49:35 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 9d441a3e-b83d-48c8-8793-686731f13964vary: Origindate: Mon, 14 Oct 2024 11:49:37 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: e565a720-7002-4b92-8f60-6be5fcaf6b22vary: Origindate: Mon, 14 Oct 2024 11:49:39 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 5c104e4b-6af0-4783-81c4-e2ba6354bd19vary: Origindate: Mon, 14 Oct 2024 11:49:41 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 1a730060-9efd-4f28-926f-674a86561f24vary: Origindate: Mon, 14 Oct 2024 11:49:41 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 8f37e5c6-5043-408b-9396-11985e1e9ef6vary: Origindate: Mon, 14 Oct 2024 11:49:43 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: ddf6d1b0-c4b8-4486-a06f-0ccf4b33480bvary: Origindate: Mon, 14 Oct 2024 11:49:52 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: faf9d860-9500-4e7d-a71d-9c262764e6f3vary: Origindate: Mon, 14 Oct 2024 11:49:55 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 35fa7263-6842-47b2-9681-431b5f8c81f5vary: Origindate: Mon, 14 Oct 2024 11:49:56 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: c0b59fef-7c5d-45ec-be77-71c56c6e1559vary: Origindate: Mon, 14 Oct 2024 11:49:58 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 2322e82e-9932-405c-902f-497bb861d68cvary: Origindate: Mon, 14 Oct 2024 11:49:58 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 80d3779f-8ec7-413c-a446-74194978129bvary: Origindate: Mon, 14 Oct 2024 11:50:06 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 0b32b847-a0e9-4b88-9090-52d718aba947vary: Origindate: Mon, 14 Oct 2024 11:50:08 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 912dd3d6-3713-4de7-a192-ad2dbbdb7755vary: Origindate: Mon, 14 Oct 2024 11:50:10 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 0e4ffe5b-910b-4ea4-ba25-5176827591bdvary: Origindate: Mon, 14 Oct 2024 11:50:11 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 3499bcf8-662d-4213-92e7-1fa17285ea8fvary: Origindate: Mon, 14 Oct 2024 11:50:11 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 7133fa55-b499-4723-9345-f124a709b88avary: Origindate: Mon, 14 Oct 2024 11:50:20 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 3f0986b9-08fd-4313-a25e-43f7fa1cf5f5vary: Origindate: Mon, 14 Oct 2024 11:50:20 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 9c1dafbe-146d-427f-95e3-bd4adc25ec7evary: Origindate: Mon, 14 Oct 2024 11:50:22 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: c6d05e98-d5df-4381-80d9-90d857d46407vary: Origindate: Mon, 14 Oct 2024 11:50:24 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 544ed3b7-8aee-42a3-8236-8101e195b360vary: Origindate: Mon, 14 Oct 2024 11:50:24 GMTx-konductor: N/Ax-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close

Source: chromecache_305.2.dr	String found in binary or memory: https://ad.doubleclick.net
Source: chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr	String found in binary or memory: https://ade.googlesyndication.com
Source: chromecache_235.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_165.2.dr	String found in binary or memory: https://alb.reddit.com/rp.gif?event=PageVisit&id=t2_1upmecjq&ts=1728906570903&uuid=5cbc957d-26df-497
Source: chromecache_186.2.dr	String found in binary or memory: https://alb.reddit.com/rp.gif?event=PageVisit&id=t2_1upmecjq&ts=1728906571675&uuid=5cbc957d-26df-497
Source: chromecache_309.2.dr, chromecache_202.2.dr	String found in binary or memory: https://api.www.cloudflare.com/api/v1
Source: chromecache_148.2.dr, chromecache_244.2.dr	String found in binary or memory: https://app.qualified.com
Source: chromecache_185.2.dr, chromecache_258.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.js
Source: chromecache_254.2.dr, chromecache_168.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_Acti
Source: chromecache_249.2.dr, chromecache_241.2.dr	String found in binary or memory: https://assets.adobedtm.com/f597f8065f97/065ba81630d7/621485069190/RC392ad6d4bbf94c7283b4eda6cbf689a
Source: chromecache_300.2.dr, chromecache_219.2.dr	String found in binary or memory: https://assets.adobedtm.com/f597f8065f97/065ba81630d7/launch-efab6d095ce0.js
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://blog.cloudflare.com/cloudflare-waap-named-leader-gartner-magic-quadrant-2022/
Source: chromecache_162.2.dr, chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr, chromecache_235.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/17RhepZZwxiD452Hs0gKFk/5324e2c81dcdef79c74efea2c60
Source: chromecache_222.2.dr, chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/1W5s21iEz5Zk92rEr9cGr3/729e55fb2d26df7970d1c04d604
Source: chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/1qyDEBnfSjGjDAj5V6Zo1g/f8c8126789bc16fa0329943b0d4
Source: chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/1rVmRBDX3KhZOe2FREoYOz/24f44a8dbe53111346d97dc59b7
Source: chromecache_245.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2fMg89go9MegG1EDg39mNy/5a42817cd388ae352f77f56e53b
Source: chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/35yeieyQns5B8WsFes9Z20/8bf36cbf9edf546c30cc9e3e082
Source: chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/3jxszSMXRhwiwHDa1VPXFw/cc6439cd93a107bd0986bb6d5dc
Source: chromecache_142.2.dr, chromecache_145.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/42XkFj9Uywkm8Jahf62RtP/0563d91cc1fa54da2bf2c50bad8
Source: chromecache_142.2.dr, chromecache_145.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/4sfL2iS6H10uq2waT6ehym/ad18b77fa469ce07f23d22e19ab
Source: chromecache_222.2.dr, chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/53qCYhQbir5WtIU0VDWESo/954a48bfb17f429acf469e5f143
Source: chromecache_222.2.dr, chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/68TLXIuB6HOZo3RgLAp1Ji/6a953e33858490426d4e2ca753b
Source: chromecache_245.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/6bNeiYhSx0RGvbzxS5Fi8c/3ff83bcc36e86e85170201f8264
Source: chromecache_303.2.dr, chromecache_143.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/6i8d186tH2iueYvgwVRaJf/ab27fd31033bdd31aea69065480
Source: chromecache_222.2.dr, chromecache_194.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/78RmfBmlwmzHeGK2Aqj65M/369cfa6b2402b7e6007941839e0
Source: chromecache_303.2.dr, chromecache_143.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/mJZqOomHta2MLLB73P8Hs/9378861761815b3adf7bcb7734d6
Source: chromecache_147.2.dr, chromecache_265.2.dr, chromecache_233.2.dr, chromecache_152.2.dr	String found in binary or memory: https://developers.marketo.com/MunchkinLicense.pdf
Source: chromecache_183.2.dr	String found in binary or memory: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1744631373&external_user_id=b38ab54
Source: chromecache_245.2.dr	String found in binary or memory: https://github.com/jonsuh/hamburgers
Source: chromecache_153.2.dr, chromecache_295.2.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_198.2.dr	String found in binary or memory: https://google.com
Source: chromecache_198.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_245.2.dr	String found in binary or memory: https://jonsuh.com/hamburgers
Source: chromecache_148.2.dr, chromecache_244.2.dr	String found in binary or memory: https://js.qualified.com
Source: chromecache_235.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_162.2.dr, chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr, chromecache_235.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_183.2.dr	String found in binary or memory: https://partners.tremorhub.com/sync?UIDM=b38ab54c-9c10-481f-8df6-b4a2e66240df
Source: chromecache_183.2.dr	String found in binary or memory: https://pixel.rubiconproject.com/tap.php?nid=5578&put=b38ab54c-9c10-481f-8df6-b4a2e66240df&v
Source: chromecache_165.2.dr, chromecache_186.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect/?fmt=js&v=2&url=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fac
Source: chromecache_165.2.dr, chromecache_186.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif
Source: chromecache_148.2.dr, chromecache_244.2.dr	String found in binary or memory: https://schedule.qualified.com
Source: chromecache_136.2.dr	String found in binary or memory: https://schema.org/Answer
Source: chromecache_245.2.dr	String found in binary or memory: https://schema.org/FAQPage
Source: chromecache_136.2.dr	String found in binary or memory: https://schema.org/Question
Source: chromecache_165.2.dr, chromecache_186.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_177.2.dr, chromecache_151.2.dr	String found in binary or memory: https://staging.mrk.cfdata.org/mrk/redwood-blade-repository/
Source: chromecache_165.2.dr, chromecache_186.2.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_162.2.dr, chromecache_235.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_165.2.dr, chromecache_186.2.dr	String found in binary or memory: https://tag.demandbase.com/1be41a80498a5b73.min.js
Source: chromecache_162.2.dr, chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr, chromecache_235.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_309.2.dr, chromecache_202.2.dr	String found in binary or memory: https://www.cloudflare.com
Source: chromecache_137.2.dr, chromecache_154.2.dr, chromecache_169.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/solutions/
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/solutions/app-performance-monitoring/
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/how-to-implement-zero-trust/
Source: chromecache_137.2.dr, chromecache_154.2.dr, chromecache_169.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/
Source: chromecache_148.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/lp/multi-channel-phishing-demo?utm_medium=banner
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/network-services/solutions/enterprise-network-security/
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/network-services/solutions/network-monitoring-tools/
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/products/zero-trust/threat-defense/
Source: chromecache_264.2.dr, chromecache_184.2.dr	String found in binary or memory: https://www.cloudflare.com/saas/)
Source: chromecache_248.2.dr	String found in binary or memory: https://www.cloudflare.com/static/z/s.js?z=
Source: chromecache_186.2.dr	String found in binary or memory: https://www.cloudflare.com/static/z/t
Source: chromecache_229.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.cloudflare.com/zero-trust/
Source: chromecache_235.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_198.2.dr, chromecache_305.2.dr, chromecache_235.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_235.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_290.2.dr, chromecache_198.2.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr	String found in binary or memory: https://www.googletagmanager.com/dclk/ns/v1.js
Source: chromecache_290.2.dr, chromecache_198.2.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_162.2.dr, chromecache_235.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50426 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@20/284@158/51

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2460,i,14020319440236416227,15012761673439979685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bdvonline-personas-139.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2460,i,14020319440236416227,15012761673439979685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://bdvonline-personas-139.pages.dev/	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Source	Detection	Scanner	Label
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	0%	URL Reputation	safe
https://stats.g.doubleclick.net/g/collect	0%	URL Reputation	safe
https://developers.marketo.com/MunchkinLicense.pdf	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
prod-default.lb.logrocket.network	104.198.23.205	true	false	unknown
static.cloudflareinsights.com	104.16.80.73	true	false	unknown
s.dsp-prod.demandbase.com	34.96.71.22	true	false	unknown
adservice.google.com	142.250.186.162	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
platform.twitter.map.fastly.net	199.232.188.157	true	false	unknown
stats.g.doubleclick.net	74.125.133.155	true	false	unknown
ot.www.cloudflare.com	104.16.124.96	true	false	unknown
tag.demandbase.com	18.239.50.124	true	false	unknown
t.co	172.66.0.227	true	false	unknown
performance.radar.cloudflare.com	104.18.30.78	true	false	unknown
www.google.com	172.217.16.196	true	false	unknown
demdex.net.ssl.sc.omtrdc.net	63.140.62.222	true	false	unknown
api.www.cloudflare.com	104.16.123.96	true	false	unknown
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	54.75.226.102	true	false	unknown
cf-assets.www.cloudflare.com	104.16.123.96	true	false	unknown
id.rlcdn.com	35.244.174.68	true	false	unknown
tag-logger.demandbase.com	18.173.205.104	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
ax-0001.ax-dc-msedge.net	150.171.30.10	true	false	unknown
s.twitter.com	104.244.42.195	true	false	unknown
ad.doubleclick.net	142.250.186.70	true	false	unknown
js.qualified.com	104.18.16.5	true	false	unknown
ws6.qualified.com	104.18.17.5	true	false	unknown
ax-0001.ax-msedge.net	150.171.28.10	true	false	unknown
bdvonline-personas-139.pages.dev	188.114.97.3	true	false	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
di.rlcdn.com	35.244.174.68	true	false	unknown
www.cloudflare.com	104.16.124.96	true	false	unknown
cdn.logr-ingest.com	188.114.97.3	true	false	unknown
reddit.map.fastly.net	151.101.193.140	true	false	unknown
googleads.g.doubleclick.net	142.250.186.98	true	false	unknown
dsum-sec.casalemedia.com	172.64.151.101	true	false	unknown
challenges.cloudflare.com	104.18.95.41	true	false	unknown
adobedc.net.ssl.sc.omtrdc.net	63.140.62.27	true	false	unknown
api.company-target.com	18.66.102.127	true	false	unknown
td.doubleclick.net	142.250.186.162	true	false	unknown
analytics.google.com	216.58.206.46	true	false	unknown
fp2c5c.wac.kappacdn.net	152.195.15.58	true	false	unknown
partners-alb-1113315349.us-east-1.elb.amazonaws.com	3.228.180.107	true	false	unknown
713-xsc-918.mktoresp.com	192.28.144.124	true	false	unknown
alb.reddit.com	unknown	unknown	false	unknown
static.ads-twitter.com	unknown	unknown	false	unknown
cm.everesttech.net	unknown	unknown	false	unknown
cdn.bizibly.com	unknown	unknown	false	unknown
cloudflareinc.demdex.net	unknown	unknown	false	unknown
adobedc.demdex.net	unknown	unknown	false	unknown
cdn.bizible.com	unknown	unknown	false	unknown
dpm.demdex.net	unknown	unknown	false	unknown
s.company-target.com	unknown	unknown	false	unknown
assets.adobedtm.com	unknown	unknown	false	unknown
www.linkedin.com	unknown	unknown	false	unknown
pixel.rubiconproject.com	unknown	unknown	false	unknown
px.ads.linkedin.com	unknown	unknown	false	unknown
munchkin.marketo.net	unknown	unknown	false	unknown
analytics.twitter.com	unknown	unknown	false	unknown
r.logr-ingest.com	unknown	unknown	false	unknown
snap.licdn.com	unknown	unknown	false	unknown
partners.tremorhub.com	unknown	unknown	false	unknown
edge.adobedc.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=757512933	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/6XVeELky7fceWRpfBvN8qr/4e13aa3d8dd73e1f091f3de966fdc9cb/logo_shopify_trusted-by_gray.svg	false		unknown
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	false	URL Reputation: safe	unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=1872343991	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=80d3779f-8ec7-413c-a446-74194978129b	false		unknown
https://cloudflareinc.demdex.net/dest5.html?d_nsid=0	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/78RmfBmlwmzHeGK2Aqj65M/369cfa6b2402b7e6007941839e0c763f/target.svg	false		unknown
https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js	false		unknown
https://www.cloudflare.com/static/z/i.js	false		unknown
https://www.cloudflare.com/page-data/under-attack-hotline/page-data.json	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/68TLXIuB6HOZo3RgLAp1Ji/6a953e33858490426d4e2ca753bea3ad/documentation-list.svg	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2TfcZ86qvZor2xtI2z4Vvr/ef54112582296119f4296869c34ba025/logo_23andme_color_32px-wrapper.svg	false		unknown
https://www.cloudflare.com/component---src-components-page-page-template-tsx-e8f402608db957d80aa4.js	false		unknown
https://api.company-target.com/api/v3/ip.json?referrer=https%3A%2F%2Fbdvonline-personas-139.pages.dev%2F&page=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-management%2Fphishing-attack%2F&page_title=What%20is%20a%20phishing%20attack%3F%20%7C%20Cloudflare	false		unknown
https://www.cloudflare.com/page-data/plans/page-data.json	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/OMwO1Fr8BxHVum0iBbatc/979c1807f5810edc903d4b07c18e0cb0/logo_ibm_trusted-by_gray.svg	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=211096696	false		unknown
https://713-xsc-918.mktoresp.com/webevents/clickLink?_mchNc=1728906589903&_mchHr=https%3A%2F%2Fwww.cloudflare.com%2Funder-attack-hotline%2F&_mchId=713-XSC-918&_mchTk=_mch-cloudflare.com-1728906573263-63077&_mchCn=&_mchHo=www.cloudflare.com&_mchPo=&_mchRu=%2Fplans%2Fenterprise%2Fcontact%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=8AD56F28618A50850A495FB6%40AdobeOrg%3A6%3A07509857375602687522174182126095484333&	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=207070667	false		unknown
https://www.cloudflare.com/img/learning/security/threats/phishing-attack/diagram-phishing-attack.png	false		unknown
https://api.www.cloudflare.com/api/v1/marketo/form/4116	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/1W5s21iEz5Zk92rEr9cGr3/729e55fb2d26df7970d1c04d6040ffca/cloudflare-spectrum.svg	false		unknown
https://api.www.cloudflare.com/api/v1/marketo/form/1639	false		unknown
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=b7eb7575-66f4-4ddb-ac18-1b22320de45e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8da700b2-3449-4f0d-b5d4-c8c8ea3af8c8&restricted_data_use=restrict_optimization&tw_document_href=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-management%2Fphishing-attack%2F&tw_iframe_status=0&txn_id=nvldc&type=javascript&version=2.3.30	false		unknown
https://di.rlcdn.com/710030.gif?pdata=d=desktop,lc=US,ref=bdvonline-personas-139.pages.dev	false		unknown
https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=4bVQX9yzxUqR2K1uEOEST_fwhUAJcNF9pxSiqTgvpBVPu3uTUofznQ==&api-version=v3	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=faf9d860-9500-4e7d-a71d-9c262764e6f3	false		unknown
https://cdn.bizible.com/ipv?_biz_r=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2Fenterprise%2Fcontact%2F&_biz_h=-1777624096&_biz_u=6da5fae988ab4438927e5cd740ac2ad8&_biz_l=https%3A%2F%2Fwww.cloudflare.com%2Funder-attack-hotline%2F&_biz_t=1728906591406&_biz_i=Website%20Under%20Attack%3F%20%7C%20Get%2024%2F7%20Emergency%20Support%20%7C%20Cloudflare&_biz_n=4&rnd=236164&cdn_o=a&_biz_z=1728906591407	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=c6d05e98-d5df-4381-80d9-90d857d46407	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=c0b59fef-7c5d-45ec-be77-71c56c6e1559	false		unknown
https://cdn.bizibly.com/u?_biz_u=6da5fae988ab4438927e5cd740ac2ad8&_biz_l=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-management%2Fphishing-attack%2F&_biz_t=1728906571383&_biz_i=What%20is%20a%20phishing%20attack%3F%20%7C%20Cloudflare&rnd=436662&cdn_o=a&_biz_z=1728906571383	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/5YRPa33UFrfL2zoZd2AXTq/658995f16c7ee4818875c254c18573d3/logo_zendesk_gray_32px-wrapper.svg	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=1127061315	false		unknown
https://www.cloudflare.com/cdn-cgi/rum?	false		unknown
https://www.cloudflare.com/page-data/sq/d/3199558980.json	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=7133fa55-b499-4723-9345-f124a709b88a	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=1258250659	false		unknown
https://www.cloudflare.com/page-data/learning/access-management/what-is-sase/page-data.json	false		unknown
https://js.qualified.com/qualified.js?token=37pXYrro6wCZbsU7	false		unknown
https://www.cloudflare.com/static/z/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyV2hhdCUyMGlzJTIwYSUyMHBoaXNoaW5nJTIwYXR0YWNrJTNGJTIwJTdDJTIwQ2xvdWRmbGFyZSUyMiUyQyUyMnglMjIlM0EwLjc3NjcxMzM3MzEwNDExNTQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTkwNyUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGd3d3LmNsb3VkZmxhcmUuY29tJTJGbGVhcm5pbmclMkZhY2Nlc3MtbWFuYWdlbWVudCUyRnBoaXNoaW5nLWF0dGFjayUyRiUyMiUyQyUyMnIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJkdm9ubGluZS1wZXJzb25hcy0xMzkucGFnZXMuZGV2JTJGJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTI0MCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2fMg89go9MegG1EDg39mNy/5a42817cd388ae352f77f56e53b1ff81/card-new.png	false		unknown
https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/otSDKStub.js	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=8f37e5c6-5043-408b-9396-11985e1e9ef6	false		unknown
https://www.cloudflare.com/plans/enterprise/contact/	false		unknown
https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/202407.2.0/assets/otCommonStyles.css	false		unknown
https://www.cloudflare.com/under-attack-hotline/	false		unknown
https://bdvonline-personas-139.pages.dev/favicon.ico	true		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=602715775	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/1AsuJijKk8EMH5s1ae56nx/b13406881aa864b7e17b2233a0d090ef/logo_labcorp_trusted-by_gray.svg	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=9d441a3e-b83d-48c8-8793-686731f13964	false		unknown
https://www.cloudflare.com/page-data/sq/d/1048862057.json	false		unknown
https://www.cloudflare.com/static/enablement-background-6de78040ef0acc8d2e8a596988c5f5d8.svg	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=1438530853	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/3jxszSMXRhwiwHDa1VPXFw/cc6439cd93a107bd0986bb6d5dcd8a97/network-scale.svg	false		unknown
https://cdn.bizible.com/ipv?_biz_r=https%3A%2F%2Fbdvonline-personas-139.pages.dev%2F&_biz_h=-1777624096&_biz_u=6da5fae988ab4438927e5cd740ac2ad8&_biz_l=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-management%2Fphishing-attack%2F&_biz_t=1728906571374&_biz_i=What%20is%20a%20phishing%20attack%3F%20%7C%20Cloudflare&_biz_n=0&rnd=822394&cdn_o=a&_biz_z=1728906571376	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=1287835199	false		unknown
https://www.cloudflare.com/component---src-components-learning-center-templates-learning-center-article-template-tsx-3829de0a7f78a2ec4b91.js	false		unknown
https://r.logr-ingest.com/i?a=ykolez%2Fcloudflarecom&r=5-f8096fe4-831a-4d20-817a-7a524c7a0b59&t=5ae08d0c-1e37-4685-ba0a-ba0fcea24fc4&s=0&rs=0%2Ct&ct=27.02428635912506	false		unknown
https://ws6.qualified.com/cable?wv=9&token=37pXYrro6wCZbsU7&vu=4c26ad04-7ab0-44aa-9abe-a07d8b5884e5&wu=712b5cf7-11a0-4377-a293-e438e8815974&ca=2024-10-14T11%3A49%3A32.149Z&tz=America%2FNew_York&bis=5&referrer=https%3A%2F%2Fbdvonline-personas-139.pages.dev%2F&pv=1&fv=2024-10-14-0ff1e48010&iml=false&ic=false	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=0b32b847-a0e9-4b88-9090-52d718aba947	false		unknown
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=8AD56F28618A50850A495FB6%40AdobeOrg&d_nsid=0&ts=1728906570005	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=68deabb4-aa61-4811-9bd0-49e549d3cb64	false		unknown
https://alb.reddit.com/rp.gif?event=PageVisit&id=t2_1upmecjq&ts=1728906570903&uuid=5cbc957d-26df-497a-b97f-a936138e5943&integration=reddit&opt_out=0&v=rdt_65e23bc4&sh=1024&sw=1280	false		unknown
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=a5d8b31e-2816-450a-8594-f1e866c1d98b&_u=KGDAAEADQAAAAC%7E&z=31724050	false		unknown
https://www.cloudflare.com/img/privacyoptions.svg	false		unknown
https://ot.www.cloudflare.com/public/vendor/onetrust/consent/b1e05d49-f072-4bae-9116-bdb78af15448/018debfb-4917-76f1-8862-8a2f83812baa/en.json	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/5wB2WP2bwo7zdgVhToslhe/447d1f23d1b8ac77e61e2819465f58fe/ease-of-use-toggle.svg	false		unknown
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=544ed3b7-8aee-42a3-8236-8101e195b360	false		unknown
https://cdn.bizible.com/ipv?_biz_r=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2Fenterprise%2Fcontact%2F&_biz_h=-1777624096&_biz_u=6da5fae988ab4438927e5cd740ac2ad8&_biz_l=https%3A%2F%2Fwww.cloudflare.com%2Funder-attack-hotline%2F&_biz_t=1728906619396&_biz_i=Website%20Under%20Attack%3F%20%7C%20Get%2024%2F7%20Emergency%20Support%20%7C%20Cloudflare&_biz_n=6&rnd=336376&cdn_o=a&_biz_z=1728906619397	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alb.reddit.com/rp.gif?event=PageVisit&id=t2_1upmecjq&ts=1728906570903&uuid=5cbc957d-26df-497	chromecache_165.2.dr	false		unknown
https://stats.g.doubleclick.net/g/collect	chromecache_162.2.dr, chromecache_235.2.dr	false	URL Reputation: safe	unknown
https://www.cloudflare.com/network-services/solutions/network-monitoring-tools/	chromecache_229.2.dr, chromecache_136.2.dr	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/78RmfBmlwmzHeGK2Aqj65M/369cfa6b2402b7e6007941839e0	chromecache_222.2.dr, chromecache_194.2.dr	false		unknown
https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif	chromecache_165.2.dr, chromecache_186.2.dr	false		unknown
https://www.cloudflare.com/network-services/solutions/enterprise-network-security/	chromecache_229.2.dr, chromecache_136.2.dr	false		unknown
https://www.cloudflare.com/saas/)	chromecache_264.2.dr, chromecache_184.2.dr	false		unknown
https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_Acti	chromecache_254.2.dr, chromecache_168.2.dr	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/4sfL2iS6H10uq2waT6ehym/ad18b77fa469ce07f23d22e19ab	chromecache_142.2.dr, chromecache_145.2.dr	false		unknown
https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/	chromecache_229.2.dr, chromecache_136.2.dr	false		unknown
https://www.cloudflare.com/learning/access-management/how-to-implement-zero-trust/	chromecache_229.2.dr, chromecache_136.2.dr	false		unknown
https://blog.cloudflare.com/cloudflare-waap-named-leader-gartner-magic-quadrant-2022/	chromecache_229.2.dr, chromecache_136.2.dr	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/6bNeiYhSx0RGvbzxS5Fi8c/3ff83bcc36e86e85170201f8264	chromecache_245.2.dr	false		unknown
https://www.cloudflare.com/static/z/s.js?z=	chromecache_248.2.dr	false		unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_137.2.dr, chromecache_154.2.dr, chromecache_169.2.dr	false		unknown
https://developers.marketo.com/MunchkinLicense.pdf	chromecache_147.2.dr, chromecache_265.2.dr, chromecache_233.2.dr, chromecache_152.2.dr	false	URL Reputation: safe	unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/3jxszSMXRhwiwHDa1VPXFw/cc6439cd93a107bd0986bb6d5dc	chromecache_194.2.dr	false		unknown
https://github.com/js-cookie/js-cookie	chromecache_153.2.dr, chromecache_295.2.dr	false		unknown
https://staging.mrk.cfdata.org/mrk/redwood-blade-repository/	chromecache_177.2.dr, chromecache_151.2.dr	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/1W5s21iEz5Zk92rEr9cGr3/729e55fb2d26df7970d1c04d604	chromecache_222.2.dr, chromecache_194.2.dr	false		unknown
https://js.qualified.com	chromecache_148.2.dr, chromecache_244.2.dr	false		unknown
https://assets.adobedtm.com/f597f8065f97/065ba81630d7/launch-efab6d095ce0.js	chromecache_300.2.dr, chromecache_219.2.dr	false		unknown
https://app.qualified.com	chromecache_148.2.dr, chromecache_244.2.dr	false		unknown
https://jonsuh.com/hamburgers	chromecache_245.2.dr	false		unknown
https://assets.adobedtm.com/f597f8065f97/065ba81630d7/621485069190/RC392ad6d4bbf94c7283b4eda6cbf689a	chromecache_249.2.dr, chromecache_241.2.dr	false		unknown
https://googleads.g.doubleclick.net	chromecache_198.2.dr	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2fMg89go9MegG1EDg39mNy/5a42817cd388ae352f77f56e53b	chromecache_245.2.dr	false		unknown
https://td.doubleclick.net	chromecache_162.2.dr, chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr, chromecache_235.2.dr	false		unknown
https://www.cloudflare.com/application-services/solutions/app-performance-monitoring/	chromecache_229.2.dr, chromecache_136.2.dr	false		unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/mJZqOomHta2MLLB73P8Hs/9378861761815b3adf7bcb7734d6	chromecache_303.2.dr, chromecache_143.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.28.144.124	713-xsc-918.mktoresp.com	United States	15224	OMNITUREUS	false
18.66.102.127	api.company-target.com	United States	3	MIT-GATEWAYSUS	false
104.16.80.73	static.cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false
18.173.205.94	unknown	United States	3	MIT-GATEWAYSUS	false
3.228.180.107	partners-alb-1113315349.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
151.101.193.140	reddit.map.fastly.net	United States	54113	FASTLYUS	false
54.75.226.102	dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.198.23.205	prod-default.lb.logrocket.network	United States	15169	GOOGLEUS	false
63.140.62.222	demdex.net.ssl.sc.omtrdc.net	United States	15224	OMNITUREUS	false
104.18.30.78	performance.radar.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.70	ad.doubleclick.net	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.16.124.96	ot.www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
162.159.140.229	unknown	United States	13335	CLOUDFLARENETUS	false
34.96.71.22	s.dsp-prod.demandbase.com	United States	15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
63.140.62.17	unknown	United States	15224	OMNITUREUS	false
104.18.36.155	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.46	analytics.google.com	United States	15169	GOOGLEUS	false
104.18.16.5	js.qualified.com	United States	13335	CLOUDFLARENETUS	false
18.239.50.124	tag.demandbase.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	bdvonline-personas-139.pages.dev	European Union	13335	CLOUDFLARENETUS	false
142.250.185.194	unknown	United States	15169	GOOGLEUS	false
199.232.188.157	platform.twitter.map.fastly.net	United States	54113	FASTLYUS	false
35.244.174.68	id.rlcdn.com	United States	15169	GOOGLEUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false
74.125.133.155	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
18.203.49.75	unknown	United States	16509	AMAZON-02US	false
152.195.15.58	fp2c5c.wac.kappacdn.net	United States	15133	EDGECASTUS	false
172.64.151.101	dsum-sec.casalemedia.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.166	unknown	United States	15169	GOOGLEUS	false
18.239.50.58	unknown	United States	16509	AMAZON-02US	false
63.140.62.27	adobedc.net.ssl.sc.omtrdc.net	United States	15224	OMNITUREUS	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
150.171.30.10	ax-0001.ax-dc-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
150.171.28.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.173.205.104	tag-logger.demandbase.com	United States	3	MIT-GATEWAYSUS	false
104.16.79.73	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.98	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
18.66.102.85	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.186.162	adservice.google.com	United States	15169	GOOGLEUS	false
104.244.42.195	s.twitter.com	United States	13414	TWITTERUS	false
104.18.17.5	ws6.qualified.com	United States	13335	CLOUDFLARENETUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
172.66.0.227	t.co	United States	13335	CLOUDFLARENETUS	false
104.16.123.96	api.www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.86.136.198	unknown	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1533140
Start date and time:	2024-10-14 13:48:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bdvonline-personas-139.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@20/284@158/51
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.250.186.174, 66.102.1.84, 34.104.35.123, 52.149.20.212, 192.229.221.95, 20.242.39.171, 2.19.126.137, 2.19.126.163, 184.28.89.29, 142.250.185.200, 13.85.23.206, 142.250.185.234, 142.250.186.138, 172.217.18.10, 142.250.186.106, 142.250.186.42, 142.250.184.234, 142.250.74.202, 216.58.206.74, 142.250.186.74, 172.217.16.138, 142.250.185.202, 142.250.185.170, 172.217.16.202, 142.250.185.74, 216.58.212.170, 142.250.181.234, 142.250.186.72, 88.221.110.136, 88.221.110.227, 104.102.43.106, 13.107.42.14, 34.252.167.206, 52.18.168.199, 34.255.61.41, 172.64.146.215, 104.18.41.41, 69.173.144.139, 69.173.144.165, 69.173.144.138, 88.221.110.91, 2.16.100.168, 142.250.185.99, 142.250.186.142, 216.239.34.178, 216.239.32.178, 216.239.36.178, 216.239.38.178
Excluded domains from analysis (whitelisted): pixel.rubiconproject.net.akadns.net, slscr.update.microsoft.com, cn-assets.adobedtm.com.edgekey.net, clientservices.googleapis.com, a767.dspw65.akamai.net, e10776.b.akamaiedge.net, wildcard.marketo.net.edgekey.net, l-0005.l-msedge.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, bat.bing.com, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.google-analytics.com, www-linkedin-com.l-0005.l-msedge.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, cm.everesttech.net.akadns.net, www-alv.google-analytics.com, ctldl.windowsupdate.com, od.linkedin.edgesuite.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, www.linkedin.com.cdn.clo
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://bdvonline-personas-139.pages.dev/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6758
Entropy (8bit):	4.759815109482734
Encrypted:	false
SSDEEP:	48:YghQC2P365rDjW6t16HZL9TtbSWF0H1fLFbe:pQjIrDjGHZL9TlzFsLFbe
MD5:	93895CDD3863C54B096D8918C47D6C26
SHA1:	34EE1D385F0CDB7801725A8024DD1F97DFEA7CFB
SHA-256:	F9164E6DE7C84569DCB2EB5C49844A0C5AF07B9A2410A05A691D360BEEECE0FD
SHA-512:	F6A393E933624C4B6A6E2F42040D509D91DE83172F94A707CCA0FB0588A6FFBC2B15FF0F82B358E144603DBB25168B070552443A96271931F27ED4C3D4B36CF0
Malicious:	false
Reputation:	low
Preview:	{"fields":[{"id":"Email","label":"Email:","dataType":"email","validationMessage":"Must be a valid business email.","rowNumber":0,"columnNumber":0,"required":true,"formPrefill":true,"visibilityRules":{"ruleType":"alwaysShow"}},{"id":"CloudFlare_POP__c","label":"CloudFlare POP:","dataType":"hidden","rowNumber":1,"columnNumber":0,"required":false,"autoFill":{"value":"","valueFrom":"default"}},{"id":"CountryCode__c","label":"CountryCode:","dataType":"hidden","rowNumber":2,"columnNumber":0,"required":false,"autoFill":{"value":"","valueFrom":"default"}},{"id":"Lead_Source_Detail__c","label":"Lead Source Detail:","dataType":"hidden","rowNumber":3,"columnNumber":0,"required":false,"autoFill":{"value":"","valueFrom":"default"}},{"id":"LeadSource","label":"Person Source:","dataType":"hidden","rowNumber":4,"columnNumber":0,"required":false,"autoFill":{"value":"","valueFrom":"default"}},{"id":"Accept_Language__c","label":"Accept Language:","dataType":"hidden","rowNumber":5,"columnNumber":0,"requir

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_137, type: DROPPED
Source: Yara match	File source: dropped/chromecache_154, type: DROPPED
Source: Yara match	File source: dropped/chromecache_169, type: DROPPED

Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://s.company-target.com/s/sync?exc=lr
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://s.company-target.com/s/sync?exc=lr
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: Iframe src: https://s.company-target.com/s/sync?exc=lr
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=9309168;type=a_pri_pv;cat=0p_qual;ord=1454570150249;npa=0;auiddc=1772907324.1728906570;u1=FL%20-%20Brand%20-%20GLOBAL%20-%20Quality%20Visit;u2=www.cloudflare.com;u3=%2Funder-attack-hotline%2F;u4=en-US;u5=1728906590090;u6=US;u7=false;u8=undefined;u9=undefined;u10=call_to_action;u12=undefined;ps=1;pcor=1717248629;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9164255219z8890325950za201zb890325950;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101686685~101823847;epver=2?
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=9309168;type=a_eng0;cat=3_timer;ord=4804677165094;npa=0;auiddc=1772907324.1728906570;u1=timer_event%20(30%20Sec);u2=www.cloudflare.com;u3=%2Funder-attack-hotline%2F;u4=en-US;u5=1728906590090;u6=US;u7=false;u8=undefined;u9=undefined;u10=call_to_action;u12=undefined;ps=1;pcor=2040583750;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9164255219z8890325950za201zb890325950;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101686685~101823847;epver=2?
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-SQCRB0TXZW&gacid=1169905655.1728906601&gtm=45je4a90v895724479z8890325950za200zb890325950&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=1388383549
Source: https://www.cloudflare.com/under-attack-hotline/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/under-attack-hotline/	HTTP Parser: Iframe src: https://s.company-target.com/s/sync?exc=lr

Source: https://bdvonline-personas-139.pages.dev/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon

Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="author".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="author".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="author".. found
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: No <meta name="author".. found
Source: https://www.cloudflare.com/under-attack-hotline/	HTTP Parser: No <meta name="author".. found

Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.cloudflare.com/plans/enterprise/contact/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.cloudflare.com/under-attack-hotline/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: chromecache_186.2.dr	String found in binary or memory: -->`;document.body.appendChild(d);};{\n!function(e,t,n,s,u,a){e.twq\|\|(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);\n},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',\na=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');\n// Insert Twitter Advertiser ID\ntwq('config','nvldc', {\n restricted_data_use: 'restrict_optimization' // or 'off'\n});\n};{const d = document.createElement('div');d.innerHTML = `<!-- Qualified -->\n\n\n<!-- End Qualified -->`;document.body.appendChild(d);};{\n(function(w,q){w['QualifiedObject']=q;w[q]=w[q]\|\|function(){\n(w[q].q=w[q].q\|\|[]).push(arguments)};})(window,'qualified')\n\n};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22async%22%3A%22%22%2C%22src%22%3A%22https%3A%2F%2Fjs.qualified.com%2Fqualified.js%3Ftoken%3D37pXYrro6wCZbsU7%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-8b90fb6e-9a74-4ccf-aade-0dff88976853%5C%22))%7D%22%2C%22order-id%22%3A%228b90fb6e-9a74-4ccf-aade-0dff88976853%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\n(function() {\n var didInit = false;\n function initMunchkin() {\n if(didInit === false) {\n didInit = true;\n Munchkin.init('713-XSC-918');\n }\n }\n var s = document.createElement('script');\n s.type = 'text/javascript';\n s.async = true;\n s.src = '//munchkin.marketo.net/munchkin-beta.js';\n s.onreadystatechange = function() {\n if (this.readyState == 'complete' \|\| this.readyState == 'loaded') {\n initMunchkin();\n }\n };\n s.onload = initMunchkin;\n document.getElementsByTagName('head')[0].appendChild(s);\n})();\n};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22type%22%3A%22text%2Fjavascript%22%2C%22src%22%3A%22https%3A%2F%2Fcdn.bizible.com%2Fscripts%2Fbizible.js%22%2C%22async%22%3A%22%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-a7f08d7f-640b-4096-8193-fd60ed674f5b%5C%22))%7D%22%2C%22order-id%22%3A%22a7f08d7f-640b-4096-8193-fd60ed674f5b%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{ dataLayer.push({'zarazGaClientId': ''}); };{\n(function(d,b,a,s,e){ var t = b.createElement(a), \n fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; \n fs.parentNode.insertBefore(t, fs); })\n(window,document,'script','https://tag.demandbase.com/1be41a80498a5b73.min.js','demandbase_js_lib'); \n};{(function(w,d){;d.cookie=unescape('facebook-pixel_OwdI__fb-pixel%3D%3B%20Domain%3Dcloudflare.com%3B%20Path%3D/%3B%20Max-Age%3D0');d.cookie
Source: chromecache_186.2.dr	String found in binary or memory: -->`;document.body.appendChild(d);};{\n!function(e,t,n,s,u,a){e.twq\|\|(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);\n},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',\na=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');\n// Insert Twitter Advertiser ID\ntwq('config','nvldc', {\n restricted_data_use: 'restrict_optimization' // or 'off'\n});\n};{const d = document.createElement('div');d.innerHTML = `<!-- Qualified -->\n\n\n<!-- End Qualified -->`;document.body.appendChild(d);};{\n(function(w,q){w['QualifiedObject']=q;w[q]=w[q]\|\|function(){\n(w[q].q=w[q].q\|\|[]).push(arguments)};})(window,'qualified')\n\n};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22async%22%3A%22%22%2C%22src%22%3A%22https%3A%2F%2Fjs.qualified.com%2Fqualified.js%3Ftoken%3D37pXYrro6wCZbsU7%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-8b90fb6e-9a74-4ccf-aade-0dff88976853%5C%22))%7D%22%2C%22order-id%22%3A%228b90fb6e-9a74-4ccf-aade-0dff88976853%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\n(function() {\n var didInit = false;\n function initMunchkin() {\n if(didInit === false) {\n didInit = true;\n Munchkin.init('713-XSC-918');\n }\n }\n var s = document.createElement('script');\n s.type = 'text/javascript';\n s.async = true;\n s.src = '//munchkin.marketo.net/munchkin-beta.js';\n s.onreadystatechange = function() {\n if (this.readyState == 'complete' \|\| this.readyState == 'loaded') {\n initMunchkin();\n }\n };\n s.onload = initMunchkin;\n document.getElementsByTagName('head')[0].appendChild(s);\n})();\n};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22type%22%3A%22text%2Fjavascript%22%2C%22src%22%3A%22https%3A%2F%2Fcdn.bizible.com%2Fscripts%2Fbizible.js%22%2C%22async%22%3A%22%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-a7f08d7f-640b-4096-8193-fd60ed674f5b%5C%22))%7D%22%2C%22order-id%22%3A%22a7f08d7f-640b-4096-8193-fd60ed674f5b%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{ dataLayer.push({'zarazGaClientId': ''}); };{\n(function(d,b,a,s,e){ var t = b.createElement(a), \n fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; \n fs.parentNode.insertBefore(t, fs); })\n(window,document,'script','https://tag.demandbase.com/1be41a80498a5b73.min.js','demandbase_js_lib'); \n};{(function(w,d){;d.cookie=unescape('facebook-pixel_OwdI__fb-pixel%3D%3B%20Domain%3Dcloudflare.com%3B%20Path%3D/%3B%20Max-Age%3D0');d.cookie
Source: chromecache_165.2.dr	String found in binary or memory: -->`;document.body.appendChild(d);};{\n!function(e,t,n,s,u,a){e.twq\|\|(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);\n},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',\na=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');\n// Insert Twitter Advertiser ID\ntwq('config','nvldc', {\n restricted_data_use: 'restrict_optimization' // or 'off'\n});\n};{const d = document.createElement('div');d.innerHTML = `<!-- Qualified -->\n\n\n<!-- End Qualified -->`;document.body.appendChild(d);};{\n(function(w,q){w['QualifiedObject']=q;w[q]=w[q]\|\|function(){\n(w[q].q=w[q].q\|\|[]).push(arguments)};})(window,'qualified')\n\n};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22async%22%3A%22%22%2C%22src%22%3A%22https%3A%2F%2Fjs.qualified.com%2Fqualified.js%3Ftoken%3D37pXYrro6wCZbsU7%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-b4292c3f-adce-4061-b2ea-aee58f22a138%5C%22))%7D%22%2C%22order-id%22%3A%22b4292c3f-adce-4061-b2ea-aee58f22a138%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\n(function() {\n var didInit = false;\n function initMunchkin() {\n if(didInit === false) {\n didInit = true;\n Munchkin.init('713-XSC-918');\n }\n }\n var s = document.createElement('script');\n s.type = 'text/javascript';\n s.async = true;\n s.src = '//munchkin.marketo.net/munchkin-beta.js';\n s.onreadystatechange = function() {\n if (this.readyState == 'complete' \|\| this.readyState == 'loaded') {\n initMunchkin();\n }\n };\n s.onload = initMunchkin;\n document.getElementsByTagName('head')[0].appendChild(s);\n})();\n};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22type%22%3A%22text%2Fjavascript%22%2C%22src%22%3A%22https%3A%2F%2Fcdn.bizible.com%2Fscripts%2Fbizible.js%22%2C%22async%22%3A%22%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-bb76975c-86c2-417e-a219-dee60ae2c45b%5C%22))%7D%22%2C%22order-id%22%3A%22bb76975c-86c2-417e-a219-dee60ae2c45b%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{ dataLayer.push({'zarazGaClientId': ''}); };{\n(function(d,b,a,s,e){ var t = b.createElement(a), \n fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; \n fs.parentNode.insertBefore(t, fs); })\n(window,document,'script','https://tag.demandbase.com/1be41a80498a5b73.min.js','demandbase_js_lib'); \n}})(window,document)"],"f":[["https://px.ads.linkedin.com/collect/?fmt=js&v=2&url=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-manage
Source: chromecache_165.2.dr	String found in binary or memory: -->`;document.body.appendChild(d);};{\n!function(e,t,n,s,u,a){e.twq\|\|(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);\n},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',\na=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');\n// Insert Twitter Advertiser ID\ntwq('config','nvldc', {\n restricted_data_use: 'restrict_optimization' // or 'off'\n});\n};{const d = document.createElement('div');d.innerHTML = `<!-- Qualified -->\n\n\n<!-- End Qualified -->`;document.body.appendChild(d);};{\n(function(w,q){w['QualifiedObject']=q;w[q]=w[q]\|\|function(){\n(w[q].q=w[q].q\|\|[]).push(arguments)};})(window,'qualified')\n\n};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22async%22%3A%22%22%2C%22src%22%3A%22https%3A%2F%2Fjs.qualified.com%2Fqualified.js%3Ftoken%3D37pXYrro6wCZbsU7%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-b4292c3f-adce-4061-b2ea-aee58f22a138%5C%22))%7D%22%2C%22order-id%22%3A%22b4292c3f-adce-4061-b2ea-aee58f22a138%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\n(function() {\n var didInit = false;\n function initMunchkin() {\n if(didInit === false) {\n didInit = true;\n Munchkin.init('713-XSC-918');\n }\n }\n var s = document.createElement('script');\n s.type = 'text/javascript';\n s.async = true;\n s.src = '//munchkin.marketo.net/munchkin-beta.js';\n s.onreadystatechange = function() {\n if (this.readyState == 'complete' \|\| this.readyState == 'loaded') {\n initMunchkin();\n }\n };\n s.onload = initMunchkin;\n document.getElementsByTagName('head')[0].appendChild(s);\n})();\n};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22type%22%3A%22text%2Fjavascript%22%2C%22src%22%3A%22https%3A%2F%2Fcdn.bizible.com%2Fscripts%2Fbizible.js%22%2C%22async%22%3A%22%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-bb76975c-86c2-417e-a219-dee60ae2c45b%5C%22))%7D%22%2C%22order-id%22%3A%22bb76975c-86c2-417e-a219-dee60ae2c45b%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{ dataLayer.push({'zarazGaClientId': ''}); };{\n(function(d,b,a,s,e){ var t = b.createElement(a), \n fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; \n fs.parentNode.insertBefore(t, fs); })\n(window,document,'script','https://tag.demandbase.com/1be41a80498a5b73.min.js','demandbase_js_lib'); \n}})(window,document)"],"f":[["https://px.ads.linkedin.com/collect/?fmt=js&v=2&url=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-manage
Source: chromecache_162.2.dr, chromecache_290.2.dr, chromecache_293.2.dr, chromecache_198.2.dr, chromecache_305.2.dr, chromecache_235.2.dr	String found in binary or memory: return b}WC.F="internal.enableAutoEventOnTimer";var hc=la(["data-gtm-yt-inspected-"]),YC=["www.youtube.com","www.youtube-nocookie.com"],ZC,$C=!1; equals www.youtube.com (Youtube)
Source: chromecache_186.2.dr	String found in binary or memory: return fetch("https://www.cloudflare.com/static/z/t",{credentials:"include",method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(oO)})})).then((function(oX){zarazData._let=(new Date).getTime();oX.ok\|\|oN();return 204!==oX.status&&oX.json()})).then((async oW=>{await zaraz._p(oW);"function"==typeof oL&&oL()})).finally((()=>oM()))}))};zaraz.set=function(oY,oZ,o$){try{oZ=JSON.stringify(oZ)}catch(pa){return}prefixedKey="_zaraz_"+oY;sessionStorage&&sessionStorage.removeItem(prefixedKey);localStorage&&localStorage.removeItem(prefixedKey);delete zaraz.pageVariables[oY];if(void 0!==oZ){o$&&"session"==o$.scope?sessionStorage&&sessionStorage.setItem(prefixedKey,oZ):o$&&"page"==o$.scope?zaraz.pageVariables[oY]=oZ:localStorage&&localStorage.setItem(prefixedKey,oZ);zaraz.__watchVar={key:oY,value:oZ}}};for(const{m:pb,a:pc}of zarazData.q.filter((({m:pd})=>["debug","set"].includes(pd))))zaraz[pb](...pc);for(const{m:pe,a:pf}of zaraz.q)zaraz[pe](...pf);delete zaraz.q;delete zarazData.q;zaraz.spaPageview=()=>{zarazData.l=d.location.href;zarazData.t=d.title;zaraz.pageVariables={};zaraz.__zarazMCListeners={};zaraz.track("__zarazSPA")};zaraz.fulfilTrigger=function(pg,ph,pi,pj){zaraz.__zarazTriggerMap\|\|(zaraz.__zarazTriggerMap={});zaraz.__zarazTriggerMap[pg]\|\|(zaraz.__zarazTriggerMap[pg]="");zaraz.__zarazTriggerMap[pg]+=""+ph+"";zaraz.track("__zarazEmpty",{...pi,__zarazClientTriggers:zaraz.__zarazTriggerMap[pg]},pj)};zaraz._c=nt=>{const{event:nu,...nv}=nt;zaraz.track(nu,{...nv,__zarazClientEvent:!0})};zaraz._syncedAttributes=["altKey","clientX","clientY","pageX","pageY","button"];zaraz.__zcl.track=!0;zaraz._p({"e":["(function(w,d){(function(){const pm=\"25%,50%,75%,100%\",pn=[];for(let pp=0;pp<pm.split(\",\").length;pp+=1){const pq=pm.split(\",\")[pp].trim().match(/^([0-9]{1,999999999})(px\|%)?$/);pq&&pq[1]&&pn.push([parseInt(pq[1],10),pq[2]\|\|\"%\"])}let po=()=>{const pr=d.scrollingElement\|\|d.documentElement,ps=pr.scrollHeight-pr.clientHeight,pt=pr.scrollTop/ps*100;for(let pu=0;pu<pn.length;pu+=1)if(pn[pu]){const[pv,pw]=pn[pu];if(\"%\"===pw&&pt>=pv\|\|\"px\"===pw&&pr.scrollTop>=pv){delete pn[pu];zaraz.fulfilTrigger(\"zDVF\",\"Frnx\",{scrollDepth:pv+pw})}}};w.zaraz._al(d,\"scroll\",po);w.zaraz._al(w,\"resize\",po);po();})();w.zarazData.executed.push(\"EnMz\");w.zarazData.executed.push(\"SWTL\");w.zarazData.executed.push(\"TjNa\");w.zarazData.executed.push(\"Pageview\");})(window,document)","(function(w,d){{const d = document.createElement('div');d.innerHTML = `<noscript>\n<img height=\"1\" width=\"1\" style=\"display:none;\" alt=\"\" src=\"https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif\" />\n</noscript>`;document.body.appendChild(d);};{\n_linkedin_partner_id = \"28851\";\nwindow._linkedin_data_partner_ids = window._linkedin_data_partner_ids \|\| [];\nwindow._linkedin_data_partner_ids.push(_linkedin_partner_id);\n};{\n(function(l) {\nif (!l){window.lintrk = function(a,b){window.lintrk.q.push([a,b])};\nwindow.lintrk.q=[]}\nvar s = document.getE
Source: chromecache_186.2.dr	String found in binary or memory: return fetch("https://www.cloudflare.com/static/z/t",{credentials:"include",method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(oO)})})).then((function(oX){zarazData._let=(new Date).getTime();oX.ok\|\|oN();return 204!==oX.status&&oX.json()})).then((async oW=>{await zaraz._p(oW);"function"==typeof oL&&oL()})).finally((()=>oM()))}))};zaraz.set=function(oY,oZ,o$){try{oZ=JSON.stringify(oZ)}catch(pa){return}prefixedKey="_zaraz_"+oY;sessionStorage&&sessionStorage.removeItem(prefixedKey);localStorage&&localStorage.removeItem(prefixedKey);delete zaraz.pageVariables[oY];if(void 0!==oZ){o$&&"session"==o$.scope?sessionStorage&&sessionStorage.setItem(prefixedKey,oZ):o$&&"page"==o$.scope?zaraz.pageVariables[oY]=oZ:localStorage&&localStorage.setItem(prefixedKey,oZ);zaraz.__watchVar={key:oY,value:oZ}}};for(const{m:pb,a:pc}of zarazData.q.filter((({m:pd})=>["debug","set"].includes(pd))))zaraz[pb](...pc);for(const{m:pe,a:pf}of zaraz.q)zaraz[pe](...pf);delete zaraz.q;delete zarazData.q;zaraz.spaPageview=()=>{zarazData.l=d.location.href;zarazData.t=d.title;zaraz.pageVariables={};zaraz.__zarazMCListeners={};zaraz.track("__zarazSPA")};zaraz.fulfilTrigger=function(pg,ph,pi,pj){zaraz.__zarazTriggerMap\|\|(zaraz.__zarazTriggerMap={});zaraz.__zarazTriggerMap[pg]\|\|(zaraz.__zarazTriggerMap[pg]="");zaraz.__zarazTriggerMap[pg]+=""+ph+"";zaraz.track("__zarazEmpty",{...pi,__zarazClientTriggers:zaraz.__zarazTriggerMap[pg]},pj)};zaraz._c=nt=>{const{event:nu,...nv}=nt;zaraz.track(nu,{...nv,__zarazClientEvent:!0})};zaraz._syncedAttributes=["altKey","clientX","clientY","pageX","pageY","button"];zaraz.__zcl.track=!0;zaraz._p({"e":["(function(w,d){(function(){const pm=\"25%,50%,75%,100%\",pn=[];for(let pp=0;pp<pm.split(\",\").length;pp+=1){const pq=pm.split(\",\")[pp].trim().match(/^([0-9]{1,999999999})(px\|%)?$/);pq&&pq[1]&&pn.push([parseInt(pq[1],10),pq[2]\|\|\"%\"])}let po=()=>{const pr=d.scrollingElement\|\|d.documentElement,ps=pr.scrollHeight-pr.clientHeight,pt=pr.scrollTop/ps*100;for(let pu=0;pu<pn.length;pu+=1)if(pn[pu]){const[pv,pw]=pn[pu];if(\"%\"===pw&&pt>=pv\|\|\"px\"===pw&&pr.scrollTop>=pv){delete pn[pu];zaraz.fulfilTrigger(\"zDVF\",\"Frnx\",{scrollDepth:pv+pw})}}};w.zaraz._al(d,\"scroll\",po);w.zaraz._al(w,\"resize\",po);po();})();w.zarazData.executed.push(\"EnMz\");w.zarazData.executed.push(\"SWTL\");w.zarazData.executed.push(\"TjNa\");w.zarazData.executed.push(\"Pageview\");})(window,document)","(function(w,d){{const d = document.createElement('div');d.innerHTML = `<noscript>\n<img height=\"1\" width=\"1\" style=\"display:none;\" alt=\"\" src=\"https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif\" />\n</noscript>`;document.body.appendChild(d);};{\n_linkedin_partner_id = \"28851\";\nwindow._linkedin_data_partner_ids = window._linkedin_data_partner_ids \|\| [];\nwindow._linkedin_data_partner_ids.push(_linkedin_partner_id);\n};{\n(function(l) {\nif (!l){window.lintrk = function(a,b){window.lintrk.q.push([a,b])};\nwindow.lintrk.q=[]}\nvar s = document.getE

Source: global traffic	DNS traffic detected: DNS query: bdvonline-personas-139.pages.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cf-assets.www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global traffic	DNS traffic detected: DNS query: performance.radar.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ot.www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.logr-ingest.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: api.www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: di.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic	DNS traffic detected: DNS query: js.qualified.com
Source: global traffic	DNS traffic detected: DNS query: munchkin.marketo.net
Source: global traffic	DNS traffic detected: DNS query: cdn.bizible.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: alb.reddit.com
Source: global traffic	DNS traffic detected: DNS query: tag.demandbase.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: cloudflareinc.demdex.net
Source: global traffic	DNS traffic detected: DNS query: adobedc.demdex.net
Source: global traffic	DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: analytics.twitter.com
Source: global traffic	DNS traffic detected: DNS query: r.logr-ingest.com
Source: global traffic	DNS traffic detected: DNS query: cdn.bizibly.com
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: api.company-target.com
Source: global traffic	DNS traffic detected: DNS query: s.company-target.com
Source: global traffic	DNS traffic detected: DNS query: id.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: dsum-sec.casalemedia.com
Source: global traffic	DNS traffic detected: DNS query: partners.tremorhub.com
Source: global traffic	DNS traffic detected: DNS query: pixel.rubiconproject.com
Source: global traffic	DNS traffic detected: DNS query: ws6.qualified.com
Source: global traffic	DNS traffic detected: DNS query: tag-logger.demandbase.com
Source: global traffic	DNS traffic detected: DNS query: 713-xsc-918.mktoresp.com
Source: global traffic	DNS traffic detected: DNS query: edge.adobedc.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: adservice.google.com

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 14, 2024 13:49:04.983882904 CEST	192.168.2.6	1.1.1.1	0x8076	Standard query (0)	bdvonline-personas-139.pages.dev	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:04.984102011 CEST	192.168.2.6	1.1.1.1	0x590a	Standard query (0)	bdvonline-personas-139.pages.dev	65	IN (0x0001)	false
Oct 14, 2024 13:49:07.704229116 CEST	192.168.2.6	1.1.1.1	0x243d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:07.704406977 CEST	192.168.2.6	1.1.1.1	0x8d44	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:08.676913977 CEST	192.168.2.6	1.1.1.1	0xcdac	Standard query (0)	bdvonline-personas-139.pages.dev	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:08.677177906 CEST	192.168.2.6	1.1.1.1	0x792a	Standard query (0)	bdvonline-personas-139.pages.dev	65	IN (0x0001)	false
Oct 14, 2024 13:49:21.664844990 CEST	192.168.2.6	1.1.1.1	0xdd0	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:21.665429115 CEST	192.168.2.6	1.1.1.1	0x37ef	Standard query (0)	www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.151783943 CEST	192.168.2.6	1.1.1.1	0xd9ea	Standard query (0)	cf-assets.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.152045012 CEST	192.168.2.6	1.1.1.1	0xbe49	Standard query (0)	cf-assets.www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.212810040 CEST	192.168.2.6	1.1.1.1	0x8542	Standard query (0)	static.cloudflareinsights.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.212994099 CEST	192.168.2.6	1.1.1.1	0xcf46	Standard query (0)	static.cloudflareinsights.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.424510002 CEST	192.168.2.6	1.1.1.1	0x2707	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.424736977 CEST	192.168.2.6	1.1.1.1	0xa45	Standard query (0)	www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.873317957 CEST	192.168.2.6	1.1.1.1	0x8077	Standard query (0)	cf-assets.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.873953104 CEST	192.168.2.6	1.1.1.1	0xdb22	Standard query (0)	cf-assets.www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.920200109 CEST	192.168.2.6	1.1.1.1	0xe94d	Standard query (0)	performance.radar.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.921049118 CEST	192.168.2.6	1.1.1.1	0x5ad7	Standard query (0)	performance.radar.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.922422886 CEST	192.168.2.6	1.1.1.1	0xc12b	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.923089027 CEST	192.168.2.6	1.1.1.1	0x8a88	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:23.925704956 CEST	192.168.2.6	1.1.1.1	0x2783	Standard query (0)	ot.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:23.926048040 CEST	192.168.2.6	1.1.1.1	0x5561	Standard query (0)	ot.www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:24.022903919 CEST	192.168.2.6	1.1.1.1	0x9d1b	Standard query (0)	static.cloudflareinsights.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:24.023389101 CEST	192.168.2.6	1.1.1.1	0x474	Standard query (0)	static.cloudflareinsights.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:26.865614891 CEST	192.168.2.6	1.1.1.1	0x97cd	Standard query (0)	cdn.logr-ingest.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:26.866081953 CEST	192.168.2.6	1.1.1.1	0x9641	Standard query (0)	cdn.logr-ingest.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:27.531852961 CEST	192.168.2.6	1.1.1.1	0xf8bb	Standard query (0)	ot.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:27.532192945 CEST	192.168.2.6	1.1.1.1	0xa8e2	Standard query (0)	ot.www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:27.564929962 CEST	192.168.2.6	1.1.1.1	0x1b74	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:27.565170050 CEST	192.168.2.6	1.1.1.1	0x5d06	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:29.346148014 CEST	192.168.2.6	1.1.1.1	0xd3b3	Standard query (0)	cdn.logr-ingest.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:29.346498013 CEST	192.168.2.6	1.1.1.1	0x6e35	Standard query (0)	cdn.logr-ingest.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:29.465838909 CEST	192.168.2.6	1.1.1.1	0xa119	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:29.466027021 CEST	192.168.2.6	1.1.1.1	0x1e68	Standard query (0)	assets.adobedtm.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:29.534516096 CEST	192.168.2.6	1.1.1.1	0x15ff	Standard query (0)	api.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:29.535154104 CEST	192.168.2.6	1.1.1.1	0x9e72	Standard query (0)	api.www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:30.408752918 CEST	192.168.2.6	1.1.1.1	0x5e6d	Standard query (0)	api.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:30.409101009 CEST	192.168.2.6	1.1.1.1	0x4d9e	Standard query (0)	api.www.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:30.432493925 CEST	192.168.2.6	1.1.1.1	0xb458	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:30.432601929 CEST	192.168.2.6	1.1.1.1	0xabb7	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.024893999 CEST	192.168.2.6	1.1.1.1	0x55f8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.025055885 CEST	192.168.2.6	1.1.1.1	0xce24	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.040292978 CEST	192.168.2.6	1.1.1.1	0xf35c	Standard query (0)	di.rlcdn.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.040443897 CEST	192.168.2.6	1.1.1.1	0xb064	Standard query (0)	di.rlcdn.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.083278894 CEST	192.168.2.6	1.1.1.1	0x5594	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.083431005 CEST	192.168.2.6	1.1.1.1	0x920e	Standard query (0)	assets.adobedtm.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.084209919 CEST	192.168.2.6	1.1.1.1	0x45c	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.084650993 CEST	192.168.2.6	1.1.1.1	0x154b	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.119600058 CEST	192.168.2.6	1.1.1.1	0xc2ac	Standard query (0)	snap.licdn.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.119812965 CEST	192.168.2.6	1.1.1.1	0x99c7	Standard query (0)	snap.licdn.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.121323109 CEST	192.168.2.6	1.1.1.1	0x56a8	Standard query (0)	static.ads-twitter.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.123709917 CEST	192.168.2.6	1.1.1.1	0x9c36	Standard query (0)	static.ads-twitter.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.124495029 CEST	192.168.2.6	1.1.1.1	0xfe49	Standard query (0)	js.qualified.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.124743938 CEST	192.168.2.6	1.1.1.1	0x7f6e	Standard query (0)	js.qualified.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.128282070 CEST	192.168.2.6	1.1.1.1	0xd73d	Standard query (0)	munchkin.marketo.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.128428936 CEST	192.168.2.6	1.1.1.1	0x832b	Standard query (0)	munchkin.marketo.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.128814936 CEST	192.168.2.6	1.1.1.1	0xa2bf	Standard query (0)	cdn.bizible.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.128962040 CEST	192.168.2.6	1.1.1.1	0xb04c	Standard query (0)	cdn.bizible.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.131287098 CEST	192.168.2.6	1.1.1.1	0xfe56	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.131675005 CEST	192.168.2.6	1.1.1.1	0xc495	Standard query (0)	px.ads.linkedin.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.132567883 CEST	192.168.2.6	1.1.1.1	0xa396	Standard query (0)	alb.reddit.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.132987976 CEST	192.168.2.6	1.1.1.1	0x9080	Standard query (0)	alb.reddit.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.716468096 CEST	192.168.2.6	1.1.1.1	0xa87f	Standard query (0)	tag.demandbase.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.716886044 CEST	192.168.2.6	1.1.1.1	0xfdb9	Standard query (0)	tag.demandbase.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.764242887 CEST	192.168.2.6	1.1.1.1	0x382b	Standard query (0)	alb.reddit.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.764558077 CEST	192.168.2.6	1.1.1.1	0x2adc	Standard query (0)	alb.reddit.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:31.818294048 CEST	192.168.2.6	1.1.1.1	0xba94	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:31.818654060 CEST	192.168.2.6	1.1.1.1	0x98ac	Standard query (0)	stats.g.doubleclick.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.000592947 CEST	192.168.2.6	1.1.1.1	0xd957	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.000737906 CEST	192.168.2.6	1.1.1.1	0x5713	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.035326958 CEST	192.168.2.6	1.1.1.1	0x8dc9	Standard query (0)	cloudflareinc.demdex.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.035506964 CEST	192.168.2.6	1.1.1.1	0x8b9d	Standard query (0)	cloudflareinc.demdex.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.045268059 CEST	192.168.2.6	1.1.1.1	0x6c2d	Standard query (0)	adobedc.demdex.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.045448065 CEST	192.168.2.6	1.1.1.1	0xb991	Standard query (0)	adobedc.demdex.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.067181110 CEST	192.168.2.6	1.1.1.1	0xeea1	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.067308903 CEST	192.168.2.6	1.1.1.1	0x7088	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.169816017 CEST	192.168.2.6	1.1.1.1	0x4562	Standard query (0)	cm.everesttech.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.170176029 CEST	192.168.2.6	1.1.1.1	0x85b0	Standard query (0)	cm.everesttech.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.234404087 CEST	192.168.2.6	1.1.1.1	0x35d8	Standard query (0)	snap.licdn.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.234642982 CEST	192.168.2.6	1.1.1.1	0x3e7e	Standard query (0)	snap.licdn.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.240601063 CEST	192.168.2.6	1.1.1.1	0x5e05	Standard query (0)	munchkin.marketo.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.240864038 CEST	192.168.2.6	1.1.1.1	0x6a9c	Standard query (0)	munchkin.marketo.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.408436060 CEST	192.168.2.6	1.1.1.1	0x2574	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.409379959 CEST	192.168.2.6	1.1.1.1	0x78ec	Standard query (0)	t.co	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.410403967 CEST	192.168.2.6	1.1.1.1	0x7e54	Standard query (0)	analytics.twitter.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.411075115 CEST	192.168.2.6	1.1.1.1	0x8faf	Standard query (0)	analytics.twitter.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.489782095 CEST	192.168.2.6	1.1.1.1	0x60f7	Standard query (0)	r.logr-ingest.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.489948034 CEST	192.168.2.6	1.1.1.1	0x153a	Standard query (0)	r.logr-ingest.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:32.990544081 CEST	192.168.2.6	1.1.1.1	0x8ebe	Standard query (0)	cdn.bizibly.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:32.990715981 CEST	192.168.2.6	1.1.1.1	0xb3ca	Standard query (0)	cdn.bizibly.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.061743021 CEST	192.168.2.6	1.1.1.1	0x1f37	Standard query (0)	www.linkedin.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.062146902 CEST	192.168.2.6	1.1.1.1	0xcde2	Standard query (0)	www.linkedin.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.098820925 CEST	192.168.2.6	1.1.1.1	0x39bf	Standard query (0)	api.company-target.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.101142883 CEST	192.168.2.6	1.1.1.1	0xacee	Standard query (0)	api.company-target.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.187488079 CEST	192.168.2.6	1.1.1.1	0x23c4	Standard query (0)	s.company-target.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.188153028 CEST	192.168.2.6	1.1.1.1	0x89b1	Standard query (0)	s.company-target.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.226434946 CEST	192.168.2.6	1.1.1.1	0xe5fb	Standard query (0)	id.rlcdn.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.226847887 CEST	192.168.2.6	1.1.1.1	0x1249	Standard query (0)	id.rlcdn.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.469950914 CEST	192.168.2.6	1.1.1.1	0xd533	Standard query (0)	static.ads-twitter.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.470510006 CEST	192.168.2.6	1.1.1.1	0xfd80	Standard query (0)	static.ads-twitter.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.471569061 CEST	192.168.2.6	1.1.1.1	0x9a1f	Standard query (0)	cdn.bizible.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.471729040 CEST	192.168.2.6	1.1.1.1	0x70dc	Standard query (0)	cdn.bizible.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.473515987 CEST	192.168.2.6	1.1.1.1	0xe182	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.473644972 CEST	192.168.2.6	1.1.1.1	0xe08e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.501806021 CEST	192.168.2.6	1.1.1.1	0x478e	Standard query (0)	tag.demandbase.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.502202034 CEST	192.168.2.6	1.1.1.1	0x8696	Standard query (0)	tag.demandbase.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.512451887 CEST	192.168.2.6	1.1.1.1	0x65ae	Standard query (0)	js.qualified.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.512737036 CEST	192.168.2.6	1.1.1.1	0xf33a	Standard query (0)	js.qualified.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.513238907 CEST	192.168.2.6	1.1.1.1	0xd2b4	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.513390064 CEST	192.168.2.6	1.1.1.1	0x240f	Standard query (0)	t.co	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.574733973 CEST	192.168.2.6	1.1.1.1	0xf397	Standard query (0)	analytics.twitter.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.574901104 CEST	192.168.2.6	1.1.1.1	0x1407	Standard query (0)	analytics.twitter.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.575824976 CEST	192.168.2.6	1.1.1.1	0xa51	Standard query (0)	adobedc.demdex.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.575961113 CEST	192.168.2.6	1.1.1.1	0x8bfb	Standard query (0)	adobedc.demdex.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.585076094 CEST	192.168.2.6	1.1.1.1	0xe4af	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.585217953 CEST	192.168.2.6	1.1.1.1	0x2ba1	Standard query (0)	px.ads.linkedin.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.902659893 CEST	192.168.2.6	1.1.1.1	0xc5d1	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.902926922 CEST	192.168.2.6	1.1.1.1	0xa6df	Standard query (0)	dsum-sec.casalemedia.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.904037952 CEST	192.168.2.6	1.1.1.1	0x8a40	Standard query (0)	partners.tremorhub.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.904356003 CEST	192.168.2.6	1.1.1.1	0x44d8	Standard query (0)	partners.tremorhub.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:33.925270081 CEST	192.168.2.6	1.1.1.1	0x9647	Standard query (0)	pixel.rubiconproject.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:33.925690889 CEST	192.168.2.6	1.1.1.1	0x6868	Standard query (0)	pixel.rubiconproject.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.141819000 CEST	192.168.2.6	1.1.1.1	0x1aac	Standard query (0)	api.company-target.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.142112970 CEST	192.168.2.6	1.1.1.1	0xf8be	Standard query (0)	api.company-target.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.193253040 CEST	192.168.2.6	1.1.1.1	0xe743	Standard query (0)	cdn.bizibly.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.193439960 CEST	192.168.2.6	1.1.1.1	0x292f	Standard query (0)	cdn.bizibly.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.280118942 CEST	192.168.2.6	1.1.1.1	0xecf4	Standard query (0)	ws6.qualified.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.280787945 CEST	192.168.2.6	1.1.1.1	0x41f0	Standard query (0)	ws6.qualified.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.311007977 CEST	192.168.2.6	1.1.1.1	0x55d4	Standard query (0)	tag-logger.demandbase.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.311208963 CEST	192.168.2.6	1.1.1.1	0x5563	Standard query (0)	tag-logger.demandbase.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.342787027 CEST	192.168.2.6	1.1.1.1	0xc0c3	Standard query (0)	713-xsc-918.mktoresp.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.343378067 CEST	192.168.2.6	1.1.1.1	0xef9b	Standard query (0)	713-xsc-918.mktoresp.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.364540100 CEST	192.168.2.6	1.1.1.1	0xff78	Standard query (0)	edge.adobedc.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.364733934 CEST	192.168.2.6	1.1.1.1	0xf5c7	Standard query (0)	edge.adobedc.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:34.730268955 CEST	192.168.2.6	1.1.1.1	0xd366	Standard query (0)	partners.tremorhub.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:34.730496883 CEST	192.168.2.6	1.1.1.1	0x6db2	Standard query (0)	partners.tremorhub.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:35.268723011 CEST	192.168.2.6	1.1.1.1	0x4efe	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:35.269170046 CEST	192.168.2.6	1.1.1.1	0x9d8f	Standard query (0)	dsum-sec.casalemedia.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:35.270838022 CEST	192.168.2.6	1.1.1.1	0xea15	Standard query (0)	pixel.rubiconproject.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:35.271025896 CEST	192.168.2.6	1.1.1.1	0x7d44	Standard query (0)	pixel.rubiconproject.com	65	IN (0x0001)	false
Oct 14, 2024 13:49:35.534224987 CEST	192.168.2.6	1.1.1.1	0x8728	Standard query (0)	edge.adobedc.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:35.534501076 CEST	192.168.2.6	1.1.1.1	0x5af8	Standard query (0)	edge.adobedc.net	65	IN (0x0001)	false
Oct 14, 2024 13:49:35.741884947 CEST	192.168.2.6	1.1.1.1	0xda5a	Standard query (0)	tag-logger.demandbase.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:49:35.742089987 CEST	192.168.2.6	1.1.1.1	0xd772	Standard query (0)	tag-logger.demandbase.com	65	IN (0x0001)	false
Oct 14, 2024 13:50:02.476346970 CEST	192.168.2.6	1.1.1.1	0x9dbc	Standard query (0)	td.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:02.476648092 CEST	192.168.2.6	1.1.1.1	0x1d4c	Standard query (0)	td.doubleclick.net	65	IN (0x0001)	false
Oct 14, 2024 13:50:02.477878094 CEST	192.168.2.6	1.1.1.1	0x2193	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:02.478013992 CEST	192.168.2.6	1.1.1.1	0x1bf8	Standard query (0)	ad.doubleclick.net	65	IN (0x0001)	false
Oct 14, 2024 13:50:02.549779892 CEST	192.168.2.6	1.1.1.1	0x338f	Standard query (0)	analytics.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:02.550081015 CEST	192.168.2.6	1.1.1.1	0xedc6	Standard query (0)	analytics.google.com	65	IN (0x0001)	false
Oct 14, 2024 13:50:03.385195017 CEST	192.168.2.6	1.1.1.1	0xd124	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:03.385505915 CEST	192.168.2.6	1.1.1.1	0xf7ff	Standard query (0)	ad.doubleclick.net	65	IN (0x0001)	false
Oct 14, 2024 13:50:04.299838066 CEST	192.168.2.6	1.1.1.1	0x3f9e	Standard query (0)	r.logr-ingest.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:04.299978018 CEST	192.168.2.6	1.1.1.1	0xf29d	Standard query (0)	r.logr-ingest.com	65	IN (0x0001)	false
Oct 14, 2024 13:50:04.377541065 CEST	192.168.2.6	1.1.1.1	0x232e	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:04.377779007 CEST	192.168.2.6	1.1.1.1	0x8b3	Standard query (0)	adservice.google.com	65	IN (0x0001)	false
Oct 14, 2024 13:50:05.374079943 CEST	192.168.2.6	1.1.1.1	0xcbb1	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 13:50:05.374242067 CEST	192.168.2.6	1.1.1.1	0x46a8	Standard query (0)	adservice.google.com	65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 48 58 73 2f 39 6f 61 58 39 55 4b 6b 58 51 59 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 37 34 66 35 66 35 63 62 37 66 62 61 39 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: HXs/9oaX9UKkXQYD.1Context: de74f5f5cb7fba9a
2024-10-14 11:49:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-14 11:49:06 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 48 58 73 2f 39 6f 61 58 39 55 4b 6b 58 51 59 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 37 34 66 35 66 35 63 62 37 66 62 61 39 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 66 77 45 36 75 46 32 6e 30 56 30 56 2b 39 71 36 7a 7a 79 54 70 45 4f 61 42 2b 33 33 35 56 50 4e 44 4d 4e 38 4e 74 2b 7a 31 54 37 31 79 34 32 62 4a 71 46 6f 75 48 39 67 6c 79 38 67 64 4d 6d 53 46 53 77 4b 64 47 47 53 34 5a 4e 59 51 6c 47 73 34 32 4c 6f 6e 57 63 53 44 57 38 6b 36 4f 67 6d 65 66 76 61 43 6b 52 63 57 77 70 68 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: HXs/9oaX9UKkXQYD.2Context: de74f5f5cb7fba9a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVfwE6uF2n0V0V+9q6zzyTpEOaB+335VPNDMN8Nt+z1T71y42bJqFouH9gly8gdMmSFSwKdGGS4ZNYQlGs42LonWcSDW8k6OgmefvaCkRcWwph
2024-10-14 11:49:06 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 48 58 73 2f 39 6f 61 58 39 55 4b 6b 58 51 59 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 37 34 66 35 66 35 63 62 37 66 62 61 39 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: HXs/9oaX9UKkXQYD.3Context: de74f5f5cb7fba9a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-14 11:49:06 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-14 11:49:06 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 30 66 6a 78 34 66 61 42 30 57 63 74 6c 34 79 4a 6a 45 37 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: h0fjx4faB0Wctl4yJjE7hg.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:07 UTC	675	OUT	GET / HTTP/1.1 Host: bdvonline-personas-139.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-14 11:49:07 UTC	620	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGrnBygrKkbkRsRPMS0Gvi14ehwK3fqN%2FCnFyRAOYuaXcym%2FfMiXBW5lTzeRCGAwRIHrg3qLF%2F78Uc50trqDecBfNlS%2FgSnOBpBfck8hZj15nEwYhUTkqsrdEO0leLgzPBX6%2BEt7Y88G4Ghl2b6ui1N6mg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8d27581f5cf01795-EWR
2024-10-14 11:49:07 UTC	749	IN	Data Raw: 31 31 34 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 114e<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 Data Ascii: ]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoad
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish
2024-10-14 11:49:07 UTC	951	IN	Data Raw: 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 Data Ascii: <span class="hidden" id="cf-footer-ip">8.46.123.33</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener norefer
2024-10-14 11:49:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:07 UTC	591	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: bdvonline-personas-139.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://bdvonline-personas-139.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-14 11:49:07 UTC	411	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:07 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 08 Oct 2024 16:37:09 GMT ETag: "67055fb5-5df3" Server: cloudflare CF-RAY: 8d275820493c7c6a-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 14 Oct 2024 13:49:07 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 70 65 72 20 64 65 74 61 69 6c 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 66 69 67 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 66 69 67 75 72 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 66 6f 6f 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 65 61 64 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 67 72 6f 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 6d 65 6e 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 6e 61 76 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 3a 61 66 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 3a 62 65 66 Data Ascii: per details,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper section,#cf-wrapper summary{display:block}#cf-wrapper .cf-columns:after,#cf-wrapper .cf-columns:bef
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 20 69 6d 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 20 6f 62 6a 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 65 78 74 61 72 65 61 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 34 35 70 78 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: .cf-columns img,#cf-wrapper .cf-columns input,#cf-wrapper .cf-columns object,#cf-wrapper .cf-columns select,#cf-wrapper .cf-columns textarea{max-width:100%}#cf-wrapper .cf-columns>.cf-column{float:left;padding-bottom:45px;width:100%;box-sizing:border-box
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6c 65 66 74 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 33 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 68 72 65 65 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 33 33 33 25 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 33 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 33 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 Data Ascii: mn:nth-child(odd){clear:left}#cf-wrapper .cf-columns.cols-3>.cf-column,#cf-wrapper .cf-columns.three>.cf-column{padding-left:30px;width:33.3333333333333%}#cf-wrapper .cf-columns.cols-3>.cf-column:first-child,#cf-wrapper .cf-columns.cols-3>.cf-column:nth-c
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 32 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 31 2e 32 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 32 2e 35 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 33 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 33 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 31 2e 32 35 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f Data Ascii: olumns.four>.cf-column:nth-child(4n+2){padding-left:11.25px;padding-right:22.5px}#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+3),#cf-wrapper .cf-columns.four>.cf-column:nth-child(4n+3){padding-left:22.5px;padding-right:11.25px}#cf-wrapper .cf-co
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 64 69 73 63 7d 23 63 66 2d 77 72 61 70 70 65 72 20 6f 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 64 65 63 69 6d 61 6c 7d 23 63 66 2d 77 72 61 70 70 65 72 20 65 6d 7b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 75 62 68 65 61 64 6c 69 6e 65 7b 63 6f 6c 6f 72 3a 23 35 39 35 39 35 39 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 74 65 78 74 2d 65 72 72 6f 72 7b 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 7d Data Ascii: ,#cf-wrapper ul{list-style:none;margin-left:3em}#cf-wrapper ul{list-style-type:disc}#cf-wrapper ol{list-style-type:decimal}#cf-wrapper em{font-style:italic}#cf-wrapper .cf-subheadline{color:#595959;font-weight:300}#cf-wrapper .cf-text-error{color:#bd2426}
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 65 6c 65 63 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 73 74 61 63 6b 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 7a 6f 6f 6d 3a 31 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 66 62 66 62 66 3b 62 6f 72 64 Data Ascii: elect:none;user-select:none;display:-moz-inline-stack;display:inline-block;vertical-align:middle;zoom:1;border-radius:2px;box-sizing:border-box;-webkit-transition:all .2s ease;transition:all .2s ease}#cf-wrapper .cf-btn:hover{background-color:#bfbfbf;bord
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2e 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 2e 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: ive,#cf-wrapper .cf-btn-danger:focus,#cf-wrapper .cf-btn-error.active,#cf-wrapper .cf-btn-error:active,#cf-wrapper .cf-btn-error:focus,#cf-wrapper .cf-btn-important.active,#cf-wrapper .cf-btn-important:active,#cf-wrapper .cf-btn-important:focus{background
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 67 72 61 79 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d Data Ascii: box;-webkit-transition:all .2s ease;transition:all .2s ease;border-radius:2px}#cf-wrapper input:hover,#cf-wrapper select:hover,#cf-wrapper textarea:hover{border-color:gray}#cf-wrapper input:focus,#cf-wrapper select:focus,#cf-wrapper textarea:focus{border-
2024-10-14 11:49:07 UTC	1369	IN	Data Raw: 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 65 35 30 35 32 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 35 32 31 30 31 30 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 2d 73 75 63 63 65 73 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 61 64 61 37 61 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 35 31 36 62 31 64 3b 63 6f 6c 6f 72 3a 23 35 31 36 62 31 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 2d 77 61 72 6e 69 6e 67 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 39 62 31 36 39 3b 62 6f Data Ascii: apper .cf-alert-danger,#cf-wrapper .cf-alert-error{background-color:#de5052;border-color:#521010;color:#fff}#cf-wrapper .cf-alert-success{background-color:#bada7a;border-color:#516b1d;color:#516b1d}#cf-wrapper .cf-alert-warning{background-color:#f9b169;bo

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:08 UTC	683	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: bdvonline-personas-139.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bdvonline-personas-139.pages.dev/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-14 11:49:08 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:08 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 08 Oct 2024 16:37:09 GMT ETag: "67055fb5-1c4" Server: cloudflare CF-RAY: 8d275828ddba42ad-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 14 Oct 2024 13:49:08 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-14 11:49:08 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:08 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-14 11:49:08 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=104187 Date: Mon, 14 Oct 2024 11:49:08 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:09 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:09 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:09 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 13 Oct 2024 10:59:53 GMT ETag: "0x8DCEB762AD2C54E" x-ms-request-id: 88bd8b3f-d01e-0049-5d65-1de7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114909Z-17db6f7c8cfpm9w8b1ybgtytds00000004c0000000001g44 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:09 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-14 11:49:09 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:09 UTC	620	OUT	GET /favicon.ico HTTP/1.1 Host: bdvonline-personas-139.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bdvonline-personas-139.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-14 11:49:09 UTC	612	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vaUZoPlaqhhSOgVfbuysVBJotHRchBptZ3KGkuyoKty4qvvo9BdEEJLrRevwvKH0UT8tkakId6srIytlnYOLzGGSQwj8BZnxWayiloaFbJrlRLV9jIdH8auKqJy34KPwBXIP%2BtX27Ln07wzVKiRvzDVyWw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8d27582fd9a343e7-EWR
2024-10-14 11:49:09 UTC	757	IN	Data Raw: 31 31 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1159<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-14 11:49:09 UTC	1369	IN	Data Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e Data Ascii: rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', fun
2024-10-14 11:49:09 UTC	1369	IN	Data Raw: 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass"
2024-10-14 11:49:09 UTC	954	IN	Data Raw: 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 Data Ascii: <span class="hidden" id="cf-footer-ip">8.46.123.33</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener nore
2024-10-14 11:49:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:09 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-14 11:49:10 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=104126 Date: Mon, 14 Oct 2024 11:49:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-14 11:49:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:10 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:10 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: a7c7bcc3-d01e-005a-1c62-1c7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114910Z-17db6f7c8cf96l6t7bwyfgbkhw00000005a0000000009dt5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:10 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:10 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:10 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 695c64e8-001e-0034-5de7-1add04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114910Z-17db6f7c8cf96l6t7bwyfgbkhw000000058g00000000c5n6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:10 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:10 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:10 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 6472af2a-e01e-00aa-15e5-1cceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114910Z-17db6f7c8cfjxfnba42c5rukwg00000003bg000000004g7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:10 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://bdvonline-personas-139.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Windows Analysis Report
https://bdvonline-personas-139.pages.dev/

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:10 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:10 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: d5b7d2f8-701e-0032-66aa-1ca540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114910Z-17db6f7c8cf6f7vv3recfp4a6w00000003eg000000004f8n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:10 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:10 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:10 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: ced16f83-c01e-008e-1322-1b7381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114910Z-17db6f7c8cfspvtq2pgqb2w5k0000000069g000000003gd2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:10 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:11 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:11 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: b1e48aa2-701e-0053-2fa3-1b3a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114911Z-17db6f7c8cfbd7pgux3k6qfa60000000055g00000000b2a8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:11 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:11 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:11 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: a9e1c981-f01e-003f-3a0f-1cd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114911Z-17db6f7c8cf4g2pjavqhm24vp400000006pg000000000ad8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:11 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:11 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:11 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: a417ae39-101e-008e-1f1c-1bcf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114911Z-17db6f7c8cfhrxld7punfw920n00000004z000000000czg6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:11 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:11 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:11 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: c77ee0be-a01e-0032-0c24-1b1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114911Z-17db6f7c8cfhrxld7punfw920n000000050g00000000arb5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:11 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:11 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:11 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: efaf982b-c01e-008e-2e47-1c7381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114911Z-17db6f7c8cffhvbz3mt0ydz7x400000004fg00000000ad74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:11 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:12 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:12 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: b3ad5e0b-501e-000a-1fe3-1a0180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114912Z-17db6f7c8cfhzb2znbk0zyvf6n0000000600000000008km2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:12 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:12 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:11 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: c9e2a668-e01e-001f-5fd7-1a1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114911Z-17db6f7c8cfqxt4wrzg7st2fm800000006fg000000005faq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:12 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-10-14 11:49:12 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-14 11:49:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 11:49:12 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 458f517b-301e-000c-2fe6-1a323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241014T114912Z-17db6f7c8cfqxt4wrzg7st2fm800000006ag00000000cmpu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-14 11:49:12 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"