Edit tour

Windows Analysis Report
https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

Overview

General Information

Sample URL:	https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE
Analysis ID:	1564528
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Detected clear text password fields (password is not hidden)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2444,i,7551787297892426440,14419496733088316111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 --field-trial-handle=2444,i,7551787297892426440,14419496733088316111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

Joe Sandbox AI: Score: 7 Reasons: The URL 'ddbsodvnnadewe.z1.web.core.windows.net' is hosted on a Microsoft Azure domain, which is a legitimate cloud service provider., The brand 'Microsoft' is well-known and commonly associated with the domain 'microsoft.com'., The subdomain 'ddbsodvnnadewe' does not clearly indicate any known Microsoft service or product, which raises suspicion., The use of a generic Azure domain with an unclear subdomain could be a tactic to disguise a phishing attempt., The presence of input fields for 'Nutzername' and 'Passwort' suggests a login page, which is a common target for phishing. DOM: 1.0.pages.csv

Source: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

HTTP Parser: <input type="text"... for password input

Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49860 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /core/lo.js?site-id=f6f3e602 HTTP/1.1Host: tools.luckyorange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ddbsodvnnadewe.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZhsWdDdL2+UeRUR&MD=BZCYPKHf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /core/lo.js?site-id=f6f3e602 HTTP/1.1Host: tools.luckyorange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag/nb9vpk5smt HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ddbsodvnnadewe.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ddbsodvnnadewe.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag/nb9vpk5smt HTTP/1.1Host: www.clarity.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128
Source: global traffic	HTTP traffic detected: GET /f6f3e602 HTTP/1.1Host: settings.luckyorange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"x-lucky-referrer: sec-ch-ua-mobile: ?0x-lucky-uid: undefinedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ddbsodvnnadewe.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE HTTP/1.1Host: userstatics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f6f3e602 HTTP/1.1Host: settings.luckyorange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/core.js?v=49d958c HTTP/1.1Host: tools.luckyorange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ddbsodvnnadewe.z1.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/0.7.56/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ddbsodvnnadewe.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128
Source: global traffic	HTTP traffic detected: GET /s/0.7.56/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: cgPcJp3GuzBH0JIAyLLTuA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /mqtt HTTP/1.1Host: realtime.luckyorange.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: HePntTmWhOmsxw9TwI0Ohw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsSec-WebSocket-Protocol: mqtt
Source: global traffic	HTTP traffic detected: GET /core/core.js?v=49d958c HTTP/1.1Host: tools.luckyorange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mqtt HTTP/1.1Host: realtime.luckyorange.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: XsAUca22kKAxjk88gNVRdw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsSec-WebSocket-Protocol: mqttv3.1
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 4iBiNZCn2iQXHKyCfBXezA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /public-auth HTTP/1.1Host: api-preview.luckyorange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /public-auth HTTP/1.1Host: api-preview.luckyorange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs"
Source: global traffic	HTTP traffic detected: GET /public-auth HTTP/1.1Host: api-preview.luckyorange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /public-auth HTTP/1.1Host: api-preview.luckyorange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs"
Source: global traffic	HTTP traffic detected: GET /public-auth HTTP/1.1Host: api-preview.luckyorange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"413-wEen2qDwxX9FaG3v37d7TaXDwUk"
Source: global traffic	HTTP traffic detected: GET /public-auth HTTP/1.1Host: api-preview.luckyorange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs"
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: hdq/VhhAJjga6bjkBN8FrA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: rfn1xd3EcB3ERDQXqgiB/Q==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: L43HKMTcbwZEG1kofVSghA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZhsWdDdL2+UeRUR&MD=BZCYPKHf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120100v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: ZTOfK3prcbA3C0nzoINE6g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: jGp9V4/7nsklKlz9mBYRlw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: NW9g0+gqMiM1PThushcQjA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: +kYdFGqfF/3OgXrvXIv7YA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: x0MLjAAappTWUUNXZvlgrw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /socket.io/?EIO=3&transport=websocket HTTP/1.1Host: in.visitors.liveConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ddbsodvnnadewe.z1.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: fFodMvXldkbPEyIlh3Q2hg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: tools.luckyorange.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: userstatics.com
Source: global traffic	DNS traffic detected: DNS query: settings.luckyorange.com
Source: global traffic	DNS traffic detected: DNS query: o.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: in.visitors.live
Source: global traffic	DNS traffic detected: DNS query: realtime.luckyorange.com
Source: global traffic	DNS traffic detected: DNS query: api-preview.luckyorange.com

Source: chromecache_89.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_89.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_102.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Source: chromecache_111.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_80.2.dr, chromecache_90.2.dr, chromecache_101.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_100.2.dr, chromecache_110.2.dr	String found in binary or memory: https://github.com/microsoft/clarity
Source: chromecache_80.2.dr, chromecache_90.2.dr, chromecache_101.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_80.2.dr, chromecache_101.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_102.2.dr	String found in binary or memory: https://tools.luckyorange.com/core/lo.js?site-id=f6f3e602
Source: chromecache_102.2.dr	String found in binary or memory: https://www.clarity.ms/tag/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49860 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@18/83@28/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2444,i,7551787297892426440,14419496733088316111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 --field-trial-handle=2444,i,7551787297892426440,14419496733088316111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2444,i,7551787297892426440,14419496733088316111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 --field-trial-handle=2444,i,7551787297892426440,14419496733088316111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE	0%	Avira URL Cloud	safe
https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE	100%	SlashNext	Scareware type: Phishing & Social Engineering

Name	IP	Active	Malicious	Reputation
userstatics.com	172.67.208.186	true	false	high
realtime.luckyorange.com	35.244.167.102	true	false	high
www.google.com	142.250.181.68	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
in.visitors.live	35.201.124.9	true	false	high
settings.luckyorange.com	34.107.203.234	true	false	high
api-preview.luckyorange.com	34.107.203.234	true	false	high
d20519brkbo4nz.cloudfront.net	108.158.75.10	true	false	unknown
tools.luckyorange.com	unknown	unknown	false	high
www.clarity.ms	unknown	unknown	false	high
o.clarity.ms	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://tools.luckyorange.com/core/core.js?v=49d958c	false	high
https://api-preview.luckyorange.com/public-auth	false	high
https://www.clarity.ms/s/0.7.56/clarity.js	false	high
https://in.visitors.live/socket.io/?EIO=3&transport=websocket	false	high
https://www.clarity.ms/tag/nb9vpk5smt	false	high
https://realtime.luckyorange.com/mqtt	false	high
https://tools.luckyorange.com/core/lo.js?site-id=f6f3e602	false	high
https://settings.luckyorange.com/f6f3e602	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://fontawesome.io	chromecache_89.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_80.2.dr, chromecache_101.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_80.2.dr, chromecache_90.2.dr, chromecache_101.2.dr	false	high
https://getbootstrap.com/)	chromecache_80.2.dr, chromecache_90.2.dr, chromecache_101.2.dr	false	high
https://www.clarity.ms/tag/	chromecache_102.2.dr	false	high
https://ezgif.com/optimize	chromecache_111.2.dr	false	high
https://github.com/microsoft/clarity	chromecache_100.2.dr, chromecache_110.2.dr	false	high
http://fontawesome.io/license	chromecache_89.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.107.203.234	settings.luckyorange.com	United States	15169	GOOGLEUS	false
172.67.208.186	userstatics.com	United States	13335	CLOUDFLARENETUS	false
35.201.124.9	in.visitors.live	United States	15169	GOOGLEUS	false
35.244.167.102	realtime.luckyorange.com	United States	15169	GOOGLEUS	false
108.158.75.10	d20519brkbo4nz.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
104.21.53.38	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1564528
Start date and time:	2024-11-28 13:33:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@18/83@28/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.19.238, 64.233.165.84, 34.104.35.123, 20.150.125.164, 172.217.19.234, 199.232.210.172, 192.229.221.95, 172.217.17.42, 216.58.208.234, 172.217.19.202, 142.250.181.10, 172.217.21.42, 142.250.181.138, 142.250.181.106, 172.217.17.74, 52.152.143.207, 142.250.181.42, 172.217.19.170, 172.217.17.35
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

Input	Output
URL: https://ddbsodvnnadewe.z1.web.core.windows.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://ddbsodvnnadewe.z1.web.core.windows.net
URL: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Admin Login", "prominent_button_name": "Anmeldung", "text_input_field_labels": [ "Nutzername", "Passwort" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Windows aufgrund ungewhnlicher Aktivitt gesperrt.", "prominent_button_name": "Anmeldung", "text_input_field_labels": [ "Username", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The URL 'ddbsodvnnadewe.z1.web.core.windows.net' is hosted on a Microsoft Azure domain, which is a legitimate cloud service provider.", "The brand 'Microsoft' is well-known and commonly associated with the domain 'microsoft.com'.", "The subdomain 'ddbsodvnnadewe' does not clearly indicate any known Microsoft service or product, which raises suspicion.", "The use of a generic Azure domain with an unclear subdomain could be a tactic to disguise a phishing attempt.", "The presence of input fields for 'Nutzername' and 'Passwort' suggests a login page, which is a common target for phishing." ], "riskscore": 7} Google indexed: False
URL: ddbsodvnnadewe.z1.web.core.windows.net Brands: Microsoft Input Fields: Nutzername, Passwort

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65441), with CRLF line terminators
Category:	dropped
Size (bytes):	67359
Entropy (8bit):	5.352035171848617
Encrypted:	false
SSDEEP:	768:oDR8aeY7IeuemSlrl6JoUXXRuoBMALCYdPRJ2Op/Xnum7xX/FA1pFwmv6SKbyGl6:oDR+cASlrlerNjxp/Xnum7zlEb
MD5:	0018B2947487CCA1596BA00A9D80130C
SHA1:	F701C05D59788094B38DC8FCBBBB24219F903845
SHA-256:	DC1DA692990307185621FD661B7305E29D3A0A5BA0F0D998E5A1463A17C57044
SHA-512:	4411B4512287790F763F84B4C5FAE7FBF08AC6FEA39111964FA5AABB31EC7EE5051F3AF434103379A37148A65E1B354F0967AA27FD5844C4D5C7DFD416E49AA4
Malicious:	false
Reputation:	low
Preview:	/* clarity-js v0.7.56: https://github.com/microsoft/clarity (License: MIT) */..!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return dr},get start(){return lr},get stop(){return fr},get track(){return ir}}),e=Object.freeze({__proto__:null,get clone(){return Ar},get compute(){return jr},get data(){return Tr},get keys(){return Nr},get reset(){return Rr},get start(){return Cr},get stop(){return zr},get trigger(){return Dr},get update(){return Lr}}),n=Object.freeze({__proto__:null,get check(){return qr},get compute(){return Fr},get data(){return Or},get start(){return Yr},get stop(){return Vr},get trigger(){return Ur}}),a=Object.freeze({__proto__:null,get compute(){return $r},get data(){return Br},get log(){return Qr},get reset(){return ti},get start(){return Kr},get stop(){return Zr},get updates(){return Jr}}),r=Object.freeze({__proto__:null,get callback(){return fi},get callbacks(){return ai},get clear(){return di},get consent(){return li},get data(){return ni},

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 28, 2024 13:34:28.949846983 CET	53	54795	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:29.011822939 CET	53	60619	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:31.900795937 CET	53	64658	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:32.939277887 CET	57717	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:32.939399958 CET	57975	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:33.082818985 CET	53	57717	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:33.082870007 CET	53	57975	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:40.616492987 CET	57720	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:40.616621017 CET	53124	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:40.755403042 CET	53	64890	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:40.757422924 CET	53	57720	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:40.757500887 CET	53	53124	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:43.733419895 CET	52423	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.733865976 CET	54329	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.779119015 CET	62599	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.779310942 CET	64457	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.783478975 CET	56951	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.783653021 CET	51349	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.862303019 CET	62812	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.862703085 CET	57961	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:43.898191929 CET	53	52918	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:43.931623936 CET	53	56951	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:43.933028936 CET	53	51349	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:43.933363914 CET	53	62599	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:43.936785936 CET	53	64457	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:44.009943008 CET	53	62812	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:44.010229111 CET	53	57961	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:46.222037077 CET	53	64736	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:46.437884092 CET	51091	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:46.438013077 CET	56314	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:46.759119034 CET	138	138	192.168.2.4	192.168.2.255
Nov 28, 2024 13:34:47.176107883 CET	64169	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:47.176264048 CET	55168	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:47.319653034 CET	53	55168	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:47.319818974 CET	53	64169	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:48.944314957 CET	53	57584	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:52.465008020 CET	63387	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:52.465162992 CET	65423	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:52.605367899 CET	53	63387	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:52.606591940 CET	53	65423	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:55.181052923 CET	61082	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:55.181229115 CET	58215	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:55.320950985 CET	53	58215	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:55.755036116 CET	60589	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:55.755177975 CET	50936	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:55.764620066 CET	58371	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:55.764784098 CET	61266	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:55.896987915 CET	53	50936	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:55.897006989 CET	53	60589	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:55.907697916 CET	53	58371	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:55.908520937 CET	53	61266	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:57.640872955 CET	49814	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:57.641151905 CET	54989	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:34:57.877222061 CET	53	49814	1.1.1.1	192.168.2.4
Nov 28, 2024 13:34:57.877266884 CET	53	54989	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:01.477530003 CET	61144	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:35:01.477706909 CET	49592	53	192.168.2.4	1.1.1.1
Nov 28, 2024 13:35:01.615288019 CET	53	61144	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:01.617528915 CET	53	61683	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:01.619293928 CET	53	49592	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:07.772825003 CET	53	50080	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:07.893240929 CET	53	54819	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:28.352706909 CET	53	56459	1.1.1.1	192.168.2.4
Nov 28, 2024 13:35:30.475332022 CET	53	55295	1.1.1.1	192.168.2.4

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 28, 2024 13:35:39.836970091 CET	13.107.246.63	443	192.168.2.4	49860	CN=*.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 19 17:30:52 CEST 2024 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Sun Sep 14 17:30:52 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:35 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-28 12:34:35 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=49592 Date: Thu, 28 Nov 2024 12:34:35 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-28 12:34:37 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=49565 Date: Thu, 28 Nov 2024 12:34:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-28 12:34:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:42 UTC	570	OUT	GET /core/lo.js?site-id=f6f3e602 HTTP/1.1 Host: tools.luckyorange.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ddbsodvnnadewe.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:43 UTC	544	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 4678 Connection: close Date: Thu, 28 Nov 2024 12:34:44 GMT Last-Modified: Wed, 06 Nov 2024 20:50:22 GMT ETag: "2e76f2975071a8eb95d665a06b06cae4" x-amz-server-side-encryption: AES256 Cache-Control: max-age=3600 Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 3a3261cdebd3450de2b4e3d901a1b028.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P2 X-Amz-Cf-Id: _C1acIcGIZfvfZP7EWonBOeeDYyqwVbX-DevfPl6IZUWfBHVZI04QQ==
2024-11-28 12:34:43 UTC	4678	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 03 cd 5a fb 73 db 38 92 fe 57 24 dc 9e 86 1c d3 b4 9d 49 a6 66 a8 61 54 de c4 bb 93 5b 27 76 8d 33 7b 57 a5 68 5d 30 09 59 dc 50 80 16 04 ed a8 64 fd ef fb 35 c0 97 5e 49 ee 26 3f 5c 95 cb 92 f0 ec 6e f4 e3 eb 06 bc 69 29 13 93 29 e9 89 c0 f8 ab a9 d2 de 03 d7 3d d9 cb 64 cf f8 62 2c 27 b1 c1 bf b5 ef 99 59 56 04 ed 68 7f 45 e3 4c bc 5a 0f eb c6 9e f4 94 bf ca a6 9e 19 ab 89 af 85 29 35 16 c1 f7 50 7c 5a 28 6d 8a 21 4d d1 31 35 c5 ab 2c 52 41 1e f5 cf 82 aa 33 5a ad d7 c3 6a 92 a0 49 09 cf 73 4f d7 73 03 1d b4 df a5 8f 1f 79 dc 3f 6d db d6 d5 54 19 ce 63 11 c8 30 89 0d fe a7 71 97 bf 00 e4 c9 50 59 56 9f 9e ae ee fe 29 12 13 a6 62 9a 49 71 ad d5 42 68 b3 b4 c3 56 42 96 73 a1 f9 5d 2e 22 ec 71 2f 4c a4 d6 fe 1a eb e9 b8 2b 01 56 Data Ascii: Zs8W$IfaT['v3{Wh]0YPd5^I&?\ni))=db,'YVhELZ)5P\|Z(m!M15,RA3ZjIsOsy?mTc0qPYV)bIqBhVBs]."q/L+V

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:44 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZhsWdDdL2+UeRUR&MD=BZCYPKHf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-28 12:34:45 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e5edf78b-3b26-4a7f-9157-7d5d208d0355 MS-RequestId: c84b3697-90b1-4705-bca2-9a67360a9306 MS-CV: PebqE7mXJUyv+vdd.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Nov 2024 12:34:44 GMT Connection: close Content-Length: 24490
2024-11-28 12:34:45 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-28 12:34:45 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:45 UTC	578	OUT	OPTIONS /f6f3e602 HTTP/1.1 Host: settings.luckyorange.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-lucky-referrer,x-lucky-uid Origin: https://ddbsodvnnadewe.z1.web.core.windows.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://ddbsodvnnadewe.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:45 UTC	551	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: POST,GET,PUT,PATCH,DELETE,OPTIONS Access-Control-Allow-Headers: Access-Control-Allow-Origin,Authorization,Content-Type,X-Lucky-Uid,X-Lucky-Site-Id,X-Lucky-Impersonate,X-Lucky-Session-Id,X-Lucky-Referrer Access-Control-Max-Age: 86400 Date: Thu, 28 Nov 2024 12:34:45 GMT Via: 1.1 google Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:45 UTC	372	OUT	GET /core/lo.js?site-id=f6f3e602 HTTP/1.1 Host: tools.luckyorange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:47 UTC	544	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 4678 Connection: close Date: Thu, 28 Nov 2024 12:34:47 GMT Last-Modified: Wed, 06 Nov 2024 20:50:22 GMT ETag: "2e76f2975071a8eb95d665a06b06cae4" x-amz-server-side-encryption: AES256 Cache-Control: max-age=3600 Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 7fe845e495399d62eea17599202da57e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P2 X-Amz-Cf-Id: xkpr8MlsP-HpmGyX0UO9m85qySasgSTws2PIqlyILf7rNz6powI-7Q==
2024-11-28 12:34:47 UTC	4678	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 03 cd 5a fb 73 db 38 92 fe 57 24 dc 9e 86 1c d3 b4 9d 49 a6 66 a8 61 54 de c4 bb 93 5b 27 76 8d 33 7b 57 a5 68 5d 30 09 59 dc 50 80 16 04 ed a8 64 fd ef fb 35 c0 97 5e 49 ee 26 3f 5c 95 cb 92 f0 ec 6e f4 e3 eb 06 bc 69 29 13 93 29 e9 89 c0 f8 ab a9 d2 de 03 d7 3d d9 cb 64 cf f8 62 2c 27 b1 c1 bf b5 ef 99 59 56 04 ed 68 7f 45 e3 4c bc 5a 0f eb c6 9e f4 94 bf ca a6 9e 19 ab 89 af 85 29 35 16 c1 f7 50 7c 5a 28 6d 8a 21 4d d1 31 35 c5 ab 2c 52 41 1e f5 cf 82 aa 33 5a ad d7 c3 6a 92 a0 49 09 cf 73 4f d7 73 03 1d b4 df a5 8f 1f 79 dc 3f 6d db d6 d5 54 19 ce 63 11 c8 30 89 0d fe a7 71 97 bf 00 e4 c9 50 59 56 9f 9e ae ee fe 29 12 13 a6 62 9a 49 71 ad d5 42 68 b3 b4 c3 56 42 96 73 a1 f9 5d 2e 22 ec 71 2f 4c a4 d6 fe 1a eb e9 b8 2b 01 56 Data Ascii: Zs8W$IfaT['v3{Wh]0YPd5^I&?\ni))=db,'YVhELZ)5P\|Z(m!M15,RA3ZjIsOsy?mTc0qPYV)bIqBhVBs]."q/L+V

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:46 UTC	550	OUT	GET /tag/nb9vpk5smt HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ddbsodvnnadewe.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:46 UTC	528	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 12:34:46 GMT Content-Type: application/x-javascript Content-Length: 707 Connection: close Cache-Control: no-cache, no-store Expires: -1 Set-Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128; expires=Fri, 28 Nov 2025 12:34:46 GMT; path=/; secure; samesite=none; httponly Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0 x-azure-ref: 20241128T123446Z-174f78459685726chC1EWRsnbg0000000ycg00000000a6tc X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-11-28 12:34:46 UTC	707	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 66 75 6e 63 74 69 6f 6e 20 73 79 6e 63 28 29 7b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 63 2e 67 69 66 22 7d 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 73 79 6e 63 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 73 79 6e 63 29 3b 69 66 28 61 5b 63 5d 2e 76 7c 7c 61 5b 63 5d 2e 74 29 72 65 74 75 72 6e 20 61 5b 63 5d 28 22 65 76 65 6e 74 22 2c 63 2c 22 64 75 70 2e 22 2b 69 2e 70 72 6f 6a 65 63 74 49 64 29 3b 61 5b 63 5d 2e 74 3d 21 30 2c 28 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 29 2e Data Ascii: !function(c,l,a,r,i,t,y){function sync(){(new Image).src="https://c.clarity.ms/c.gif"}"complete"==document.readyState?sync():window.addEventListener("load",sync);if(a[c].v\|\|a[c].t)return a[c]("event",c,"dup."+i.projectId);a[c].t=!0,(t=l.createElement(r)).

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:46 UTC	682	OUT	GET /get/script.js?referrer=https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ddbsodvnnadewe.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:47 UTC	1035	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 12:34:47 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 133 Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5TK26Q%2BnAaJthz06riOvUAHoU5QKb%2Fdeil1sleAllQpgqgoWW0%2Ftx%2FQxuh9IRulsFpZ7rDXxgLDYkXiHe%2BoQfMjytd2uOIZTnkatExn68rnKQVNwd1hExfewKqYb9jp1MPM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e9a64e29cd678db-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1829&min_rtt=1828&rtt_var=689&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1260&delivery_rate=1584373&cwnd=235&unsent_bytes=0&cid=b3f0b0cb354e022a&ts=699&x=0"
2024-11-28 12:34:47 UTC	133	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b Data Ascii: document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59765)
Category:	downloaded
Size (bytes):	60044
Entropy (8bit):	5.145139926823033
Encrypted:	false
SSDEEP:	768:wfAnnayQIk8HVheIE8Dg76TXQI4vPKMEK6viTlCDFm4n6xOp6Pxg3/wCVaAk2:wfUnTcWCw6xJxg7aAz
MD5:	02D223393E00C273EFDCB1ADE8F4F8B1
SHA1:	0CC93B8421D89C24A889642428B363CB831DE78A
SHA-256:	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
SHA-512:	339296DF3B6E2080A65488634AA5DED35A15D9BA5EDB8F203B1AA695C62B13302FC2CECFC37CFA04AD2219BAF0BDDAD4414862DDE5E0B71A7923C3C3A3D61F8D
Malicious:	false
Reputation:	low
URL:	https://ddbsodvnnadewe.z1.web.core.windows.net/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(){return(s=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&Objec

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1065)
Category:	downloaded
Size (bytes):	25739
Entropy (8bit):	4.672979298853769
Encrypted:	false
SSDEEP:	768:D5zU9Cb4s1QWOfVjVNj6EnN9zpaPJUkzjFpdZ:D5zECb4s1hOfRHZ99SpdZ
MD5:	05835DA15B08B6BD679DE3CA80861266
SHA1:	7B03D9F7F5E89A6E49358A50B94BE8E64BEC36FF
SHA-256:	8270C79F0CA574715FDE60DFE6EB0B711159CFC787C8EEE66B5552C78FE28A4B
SHA-512:	4F93341FA854BFBEE07CECA7A7F678777FE38CF724BE599A14A7E295134194A6B7FC4AEBA6BD5231E6E2CC5E1864A718091BE2CE2DCA3FCC1AB0AA816F928C17
Malicious:	false
Reputation:	low
URL:	https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE
Preview:	<html lang="en"><head><meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>Systemsicherheit</title>. <link href="w3" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">. <link href="css/bootstrap.min.css" <link="" type="text/css" rel="stylesheet">.<script src="js/jquery.min.js"></script>.<script src="js/bootstrap.min.js" crossorigin="anonymous"></script>.<link rel="stylesheet" href="css/font-awesome.min.css">.<script src="js/jquery.min.js"></script>.<script src="js/main.js"></script>.<script src="js/bootstrap.min.js" crossorigin="anonymous"></script>.<link rel="stylesheet" href="css/font-awesome.min.css">.... <script src="js/emojione.min.js" type="text/javascript" async="" defer=""></script><script src="js/emojione.min.js" type="text/javascript" async="" defer=""></script><style type="text/css">@keyfr

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 834 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4097
Entropy (8bit):	7.848153220596051
Encrypted:	false
SSDEEP:	96:LXSDZ/I09Da01l+gmkyTt6Hk8nTSVmnLCrpCgWham:LXSDS0tKg9E05TSWLAiN
MD5:	B57BBDBC31F12D43ED973B8A7E43EA3A
SHA1:	E83CCAD4CD922E7E7C4D51CE1D4FD6D06EA0D02E
SHA-256:	07394C92F7535B0D833FDC2413B5089C9777D4ED679FE13032851369FC0D5226
SHA-512:	32AA3A2C0C558B95FD1CFF5B7E5BF0D866845560ECE8A05D7EEDFE7892934E7EAC6FC8731F228747828A189ECD8475B40CD6C51FBD19BA9A4B05D856C10CFB35
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...B...(.......J.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	dropped
Size (bytes):	1609
Entropy (8bit):	5.267116199711405
Encrypted:	false
SSDEEP:	24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xDUwS8f:3qD+2+pUAew85zsDUnA
MD5:	716E330272188750C9E9967A9339D968
SHA1:	193FC7CFB7F2F3737AF5E319D12DF05553A18CDF
SHA-256:	97FDC7A730DAE5B905E9DE6D6BB33E82FF0E7F7CEC051C838A446EFEBB8FF9F3
SHA-512:	A0354910391D562B38743839BC06910192524B92AD72C2F392D323271715CD9BA702F3FDB15FAFEEEB112356AC96C2902DFA63E269991833E3F4C64A23C04297
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:48 UTC	417	OUT	GET /tag/nb9vpk5smt HTTP/1.1 Host: www.clarity.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128
2024-11-28 12:34:49 UTC	379	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 12:34:48 GMT Content-Type: application/x-javascript Content-Length: 707 Connection: close Cache-Control: no-cache, no-store Expires: -1 Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64 x-azure-ref: 20241128T123448Z-174f7845968ljs8phC1EWRe6en0000000ycg000000000g0g X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-11-28 12:34:49 UTC	707	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 66 75 6e 63 74 69 6f 6e 20 73 79 6e 63 28 29 7b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 63 2e 67 69 66 22 7d 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 73 79 6e 63 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 73 79 6e 63 29 3b 69 66 28 61 5b 63 5d 2e 76 7c 7c 61 5b 63 5d 2e 74 29 72 65 74 75 72 6e 20 61 5b 63 5d 28 22 65 76 65 6e 74 22 2c 63 2c 22 64 75 70 2e 22 2b 69 2e 70 72 6f 6a 65 63 74 49 64 29 3b 61 5b 63 5d 2e 74 3d 21 30 2c 28 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 29 2e Data Ascii: !function(c,l,a,r,i,t,y){function sync(){(new Image).src="https://c.clarity.ms/c.gif"}"complete"==document.readyState?sync():window.addEventListener("load",sync);if(a[c].v\|\|a[c].t)return a[c]("event",c,"dup."+i.projectId);a[c].t=!0,(t=l.createElement(r)).

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:48 UTC	650	OUT	GET /f6f3e602 HTTP/1.1 Host: settings.luckyorange.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" x-lucky-referrer: sec-ch-ua-mobile: ?0 x-lucky-uid: undefined User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ddbsodvnnadewe.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:51 UTC	358	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Access-Control-Allow-Credentials: true Content-Type: application/json; charset=utf-8 Content-Length: 4042 Vary: Accept-Encoding Date: Thu, 28 Nov 2024 12:34:50 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-28 12:34:51 UTC	1032	IN	Data Raw: 7b 22 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 73 22 3a 5b 5d 2c 22 65 76 65 6e 74 52 75 6c 65 73 22 3a 5b 5d 2c 22 66 65 61 74 75 72 65 73 22 3a 7b 22 72 65 76 65 72 74 62 61 63 6b 22 3a 74 72 75 65 2c 22 63 68 61 74 2e 70 72 65 51 75 61 6c 69 66 69 63 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 22 3a 66 61 6c 73 65 2c 22 73 75 72 76 65 79 73 2e 6c 6f 6e 67 54 65 78 74 22 3a 74 72 75 65 2c 22 73 63 72 61 6d 62 6c 65 22 3a 74 72 75 65 2c 22 66 75 6e 6e 65 6c 73 2e 76 69 73 69 74 6f 72 73 22 3a 74 72 75 65 2c 22 67 63 73 22 3a 74 72 75 65 2c 22 72 65 71 75 69 72 65 43 6f 6e 73 65 6e 74 53 65 74 74 69 6e 67 22 3a 74 72 75 65 2c 22 6b 65 79 2d 65 76 65 6e 74 73 22 3a 74 72 75 65 2c 22 62 69 67 63 6f 6d 6d 65 72 63 65 2d 6e 65 77 2d 61 70 70 Data Ascii: {"announcements":[],"eventRules":[],"features":{"revertback":true,"chat.preQualification":true,"messenger":false,"surveys.longText":true,"scramble":true,"funnels.visitors":true,"gcs":true,"requireConsentSetting":true,"key-events":true,"bigcommerce-new-app
2024-11-28 12:34:51 UTC	1390	IN	Data Raw: 2d 61 6c 6c 6f 77 65 64 22 3a 74 72 75 65 7d 2c 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 22 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3a 5b 5d 2c 22 69 6e 76 69 74 65 73 22 3a 5b 5d 2c 22 73 69 74 65 22 3a 7b 22 61 64 76 61 6e 63 65 64 22 3a 7b 22 63 6f 6e 76 65 72 73 69 6f 6e 4d 65 74 72 69 63 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 6d 65 74 72 69 63 22 3a 22 22 7d 2c 22 61 76 65 72 61 67 65 43 6f 6e 76 65 72 73 69 6f 6e 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 76 61 6c 75 65 22 3a 30 2c 22 63 75 72 72 65 6e 63 79 22 3a 22 55 53 44 22 2c 22 69 73 4c 69 66 65 74 69 6d 65 22 3a 66 61 6c 73 65 7d 2c 22 68 61 73 68 65 64 50 61 67 65 73 22 3a 66 61 6c 73 65 2c 22 6c 6f 61 64 4d 65 74 68 6f 64 22 3a 22 6f 6e 6c Data Ascii: -allowed":true},"ip":"8.46.123.228","integrations":[],"invites":[],"site":{"advanced":{"conversionMetric":{"active":false,"metric":""},"averageConversion":{"active":false,"value":0,"currency":"USD","isLifetime":false},"hashedPages":false,"loadMethod":"onl
2024-11-28 12:34:51 UTC	1362	IN	Data Raw: 22 6c 61 62 65 6c 22 3a 22 43 68 6f 6f 73 65 20 61 20 74 65 61 6d 22 7d 2c 22 70 72 65 51 75 61 6c 69 66 69 63 61 74 69 6f 6e 22 3a 7b 22 61 63 74 69 76 65 22 3a 74 72 75 65 2c 22 6e 61 6d 65 22 3a 7b 22 61 63 74 69 76 65 22 3a 74 72 75 65 2c 22 6c 61 62 65 6c 22 3a 22 59 6f 75 72 20 66 69 72 73 74 20 6e 61 6d 65 22 7d 2c 22 63 6f 6e 74 61 63 74 22 3a 7b 22 61 63 74 69 76 65 22 3a 74 72 75 65 2c 22 6c 61 62 65 6c 22 3a 22 59 6f 75 72 20 65 6d 61 69 6c 22 7d 2c 22 71 75 65 73 74 69 6f 6e 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 6c 61 62 65 6c 22 3a 22 51 75 65 73 74 69 6f 6e 2f 43 6f 6d 6d 65 6e 74 22 7d 7d 7d 7d 2c 22 73 74 79 6c 65 73 22 3a 7b 22 61 63 63 65 6e 74 43 6f 6c 6f 72 22 3a 22 33 46 35 32 46 41 22 2c 22 61 63 63 65 6e 74 43 6f Data Ascii: "label":"Choose a team"},"preQualification":{"active":true,"name":{"active":true,"label":"Your first name"},"contact":{"active":true,"label":"Your email"},"question":{"active":false,"label":"Question/Comment"}}}},"styles":{"accentColor":"3F52FA","accentCo
2024-11-28 12:34:51 UTC	258	IN	Data Raw: 42 75 63 6b 65 74 22 3a 22 74 72 75 65 22 7d 2c 22 73 65 72 76 65 72 54 69 6d 65 22 3a 31 37 33 32 37 39 37 32 39 30 38 39 37 2c 22 73 75 72 76 65 79 73 22 3a 5b 5d 2c 22 74 65 61 6d 73 22 3a 5b 5d 2c 22 75 73 65 72 73 22 3a 5b 7b 22 69 64 22 3a 22 66 32 37 32 66 33 37 31 22 2c 22 64 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 6d 61 74 74 68 65 77 66 75 6c 6c 65 72 72 22 7d 5d 2c 22 76 69 73 69 74 6f 72 22 3a 7b 22 62 6f 74 22 3a 66 61 6c 73 65 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 6e 61 6d 65 22 3a 22 43 68 72 6f 6d 65 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 31 37 2e 30 2e 30 2e 30 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 7d 7d 2c 22 77 68 69 74 65 4c 61 62 65 6c 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 Data Ascii: Bucket":"true"},"serverTime":1732797290897,"surveys":[],"teams":[],"users":[{"id":"f272f371","displayName":"matthewfullerr"}],"visitor":{"bot":false,"browser":{"name":"Chrome","version":"117.0.0.0"},"device":{"type":"desktop"}},"whiteLabel":{"active":fals

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:49 UTC	484	OUT	GET /get/script.js?referrer=https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE HTTP/1.1 Host: userstatics.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:50 UTC	824	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 12:34:50 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 133 Connection: close X-Powered-By: PHP/8.2.1 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mZHjjeJn3EYO3%2FogZY5aH%2FFA0kQoFDhy53RxrsSmGzIOXrY%2BP%2B5uSBqJ%2FuFPSAqFfKBgwHOIcuPYXXxOZxnfXhbwAm2wfhZ6cWdw0Et3%2F86LAl%2F5j2mJp7AHe%2BqoQl7b%2FxU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e9a64f7bd424326-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1571&rtt_var=603&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1062&delivery_rate=1793611&cwnd=178&unsent_bytes=0&cid=3f24933ac23459a0&ts=543&x=0"
2024-11-28 12:34:50 UTC	133	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b Data Ascii: document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:53 UTC	356	OUT	GET /f6f3e602 HTTP/1.1 Host: settings.luckyorange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:54 UTC	241	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 4042 Vary: Accept-Encoding Date: Thu, 28 Nov 2024 12:34:54 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-28 12:34:54 UTC	1390	IN	Data Raw: 7b 22 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 73 22 3a 5b 5d 2c 22 65 76 65 6e 74 52 75 6c 65 73 22 3a 5b 5d 2c 22 66 65 61 74 75 72 65 73 22 3a 7b 22 72 65 76 65 72 74 62 61 63 6b 22 3a 74 72 75 65 2c 22 63 68 61 74 2e 70 72 65 51 75 61 6c 69 66 69 63 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 22 3a 66 61 6c 73 65 2c 22 73 75 72 76 65 79 73 2e 6c 6f 6e 67 54 65 78 74 22 3a 74 72 75 65 2c 22 73 63 72 61 6d 62 6c 65 22 3a 74 72 75 65 2c 22 66 75 6e 6e 65 6c 73 2e 76 69 73 69 74 6f 72 73 22 3a 74 72 75 65 2c 22 67 63 73 22 3a 74 72 75 65 2c 22 72 65 71 75 69 72 65 43 6f 6e 73 65 6e 74 53 65 74 74 69 6e 67 22 3a 74 72 75 65 2c 22 6b 65 79 2d 65 76 65 6e 74 73 22 3a 74 72 75 65 2c 22 62 69 67 63 6f 6d 6d 65 72 63 65 2d 6e 65 77 2d 61 70 70 Data Ascii: {"announcements":[],"eventRules":[],"features":{"revertback":true,"chat.preQualification":true,"messenger":false,"surveys.longText":true,"scramble":true,"funnels.visitors":true,"gcs":true,"requireConsentSetting":true,"key-events":true,"bigcommerce-new-app
2024-11-28 12:34:54 UTC	1390	IN	Data Raw: 65 65 74 69 6e 67 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 69 63 6f 6e 22 3a 22 75 73 65 72 22 2c 22 68 65 61 64 6c 69 6e 65 22 3a 22 57 65 6c 63 6f 6d 65 20 74 6f 20 6e 75 74 72 69 6a 6f 75 72 6e 65 79 21 22 2c 22 73 75 62 48 65 61 64 69 6e 67 22 3a 22 4c 65 74 20 75 73 20 6b 6e 6f 77 20 69 66 20 79 6f 75 20 68 61 76 65 20 61 6e 79 20 71 75 65 73 74 69 6f 6e 73 2e 22 7d 2c 22 69 6e 74 72 6f 64 75 63 74 69 6f 6e 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 6d 65 73 73 61 67 65 22 3a 22 48 65 6c 6c 6f 21 20 45 6e 74 65 72 20 79 6f 75 72 20 71 75 65 73 74 69 6f 6e 2f 63 6f 6d 6d 65 6e 74 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 27 6c 6c 20 66 69 6e 64 20 74 68 65 20 72 69 67 68 74 20 70 65 72 73 6f 6e 20 74 6f 20 68 65 6c 70 20 79 Data Ascii: eeting":{"active":false,"icon":"user","headline":"Welcome to nutrijourney!","subHeading":"Let us know if you have any questions."},"introduction":{"active":false,"message":"Hello! Enter your question/comment below and we'll find the right person to help y
2024-11-28 12:34:54 UTC	1262	IN	Data Raw: 43 6f 6c 6f 72 22 3a 22 64 65 66 61 75 6c 74 22 7d 2c 22 70 65 72 73 6f 6e 61 6c 22 3a 7b 22 68 65 61 64 65 72 49 6d 61 67 65 22 3a 22 70 72 6f 66 69 6c 65 50 68 6f 74 6f 22 2c 22 74 69 74 6c 65 22 3a 22 6d 79 54 69 74 6c 65 22 2c 22 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 64 65 66 61 75 6c 74 22 7d 2c 22 6c 61 75 6e 63 68 65 72 22 3a 7b 22 61 63 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 70 6f 73 69 74 69 6f 6e 22 3a 22 72 69 67 68 74 22 2c 22 64 69 73 70 6c 61 79 4d 6f 64 65 22 3a 22 61 6c 77 61 79 73 22 2c 22 6d 69 6e 69 43 68 61 74 4c 61 62 65 6c 22 3a 22 43 68 61 74 22 2c 22 74 79 70 65 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 70 61 64 64 69 6e 67 22 3a 7b 22 74 6f 70 22 3a 22 30 70 78 22 2c 22 72 69 67 68 74 22 3a 22 32 30 70 78 22 2c 22 62 Data Ascii: Color":"default"},"personal":{"headerImage":"profilePhoto","title":"myTitle","backgroundColor":"default"},"launcher":{"active":false,"position":"right","displayMode":"always","miniChatLabel":"Chat","type":"default","padding":{"top":"0px","right":"20px","b

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:54 UTC	560	OUT	GET /core/core.js?v=49d958c HTTP/1.1 Host: tools.luckyorange.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ddbsodvnnadewe.z1.web.core.windows.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:55 UTC	697	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 65516 Connection: close Date: Thu, 28 Nov 2024 12:34:56 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Last-Modified: Wed, 06 Nov 2024 20:50:23 GMT ETag: "ceb76217aaf3b7ca62d964b6ad16fab3" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000 Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method X-Cache: Miss from cloudfront Via: 1.1 faeaaf5db340bc602fd96355e084d554.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P2 X-Amz-Cf-Id: 0tARvY1Z1aA9IgJLIAVe7jRwduViMmushmCRXFPVVKLK4FFeUZXFFQ==
2024-11-28 12:34:55 UTC	14588	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 03 dc bd eb 9a db 46 b2 20 f8 2a 2c b4 0f 0d 88 59 28 b2 aa 74 03 05 71 65 49 ee 56 1f dd da 25 b7 cf 59 8a d6 a0 c0 64 11 16 08 d0 b8 54 a9 4c 72 3e cf ee ce 5e bf 6f 1f 60 ff ec fc 9d 5f fb 0e e7 4d c6 fb 22 1b 11 79 41 02 04 59 25 b7 ba bf 9d 71 b7 8a 40 22 af 91 99 91 11 91 71 b1 67 65 12 16 51 9a d8 9c 15 ce 6a 96 66 f6 65 90 75 92 4e 94 74 0a 87 8f 93 89 5f c0 9f 8d 63 17 f3 28 67 55 6e c8 2b 9f 3b 85 6d 96 64 29 8b a0 4c 7f c2 02 f8 19 4c 58 ee f7 59 e9 8f 27 c3 fc 51 e4 c6 3c b9 28 e6 c3 bc d7 73 52 3f 1a e7 13 f6 e6 fc 27 1e 16 ee 32 4b 8b b4 b8 5e 72 77 1e e4 6f ae 92 b7 59 ba e4 59 71 ed 86 41 1c db 19 4b 9d 6e 37 1b a7 93 6e b7 74 97 65 3e b7 f1 05 5a 71 18 3e f8 fd 21 76 80 ba 1d 38 b7 aa 32 60 09 54 69 d3 10 03 f8 Data Ascii: F *,Y(tqeIV%YdTLr>^o`_M"yAY%q@"qgeQjfeuNt_c(gUn+;md)LLXY'Q<(sR?'2K^rwoYYqAKn7nte>Zq>!v82`Ti
2024-11-28 12:34:55 UTC	2211	IN	Data Raw: 25 2d 43 32 6a 2a c8 a8 25 d1 50 5a 00 02 1d 3e 7a 7f fe 5e c9 16 97 78 34 22 d6 86 f4 29 3c 42 d1 3f 58 bd a5 c3 2a 54 25 93 81 e6 5b 2a 09 60 85 35 f2 1e a2 0d 97 70 c6 5c 4b 78 e8 0e b5 29 ca de a9 8a 7c d2 ba c4 4e cc 25 76 32 f1 6a f7 df a9 2f 24 47 44 bc aa 9b d5 cc 30 6a cf bf b9 7e 27 a4 5e 32 58 c1 80 24 7d f5 45 56 dd a2 a7 3b 16 59 43 3e b5 57 90 36 b3 05 51 4d 97 e7 89 23 4e cb a4 e1 f0 5f ec b5 ea 86 a5 b1 71 52 97 64 ba d0 f5 1c 27 96 5e e0 33 2c e6 3e 46 56 50 ab 2a 78 94 0f 03 b5 aa 42 58 4e 01 91 f1 21 c9 bc e4 52 43 c2 27 94 7b f0 a0 ac 02 98 0b 71 35 de 56 f4 ca 9e 55 09 9b 6d ab 67 07 bd 01 3a 00 b4 86 5b bb 70 46 00 6a 81 50 dc 98 5c b5 f3 55 0d 18 c7 1a 26 0b d3 80 1f ac 71 d8 c6 fd c6 41 52 89 ea 04 60 30 e4 ae f6 54 07 fc 49 6a 8b Data Ascii: %-C2j%PZ>z^x4")<B?XT%[`5p\Kx)\|N%v2j/$GD0j~'^2X$}EV;YC>W6QM#N_qRd'^3,>FVPxBXN!RC'{q5VUmg:[pFjP\U&qAR`0TIj
2024-11-28 12:34:55 UTC	16384	IN	Data Raw: 16 f0 42 d8 26 5d e2 cd e0 b5 78 3e c7 f5 7c e5 af 10 d5 99 2c e1 95 2b 81 29 d7 2a f4 6b 59 9e c7 51 3e df e5 ac 06 68 b2 65 dd 37 74 1e 15 fc 85 81 0a ae 5c a9 18 93 c3 1e c8 a9 5e e0 e0 46 b0 97 ae 64 bc 61 e9 70 80 6c 53 af 04 30 2d b9 07 2c b6 12 f5 01 d1 5e a4 cb 28 f4 38 93 6e 09 72 af 40 8f 83 3b ea 09 dd c0 cd 04 73 65 af 04 bf e9 59 6f df 9c bd b3 48 10 30 85 cf e8 1d 27 c7 c1 3c 4f a6 cb 34 4a 8a 27 3f 05 9f 18 b2 5a de de 46 85 eb 11 e8 65 2b 4c 16 dd ee 01 f0 6a c2 17 c3 16 3c d9 45 af 27 b5 80 1a ab 6b 0c a5 27 b8 95 af 00 8c 09 2a 13 f2 b7 01 15 1a 57 c0 b0 96 48 77 4c f0 96 2d bd 21 63 2a 33 ea 78 0c 12 b0 95 0b 55 a7 72 c7 8a 70 c7 0e c3 d9 a1 78 6d 58 a6 b0 44 ea 69 6d e7 4a bb b0 87 b0 f1 79 ed a6 13 19 06 3b 21 bb 03 29 79 c4 ef 08 c9 Data Ascii: B&]x>\|,+)kYQ>he7t\^FdaplS0-,^(8nr@;seYoH0'<O4J'?ZFe+Lj<E'k'WHwL-!c*3xUrpxmXDimJy;!)y
2024-11-28 12:34:55 UTC	1024	IN	Data Raw: 8a 82 32 3d 4c 03 a8 9f a6 0b 31 a1 22 19 87 25 18 66 2d c1 72 8d 7a a8 5a 55 f9 70 24 f9 79 2a 06 52 1c 79 8f a1 ab 64 81 78 b1 a0 4c 01 c2 ed c8 f1 e6 13 91 5b a6 36 2e 3c 0a b9 91 14 7b 34 a3 e6 1b 0c a0 e4 f3 b0 d9 8a 93 03 c1 ad c0 ff e1 97 73 67 af 8f db 4a eb 0c 40 4a c5 8e 92 3d b3 1a 25 9c 48 fe 41 de 43 28 a4 1f 3d 83 9b 32 92 59 61 d0 db 9c 5c e9 c1 a6 4a 93 e0 2e 8c e7 a9 4a c2 9a f3 69 f9 ea f3 ef 2a bf 11 13 99 33 d2 35 37 21 38 03 bf 85 72 9f 5c be cc cf 33 0a 55 47 b8 b4 d0 a7 33 da 57 67 34 da c2 cb e3 da 57 c7 35 fa ed 88 9f a5 83 3b c7 85 54 31 1a 49 cb 98 59 5c 4b 8a fe 15 26 0a dd 6f e4 83 23 f8 a4 31 6e 0f e0 4f f0 a6 9f e0 b8 d6 8c 4c 8b 45 a1 6e eb ec fc ef ef 07 78 72 e5 5e b4 ae e1 c0 4f cb 42 59 8a bc 40 2b f3 d2 27 b9 11 bf 75 Data Ascii: 2=L1"%f-rzZUp$yRydxL[6.<{4sgJ@J=%HAC(=2Ya\J.Ji357!8r\3UG3Wg4W5;T1IY\K&o#1nOLEnxr^OBY@+'u
2024-11-28 12:34:55 UTC	16384	IN	Data Raw: 12 3c a5 59 42 09 84 4e c4 a3 09 e9 95 c9 c8 c0 cd 9a 5e 67 e9 2c 7b 86 f7 e3 34 0b 92 3a 86 47 b4 1a ed 13 57 b0 45 f8 fa 6a ea 67 76 c7 59 51 9f 45 ea 5c ce 6a de 52 91 aa 49 a8 a6 22 9c 70 e3 95 65 e8 30 45 f3 60 9d 00 e9 0f 47 a8 35 e0 84 48 3e b7 94 b8 21 53 b8 e6 5c 3c a9 41 42 e3 1d 12 cf 65 36 31 60 35 ea 6b 18 7a 5d 53 90 af 07 ef 37 0d 6a 98 e5 44 35 f3 a9 15 f2 76 9b 29 a3 8a 24 dd 98 19 b7 43 85 ae ab de 3c 66 2e 7c 86 45 2e 1e 58 6a 61 af 9c 4c ff 59 93 e9 e7 26 b3 6a 14 62 d4 1b 60 53 a8 91 0a e6 4e 90 2e 99 dc f2 91 84 39 ae 7c a6 25 0b ac a9 ef 56 91 3a 22 93 4f 75 20 7b 56 07 b2 ef ec 40 46 10 40 12 98 8e 7b 00 da 89 b3 22 d4 0b 7c 84 36 d3 46 c6 ff d6 ae 65 be bf a1 7b e4 7d 3f 26 ec 95 8c 3c 01 d5 c2 e9 65 18 fd 86 64 65 31 cd 0e fa 3c Data Ascii: <YBN^g,{4:GWEjgvYQE\jRI"pe0E`G5H>!S\<ABe61`5kz]S7jD5v)$C<f.\|E.XjaLY&jb`SN.9\|%V:"Ou {V@F@{"\|6Fe{}?&<ede1<
2024-11-28 12:34:55 UTC	2754	IN	Data Raw: 08 4c 4e 23 76 95 42 e3 fb 34 17 52 aa 78 42 e3 51 90 94 4c 43 2d 63 33 a9 3b eb 3c fd 15 2b b7 8a 5a 8e 7a 51 4b fb 2d d7 9c b6 cd a4 4c de 9c e5 13 5f ad bf 73 96 bc 52 cd 61 5a 6a 53 ed 89 dc 9c 56 b5 ab f6 a2 1b 7d 8e db 84 d5 a1 7d 42 a4 fc 57 58 4e 65 77 d4 bc b8 99 7f 87 cb 4a 57 c9 ee 73 8f a3 91 42 53 2e 6a 57 da 95 73 8b 77 4c 72 e3 e9 db a8 ba 9c 8a c8 e0 98 4e cc 1b 9b 9b 9a d5 50 4e 2a 6e 52 f4 f4 99 70 72 50 b1 66 6e 46 fa a6 70 85 02 b3 ad 7c dc ee 38 5b 73 e7 d5 16 11 fc 8d f8 e6 9d 58 f3 df a1 2f be ab d7 17 df 95 f4 c5 bd 89 37 69 a5 71 92 e5 e2 a4 67 86 8d 8c 14 a5 36 b4 54 b5 34 6c 43 1e bc 36 3b 83 3a 04 a1 7d d8 3f eb 3d 70 a7 3d 04 d7 1b 3e 8c 1c 69 fe 89 c1 73 f2 f2 38 5f fc 03 71 ee 8e d9 63 59 15 50 b1 db 96 52 cb 58 d2 18 0e 24 Data Ascii: LN#vB4RxBQLC-c3;<+ZzQK-L_sRaZjSV}}BWXNewJWsBS.jWswLrNPN*nRprPfnFp\|8[sX/7iqg6T4lC6;:}?=p=>is8_qcYPRX$
2024-11-28 12:34:55 UTC	12171	IN	Data Raw: 7a 12 79 ac 6c cc 19 07 0c dc 7c b5 ba 6a 03 9f 9e 38 20 99 16 e8 93 f6 24 76 4d 03 78 b5 e5 f7 6c 90 f7 dc 67 01 c9 a2 e4 82 c2 96 f8 ae 6e 84 96 b3 cc 3a 0b 8a 93 f2 69 6f b5 27 be 14 a1 d1 08 d0 da 72 94 64 80 ce e7 32 c5 b8 a6 63 b7 c7 a7 12 33 36 d0 21 52 9b da 07 1d 30 5b d2 04 54 25 7d 90 c9 d6 5a 0e 69 75 f5 a6 1a 22 0d 10 76 56 81 cf 39 2b ed 05 af c9 10 38 6d 4b b0 b8 f5 c4 7d 12 cb 80 95 51 77 ed 22 54 59 b0 90 90 b7 83 4e eb 3a 9a 45 4b 17 4c ae 21 22 05 b4 16 ce dc cc 8d f3 b6 e9 3c 6f 9b f6 79 db c4 f3 c6 f2 a8 ce 60 10 b7 9b 76 91 72 8e f8 4b 39 27 da b1 a4 d0 fb 83 4e c3 2a 17 31 25 43 5e a9 2d 80 e4 f5 a5 57 7c 37 49 07 a3 09 20 57 df 5b f3 82 be 60 64 f7 90 1b e3 6c 0a c8 65 38 88 f3 21 a6 15 01 ae db 63 05 3f c3 21 22 aa 04 c4 96 97 e2 Data Ascii: zyl\|j8 $vMxlgn:io'rd2c36!R0[T%}Ziu"vV9+8mK}Qw"TYN:EKL!"<oy`vrK9'N*1%C^-W\|7I W[`dle8!c?!"

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:54 UTC	620	OUT	GET /s/0.7.56/clarity.js HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ddbsodvnnadewe.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128
2024-11-28 12:34:54 UTC	550	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 12:34:54 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 67359 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 27 Nov 2024 12:08:58 GMT ETag: "0x8DD0EDC462F0477" x-ms-request-id: aea25050-501e-0029-57d0-4010af000000 x-ms-version: 2018-03-28 Access-Control-Allow-Origin: * x-azure-ref: 20241128T123454Z-174f78459685726chC1EWRsnbg0000000yc000000000bmbw Cache-Control: public, max-age=86400 x-fd-int-roxy-purgeid: 79034942 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 12:34:54 UTC	15834	IN	Data Raw: 2f 2a 20 63 6c 61 72 69 74 79 2d 6a 73 20 76 30 2e 37 2e 35 36 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2f 63 6c 61 72 69 74 79 20 28 4c 69 63 65 6e 73 65 3a 20 4d 49 54 29 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 71 75 65 75 65 28 29 7b 72 65 74 75 72 6e 20 64 72 7d 2c 67 65 74 20 73 74 61 72 74 28 29 7b 72 65 74 75 72 6e 20 6c 72 7d 2c 67 65 74 20 73 74 6f 70 28 29 7b 72 65 74 75 72 6e 20 66 72 7d 2c 67 65 74 20 74 72 61 63 6b 28 29 7b 72 65 74 75 72 6e 20 69 72 7d 7d 29 2c 65 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f Data Ascii: /* clarity-js v0.7.56: https://github.com/microsoft/clarity (License: MIT) */!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return dr},get start(){return lr},get stop(){return fr},get track(){return ir}}),e=Object.freeze({__pro
2024-11-28 12:34:54 UTC	16384	IN	Data Raw: 65 6c 65 63 74 6f 72 3a 6e 75 6c 6c 2c 68 61 73 68 3a 6e 75 6c 6c 2c 72 65 67 69 6f 6e 3a 73 2c 6d 65 74 61 64 61 74 61 3a 7b 61 63 74 69 76 65 3a 21 30 2c 73 75 73 70 65 6e 64 3a 21 31 2c 70 72 69 76 61 63 79 3a 64 2c 70 6f 73 69 74 69 6f 6e 3a 6e 75 6c 6c 2c 66 72 61 75 64 3a 6c 2c 73 69 7a 65 3a 6e 75 6c 6c 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 61 2c 72 3d 65 2e 64 61 74 61 2c 69 3d 65 2e 6d 65 74 61 64 61 74 61 2c 6f 3d 69 2e 70 72 69 76 61 63 79 2c 75 3d 72 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 7b 7d 2c 63 3d 72 2e 74 61 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 73 77 69 74 63 68 28 21 30 29 7b 63 61 73 65 20 50 74 2e 69 6e 64 65 78 4f 66 28 63 29 3e 3d 30 3a 76 61 72 20 73 3d 75 2e 74 79 70 65 2c 6c 3d 22 22 2c Data Ascii: elector:null,hash:null,region:s,metadata:{active:!0,suspend:!1,privacy:d,position:null,fraud:l,size:null}},function(t,e,n){var a,r=e.data,i=e.metadata,o=i.privacy,u=r.attributes\|\|{},c=r.tag.toUpperCase();switch(!0){case Pt.indexOf(c)>=0:var s=u.type,l="",
2024-11-28 12:34:54 UTC	16384	IN	Data Raw: 62 72 65 61 6b 3b 63 61 73 65 22 70 72 6f 64 75 63 74 22 3a 51 72 28 35 2c 74 5b 61 5d 29 2c 51 72 28 31 30 2c 74 2e 6e 61 6d 65 29 2c 51 72 28 31 32 2c 74 2e 73 6b 75 29 2c 74 2e 62 72 61 6e 64 26 26 51 72 28 36 2c 74 2e 62 72 61 6e 64 2e 6e 61 6d 65 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 61 67 67 72 65 67 61 74 65 72 61 74 69 6e 67 22 3a 74 2e 72 61 74 69 6e 67 56 61 6c 75 65 26 26 28 57 28 31 31 2c 24 6e 28 74 2e 72 61 74 69 6e 67 56 61 6c 75 65 2c 31 30 30 29 29 2c 57 28 31 38 2c 24 6e 28 74 2e 62 65 73 74 52 61 74 69 6e 67 29 29 2c 57 28 31 39 2c 24 6e 28 74 2e 77 6f 72 73 74 52 61 74 69 6e 67 29 29 29 2c 57 28 31 32 2c 24 6e 28 74 2e 72 61 74 69 6e 67 43 6f 75 6e 74 29 29 2c 57 28 31 37 2c 24 6e 28 74 2e 72 65 76 69 65 77 43 6f 75 6e 74 29 29 3b 62 Data Ascii: break;case"product":Qr(5,t[a]),Qr(10,t.name),Qr(12,t.sku),t.brand&&Qr(6,t.brand.name);break;case"aggregaterating":t.ratingValue&&(W(11,$n(t.ratingValue,100)),W(18,$n(t.bestRating)),W(19,$n(t.worstRating))),W(12,$n(t.ratingCount)),W(17,$n(t.reviewCount));b
2024-11-28 12:34:55 UTC	16384	IN	Data Raw: 72 6e 20 72 74 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 73 77 69 74 63 68 28 65 3d 5b 73 28 29 2c 74 5d 2c 74 29 7b 63 61 73 65 20 33 31 3a 65 2e 70 75 73 68 28 6d 72 2e 6d 65 73 73 61 67 65 29 2c 65 2e 70 75 73 68 28 6d 72 2e 6c 69 6e 65 29 2c 65 2e 70 75 73 68 28 6d 72 2e 63 6f 6c 75 6d 6e 29 2c 65 2e 70 75 73 68 28 6d 72 2e 73 74 61 63 6b 29 2c 65 2e 70 75 73 68 28 79 28 6d 72 2e 73 6f 75 72 63 65 29 29 2c 64 72 28 65 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 33 33 3a 6b 72 26 26 28 65 2e 70 75 73 68 28 6b 72 2e 63 6f 64 65 29 2c 65 2e 70 75 73 68 28 6b 72 2e 6e 61 6d 65 29 2c 65 2e 70 75 73 68 28 6b 72 2e 6d 65 73 73 61 67 65 29 2c 65 2e 70 75 73 68 28 6b 72 2e 73 74 61 63 6b 29 2c 65 2e 70 75 73 68 28 6b 72 2e 73 65 76 65 72 69 74 79 29 Data Ascii: rn rt(this,(function(n){switch(e=[s(),t],t){case 31:e.push(mr.message),e.push(mr.line),e.push(mr.column),e.push(mr.stack),e.push(y(mr.source)),dr(e);break;case 33:kr&&(e.push(kr.code),e.push(kr.name),e.push(kr.message),e.push(kr.stack),e.push(kr.severity)
2024-11-28 12:34:55 UTC	2373	IN	Data Raw: 65 29 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 61 3d 74 5b 6e 5d 3b 73 77 69 74 63 68 28 61 2e 65 6e 74 72 79 54 79 70 65 29 7b 63 61 73 65 22 6e 61 76 69 67 61 74 69 6f 6e 22 3a 5a 69 28 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 72 65 73 6f 75 72 63 65 22 3a 76 61 72 20 72 3d 61 2e 6e 61 6d 65 3b 51 72 28 34 2c 68 6f 28 72 29 29 2c 72 21 3d 3d 6f 2e 75 70 6c 6f 61 64 26 26 72 21 3d 3d 6f 2e 66 61 6c 6c 62 61 63 6b 7c 7c 57 28 32 38 2c 61 2e 64 75 72 61 74 69 6f 6e 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 6c 6f 6e 67 74 61 73 6b 22 3a 48 28 37 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 66 69 72 73 74 2d 69 6e 70 75 74 22 3a 65 26 26 57 28 31 30 2c 61 2e 70 72 6f 63 65 73 73 69 6e 67 53 74 61 72 74 2d 61 2e 73 74 61 72 74 54 69 Data Ascii: e),n=0;n<t.length;n++){var a=t[n];switch(a.entryType){case"navigation":Zi(a);break;case"resource":var r=a.name;Qr(4,ho(r)),r!==o.upload&&r!==o.fallback\|\|W(28,a.duration);break;case"longtask":H(7);break;case"first-input":e&&W(10,a.processingStart-a.startTi

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:57 UTC	422	OUT	GET /s/0.7.56/clarity.js HTTP/1.1 Host: www.clarity.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CLID=185a6c8731cc4b10811644b6f0bc1620.20241128.20251128
2024-11-28 12:34:57 UTC	550	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 12:34:57 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 67359 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 27 Nov 2024 12:08:58 GMT ETag: "0x8DD0EDC462F0477" x-ms-request-id: aea25050-501e-0029-57d0-4010af000000 x-ms-version: 2018-03-28 Access-Control-Allow-Origin: * x-azure-ref: 20241128T123457Z-174f7845968jrjrxhC1EWRmmrs0000000yq0000000000ekv Cache-Control: public, max-age=86400 x-fd-int-roxy-purgeid: 79034942 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 12:34:57 UTC	15834	IN	Data Raw: 2f 2a 20 63 6c 61 72 69 74 79 2d 6a 73 20 76 30 2e 37 2e 35 36 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2f 63 6c 61 72 69 74 79 20 28 4c 69 63 65 6e 73 65 3a 20 4d 49 54 29 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 71 75 65 75 65 28 29 7b 72 65 74 75 72 6e 20 64 72 7d 2c 67 65 74 20 73 74 61 72 74 28 29 7b 72 65 74 75 72 6e 20 6c 72 7d 2c 67 65 74 20 73 74 6f 70 28 29 7b 72 65 74 75 72 6e 20 66 72 7d 2c 67 65 74 20 74 72 61 63 6b 28 29 7b 72 65 74 75 72 6e 20 69 72 7d 7d 29 2c 65 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f Data Ascii: /* clarity-js v0.7.56: https://github.com/microsoft/clarity (License: MIT) */!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return dr},get start(){return lr},get stop(){return fr},get track(){return ir}}),e=Object.freeze({__pro
2024-11-28 12:34:57 UTC	16384	IN	Data Raw: 65 6c 65 63 74 6f 72 3a 6e 75 6c 6c 2c 68 61 73 68 3a 6e 75 6c 6c 2c 72 65 67 69 6f 6e 3a 73 2c 6d 65 74 61 64 61 74 61 3a 7b 61 63 74 69 76 65 3a 21 30 2c 73 75 73 70 65 6e 64 3a 21 31 2c 70 72 69 76 61 63 79 3a 64 2c 70 6f 73 69 74 69 6f 6e 3a 6e 75 6c 6c 2c 66 72 61 75 64 3a 6c 2c 73 69 7a 65 3a 6e 75 6c 6c 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 61 2c 72 3d 65 2e 64 61 74 61 2c 69 3d 65 2e 6d 65 74 61 64 61 74 61 2c 6f 3d 69 2e 70 72 69 76 61 63 79 2c 75 3d 72 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 7b 7d 2c 63 3d 72 2e 74 61 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 73 77 69 74 63 68 28 21 30 29 7b 63 61 73 65 20 50 74 2e 69 6e 64 65 78 4f 66 28 63 29 3e 3d 30 3a 76 61 72 20 73 3d 75 2e 74 79 70 65 2c 6c 3d 22 22 2c Data Ascii: elector:null,hash:null,region:s,metadata:{active:!0,suspend:!1,privacy:d,position:null,fraud:l,size:null}},function(t,e,n){var a,r=e.data,i=e.metadata,o=i.privacy,u=r.attributes\|\|{},c=r.tag.toUpperCase();switch(!0){case Pt.indexOf(c)>=0:var s=u.type,l="",
2024-11-28 12:34:57 UTC	16384	IN	Data Raw: 62 72 65 61 6b 3b 63 61 73 65 22 70 72 6f 64 75 63 74 22 3a 51 72 28 35 2c 74 5b 61 5d 29 2c 51 72 28 31 30 2c 74 2e 6e 61 6d 65 29 2c 51 72 28 31 32 2c 74 2e 73 6b 75 29 2c 74 2e 62 72 61 6e 64 26 26 51 72 28 36 2c 74 2e 62 72 61 6e 64 2e 6e 61 6d 65 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 61 67 67 72 65 67 61 74 65 72 61 74 69 6e 67 22 3a 74 2e 72 61 74 69 6e 67 56 61 6c 75 65 26 26 28 57 28 31 31 2c 24 6e 28 74 2e 72 61 74 69 6e 67 56 61 6c 75 65 2c 31 30 30 29 29 2c 57 28 31 38 2c 24 6e 28 74 2e 62 65 73 74 52 61 74 69 6e 67 29 29 2c 57 28 31 39 2c 24 6e 28 74 2e 77 6f 72 73 74 52 61 74 69 6e 67 29 29 29 2c 57 28 31 32 2c 24 6e 28 74 2e 72 61 74 69 6e 67 43 6f 75 6e 74 29 29 2c 57 28 31 37 2c 24 6e 28 74 2e 72 65 76 69 65 77 43 6f 75 6e 74 29 29 3b 62 Data Ascii: break;case"product":Qr(5,t[a]),Qr(10,t.name),Qr(12,t.sku),t.brand&&Qr(6,t.brand.name);break;case"aggregaterating":t.ratingValue&&(W(11,$n(t.ratingValue,100)),W(18,$n(t.bestRating)),W(19,$n(t.worstRating))),W(12,$n(t.ratingCount)),W(17,$n(t.reviewCount));b
2024-11-28 12:34:58 UTC	16384	IN	Data Raw: 72 6e 20 72 74 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 73 77 69 74 63 68 28 65 3d 5b 73 28 29 2c 74 5d 2c 74 29 7b 63 61 73 65 20 33 31 3a 65 2e 70 75 73 68 28 6d 72 2e 6d 65 73 73 61 67 65 29 2c 65 2e 70 75 73 68 28 6d 72 2e 6c 69 6e 65 29 2c 65 2e 70 75 73 68 28 6d 72 2e 63 6f 6c 75 6d 6e 29 2c 65 2e 70 75 73 68 28 6d 72 2e 73 74 61 63 6b 29 2c 65 2e 70 75 73 68 28 79 28 6d 72 2e 73 6f 75 72 63 65 29 29 2c 64 72 28 65 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 33 33 3a 6b 72 26 26 28 65 2e 70 75 73 68 28 6b 72 2e 63 6f 64 65 29 2c 65 2e 70 75 73 68 28 6b 72 2e 6e 61 6d 65 29 2c 65 2e 70 75 73 68 28 6b 72 2e 6d 65 73 73 61 67 65 29 2c 65 2e 70 75 73 68 28 6b 72 2e 73 74 61 63 6b 29 2c 65 2e 70 75 73 68 28 6b 72 2e 73 65 76 65 72 69 74 79 29 Data Ascii: rn rt(this,(function(n){switch(e=[s(),t],t){case 31:e.push(mr.message),e.push(mr.line),e.push(mr.column),e.push(mr.stack),e.push(y(mr.source)),dr(e);break;case 33:kr&&(e.push(kr.code),e.push(kr.name),e.push(kr.message),e.push(kr.stack),e.push(kr.severity)
2024-11-28 12:34:58 UTC	2373	IN	Data Raw: 65 29 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 61 3d 74 5b 6e 5d 3b 73 77 69 74 63 68 28 61 2e 65 6e 74 72 79 54 79 70 65 29 7b 63 61 73 65 22 6e 61 76 69 67 61 74 69 6f 6e 22 3a 5a 69 28 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 72 65 73 6f 75 72 63 65 22 3a 76 61 72 20 72 3d 61 2e 6e 61 6d 65 3b 51 72 28 34 2c 68 6f 28 72 29 29 2c 72 21 3d 3d 6f 2e 75 70 6c 6f 61 64 26 26 72 21 3d 3d 6f 2e 66 61 6c 6c 62 61 63 6b 7c 7c 57 28 32 38 2c 61 2e 64 75 72 61 74 69 6f 6e 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 6c 6f 6e 67 74 61 73 6b 22 3a 48 28 37 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 66 69 72 73 74 2d 69 6e 70 75 74 22 3a 65 26 26 57 28 31 30 2c 61 2e 70 72 6f 63 65 73 73 69 6e 67 53 74 61 72 74 2d 61 2e 73 74 61 72 74 54 69 Data Ascii: e),n=0;n<t.length;n++){var a=t[n];switch(a.entryType){case"navigation":Zi(a);break;case"resource":var r=a.name;Qr(4,ho(r)),r!==o.upload&&r!==o.fallback\|\|W(28,a.duration);break;case"longtask":H(7);break;case"first-input":e&&W(10,a.processingStart-a.startTi

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:57 UTC	554	OUT	GET /socket.io/?EIO=3&transport=websocket HTTP/1.1 Host: in.visitors.live Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: cgPcJp3GuzBH0JIAyLLTuA== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-11-28 12:34:57 UTC	218	IN	HTTP/1.1 400 Bad Request Content-Type: application/json Date: Thu, 28 Nov 2024 12:34:57 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-11-28 12:34:57 UTC	45	IN	Data Raw: 32 32 0d 0a 7b 22 63 6f 64 65 22 3a 33 2c 22 6d 65 73 73 61 67 65 22 3a 22 42 61 64 20 72 65 71 75 65 73 74 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 22{"code":3,"message":"Bad request"}0

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:57 UTC	560	OUT	GET /mqtt HTTP/1.1 Host: realtime.luckyorange.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: HePntTmWhOmsxw9TwI0Ohw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits Sec-WebSocket-Protocol: mqtt
2024-11-28 12:34:57 UTC	219	IN	HTTP/1.1 426 unknown Content-Length: 0 date: Thu, 28 Nov 2024 12:34:57 GMT sec-websocket-protocol: mqtt server: Cowboy Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:59 UTC	510	OUT	OPTIONS /public-auth HTTP/1.1 Host: api-preview.luckyorange.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: content-type Origin: https://ddbsodvnnadewe.z1.web.core.windows.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:34:59 UTC	405	IN	HTTP/1.1 204 No Content x-powered-by: Express access-control-allow-origin: * access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE vary: Access-Control-Request-Headers access-control-allow-headers: content-type date: Thu, 28 Nov 2024 12:34:59 GMT x-envoy-upstream-service-time: 0 server: envoy Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Windows Analysis Report
https://ddbsodvnnadewe.z1.web.core.windows.net/?gad_source=5&gclid=EAIaIQobChMI4taSwu7-iQMVTvE7Ah3nKQf9EAEYASAAEgK2EvD_BwE

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:34:59 UTC	564	OUT	GET /mqtt HTTP/1.1 Host: realtime.luckyorange.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: XsAUca22kKAxjk88gNVRdw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits Sec-WebSocket-Protocol: mqttv3.1
2024-11-28 12:35:00 UTC	193	IN	HTTP/1.1 400 Bad Request Content-Length: 0 date: Thu, 28 Nov 2024 12:35:00 GMT server: Cowboy Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:00 UTC	599	OUT	GET /public-auth HTTP/1.1 Host: api-preview.luckyorange.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-28 12:35:01 UTC	365	IN	HTTP/1.1 200 OK x-powered-by: Express access-control-allow-origin: * content-type: application/json; charset=utf-8 Content-Length: 1043 etag: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs" date: Thu, 28 Nov 2024 12:35:01 GMT x-envoy-upstream-service-time: 0 server: envoy Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-28 12:35:01 UTC	1043	IN	Data Raw: 7b 22 61 63 63 65 73 73 5f 74 6f 6b 65 6e 22 3a 22 79 61 32 39 2e 63 2e 63 30 41 53 52 4b 30 47 5a 4d 70 38 57 4c 5f 57 52 75 65 4e 70 5a 6b 43 54 33 4a 66 6e 68 66 71 5f 76 6f 2d 59 64 47 77 36 39 61 6f 30 55 4c 38 39 4a 7a 4b 61 46 59 6b 67 6e 63 65 71 38 56 4d 59 35 63 39 4e 63 56 71 77 4a 79 37 4b 72 6d 74 61 36 6d 5a 30 4e 6e 76 49 43 2d 52 51 5f 4f 45 55 34 71 38 6a 49 41 44 37 44 6c 76 43 52 32 6b 50 52 6f 66 4a 51 6f 36 37 68 4e 46 53 44 4c 39 30 5a 56 79 63 48 72 46 4e 4e 32 73 47 75 55 73 39 30 6c 4a 71 58 47 45 4d 76 59 4d 57 69 6b 4e 45 63 54 49 4a 62 62 6d 4e 48 31 63 64 2d 6a 47 47 66 50 4a 52 6d 4f 32 45 34 56 70 33 62 78 46 79 54 33 57 38 70 56 57 47 6e 72 77 78 53 57 30 57 65 71 7a 57 47 73 74 55 4c 43 2d 33 52 64 4c 42 57 58 39 50 6b 41 Data Ascii: {"access_token":"ya29.c.c0ASRK0GZMp8WL_WRueNpZkCT3Jfnhfq_vo-YdGw69ao0UL89JzKaFYkgnceq8VMY5c9NcVqwJy7Krmta6mZ0NnvIC-RQ_OEU4q8jIAD7DlvCR2kPRofJQo67hNFSDL90ZVycHrFNN2sGuUs90lJqXGEMvYMWikNEcTIJbbmNH1cd-jGGfPJRmO2E4Vp3bxFyT3W8pVWGnrwxSW0WeqzWGstULC-3RdLBWX9PkA

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:02 UTC	651	OUT	GET /public-auth HTTP/1.1 Host: api-preview.luckyorange.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs"
2024-11-28 12:35:03 UTC	325	IN	HTTP/1.1 304 Not Modified x-powered-by: Express access-control-allow-origin: * etag: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs" date: Thu, 28 Nov 2024 12:35:03 GMT x-envoy-upstream-service-time: 0 server: envoy Content-Length: 0 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:04 UTC	651	OUT	GET /public-auth HTTP/1.1 Host: api-preview.luckyorange.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs"
2024-11-28 12:35:04 UTC	325	IN	HTTP/1.1 304 Not Modified x-powered-by: Express access-control-allow-origin: * etag: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs" date: Thu, 28 Nov 2024 12:35:04 GMT x-envoy-upstream-service-time: 1 server: envoy Content-Length: 0 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:04 UTC	414	OUT	GET /public-auth HTTP/1.1 Host: api-preview.luckyorange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"413-wEen2qDwxX9FaG3v37d7TaXDwUk"
2024-11-28 12:35:05 UTC	366	IN	HTTP/1.1 200 OK x-powered-by: Express access-control-allow-origin: * content-type: application/json; charset=utf-8 Content-Length: 1043 etag: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs" date: Thu, 28 Nov 2024 12:35:05 GMT x-envoy-upstream-service-time: 53 server: envoy Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-28 12:35:05 UTC	1043	IN	Data Raw: 7b 22 61 63 63 65 73 73 5f 74 6f 6b 65 6e 22 3a 22 79 61 32 39 2e 63 2e 63 30 41 53 52 4b 30 47 5a 4d 70 38 57 4c 5f 57 52 75 65 4e 70 5a 6b 43 54 33 4a 66 6e 68 66 71 5f 76 6f 2d 59 64 47 77 36 39 61 6f 30 55 4c 38 39 4a 7a 4b 61 46 59 6b 67 6e 63 65 71 38 56 4d 59 35 63 39 4e 63 56 71 77 4a 79 37 4b 72 6d 74 61 36 6d 5a 30 4e 6e 76 49 43 2d 52 51 5f 4f 45 55 34 71 38 6a 49 41 44 37 44 6c 76 43 52 32 6b 50 52 6f 66 4a 51 6f 36 37 68 4e 46 53 44 4c 39 30 5a 56 79 63 48 72 46 4e 4e 32 73 47 75 55 73 39 30 6c 4a 71 58 47 45 4d 76 59 4d 57 69 6b 4e 45 63 54 49 4a 62 62 6d 4e 48 31 63 64 2d 6a 47 47 66 50 4a 52 6d 4f 32 45 34 56 70 33 62 78 46 79 54 33 57 38 70 56 57 47 6e 72 77 78 53 57 30 57 65 71 7a 57 47 73 74 55 4c 43 2d 33 52 64 4c 42 57 58 39 50 6b 41 Data Ascii: {"access_token":"ya29.c.c0ASRK0GZMp8WL_WRueNpZkCT3Jfnhfq_vo-YdGw69ao0UL89JzKaFYkgnceq8VMY5c9NcVqwJy7Krmta6mZ0NnvIC-RQ_OEU4q8jIAD7DlvCR2kPRofJQo67hNFSDL90ZVycHrFNN2sGuUs90lJqXGEMvYMWikNEcTIJbbmNH1cd-jGGfPJRmO2E4Vp3bxFyT3W8pVWGnrwxSW0WeqzWGstULC-3RdLBWX9PkA

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:06 UTC	414	OUT	GET /public-auth HTTP/1.1 Host: api-preview.luckyorange.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs"
2024-11-28 12:35:07 UTC	325	IN	HTTP/1.1 304 Not Modified x-powered-by: Express access-control-allow-origin: * etag: W/"413-Mj4R8EuWpWVzT0yBs9ngbwMNmXs" date: Thu, 28 Nov 2024 12:35:06 GMT x-envoy-upstream-service-time: 1 server: envoy Content-Length: 0 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:14 UTC	554	OUT	GET /socket.io/?EIO=3&transport=websocket HTTP/1.1 Host: in.visitors.live Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: hdq/VhhAJjga6bjkBN8FrA== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-11-28 12:35:15 UTC	218	IN	HTTP/1.1 400 Bad Request Content-Type: application/json Date: Thu, 28 Nov 2024 12:35:15 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-11-28 12:35:15 UTC	45	IN	Data Raw: 32 32 0d 0a 7b 22 63 6f 64 65 22 3a 33 2c 22 6d 65 73 73 61 67 65 22 3a 22 42 61 64 20 72 65 71 75 65 73 74 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 22{"code":3,"message":"Bad request"}0

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:18 UTC	554	OUT	GET /socket.io/?EIO=3&transport=websocket HTTP/1.1 Host: in.visitors.live Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: rfn1xd3EcB3ERDQXqgiB/Q== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-11-28 12:35:18 UTC	218	IN	HTTP/1.1 400 Bad Request Content-Type: application/json Date: Thu, 28 Nov 2024 12:35:18 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-11-28 12:35:18 UTC	45	IN	Data Raw: 32 32 0d 0a 7b 22 63 6f 64 65 22 3a 33 2c 22 6d 65 73 73 61 67 65 22 3a 22 42 61 64 20 72 65 71 75 65 73 74 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 22{"code":3,"message":"Bad request"}0

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:20 UTC	554	OUT	GET /socket.io/?EIO=3&transport=websocket HTTP/1.1 Host: in.visitors.live Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://ddbsodvnnadewe.z1.web.core.windows.net Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: L43HKMTcbwZEG1kofVSghA== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-11-28 12:35:21 UTC	218	IN	HTTP/1.1 400 Bad Request Content-Type: application/json Date: Thu, 28 Nov 2024 12:35:21 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-11-28 12:35:21 UTC	45	IN	Data Raw: 32 32 0d 0a 7b 22 63 6f 64 65 22 3a 33 2c 22 6d 65 73 73 61 67 65 22 3a 22 42 61 64 20 72 65 71 75 65 73 74 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 22{"code":3,"message":"Bad request"}0

Timestamp	Bytes transferred	Direction	Data
2024-11-28 12:35:25 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZhsWdDdL2+UeRUR&MD=BZCYPKHf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-28 12:35:26 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: f70209de-aee4-47c9-b3da-f337b0ec0947 MS-RequestId: 2a23c186-4273-40eb-9315-c4e1e9d1e9cf MS-CV: tCQf6gAsX0GR/7IG.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Nov 2024 12:35:25 GMT Connection: close Content-Length: 30005
2024-11-28 12:35:26 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-28 12:35:26 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro