Edit tour

Windows Analysis Report
https://mega.fo

Overview

General Information

Sample URL:	https://mega.fo
Analysis ID:	1590172
Infos:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected BlockedWebSite

Found Tor onion address

Detected non-DNS traffic on DNS port

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1912,i,15380040838370532685,10095877905472508040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mega.fo" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_225	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Suricata Signatures

ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-13T17:19:17.147584+0100	2022112	1	Exploit Kit Activity Detected	192.168.2.4	50025	162.159.140.229	443	TCP
2025-01-13T17:19:17.313736+0100	2022112	1	Exploit Kit Activity Detected	192.168.2.4	50028	104.244.42.67	443	TCP
2025-01-13T17:19:17.777080+0100	2022112	1	Exploit Kit Activity Detected	192.168.2.4	50062	104.18.27.193	443	TCP

HTTP traffic detected: POST /report/v4?s=hVUzSe3J6aBtiw9awXWvEuaLzrOWQkLIQAhTSTaRocHafO9ZNPMNsiAy0VyZGeYyjwLAcV%2Bzl7OwdNMmxZxvZSwAwQ2TIFdLeeEfupQzAV61CM8XuwsaZLOT HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 392Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 16:18:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVUzSe3J6aBtiw9awXWvEuaLzrOWQkLIQAhTSTaRocHafO9ZNPMNsiAy0VyZGeYyjwLAcV%2Bzl7OwdNMmxZxvZSwAwQ2TIFdLeeEfupQzAV61CM8XuwsaZLOT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9016b4893e488cda-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 16:19:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COrYTRqIDsVR6cyQEB66tE6%2B6aS%2B9xzLFNiB51CTYpd61BAUk8ClgJSbwJT0%2Buvo2VWTRDElsoJr%2BttfZxH1RLuied7FSVSDUJIGeFrVqt7wtKjSdMQkt7JBfDAu6g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9016b49c5e10435d-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 16:19:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 8279Connection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 16:19:14 GMTContent-Type: application/json; charset=UTF-8Content-Length: 24Connection: closeAccess-Control-Allow-Origin: https://www.cloudflare.comAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AcceptAccess-Control-Allow-Methods: GET,POST,OPTIONSX-Robots-Tag: noindexReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTE5Db8Rd5bbdhWbb0J45gooyNzbB5yHC5CsJQOOe2gShGuS6GI3pxHYFZ3IOv9AT1k9xU8XM97kA93n%2FzlKOh4i4Kp05kc064tCjw0TSinvZdEqKa3KHVnLBgQ1rcqZodSsO4LGZ34%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9016b4f21a250ca0-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 0fcde3f4-668f-4cbe-84e5-f316bcddb46cvary: Origindate: Mon, 13 Jan 2025 16:19:17 GMTx-konductor: 25.1.0-HOTFIXTIMECONSENT:bb9729eacx-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 16:19:19 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: rh2G+C8+ZQsTCGfYfqD8NA==$02vvRmrls7QNqQWFXPyhPQ==Server: cloudflareCF-RAY: 9016b50f4a0befa5-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 16:19:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 140Connection: closeVary: Accept-EncodingX-Powered-By: ExpressAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONSContent-Security-Policy: default-src 'none'X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000; includeSubDomainsAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-VersionAccess-Control-Max-Age: 1728000
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 4846026d-bc7c-468d-8678-6158a2b9658bvary: Origindate: Mon, 13 Jan 2025 16:19:20 GMTx-konductor: 25.1.0-HOTFIXTIMECONSENT:bb9729eacx-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: 9c699af4-cf55-48ab-9281-2e4bdcc4f5e3vary: Origindate: Mon, 13 Jan 2025 16:19:21 GMTx-konductor: 25.1.0-HOTFIXTIMECONSENT:bb9729eacx-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-request-id: eda239bc-7813-4752-8496-a826cc07b943vary: Origindate: Mon, 13 Jan 2025 16:19:22 GMTx-konductor: 25.1.0-HOTFIXTIMECONSENT:bb9729eacx-adobe-edge: IRL1;6server: jagcontent-length: 0strict-transport-security: max-age=31536000; includeSubDomainscache-control: no-cache, no-store, max-age=0, no-transform, privatex-xss-protection: 1; mode=blockx-content-type-options: nosniffconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 16:19:23 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 2FZTBRnENbVh8w5r66pBSQ==$SlvVtkSfq9cj5oRrLpyuBw==Server: cloudflareCF-RAY: 9016b526d89d42c0-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_258.2.dr	String found in binary or memory: http://mega555kf7lsmb54yd6etzginolhxxi4ytdoma2rf77ngq55fhfcnyid.onion
Source: chromecache_262.2.dr	String found in binary or memory: https://ad.doubleclick.net
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://ade.googlesyndication.com
Source: chromecache_262.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_226.2.dr	String found in binary or memory: https://alb.reddit.com/rp.gif?event=PageVisit&id=t2_1upmecjq&ts=1736785154859&uuid=7ae234af-bb36-403
Source: chromecache_195.2.dr, chromecache_273.2.dr	String found in binary or memory: https://api.www.cloudflare.com/api/v1
Source: chromecache_222.2.dr, chromecache_149.2.dr	String found in binary or memory: https://app.qualified.com
Source: chromecache_180.2.dr, chromecache_238.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.js
Source: chromecache_165.2.dr, chromecache_233.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_Acti
Source: chromecache_192.2.dr	String found in binary or memory: https://assets.adobedtm.com/f597f8065f97/065ba81630d7/8472fc7436be/RC1fcad5185a1b4a039b5df05c7d2b704
Source: chromecache_253.2.dr, chromecache_230.2.dr	String found in binary or memory: https://assets.adobedtm.com/f597f8065f97/065ba81630d7/8472fc7436be/RC392ad6d4bbf94c7283b4eda6cbf689a
Source: chromecache_268.2.dr, chromecache_207.2.dr	String found in binary or memory: https://assets.adobedtm.com/f597f8065f97/065ba81630d7/launch-efab6d095ce0.js
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://blog.cloudflare.com/cloudflare-2024-annual-founders-letter
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_258.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/1f2iRYyLtJPAYkKFR9G5h2/9c58683aa4b33bc18ab0431847c
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/1jwF6zz4lTaL25osoXtSIy/76a1cf8bb1e2292f64d4314d702
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/1og1GRXZoNPcakdJLEHnf5/3a477a3d2103937858ae3e9a5ff
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2EpMDcOzRGz0qkeQbuOoB1/647e0c54d93967efd46237dec01
Source: chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2ZP0AQ92YBysyPFLsuoKOC/84f7aa80a36755aa94cb56c5e0a
Source: chromecache_224.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2fMg89go9MegG1EDg39mNy/5a42817cd388ae352f77f56e53b
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2pqDYkVg8K6GqUXO2x7Izl/2d2a67e1288dbd9fc5eadcd48b5
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2qsPuuImKhFS0I6IchnUR0/33dfb6b56317ac494a108a86158
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/2yRCuqitoxUATzrEEpNPeA/49494485e77713ddfaf56b7b338
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/33pNtP0fhgTrjCgk4Ahdyo/c3b0e163c89573659e2898c2aa8
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/3Vjcj5r39nYQK9FAZ6tx1i/15048294cd989a6e460a61e56ad
Source: chromecache_146.2.dr, chromecache_143.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/42XkFj9Uywkm8Jahf62RtP/0563d91cc1fa54da2bf2c50bad8
Source: chromecache_146.2.dr, chromecache_143.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/4sfL2iS6H10uq2waT6ehym/ad18b77fa469ce07f23d22e19ab
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/6PDJxm9gpmdAMR1JSTQRSl/1ad54dc5651ec6d7edd26c37857
Source: chromecache_224.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/6bNeiYhSx0RGvbzxS5Fi8c/3ff83bcc36e86e85170201f8264
Source: chromecache_144.2.dr, chromecache_269.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/6i8d186tH2iueYvgwVRaJf/ab27fd31033bdd31aea69065480
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/6vZgJjE7OFLINDHPAGZ3PJ/30ff0ceac9ad2088a52f4ad43ac
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/7a6m6bwj1zKlcQ7JHe2981/fefe33b4f70020feb9afd168ea9
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/7dreyVsx0FLF3WjCQvWrVT/a9bb912272cd7f8bc9a294f768b
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/7kPjwE4j84Rj5KSJRPRptE/177ac67e5aa1838880c3beffb1d
Source: chromecache_144.2.dr, chromecache_269.2.dr	String found in binary or memory: https://cf-assets.www.cloudflare.com/slt3lc6tev37/mJZqOomHta2MLLB73P8Hs/9378861761815b3adf7bcb7734d6
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cloudflare.com/application-services/products/load-balancing/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://cloudflare.tv/cio-week/fireside-chat-with-juan-rodriguez-estevez/Mg6QNmZl
Source: chromecache_252.2.dr, chromecache_148.2.dr, chromecache_214.2.dr, chromecache_215.2.dr	String found in binary or memory: https://developers.marketo.com/MunchkinLicense.pdf
Source: chromecache_178.2.dr	String found in binary or memory: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1752423557&external_user_id=6bb7080
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://eventhub.goldcast.io/?eventHubId=0dc82d0e-bb7c-4aa6-b853-a096322ed37c
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://eventhub.goldcast.io/?eventHubId=da18a2b0-617d-4767-b139-eb386a0db8ff
Source: chromecache_224.2.dr	String found in binary or memory: https://github.com/jonsuh/hamburgers
Source: chromecache_266.2.dr, chromecache_153.2.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://glovoapp.com/)
Source: chromecache_262.2.dr	String found in binary or memory: https://google.com
Source: chromecache_262.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_258.2.dr	String found in binary or memory: https://hidemega.com
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://hungerstation.com/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://inc42.com/buzz/phonepe-maintains-lead-in-upi-with-49-market-share-in-jan-2022-whatsapp-at-0-
Source: chromecache_224.2.dr	String found in binary or memory: https://jonsuh.com/hamburgers
Source: chromecache_222.2.dr, chromecache_149.2.dr	String found in binary or memory: https://js.qualified.com
Source: chromecache_258.2.dr	String found in binary or memory: https://mega.fo
Source: chromecache_258.2.dr	String found in binary or memory: https://megalinks.at?
Source: chromecache_258.2.dr	String found in binary or memory: https://megaweb12.at
Source: chromecache_258.2.dr	String found in binary or memory: https://mg11.at
Source: chromecache_262.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_178.2.dr	String found in binary or memory: https://partners.tremorhub.com/sync?UIDM=6bb70800-c0aa-4a55-9a12-aa7fe384a8d7
Source: chromecache_178.2.dr	String found in binary or memory: https://pixel.rubiconproject.com/tap.php?nid=5578&put=6bb70800-c0aa-4a55-9a12-aa7fe384a8d7&v
Source: chromecache_226.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect/?fmt=js&v=2&url=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fac
Source: chromecache_200.2.dr, chromecache_226.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif
Source: chromecache_222.2.dr, chromecache_149.2.dr	String found in binary or memory: https://schedule.qualified.com
Source: chromecache_224.2.dr	String found in binary or memory: https://schema.org/Answer
Source: chromecache_224.2.dr	String found in binary or memory: https://schema.org/FAQPage
Source: chromecache_224.2.dr	String found in binary or memory: https://schema.org/Question
Source: chromecache_200.2.dr, chromecache_226.2.dr	String found in binary or memory: https://scout-cdn.salesloft.com/sl.js
Source: chromecache_154.2.dr, chromecache_237.2.dr	String found in binary or memory: https://scout.us4.salesloft.com
Source: chromecache_200.2.dr, chromecache_226.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_152.2.dr, chromecache_169.2.dr	String found in binary or memory: https://staging.mrk.cfdata.org/mrk/redwood-blade-repository/
Source: chromecache_226.2.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_258.2.dr	String found in binary or memory: https://t.me/megahealth_support_bot
Source: chromecache_258.2.dr	String found in binary or memory: https://t.me/megamental_bot
Source: chromecache_258.2.dr	String found in binary or memory: https://t.me/professor_youtube_reborn
Source: chromecache_226.2.dr	String found in binary or memory: https://tag.demandbase.com/1be41a80498a5b73.min.js
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_195.2.dr, chromecache_273.2.dr	String found in binary or memory: https://www.cloudflare.com
Source: chromecache_225.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/).
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/products/argo-smart-routing/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/products/ssl-for-saas-providers/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/products/waf/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/solutions/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/application-services/solutions/certificate-lifecycle-management/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/connectivity-cloud/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/data-localization/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/ddos/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/developer-platform/r2/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/developer-platform/solutions/live-streaming/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/developer-platform/workers/)
Source: chromecache_225.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/security-service-edge-sse/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/what-is-remote-access-security/).
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/what-is-sso/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/what-is-ztna/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/bots/what-is-bot-management/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/ddos/ddos-mitigation/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/dns/what-is-dns/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/security/what-is-an-attack-surface/)
Source: chromecache_222.2.dr, chromecache_149.2.dr	String found in binary or memory: https://www.cloudflare.com/lp/multi-channel-phishing-demo?utm_medium=banner
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/lp/securitybuildersworkshops/
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/plans/enterprise/contact/
Source: chromecache_179.2.dr, chromecache_240.2.dr	String found in binary or memory: https://www.cloudflare.com/saas/)
Source: chromecache_228.2.dr	String found in binary or memory: https://www.cloudflare.com/static/z/s.js?z=
Source: chromecache_200.2.dr, chromecache_228.2.dr	String found in binary or memory: https://www.cloudflare.com/static/z/t
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/the-net/illuminate/fighting-phishing/
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.cloudflare.com/the-net/platform-consolidation-costs
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.deliveryhero.com/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.e-food.gr/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.foodora.com/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.foodpanda.com/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.foody.com.cy)
Source: chromecache_262.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_262.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_262.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://www.googletagmanager.com/dclk/ns/v1.js
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.livemint.com/companies/people/will-become-data-localization-compliant-in-india-by-decend
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.pedidosya.com/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.porsche-holding.com/en)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.talabat.com/)
Source: chromecache_198.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.yemeksepeti.com/)
Source: chromecache_258.2.dr	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: classification engine

Classification label: mal52.phis.evad.win@22/224@162/47

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1912,i,15380040838370532685,10095877905472508040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mega.fo"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1912,i,15380040838370532685,10095877905472508040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Proxy	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	3 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mega.fo	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://mg11.at/cdn-cgi/styles/cf.errors.css	0%	Avira URL Cloud	safe
https://eventhub.goldcast.io/?eventHubId=da18a2b0-617d-4767-b139-eb386a0db8ff	0%	Avira URL Cloud	safe
https://mega.fo/fonts/avenir/AvenirNextCyr-Bold.woff2	0%	Avira URL Cloud	safe
https://mega.fo/fonts/montserrat/Montserrat-Black.woff2	0%	Avira URL Cloud	safe
https://mega.fo/css/main.min.css?_v=20240927012657	0%	Avira URL Cloud	safe
https://www.pedidosya.com/)	0%	Avira URL Cloud	safe
https://mg11.at	0%	Avira URL Cloud	safe
https://www.deliveryhero.com/)	0%	Avira URL Cloud	safe
https://mega.fo/js/app.min.js?_v=20240927012657	0%	Avira URL Cloud	safe
https://mega.fo/fonts/avenir/AvenirNextCyr-Medium.woff2	0%	Avira URL Cloud	safe
https://hidemega.com	0%	Avira URL Cloud	safe
https://www.foodpanda.com/)	0%	Avira URL Cloud	safe
https://staging.mrk.cfdata.org/mrk/redwood-blade-repository/	0%	Avira URL Cloud	safe
https://mega.fo/img/icons/long-arrow.svg	0%	Avira URL Cloud	safe
https://mega.fo/js/main.js?_v=20240927012657	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.193.229	true	false	high
prod-default.lb.logrocket.network	104.198.23.205	true	false	high
static.cloudflareinsights.com	104.16.79.73	true	false	high
s.dsp-prod.demandbase.com	34.96.71.22	true	false	high
scout.us1.salesloft.com	54.174.42.21	true	false	high
platform.twitter.map.fastly.net	146.75.120.157	true	false	high
stats.g.doubleclick.net	66.102.1.157	true	false	high
ot.www.cloudflare.com	104.16.123.96	true	false	high
tag.demandbase.com	18.245.46.89	true	false	high
t.co	162.159.140.229	true	false	high
performance.radar.cloudflare.com	104.18.31.78	true	false	high
www.google.com	216.58.212.164	true	false	high
demdex.net.ssl.sc.omtrdc.net	63.140.62.27	true	false	high
api.www.cloudflare.com	104.16.123.96	true	false	high
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	54.247.1.250	true	false	high
partners-1864332697.us-east-1.elb.amazonaws.com	23.23.209.126	true	false	high
cf-assets.www.cloudflare.com	104.16.123.96	true	false	high
id.rlcdn.com	35.244.174.68	true	false	high
tag-logger.demandbase.com	18.173.205.104	true	false	high
megaweb12.at	172.67.71.228	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
ax-0001.ax-dc-msedge.net	150.171.29.10	true	false	high
s.twitter.com	104.244.42.67	true	false	high
js.qualified.com	104.18.17.5	true	false	high
ws6.qualified.com	104.18.16.5	true	false	high
dualstack.reddit.map.fastly.net	151.101.129.140	true	false	high
di.rlcdn.com	35.244.174.68	true	false	high
mg11.at	104.21.48.1	true	true	unknown
www.cloudflare.com	104.16.124.96	true	false	high
cdn.logr-ingest.com	104.21.96.1	true	false	high
reddit.map.fastly.net	151.101.193.140	true	false	high
dsum-sec.casalemedia.com	104.18.27.193	true	false	high
challenges.cloudflare.com	104.18.95.41	true	false	high
adobedc.net.ssl.sc.omtrdc.net	63.140.62.222	true	false	high
api.company-target.com	18.66.102.98	true	false	high
713-xsc-918.mktoresp.com	192.28.144.124	true	false	high
mega.fo	45.11.94.145	true	false	unknown
alb.reddit.com	unknown	unknown	false	high
static.ads-twitter.com	unknown	unknown	false	high
scout.salesloft.com	unknown	unknown	false	high
cdn.jsdelivr.net	unknown	unknown	false	high
scout-cdn.salesloft.com	unknown	unknown	false	high
cm.everesttech.net	unknown	unknown	false	high
cdn.bizibly.com	unknown	unknown	false	high
cloudflareinc.demdex.net	unknown	unknown	false	high
adobedc.demdex.net	unknown	unknown	false	high
cdn.bizible.com	unknown	unknown	false	high
dpm.demdex.net	unknown	unknown	false	high
s.company-target.com	unknown	unknown	false	high
assets.adobedtm.com	unknown	unknown	false	high
www.linkedin.com	unknown	unknown	false	high
pixel.rubiconproject.com	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
munchkin.marketo.net	unknown	unknown	false	high
analytics.twitter.com	unknown	unknown	false	high
r.logr-ingest.com	unknown	unknown	false	high
snap.licdn.com	unknown	unknown	false	high
partners.tremorhub.com	unknown	unknown	false	high
edge.adobedc.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	false		high
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	false		high
https://cloudflareinc.demdex.net/dest5.html?d_nsid=0	false		high
https://mg11.at/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: safe	unknown
https://mega.fo/fonts/avenir/AvenirNextCyr-Bold.woff2	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/static/z/i.js	false		high
https://analytics.twitter.com/1/i/adsct?bci=4&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=3&event=%7B%7D&event_id=9d4481c9-8a85-43ae-9bc3-a58448a5a9f6&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ca46f055-7b03-4124-8a27-479349edc59a&restricted_data_use=restrict_optimization&tw_document_href=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-management%2Fphishing-attack%2F&tw_iframe_status=0&txn_id=nvldc&type=javascript&version=2.3.31	false		high
https://mega.fo/fonts/montserrat/Montserrat-Black.woff2	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/page-data/plans/page-data.json	false		high
https://scout.salesloft.com/i	false		high
https://challenges.cloudflare.com/turnstile/v0/b/e0c90b6a3ed1/api.js	false		high
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=85d03542-2e56-4622-ba82-1c759ee11de9&_u=KGDAAEADQAAAAC%7E&z=1644227081&slf_rd=1	false		high
https://a.nel.cloudflare.com/report/v4?s=hVUzSe3J6aBtiw9awXWvEuaLzrOWQkLIQAhTSTaRocHafO9ZNPMNsiAy0VyZGeYyjwLAcV%2Bzl7OwdNMmxZxvZSwAwQ2TIFdLeeEfupQzAV61CM8XuwsaZLOT	false		high
https://mega.fo/fonts/avenir/AvenirNextCyr-Medium.woff2	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/img/learning/security/threats/phishing-attack/diagram-phishing-attack.png	false		high
https://mega.fo/css/main.min.css?_v=20240927012657	false	Avira URL Cloud: safe	unknown
https://mega.fo/js/app.min.js?_v=20240927012657	false	Avira URL Cloud: safe	unknown
https://t.co/1/i/adsct?bci=4&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=3&event=%7B%7D&event_id=9d4481c9-8a85-43ae-9bc3-a58448a5a9f6&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ca46f055-7b03-4124-8a27-479349edc59a&restricted_data_use=restrict_optimization&tw_document_href=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Faccess-management%2Fphishing-attack%2F&tw_iframe_status=0&txn_id=nvldc&type=javascript&version=2.3.31	false		high
https://mg11.at/	false		unknown
https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css?_v=20240927012657	false		high
https://www.cloudflare.com/static/z/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyV2hhdCUyMGlzJTIwYSUyMHBoaXNoaW5nJTIwYXR0YWNrJTNGJTIwJTdDJTIwQ2xvdWRmbGFyZSUyMiUyQyUyMnglMjIlM0EwLjA1NTY3NzgzOTg3Mjk4NDQ3JTJDJTIydyUyMiUzQTEyODAlMkMlMjJoJTIyJTNBMTAyNCUyQyUyMmolMjIlM0E5MDclMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5jbG91ZGZsYXJlLmNvbSUyRmxlYXJuaW5nJTJGYWNjZXNzLW1hbmFnZW1lbnQlMkZwaGlzaGluZy1hdHRhY2slMkYlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZtZzExLmF0JTJGJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTMwMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=	false		high
https://ws6.qualified.com/cable?wv=9&token=37pXYrro6wCZbsU7&vu=748692b3-470f-48f9-a39c-fec558e4c2b3&wu=a6c8e72c-45ca-4be8-aab9-d9c13181e9f5&ca=2025-01-13T16%3A19%3A15.961Z&tz=America%2FNew_York&bis=5&referrer=https%3A%2F%2Fmg11.at%2F&pv=1&fv=2025-01-13-e712afd2a7&iml=false&bl=en-US&ic=true	false		high
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-PGV1K2BN4M&cid=85d03542-2e56-4622-ba82-1c759ee11de9&_u=KGDAAEADQAAAAC%7E&z=1644227081	false		high
https://www.cloudflare.com/cdn-cgi/rum?	false		high
https://www.cloudflare.com/webpack-runtime-4c72ecef988f809df573.js	false		high
https://www.cloudflare.com/page-data/sq/d/3199558980.json	false		high
https://adobedc.demdex.net/ee/v1/identity/acquire?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=0fcde3f4-668f-4cbe-84e5-f316bcddb46c	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1052374433:1736781104:2NSsMkB35ml6mOnVwvh-RqE6e2Woq-myQ1AgFtWAqz4/9016b4ed7f5543f8/aXNCoSgMJtchfml3AZdUkSsu0cSbJCjNc8LNagXrN50-1736785154-1.1.1.1-MX6byibqJNA_KmkNZOv82ZjuodjYXstQGwKpS5hq9_Y3aphAnsQoZdq5Agm0AHdk	false		high
https://www.cloudflare.com/page-data/learning/access-management/what-is-sase/page-data.json	false		high
https://js.qualified.com/qualified.js?token=37pXYrro6wCZbsU7	false		high
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=8AD56F28618A50850A495FB6%40AdobeOrg&d_nsid=0&ts=1736785153999	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2fMg89go9MegG1EDg39mNy/5a42817cd388ae352f77f56e53b1ff81/card-new.png	false		high
https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/otSDKStub.js	false		high
https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/202407.2.0/assets/otCommonStyles.css	false		high
https://www.cloudflare.com/page-data/sq/d/1048862057.json	false		high
https://mega.fo/js/main.js?_v=20240927012657	false	Avira URL Cloud: safe	unknown
https://mega.fo/	false		unknown
https://r.logr-ingest.com/s	false		high
https://edge.adobedc.net/ee/irl1/v1/interact?configId=715c679b-19c8-4402-8093-423571ad58c4&requestId=eda239bc-7813-4752-8496-a826cc07b943	false		high
https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js?_v=20240927012657	false		high
https://www.cloudflare.com/img/privacyoptions.svg	false		high
https://ot.www.cloudflare.com/public/vendor/onetrust/consent/b1e05d49-f072-4bae-9116-bdb78af15448/018debfb-4917-76f1-8862-8a2f83812baa/en.json	false		high
https://di.rlcdn.com/710030.gif?pdata=d=desktop,lc=US,ref=mg11.at	false		high
https://mega.fo/img/icons/long-arrow.svg	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/framework-957a522640f43541ca6a.js	false		high
https://id.rlcdn.com/464526.gif	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://eventhub.goldcast.io/?eventHubId=da18a2b0-617d-4767-b139-eb386a0db8ff	chromecache_198.2.dr, chromecache_244.2.dr	false	Avira URL Cloud: safe	unknown
https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif	chromecache_200.2.dr, chromecache_226.2.dr	false		high
https://www.cloudflare.com/application-services/products/argo-smart-routing/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://www.cloudflare.com/saas/)	chromecache_179.2.dr, chromecache_240.2.dr	false		high
https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_Acti	chromecache_165.2.dr, chromecache_233.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/4sfL2iS6H10uq2waT6ehym/ad18b77fa469ce07f23d22e19ab	chromecache_146.2.dr, chromecache_143.2.dr	false		high
https://www.cloudflare.com/application-services/solutions/certificate-lifecycle-management/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://www.cloudflare.com/ddos/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2pqDYkVg8K6GqUXO2x7Izl/2d2a67e1288dbd9fc5eadcd48b5	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://mg11.at	chromecache_258.2.dr	true	Avira URL Cloud: safe	unknown
https://pixel.rubiconproject.com/tap.php?nid=5578&put=6bb70800-c0aa-4a55-9a12-aa7fe384a8d7&v	chromecache_178.2.dr	false		high
https://glovoapp.com/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://www.pedidosya.com/)	chromecache_198.2.dr, chromecache_244.2.dr	false	Avira URL Cloud: safe	unknown
https://www.deliveryhero.com/)	chromecache_198.2.dr, chromecache_244.2.dr	false	Avira URL Cloud: safe	unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/7dreyVsx0FLF3WjCQvWrVT/a9bb912272cd7f8bc9a294f768b	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/6bNeiYhSx0RGvbzxS5Fi8c/3ff83bcc36e86e85170201f8264	chromecache_224.2.dr	false		high
https://www.cloudflare.com/static/z/s.js?z=	chromecache_228.2.dr	false		high
https://www.yemeksepeti.com/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://www.youtube.com/	chromecache_258.2.dr	false		high
https://scout-cdn.salesloft.com/sl.js	chromecache_200.2.dr, chromecache_226.2.dr	false		high
https://alb.reddit.com/rp.gif?event=PageVisit&id=t2_1upmecjq&ts=1736785154859&uuid=7ae234af-bb36-403	chromecache_226.2.dr	false		high
https://www.cloudflare.com/5xx-error-landing	chromecache_225.2.dr	false		high
https://www.cloudflare.com/learning/bots/what-is-bot-management/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://hidemega.com	chromecache_258.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/connectivity-cloud/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://developers.marketo.com/MunchkinLicense.pdf	chromecache_252.2.dr, chromecache_148.2.dr, chromecache_214.2.dr, chromecache_215.2.dr	false		high
https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_266.2.dr, chromecache_153.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2yRCuqitoxUATzrEEpNPeA/49494485e77713ddfaf56b7b338	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://staging.mrk.cfdata.org/mrk/redwood-blade-repository/	chromecache_152.2.dr, chromecache_169.2.dr	false	Avira URL Cloud: safe	unknown
https://cf-assets.www.cloudflare.com/slt3lc6tev37/3Vjcj5r39nYQK9FAZ6tx1i/15048294cd989a6e460a61e56ad	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://t.me/megahealth_support_bot	chromecache_258.2.dr	false		high
https://js.qualified.com	chromecache_222.2.dr, chromecache_149.2.dr	false		high
https://www.cloudflare.com/learning/security/what-is-an-attack-surface/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://www.foodpanda.com/)	chromecache_198.2.dr, chromecache_244.2.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/f597f8065f97/065ba81630d7/launch-efab6d095ce0.js	chromecache_268.2.dr, chromecache_207.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/1jwF6zz4lTaL25osoXtSIy/76a1cf8bb1e2292f64d4314d702	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://app.qualified.com	chromecache_222.2.dr, chromecache_149.2.dr	false		high
https://assets.adobedtm.com/f597f8065f97/065ba81630d7/8472fc7436be/RC392ad6d4bbf94c7283b4eda6cbf689a	chromecache_253.2.dr, chromecache_230.2.dr	false		high
https://www.cloudflare.com/plans/enterprise/contact/	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/6vZgJjE7OFLINDHPAGZ3PJ/30ff0ceac9ad2088a52f4ad43ac	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2ZP0AQ92YBysyPFLsuoKOC/84f7aa80a36755aa94cb56c5e0a	chromecache_244.2.dr	false		high
https://www.cloudflare.com/developer-platform/solutions/live-streaming/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://jonsuh.com/hamburgers	chromecache_224.2.dr	false		high
https://www.cloudflare.com/learning/access-management/what-is-sso/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://googleads.g.doubleclick.net	chromecache_262.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2EpMDcOzRGz0qkeQbuOoB1/647e0c54d93967efd46237dec01	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://www.cloudflare.com/learning/ddos/ddos-mitigation/)	chromecache_198.2.dr, chromecache_244.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/2fMg89go9MegG1EDg39mNy/5a42817cd388ae352f77f56e53b	chromecache_224.2.dr	false		high
https://td.doubleclick.net	chromecache_190.2.dr, chromecache_262.2.dr	false		high
https://cf-assets.www.cloudflare.com/slt3lc6tev37/mJZqOomHta2MLLB73P8Hs/9378861761815b3adf7bcb7734d6	chromecache_144.2.dr, chromecache_269.2.dr	false		high
https://google.com	chromecache_262.2.dr	false		high
https://schema.org/Question	chromecache_224.2.dr	false		high
https://adservice.google.com/pagead/regclk?	chromecache_262.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	mg11.at	United States	13335	CLOUDFLARENETUS	true
18.66.102.98	api.company-target.com	United States	3	MIT-GATEWAYSUS	false
192.28.144.124	713-xsc-918.mktoresp.com	United States	15224	OMNITUREUS	false
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
52.23.60.190	unknown	United States	14618	AMAZON-AESUS	false
104.16.80.73	unknown	United States	13335	CLOUDFLARENETUS	false
18.173.205.94	unknown	United States	3	MIT-GATEWAYSUS	false
151.101.193.140	reddit.map.fastly.net	United States	54113	FASTLYUS	false
66.102.1.157	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
104.198.23.205	prod-default.lb.logrocket.network	United States	15169	GOOGLEUS	false
63.140.62.222	adobedc.net.ssl.sc.omtrdc.net	United States	15224	OMNITUREUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
54.174.42.21	scout.us1.salesloft.com	United States	14618	AMAZON-AESUS	false
104.16.124.96	www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
18.245.46.89	tag.demandbase.com	United States	16509	AMAZON-02US	false
162.159.140.229	t.co	United States	13335	CLOUDFLARENETUS	false
34.96.71.22	s.dsp-prod.demandbase.com	United States	15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.16.5	ws6.qualified.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.31.78	performance.radar.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
146.75.120.157	platform.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
35.244.174.68	id.rlcdn.com	United States	15169	GOOGLEUS	false
23.23.209.126	partners-1864332697.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
172.217.18.100	unknown	United States	15169	GOOGLEUS	false
18.66.102.75	unknown	United States	3	MIT-GATEWAYSUS	false
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false
54.247.1.250	dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
63.140.62.27	demdex.net.ssl.sc.omtrdc.net	United States	15224	OMNITUREUS	false
54.229.247.168	unknown	United States	16509	AMAZON-02US	false
104.21.96.1	cdn.logr-ingest.com	United States	13335	CLOUDFLARENETUS	false
54.154.60.209	unknown	United States	16509	AMAZON-02US	false
52.202.45.105	unknown	United States	14618	AMAZON-AESUS	false
18.173.205.104	tag-logger.demandbase.com	United States	3	MIT-GATEWAYSUS	false
104.16.79.73	static.cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false
18.245.46.22	unknown	United States	16509	AMAZON-02US	false
104.21.16.1	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.71.228	megaweb12.at	United States	13335	CLOUDFLARENETUS	true
104.18.27.193	dsum-sec.casalemedia.com	United States	13335	CLOUDFLARENETUS	false
104.244.42.67	s.twitter.com	United States	13414	TWITTERUS	false
45.11.94.145	mega.fo	Russian Federation	3214	XTOMxTomEU	false
104.18.26.193	unknown	United States	13335	CLOUDFLARENETUS	false
104.244.42.3	unknown	United States	13414	TWITTERUS	false
104.18.17.5	js.qualified.com	United States	13335	CLOUDFLARENETUS	false
151.101.129.140	dualstack.reddit.map.fastly.net	United States	54113	FASTLYUS	false
104.16.123.96	ot.www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590172
Start date and time:	2025-01-13 17:17:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mega.fo
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.evad.win@22/224@162/47
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 172.217.23.110, 66.102.1.84, 142.250.185.238, 216.58.206.46, 172.217.16.206, 199.232.210.172, 192.229.221.95, 142.250.186.174, 142.250.184.238, 142.250.181.238, 142.250.74.195, 142.250.186.78, 2.23.241.90, 142.250.185.136, 142.250.185.106, 172.217.18.10, 172.217.18.106, 216.58.206.74, 142.250.186.74, 142.250.74.202, 142.250.186.138, 142.250.185.202, 172.217.23.106, 142.250.185.138, 142.250.184.234, 172.217.16.202, 142.250.184.202, 142.250.185.170, 142.250.186.42, 142.250.185.74, 2.18.64.212, 2.18.64.220, 104.16.72.105, 104.16.71.105, 2.16.168.121, 2.16.168.109, 104.102.43.106, 13.107.42.14, 142.250.185.232, 142.250.184.200, 34.255.155.228, 54.75.138.108, 54.75.135.140, 88.221.110.227, 88.221.110.136, 172.64.146.215, 104.18.41.41, 69.173.144.165, 69.173.144.138, 69.173.144.139, 184.28.90.27, 20.109.210.53, 13.107.246.45, 172.202.163.200, 150.171.29.10, 150.171.30.10
Excluded domains from analysis (whitelisted): pixel.rubiconproject.net.akadns.net, slscr.update.microsoft.com, cn-assets.adobedtm.com.edgekey.net, scout-cdn.salesloft.com.cdn.cloudflare.net, clientservices.googleapis.com, e10776.b.akamaiedge.net, wildcard.marketo.net.edgekey.net, l-0005.l-msedge.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, cdn.bizible.com.edgesuite.net, www.googletagmanager.com, update.googleapis.com, bat.bing.com, a798.dscd.akamai.net, www-linkedin-com.l-0005.l-msedge.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, cm.everesttech.net.akadns.net, ctldl.windowsupdate.com, od.linkedin.edgesuite.net, fe3cr.delivery.mp.microsoft.com, www.linkedin.com.cdn.cloudflare.net, edgedl.me.gvt1.com, e7808.dscg.akamaiedge.net, clients.l.google.com, a1916.dscg2.akamai.net
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mega.fo

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://mega.fo Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://mega.fo
URL: https://mg11.at/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script checks if cookies are enabled in the user's browser and displays a cookie alert if they are not. This is a common practice to inform users about cookie usage and does not demonstrate any high-risk behaviors." }
if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) }
URL: https://mega.fo/js/main.js?_v=20240927012657... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate and benign code that handles the toggling of a mobile menu and the expansion/collapse of manual list headers. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The script is focused on basic DOM manipulation and event handling, which is common in web development. There are no signs of malicious intent or behavior." }
document.addEventListener('DOMContentLoaded', () => { const toggle = document.querySelector(".header__toggle.open"); const toggleClose = document.querySelector(".header__toggle.close"); const headerMob = document.querySelector(".header__mob"); const siteBody = document.body; const toggleMenu = () => { headerMob.classList.toggle('active'); siteBody.classList.toggle('noscroll'); toggle.classList.toggle('inactive'); }; const closeMenu = () => { headerMob.classList.remove('active'); siteBody.classList.remove('noscroll'); toggle.classList.remove('inactive'); }; toggle.addEventListener('click', toggleMenu); toggleClose.addEventListener('click', toggleMenu); document.addEventListener('click', (e) => { if (!headerMob.contains(e.target) && !toggle.contains(e.target) && headerMob.classList.contains('active')) { closeMenu(); } }); const manualHeaders = document.querySelectorAll('.manual__list-header'); manualHeaders.forEach(header => { header.addEventListener('click', function () { const desc = this.nextElementSibling; if (desc.style.maxHeight) { desc.style.maxHeight = null; this.classList.remove('open'); } else { desc.style.maxHeight = desc.scrollHeight + 'px'; this.classList.add('open'); } }); }); Fancybox.bind('[data-fancybox="gallery"]', { // Your custom options for a specific gallery }); });
URL: https://mg11.at/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://mega.fo/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": " .", "prominent_button_name": " ", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://mg11.at/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://mega.fo/ Model: Joe Sandbox AI	{ "brands": [ "MEGA" ] }
	{ "brands": [ "MEGA" ] }
URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.cloudflare.com/learning/access-management/phishing-attack/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_225, type: DROPPED

Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://s.company-target.com/s/sync?exc=lr
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://cloudflareinc.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.cloudflare.com
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: Iframe src: https://s.company-target.com/s/sync?exc=lr

Source: https://mega.fo/	HTTP Parser: No favicon
Source: https://mg11.at/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No favicon

Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="author".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="author".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="author".. found

Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.cloudflare.com/learning/access-management/phishing-attack/	HTTP Parser: No <meta name="copyright".. found

Source: chromecache_258.2.dr	String found in binary or memory: <div class="projects__tags-group"><a class="projects__tag bg-orange" href="https://mg11.at">mg11.at?</a><a class="projects__tag bg-white clr-black" href="https://megaweb12.at">megaweb12.at?</a></div><a class="projects__tag bg-transparent" href="http://mega555kf7lsmb54yd6etzginolhxxi4ytdoma2rf77ngq55fhfcnyid.onion">megaonisfj2js2j52kjf...?</a>
Source: chromecache_258.2.dr	String found in binary or memory: <li><a href="http://mega555kf7lsmb54yd6etzginolhxxi4ytdoma2rf77ngq55fhfcnyid.onion"><span>onion</span></a></li>
Source: chromecache_258.2.dr	String found in binary or memory: <li><span>onion</span><a href="http://mega555kf7lsmb54yd6etzginolhxxi4ytdoma2rf77ngq55fhfcnyid.onion">onion</a></li>

Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.4:50028 -> 104.244.42.67:443
Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.4:50025 -> 162.159.140.229:443
Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.4:50062 -> 104.18.27.193:443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.19
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.19
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mega.fo
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: mg11.at
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: megaweb12.at
Source: global traffic	DNS traffic detected: DNS query: www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cf-assets.www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global traffic	DNS traffic detected: DNS query: performance.radar.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ot.www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.logr-ingest.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: api.www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: scout-cdn.salesloft.com
Source: global traffic	DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic	DNS traffic detected: DNS query: js.qualified.com
Source: global traffic	DNS traffic detected: DNS query: munchkin.marketo.net
Source: global traffic	DNS traffic detected: DNS query: cdn.bizible.com
Source: global traffic	DNS traffic detected: DNS query: tag.demandbase.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: alb.reddit.com
Source: global traffic	DNS traffic detected: DNS query: scout.salesloft.com
Source: global traffic	DNS traffic detected: DNS query: adobedc.demdex.net
Source: global traffic	DNS traffic detected: DNS query: cloudflareinc.demdex.net
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: di.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic	DNS traffic detected: DNS query: cdn.bizibly.com
Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: analytics.twitter.com
Source: global traffic	DNS traffic detected: DNS query: api.company-target.com
Source: global traffic	DNS traffic detected: DNS query: s.company-target.com
Source: global traffic	DNS traffic detected: DNS query: id.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: r.logr-ingest.com
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: ws6.qualified.com
Source: global traffic	DNS traffic detected: DNS query: dsum-sec.casalemedia.com
Source: global traffic	DNS traffic detected: DNS query: partners.tremorhub.com
Source: global traffic	DNS traffic detected: DNS query: pixel.rubiconproject.com
Source: global traffic	DNS traffic detected: DNS query: tag-logger.demandbase.com
Source: global traffic	DNS traffic detected: DNS query: 713-xsc-918.mktoresp.com
Source: global traffic	DNS traffic detected: DNS query: edge.adobedc.net

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	116
Entropy (8bit):	4.789782872442518
Encrypted:	false
SSDEEP:	3:2LGXaPM5ZEJJEzeofKhB/VBm/f3v:2LG8MHPKfqff
MD5:	A364D7720681423580592500C31FB498
SHA1:	A6683A88E69F381D707C82B31822AAFEBB8A1716
SHA-256:	7B2D16B6C90C0CD12F7FA82ABC053BDC814DE058CD97B901564DD69A0DA46121
SHA-512:	2875C943DF452AADB81CE43D654C4C49DE94B5D053BD09A028EBB6F7C38BBAE047DB90EAE5E9569932483F88E454795A802C31B941601A4C149BA008ECA49799
Malicious:	false
Reputation:	low
URL:	https://cdn.bizible.com/xdc.js?_biz_u=692af46b6d5a4bc0cf0c7675eaa202db&_biz_h=-1777624096&cdn_o=a&jsVer=4.24.12.19
Preview:	(function () {.. BizTrackingA.XdcCallback({.. xdc: "692af46b6d5a4bc0cf0c7675eaa202db".. });..})();..;..

Source: chromecache_258.2.dr	String found in binary or memory: <li><span>Youtube</span><a href="https://www.youtube.com/@moriartymega">Moriarty YT</a></li> equals www.youtube.com (Youtube)
Source: chromecache_226.2.dr	String found in binary or memory: -->`;document.body.appendChild(d);};{\n!function(e,t,n,s,u,a){e.twq\|\|(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);\n},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',\na=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');\n// Insert Twitter Advertiser ID\ntwq('config','nvldc', {\n restricted_data_use: 'restrict_optimization' // or 'off'\n});\n};{const d = document.createElement('div');d.innerHTML = `<!-- Qualified -->\n\n\n<!-- End Qualified -->`;document.body.appendChild(d);};{\n(function(w,q){w['QualifiedObject']=q;w[q]=w[q]\|\|function(){\n(w[q].q=w[q].q\|\|[]).push(arguments)};})(window,'qualified')\n\n};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22async%22%3A%22%22%2C%22src%22%3A%22https%3A%2F%2Fjs.qualified.com%2Fqualified.js%3Ftoken%3D37pXYrro6wCZbsU7%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-a4ec3688-6b57-4006-8371-b379777fd34b%5C%22))%7D%22%2C%22order-id%22%3A%22a4ec3688-6b57-4006-8371-b379777fd34b%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\n(function() {\n var didInit = false;\n function initMunchkin() {\n if(didInit === false) {\n didInit = true;\n Munchkin.init('713-XSC-918');\n }\n }\n var s = document.createElement('script');\n s.type = 'text/javascript';\n s.async = true;\n s.src = '//munchkin.marketo.net/munchkin-beta.js';\n s.onreadystatechange = function() {\n if (this.readyState == 'complete' \|\| this.readyState == 'loaded') {\n initMunchkin();\n }\n };\n s.onload = initMunchkin;\n document.getElementsByTagName('head')[0].appendChild(s);\n})();\n};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22type%22%3A%22text%2Fjavascript%22%2C%22src%22%3A%22https%3A%2F%2Fcdn.bizible.com%2Fscripts%2Fbizible.js%22%2C%22async%22%3A%22%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-e6778215-3a67-4b55-ac94-0f4fd22aef68%5C%22))%7D%22%2C%22order-id%22%3A%22e6778215-3a67-4b55-ac94-0f4fd22aef68%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\nwindow.dataLayer = window.dataLayer \|\| [];\nwindow.dataLayer.push({'zarazGaClientId': ''});\n};{\n(function(d,b,a,s,e){ var t = b.createElement(a), \n fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; \n fs.parentNode.insertBefore(t, fs); })\n(window,document,'script','https://tag.demandbase.com/1be41a80498a5b73.min.js','demandbase_js_lib'); \n}})(window,document)"],"f":[["https://px.ads.linkedin.com/collect/?fmt=js&v=2&url=https%
Source: chromecache_226.2.dr	String found in binary or memory: -->`;document.body.appendChild(d);};{\n!function(e,t,n,s,u,a){e.twq\|\|(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);\n},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',\na=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');\n// Insert Twitter Advertiser ID\ntwq('config','nvldc', {\n restricted_data_use: 'restrict_optimization' // or 'off'\n});\n};{const d = document.createElement('div');d.innerHTML = `<!-- Qualified -->\n\n\n<!-- End Qualified -->`;document.body.appendChild(d);};{\n(function(w,q){w['QualifiedObject']=q;w[q]=w[q]\|\|function(){\n(w[q].q=w[q].q\|\|[]).push(arguments)};})(window,'qualified')\n\n};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22async%22%3A%22%22%2C%22src%22%3A%22https%3A%2F%2Fjs.qualified.com%2Fqualified.js%3Ftoken%3D37pXYrro6wCZbsU7%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-a4ec3688-6b57-4006-8371-b379777fd34b%5C%22))%7D%22%2C%22order-id%22%3A%22a4ec3688-6b57-4006-8371-b379777fd34b%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\n(function() {\n var didInit = false;\n function initMunchkin() {\n if(didInit === false) {\n didInit = true;\n Munchkin.init('713-XSC-918');\n }\n }\n var s = document.createElement('script');\n s.type = 'text/javascript';\n s.async = true;\n s.src = '//munchkin.marketo.net/munchkin-beta.js';\n s.onreadystatechange = function() {\n if (this.readyState == 'complete' \|\| this.readyState == 'loaded') {\n initMunchkin();\n }\n };\n s.onload = initMunchkin;\n document.getElementsByTagName('head')[0].appendChild(s);\n})();\n};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{const el = document.createElement('script');Object.entries(JSON.parse(decodeURIComponent(`%7B%22type%22%3A%22text%2Fjavascript%22%2C%22src%22%3A%22https%3A%2F%2Fcdn.bizible.com%2Fscripts%2Fbizible.js%22%2C%22async%22%3A%22%22%2C%22onload%22%3A%22%7Bdocument.dispatchEvent(new%20Event(%5C%22loaded-e6778215-3a67-4b55-ac94-0f4fd22aef68%5C%22))%7D%22%2C%22order-id%22%3A%22e6778215-3a67-4b55-ac94-0f4fd22aef68%22%7D`))).forEach(([k, v]) => {el.setAttribute(k, v);});document.head.appendChild(el);};{const d = document.createElement('div');d.innerHTML = ``;document.body.appendChild(d);};{\nwindow.dataLayer = window.dataLayer \|\| [];\nwindow.dataLayer.push({'zarazGaClientId': ''});\n};{\n(function(d,b,a,s,e){ var t = b.createElement(a), \n fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; \n fs.parentNode.insertBefore(t, fs); })\n(window,document,'script','https://tag.demandbase.com/1be41a80498a5b73.min.js','demandbase_js_lib'); \n}})(window,document)"],"f":[["https://px.ads.linkedin.com/collect/?fmt=js&v=2&url=https%
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: return b}OE.F="internal.enableAutoEventOnTimer";var Vb=wa(["data-gtm-yt-inspected-"]),QE=["www.youtube.com","www.youtube-nocookie.com"],RE,SE=!1; equals www.youtube.com (Youtube)
Source: chromecache_200.2.dr	String found in binary or memory: return fetch("https://www.cloudflare.com/static/z/t",{credentials:"include",method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(em)})})).then((function(ev){zarazData._let=(new Date).getTime();ev.ok\|\|el();return 204!==ev.status&&ev.json()})).then((async eu=>{await zaraz._p(eu);"function"==typeof ej&&ej()})).finally((()=>ek()))}))};zaraz.set=function(ew,ex,ey){try{ex=JSON.stringify(ex)}catch(ez){return}prefixedKey="_zaraz_"+ew;sessionStorage&&sessionStorage.removeItem(prefixedKey);localStorage&&localStorage.removeItem(prefixedKey);delete zaraz.pageVariables[ew];if(void 0!==ex){ey&&"session"==ey.scope?sessionStorage&&sessionStorage.setItem(prefixedKey,ex):ey&&"page"==ey.scope?zaraz.pageVariables[ew]=ex:localStorage&&localStorage.setItem(prefixedKey,ex);zaraz.__watchVar={key:ew,value:ex}}};for(const{m:eA,a:eB}of zarazData.q.filter((({m:eC})=>["debug","set"].includes(eC))))zaraz[eA](...eB);for(const{m:eD,a:eE}of zaraz.q)zaraz[eD](...eE);delete zaraz.q;delete zarazData.q;zaraz.spaPageview=()=>{zarazData.l=d.location.href;zarazData.t=d.title;zaraz.pageVariables={};zaraz.__zarazMCListeners={};zaraz.track("__zarazSPA")};zaraz.fulfilTrigger=function(dy,dz,dA,dB){zaraz.__zarazTriggerMap\|\|(zaraz.__zarazTriggerMap={});zaraz.__zarazTriggerMap[dy]\|\|(zaraz.__zarazTriggerMap[dy]="");zaraz.__zarazTriggerMap[dy]+=""+dz+"";zaraz.track("__zarazEmpty",{...dA,__zarazClientTriggers:zaraz.__zarazTriggerMap[dy]},dB)};zaraz._c=cZ=>{const{event:c$,...da}=cZ;zaraz.track(c$,{...da,__zarazClientEvent:!0})};zaraz._syncedAttributes=["altKey","clientX","clientY","pageX","pageY","button"];zaraz.__zcl.track=!0;zaraz._p({"e":["(function(w,d){(function(){if(\"function\"!=typeof zaraz._timeout){zaraz._timeouts=[];zaraz._timeout=(dU,dV,dW,dX)=>{dW=parseInt(dW,10);dX=parseInt(dX,10);if(0==dW)return;const dY=setTimeout((function(){zaraz.fulfilTrigger(dU,dV);zaraz._timeout(dU,dV,--dW,dX)}),dX);zaraz._timeouts.push(dY)}}zaraz._timeout(\"IFsU\",\"BKpn\",\"1\",\"30000\");})();(function(){const dJ=\"25%,50%,75%,100%\",dK=[];for(let dM=0;dM<dJ.split(\",\").length;dM+=1){const dN=dJ.split(\",\")[dM].trim().match(/^([0-9]{1,999999999})(px\|%)?$/);dN&&dN[1]&&dK.push([parseInt(dN[1],10),dN[2]\|\|\"%\"])}let dL=()=>{const dO=d.scrollingElement\|\|d.documentElement,dP=dO.scrollHeight-dO.clientHeight,dQ=dO.scrollTop/dP*100;for(let dR=0;dR<dK.length;dR+=1)if(dK[dR]){const[dS,dT]=dK[dR];if(\"%\"===dT&&dQ>=dS\|\|\"px\"===dT&&dO.scrollTop>=dS){delete dK[dR];zaraz.fulfilTrigger(\"zDVF\",\"Frnx\",{scrollDepth:dS+dT})}}};w.zaraz._al(d,\"scroll\",dL);w.zaraz._al(w,\"resize\",dL);dL();})();;w.zarazData.executed.push(\"Pageview\");})(window,document)","(function(w,d){{const d = document.createElement('div');d.innerHTML = `<noscript>\n<img height=\"1\" width=\"1\" style=\"display:none;\" alt=\"\" src=\"https://px.ads.linkedin.com/collect/?pid=28851&fmt=gif\" />\n</noscript>`;document.body.appendChild(d);};{\n_linkedin_partner_id = \"28851\";\nwindow._linkedin_data_partner_ids = window._link
Source: chromecache_190.2.dr, chromecache_262.2.dr	String found in binary or memory: var cE=function(a,b,c,d,e){var f=TB("fsl",c?"nv.mwt":"mwt",0),g;g=c?TB("fsl","nv.ids",[]):TB("fsl","ids",[]);if(!g.length)return!0;var k=YB(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);U(121);if(m==="https://www.facebook.com/tr/")return U(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!DA(k,FA(b, equals www.facebook.com (Facebook)

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 17:18:16.420521975 CET	192.168.2.4	1.1.1.1	0xcd0e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:16.420619011 CET	192.168.2.4	1.1.1.1	0x6254	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 17:18:17.238557100 CET	192.168.2.4	1.1.1.1	0x30a2	Standard query (0)	mega.fo	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:17.238975048 CET	192.168.2.4	1.1.1.1	0xcb2	Standard query (0)	mega.fo	65	IN (0x0001)	false
Jan 13, 2025 17:18:18.410981894 CET	192.168.2.4	1.1.1.1	0xcec7	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:18.411164045 CET	192.168.2.4	1.1.1.1	0x5596	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Jan 13, 2025 17:18:19.442398071 CET	192.168.2.4	1.1.1.1	0xcf8b	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:19.442763090 CET	192.168.2.4	1.1.1.1	0x22a	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Jan 13, 2025 17:18:22.418410063 CET	192.168.2.4	1.1.1.1	0x4ff4	Standard query (0)	mega.fo	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:22.418643951 CET	192.168.2.4	1.1.1.1	0x5309	Standard query (0)	mega.fo	65	IN (0x0001)	false
Jan 13, 2025 17:18:57.055031061 CET	192.168.2.4	1.1.1.1	0x8b1c	Standard query (0)	mg11.at	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:57.056114912 CET	192.168.2.4	1.1.1.1	0xb938	Standard query (0)	mg11.at	65	IN (0x0001)	false
Jan 13, 2025 17:18:58.178910971 CET	192.168.2.4	1.1.1.1	0x7205	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:58.179200888 CET	192.168.2.4	1.1.1.1	0x6355	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:18:59.486095905 CET	192.168.2.4	1.1.1.1	0xdeac	Standard query (0)	mg11.at	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:18:59.486217976 CET	192.168.2.4	1.1.1.1	0xf218	Standard query (0)	mg11.at	65	IN (0x0001)	false
Jan 13, 2025 17:19:00.593924999 CET	192.168.2.4	1.1.1.1	0xd5ff	Standard query (0)	megaweb12.at	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:00.594070911 CET	192.168.2.4	1.1.1.1	0xb76f	Standard query (0)	megaweb12.at	65	IN (0x0001)	false
Jan 13, 2025 17:19:08.015824080 CET	192.168.2.4	1.1.1.1	0x9515	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:08.016122103 CET	192.168.2.4	1.1.1.1	0xe5e4	Standard query (0)	www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.095814943 CET	192.168.2.4	1.1.1.1	0x9147	Standard query (0)	cf-assets.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.095963955 CET	192.168.2.4	1.1.1.1	0x93c9	Standard query (0)	cf-assets.www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.165538073 CET	192.168.2.4	1.1.1.1	0xc896	Standard query (0)	static.cloudflareinsights.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.165684938 CET	192.168.2.4	1.1.1.1	0x4b13	Standard query (0)	static.cloudflareinsights.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.351989985 CET	192.168.2.4	1.1.1.1	0x4e79	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.352128029 CET	192.168.2.4	1.1.1.1	0xdde1	Standard query (0)	www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.791903973 CET	192.168.2.4	1.1.1.1	0x6f96	Standard query (0)	performance.radar.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.792247057 CET	192.168.2.4	1.1.1.1	0x69a6	Standard query (0)	performance.radar.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.792692900 CET	192.168.2.4	1.1.1.1	0xec9d	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.792843103 CET	192.168.2.4	1.1.1.1	0xead	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.793234110 CET	192.168.2.4	1.1.1.1	0xb60b	Standard query (0)	ot.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.793378115 CET	192.168.2.4	1.1.1.1	0xc7c5	Standard query (0)	ot.www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.797837019 CET	192.168.2.4	1.1.1.1	0xe7cd	Standard query (0)	cf-assets.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.798029900 CET	192.168.2.4	1.1.1.1	0x3d7e	Standard query (0)	cf-assets.www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:09.901576042 CET	192.168.2.4	1.1.1.1	0xda1a	Standard query (0)	static.cloudflareinsights.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:09.901851892 CET	192.168.2.4	1.1.1.1	0x18a7	Standard query (0)	static.cloudflareinsights.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:10.602725983 CET	192.168.2.4	1.1.1.1	0x8938	Standard query (0)	ot.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:10.603110075 CET	192.168.2.4	1.1.1.1	0x8a9f	Standard query (0)	ot.www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:11.264166117 CET	192.168.2.4	1.1.1.1	0x8fb5	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:11.264347076 CET	192.168.2.4	1.1.1.1	0x3f93	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:11.624293089 CET	192.168.2.4	1.1.1.1	0x89e1	Standard query (0)	cdn.logr-ingest.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:11.624450922 CET	192.168.2.4	1.1.1.1	0x8eb0	Standard query (0)	cdn.logr-ingest.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:13.569407940 CET	192.168.2.4	1.1.1.1	0xa53f	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:13.569672108 CET	192.168.2.4	1.1.1.1	0x52bb	Standard query (0)	assets.adobedtm.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:13.604968071 CET	192.168.2.4	1.1.1.1	0xf952	Standard query (0)	api.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:13.604968071 CET	192.168.2.4	1.1.1.1	0xb8bb	Standard query (0)	api.www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:14.012392044 CET	192.168.2.4	1.1.1.1	0x9ac3	Standard query (0)	cdn.logr-ingest.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:14.012689114 CET	192.168.2.4	1.1.1.1	0xf676	Standard query (0)	cdn.logr-ingest.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:14.350181103 CET	192.168.2.4	1.1.1.1	0x5c77	Standard query (0)	api.www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:14.350336075 CET	192.168.2.4	1.1.1.1	0x193b	Standard query (0)	api.www.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:14.889065027 CET	192.168.2.4	1.1.1.1	0x553b	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:14.889537096 CET	192.168.2.4	1.1.1.1	0x6b2	Standard query (0)	assets.adobedtm.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:14.934544086 CET	192.168.2.4	1.1.1.1	0xa020	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:14.934694052 CET	192.168.2.4	1.1.1.1	0xe031	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.016870022 CET	192.168.2.4	1.1.1.1	0xe034	Standard query (0)	snap.licdn.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.017211914 CET	192.168.2.4	1.1.1.1	0x8fd8	Standard query (0)	snap.licdn.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.019222021 CET	192.168.2.4	1.1.1.1	0x70e0	Standard query (0)	scout-cdn.salesloft.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.019365072 CET	192.168.2.4	1.1.1.1	0xa0e6	Standard query (0)	scout-cdn.salesloft.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.019937992 CET	192.168.2.4	1.1.1.1	0xde87	Standard query (0)	static.ads-twitter.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.020214081 CET	192.168.2.4	1.1.1.1	0xecf2	Standard query (0)	static.ads-twitter.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.020843983 CET	192.168.2.4	1.1.1.1	0x85b1	Standard query (0)	js.qualified.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.021320105 CET	192.168.2.4	1.1.1.1	0xded1	Standard query (0)	js.qualified.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.021689892 CET	192.168.2.4	1.1.1.1	0x6a48	Standard query (0)	munchkin.marketo.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.021817923 CET	192.168.2.4	1.1.1.1	0xfbf	Standard query (0)	munchkin.marketo.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.022145987 CET	192.168.2.4	1.1.1.1	0xb278	Standard query (0)	cdn.bizible.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.022267103 CET	192.168.2.4	1.1.1.1	0x3beb	Standard query (0)	cdn.bizible.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.022572041 CET	192.168.2.4	1.1.1.1	0x2f1b	Standard query (0)	tag.demandbase.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.022679090 CET	192.168.2.4	1.1.1.1	0x3a4e	Standard query (0)	tag.demandbase.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.027956963 CET	192.168.2.4	1.1.1.1	0xeb0c	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.028079987 CET	192.168.2.4	1.1.1.1	0xbf82	Standard query (0)	px.ads.linkedin.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.028485060 CET	192.168.2.4	1.1.1.1	0x60f8	Standard query (0)	alb.reddit.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.028700113 CET	192.168.2.4	1.1.1.1	0xbf07	Standard query (0)	alb.reddit.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.088856936 CET	192.168.2.4	1.1.1.1	0x8daf	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.088999033 CET	192.168.2.4	1.1.1.1	0x69e9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:15.916618109 CET	192.168.2.4	1.1.1.1	0xda0f	Standard query (0)	scout.salesloft.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:15.916768074 CET	192.168.2.4	1.1.1.1	0x69b3	Standard query (0)	scout.salesloft.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.006489992 CET	192.168.2.4	1.1.1.1	0x57a2	Standard query (0)	adobedc.demdex.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.006668091 CET	192.168.2.4	1.1.1.1	0xd097	Standard query (0)	adobedc.demdex.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.014045954 CET	192.168.2.4	1.1.1.1	0xe959	Standard query (0)	cloudflareinc.demdex.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.014378071 CET	192.168.2.4	1.1.1.1	0x8edb	Standard query (0)	cloudflareinc.demdex.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.031683922 CET	192.168.2.4	1.1.1.1	0x70a7	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.031867027 CET	192.168.2.4	1.1.1.1	0xccae	Standard query (0)	stats.g.doubleclick.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.037281990 CET	192.168.2.4	1.1.1.1	0x2c4b	Standard query (0)	di.rlcdn.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.037471056 CET	192.168.2.4	1.1.1.1	0x700b	Standard query (0)	di.rlcdn.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.038347006 CET	192.168.2.4	1.1.1.1	0xef0f	Standard query (0)	cm.everesttech.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.038577080 CET	192.168.2.4	1.1.1.1	0x67ad	Standard query (0)	cm.everesttech.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.177342892 CET	192.168.2.4	1.1.1.1	0xb671	Standard query (0)	cdn.bizibly.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.177469015 CET	192.168.2.4	1.1.1.1	0x741a	Standard query (0)	cdn.bizibly.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.368021011 CET	192.168.2.4	1.1.1.1	0x1572	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.368170977 CET	192.168.2.4	1.1.1.1	0x81e0	Standard query (0)	t.co	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.476839066 CET	192.168.2.4	1.1.1.1	0xa133	Standard query (0)	analytics.twitter.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.476991892 CET	192.168.2.4	1.1.1.1	0xa7d	Standard query (0)	analytics.twitter.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.488251925 CET	192.168.2.4	1.1.1.1	0x7d7a	Standard query (0)	api.company-target.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.488511086 CET	192.168.2.4	1.1.1.1	0x6e82	Standard query (0)	api.company-target.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.493778944 CET	192.168.2.4	1.1.1.1	0x3c50	Standard query (0)	s.company-target.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.493928909 CET	192.168.2.4	1.1.1.1	0x4655	Standard query (0)	s.company-target.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.578280926 CET	192.168.2.4	1.1.1.1	0xfb31	Standard query (0)	alb.reddit.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.578483105 CET	192.168.2.4	1.1.1.1	0x323d	Standard query (0)	alb.reddit.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.578847885 CET	192.168.2.4	1.1.1.1	0x2f89	Standard query (0)	scout-cdn.salesloft.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.578994989 CET	192.168.2.4	1.1.1.1	0x4f26	Standard query (0)	scout-cdn.salesloft.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.579260111 CET	192.168.2.4	1.1.1.1	0xeb94	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.579391956 CET	192.168.2.4	1.1.1.1	0xe568	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.581063032 CET	192.168.2.4	1.1.1.1	0xc868	Standard query (0)	munchkin.marketo.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.581232071 CET	192.168.2.4	1.1.1.1	0xae2c	Standard query (0)	munchkin.marketo.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.582647085 CET	192.168.2.4	1.1.1.1	0xe0cc	Standard query (0)	snap.licdn.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.582798004 CET	192.168.2.4	1.1.1.1	0x53f8	Standard query (0)	snap.licdn.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.592979908 CET	192.168.2.4	1.1.1.1	0x8fc2	Standard query (0)	cdn.bizible.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.593125105 CET	192.168.2.4	1.1.1.1	0xfea7	Standard query (0)	cdn.bizible.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.700176954 CET	192.168.2.4	1.1.1.1	0xcadb	Standard query (0)	id.rlcdn.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.700428963 CET	192.168.2.4	1.1.1.1	0xb0dd	Standard query (0)	id.rlcdn.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.720628977 CET	192.168.2.4	1.1.1.1	0xfa81	Standard query (0)	r.logr-ingest.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.720793009 CET	192.168.2.4	1.1.1.1	0xabff	Standard query (0)	r.logr-ingest.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.755240917 CET	192.168.2.4	1.1.1.1	0x7f4b	Standard query (0)	www.linkedin.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.755443096 CET	192.168.2.4	1.1.1.1	0x872e	Standard query (0)	www.linkedin.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.772638083 CET	192.168.2.4	1.1.1.1	0x537f	Standard query (0)	static.ads-twitter.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.772902966 CET	192.168.2.4	1.1.1.1	0xe9c5	Standard query (0)	static.ads-twitter.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.814358950 CET	192.168.2.4	1.1.1.1	0xaf59	Standard query (0)	tag.demandbase.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.814526081 CET	192.168.2.4	1.1.1.1	0xbc5a	Standard query (0)	tag.demandbase.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.815047026 CET	192.168.2.4	1.1.1.1	0x87cf	Standard query (0)	scout.salesloft.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.815203905 CET	192.168.2.4	1.1.1.1	0x25f6	Standard query (0)	scout.salesloft.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.870243073 CET	192.168.2.4	1.1.1.1	0xeb75	Standard query (0)	js.qualified.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.870404005 CET	192.168.2.4	1.1.1.1	0x807f	Standard query (0)	js.qualified.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:16.886718988 CET	192.168.2.4	1.1.1.1	0x54d5	Standard query (0)	ws6.qualified.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:16.886898994 CET	192.168.2.4	1.1.1.1	0x7a41	Standard query (0)	ws6.qualified.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:17.092014074 CET	192.168.2.4	1.1.1.1	0x6584	Standard query (0)	adobedc.demdex.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:17.092505932 CET	192.168.2.4	1.1.1.1	0xa76a	Standard query (0)	adobedc.demdex.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:17.118109941 CET	192.168.2.4	1.1.1.1	0x55c1	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:17.118381023 CET	192.168.2.4	1.1.1.1	0x29f8	Standard query (0)	dsum-sec.casalemedia.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:17.122853041 CET	192.168.2.4	1.1.1.1	0xa8b5	Standard query (0)	partners.tremorhub.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:17.123028994 CET	192.168.2.4	1.1.1.1	0xc6a6	Standard query (0)	partners.tremorhub.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:17.227761030 CET	192.168.2.4	1.1.1.1	0x1956	Standard query (0)	pixel.rubiconproject.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:17.228317022 CET	192.168.2.4	1.1.1.1	0xb805	Standard query (0)	pixel.rubiconproject.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:17.504676104 CET	192.168.2.4	1.1.1.1	0xd8c6	Standard query (0)	tag-logger.demandbase.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:17.504854918 CET	192.168.2.4	1.1.1.1	0x4f3a	Standard query (0)	tag-logger.demandbase.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:17.540759087 CET	192.168.2.4	1.1.1.1	0x5165	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:17.540949106 CET	192.168.2.4	1.1.1.1	0x23ce	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:18.075306892 CET	192.168.2.4	1.1.1.1	0x135c	Standard query (0)	713-xsc-918.mktoresp.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:18.075699091 CET	192.168.2.4	1.1.1.1	0x57c7	Standard query (0)	713-xsc-918.mktoresp.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:18.973021984 CET	192.168.2.4	1.1.1.1	0xccc3	Standard query (0)	edge.adobedc.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:18.973277092 CET	192.168.2.4	1.1.1.1	0x7596	Standard query (0)	edge.adobedc.net	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.038249969 CET	192.168.2.4	1.1.1.1	0x3d16	Standard query (0)	cdn.bizibly.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.038556099 CET	192.168.2.4	1.1.1.1	0x2e51	Standard query (0)	cdn.bizibly.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.039426088 CET	192.168.2.4	1.1.1.1	0x1a0a	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.039570093 CET	192.168.2.4	1.1.1.1	0xc2d5	Standard query (0)	t.co	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.050803900 CET	192.168.2.4	1.1.1.1	0x1de1	Standard query (0)	analytics.twitter.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.051059008 CET	192.168.2.4	1.1.1.1	0x75a4	Standard query (0)	analytics.twitter.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.051453114 CET	192.168.2.4	1.1.1.1	0xc1ee	Standard query (0)	api.company-target.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.051588058 CET	192.168.2.4	1.1.1.1	0x823c	Standard query (0)	api.company-target.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.088593006 CET	192.168.2.4	1.1.1.1	0xd297	Standard query (0)	partners.tremorhub.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.088804960 CET	192.168.2.4	1.1.1.1	0xdace	Standard query (0)	partners.tremorhub.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.099174023 CET	192.168.2.4	1.1.1.1	0x5e0e	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.099450111 CET	192.168.2.4	1.1.1.1	0xbd4d	Standard query (0)	px.ads.linkedin.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.696029902 CET	192.168.2.4	1.1.1.1	0xfd45	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.696208000 CET	192.168.2.4	1.1.1.1	0xbdf3	Standard query (0)	dsum-sec.casalemedia.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.698908091 CET	192.168.2.4	1.1.1.1	0xe39f	Standard query (0)	pixel.rubiconproject.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.699285030 CET	192.168.2.4	1.1.1.1	0x921a	Standard query (0)	pixel.rubiconproject.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:19.703171015 CET	192.168.2.4	1.1.1.1	0xa00c	Standard query (0)	tag-logger.demandbase.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:19.703309059 CET	192.168.2.4	1.1.1.1	0xc70a	Standard query (0)	tag-logger.demandbase.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:20.488538980 CET	192.168.2.4	1.1.1.1	0x1919	Standard query (0)	r.logr-ingest.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:20.488723040 CET	192.168.2.4	1.1.1.1	0xe7ae	Standard query (0)	r.logr-ingest.com	65	IN (0x0001)	false
Jan 13, 2025 17:19:20.497633934 CET	192.168.2.4	1.1.1.1	0xcfa6	Standard query (0)	edge.adobedc.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 17:19:20.497858047 CET	192.168.2.4	1.1.1.1	0x2f41	Standard query (0)	edge.adobedc.net	65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:17 UTC	650	OUT	GET / HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:18 UTC	236	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:18 GMT Content-Type: text/html Content-Length: 20216 Last-Modified: Thu, 19 Dec 2024 19:48:31 GMT Connection: close ETag: "6764788f-4ef8" Accept-Ranges: bytes
2025-01-13 16:18:18 UTC	16148	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 5f 76 3d Data Ascii: <!DOCTYPE html><html lang="ru"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="css/main.min.css?_v=
2025-01-13 16:18:18 UTC	4068	IN	Data Raw: 6d 65 67 61 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 74 6f 67 67 6c 65 2d 64 72 6f 70 64 6f 77 6e 22 20 68 72 65 66 3d 22 23 22 3e 3c 73 70 61 6e 3e d0 a1 d1 81 d1 8b d0 bb d0 ba d0 b8 20 d0 bd d0 b0 20 d1 81 d0 be d1 86 d0 b8 d0 b0 d0 bb d1 8c d0 bd d1 8b d0 b5 20 d1 81 d0 b5 d1 82 d0 b8 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c Data Ascii: mega</a></li> </ul> </div> </li> <li><a class="toggle-dropdown" href="#"><span> </span><span class="icon-arrow"></span></a> <div cl

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:18 UTC	547	OUT	GET /css/main.min.css?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:31 UTC	235	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:23 GMT Content-Type: text/css Content-Length: 27137 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-6a01" Accept-Ranges: bytes
2025-01-13 16:18:31 UTC	16149	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 2d 77 68 69 74 65 3a 23 66 66 66 66 66 66 3b 2d 2d 63 6f 6c 6f 72 2d 62 6c 61 63 6b 3a 23 30 30 30 30 30 30 3b 2d 2d 63 6f 6c 6f 72 2d 62 6c 61 63 6b 2d 61 6c 6d 6f 73 74 3a 23 31 46 31 46 31 46 3b 2d 2d 63 6f 6c 6f 72 2d 62 6c 61 63 6b 2d 62 72 6f 77 6e 3a 23 32 30 32 30 32 30 3b 2d 2d 63 6f 6c 6f 72 2d 64 61 72 6b 2d 74 61 75 70 65 3a 23 33 42 32 37 31 41 3b 2d 2d 63 6f 6c 6f 72 2d 62 6c 61 63 6b 69 73 68 2d 67 72 65 65 6e 3a 23 31 34 31 34 31 34 3b 2d 2d 63 6f 6c 6f 72 2d 64 61 72 6b 2d 62 6c 75 69 73 68 2d 62 6c 61 63 6b 3a 23 34 33 34 33 34 33 3b 2d 2d 63 6f 6c 6f 72 2d 62 72 69 67 68 74 2d 6f 72 61 6e 67 65 3a 23 45 42 35 45 30 30 3b 2d 2d 63 6f 6c 6f 72 2d 6f Data Ascii: @charset "UTF-8";:root{--color-white:#ffffff;--color-black:#000000;--color-black-almost:#1F1F1F;--color-black-brown:#202020;--color-dark-taupe:#3B271A;--color-blackish-green:#141414;--color-dark-bluish-black:#434343;--color-bright-orange:#EB5E00;--color-o
2025-01-13 16:18:36 UTC	10988	IN	Data Raw: 68 2d 63 68 69 6c 64 28 32 29 20 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 74 78 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 36 70 78 7d 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 69 74 65 6d 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 72 6f 77 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 20 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 64 65 73 63 7b 6d 61 78 2d 77 69 64 74 68 3a 36 30 35 70 78 7d 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 69 74 65 6d 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 72 6f 77 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 20 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 69 6d 67 7b 6d 61 78 2d 77 69 64 74 68 3a 34 32 36 70 78 7d 2e 6d 61 6e 75 61 6c 5f 5f 6c 69 73 74 2d 69 74 65 Data Ascii: h-child(2) .manual__list-txt{margin-top:36px}.manual__list-item:first-child .manual__list-row:nth-child(2) .manual__list-desc{max-width:605px}.manual__list-item:first-child .manual__list-row:nth-child(2) .manual__list-img{max-width:426px}.manual__list-ite

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:18 UTC	587	OUT	GET /npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css?_v=20240927012657 HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:19 UTC	744	IN	HTTP/1.1 200 OK Connection: close Content-Length: 25343 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: text/css; charset=utf-8 X-JSD-Version: 5.0.36 X-JSD-Version-Type: version ETag: W/"62ff-giaeOPBfIiHawF4nBpcYwhHxYEE" Accept-Ranges: bytes Age: 17154 Date: Mon, 13 Jan 2025 16:18:19 GMT X-Served-By: cache-fra-eddf8230077-FRA, cache-ewr-kewr1740026-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 77 69 64 74 68 3a 20 33 36 70 78 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 68 65 69 67 68 74 3a 20 33 36 70 78 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 63 6f 6c 6f 72 2d 31 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 63 6f 6c 6f 72 2d 32 3a 20 72 67 62 61 28 31 37 2c 20 32 34 2c 20 32 38 2c 20 30 2e 38 29 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 73 74 72 6f 6b 65 3a 20 32 2e 37 35 7d 2e 66 2d 73 70 69 6e 6e 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 76 61 72 28 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 77 69 64 74 68 29 3b 68 65 69 67 68 74 3a 76 61 72 28 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 68 65 69 67 68 74 29 Data Ascii: :root{--f-spinner-width: 36px;--f-spinner-height: 36px;--f-spinner-color-1: rgba(0, 0, 0, 0.1);--f-spinner-color-2: rgba(17, 24, 28, 0.8);--f-spinner-stroke: 2.75}.f-spinner{margin:auto;padding:0;width:var(--f-spinner-width);height:var(--f-spinner-height)
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 6f 6d 4f 75 74 44 6f 77 6e 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 2d 7a 6f 6f 6d 49 6e 55 70 7b 66 72 6f 6d 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 30 2e 39 37 35 29 20 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 20 31 36 70 78 2c 20 30 29 3b 6f 70 61 63 69 74 79 3a 30 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 20 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 20 30 2c 20 30 29 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 2d 7a 6f 6f 6d 4f 75 74 44 6f 77 6e 7b 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 30 2e 39 37 35 29 20 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 20 31 36 70 78 2c 20 30 29 3b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 66 2d 66 61 64 65 49 6e 7b 61 6e 69 6d 61 74 69 6f 6e 3a 76 Data Ascii: omOutDown}@keyframes f-zoomInUp{from{transform:scale(0.975) translate3d(0, 16px, 0);opacity:0}to{transform:scale(1) translate3d(0, 0, 0);opacity:1}}@keyframes f-zoomOutDown{to{transform:scale(0.975) translate3d(0, 16px, 0);opacity:0}}.f-fadeIn{animation:v
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 6e 64 65 78 3a 31 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 2d 63 72 6f 73 73 66 61 64 65 49 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 2d 63 72 6f 73 73 66 61 64 65 4f 75 74 7b 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 66 2d 73 6c 69 64 65 49 6e 2e 66 72 6f 6d 2d 6e 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 20 30 2e 38 35 73 29 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 31 36 2c 20 31 2c 20 30 2e 33 2c 20 31 29 20 66 2d 73 6c 69 64 65 49 6e 4e 65 78 74 7d 2e 66 2d 73 6c 69 64 65 49 6e 2e 66 72 6f 6d 2d 70 72 65 76 7b 61 6e 69 6d 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 2d 74 72 Data Ascii: ndex:1}@keyframes f-crossfadeIn{0%{opacity:0}100%{opacity:1}}@keyframes f-crossfadeOut{100%{opacity:0}}.f-slideIn.from-next{animation:var(--f-transition-duration, 0.85s) cubic-bezier(0.16, 1, 0.3, 1) f-slideInNext}.f-slideIn.from-prev{animation:var(--f-tr
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2d 37 35 70 78 29 3b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 20 30 2c 20 30 29 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 2d 63 6c 61 73 73 69 63 49 6e 50 72 65 76 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 37 35 70 78 29 3b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 20 30 2c 20 30 29 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 2d 63 6c 61 73 73 69 63 4f 75 74 4e 65 78 74 7b 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 Data Ascii: 0%{transform:translateX(-75px);opacity:0}100%{transform:translate3d(0, 0, 0);opacity:1}}@keyframes f-classicInPrev{0%{transform:translateX(75px);opacity:0}100%{transform:translate3d(0, 0, 0);opacity:1}}@keyframes f-classicOutNext{100%{transform:translateX
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 62 75 74 74 6f 6e 3a 61 63 74 69 76 65 3a 6e 6f 74 28 5b 64 69 73 61 62 6c 65 64 5d 29 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 66 2d 62 75 74 74 6f 6e 2d 61 63 74 69 76 65 2d 62 67 29 7d 2e 66 2d 62 75 74 74 6f 6e 3a 66 6f 63 75 73 3a 6e 6f 74 28 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 29 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 66 2d 62 75 74 74 6f 6e 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 30 20 30 20 76 61 72 28 2d 2d 66 2d 62 75 74 74 6f 6e 2d 6f 75 74 6c 69 6e 65 2c 20 32 70 78 29 20 76 61 72 28 2d 2d 66 2d 62 75 74 74 6f 6e 2d 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 2c 20 76 61 72 28 2d 2d 66 2d 62 75 74 74 6f 6e Data Ascii: button:active:not([disabled]){background-color:var(--f-button-active-bg)}.f-button:focus:not(:focus-visible){outline:none}.f-button:focus-visible{outline:none;box-shadow:inset 0 0 0 var(--f-button-outline, 2px) var(--f-button-outline-color, var(--f-button
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 6c 20 2e 66 2d 63 61 72 6f 75 73 65 6c 5f 5f 6e 61 76 20 2e 66 2d 62 75 74 74 6f 6e 2e 69 73 2d 70 72 65 76 2c 2e 69 73 2d 68 6f 72 69 7a 6f 6e 74 61 6c 2e 69 73 2d 72 74 6c 20 2e 66 61 6e 63 79 62 6f 78 5f 5f 6e 61 76 20 2e 66 2d 62 75 74 74 6f 6e 2e 69 73 2d 70 72 65 76 7b 6c 65 66 74 3a 61 75 74 6f 3b 72 69 67 68 74 3a 76 61 72 28 2d 2d 66 2d 62 75 74 74 6f 6e 2d 6e 65 78 74 2d 70 6f 73 29 7d 2e 69 73 2d 68 6f 72 69 7a 6f 6e 74 61 6c 2e 69 73 2d 72 74 6c 20 2e 66 2d 63 61 72 6f 75 73 65 6c 5f 5f 6e 61 76 20 2e 66 2d 62 75 74 74 6f 6e 2e 69 73 2d 6e 65 78 74 2c 2e 69 73 2d 68 6f 72 69 7a 6f 6e 74 61 6c 2e 69 73 2d 72 74 6c 20 2e 66 61 6e 63 79 62 6f 78 5f 5f 6e 61 76 20 2e 66 2d 62 75 74 74 6f 6e 2e 69 73 2d 6e 65 78 74 7b 72 69 67 68 74 3a 61 75 74 6f Data Ascii: l .f-carousel__nav .f-button.is-prev,.is-horizontal.is-rtl .fancybox__nav .f-button.is-prev{left:auto;right:var(--f-button-next-pos)}.is-horizontal.is-rtl .f-carousel__nav .f-button.is-next,.is-horizontal.is-rtl .fancybox__nav .f-button.is-next{right:auto
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 6c 2d 62 65 68 61 76 69 6f 72 2d 79 3a 6e 6f 6e 65 7d 2e 66 61 6e 63 79 62 6f 78 5f 5f 63 6f 6e 74 61 69 6e 65 72 7b 2d 2d 66 61 6e 63 79 62 6f 78 2d 63 6f 6c 6f 72 3a 20 23 64 62 64 62 64 62 3b 2d 2d 66 61 6e 63 79 62 6f 78 2d 68 6f 76 65 72 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 2d 2d 66 61 6e 63 79 62 6f 78 2d 62 67 3a 20 72 67 62 61 28 32 34 2c 20 32 34 2c 20 32 37 2c 20 30 2e 39 38 29 3b 2d 2d 66 61 6e 63 79 62 6f 78 2d 73 6c 69 64 65 2d 67 61 70 3a 20 31 30 70 78 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 77 69 64 74 68 3a 20 35 30 70 78 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 68 65 69 67 68 74 3a 20 35 30 70 78 3b 2d 2d 66 2d 73 70 69 6e 6e 65 72 2d 63 6f 6c 6f 72 2d 31 3a 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 31 29 3b 2d Data Ascii: l-behavior-y:none}.fancybox__container{--fancybox-color: #dbdbdb;--fancybox-hover-color: #fff;--fancybox-bg: rgba(24, 24, 27, 0.98);--fancybox-slide-gap: 10px;--f-spinner-width: 50px;--f-spinner-height: 50px;--f-spinner-color-1: rgba(255, 255, 255, 0.1);-
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 6f 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 66 61 6e 63 79 62 6f 78 5f 5f 73 6c 69 64 65 7b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 20 76 61 72 28 2d 2d 66 61 6e 63 79 62 6f 78 2d 73 6c 69 64 65 2d 67 61 70 29 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 34 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 63 6f 6e 74 61 69 6e 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 Data Ascii: o;height:100%}.fancybox__slide{flex:0 0 auto;position:relative;display:flex;flex-direction:column;align-items:center;width:100%;height:100%;margin:0 var(--fancybox-slide-gap) 0 0;padding:4px;overflow:auto;overscroll-behavior:contain;transform:translate3d(
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 65 6e 74 20 5b 63 6f 6e 74 65 6e 74 65 64 69 74 61 62 6c 65 5d 7b 63 75 72 73 6f 72 3a 61 75 74 6f 7d 2e 66 61 6e 63 79 62 6f 78 5f 5f 73 6c 69 64 65 2e 68 61 73 2d 69 6d 61 67 65 3e 2e 66 61 6e 63 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 7b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 63 65 6e 74 65 72 20 63 65 6e 74 65 72 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 30 Data Ascii: ent [contenteditable]{cursor:auto}.fancybox__slide.has-image>.fancybox__content{padding:0;background:rgba(0,0,0,0);min-height:1px;background-repeat:no-repeat;background-size:contain;background-position:center center;transition:none;transform:translate3d(0
2025-01-13 16:18:19 UTC	1378	IN	Data Raw: 2d 66 2d 62 75 74 74 6f 6e 2d 61 63 74 69 76 65 2d 62 67 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 2d 2d 66 2d 62 75 74 74 6f 6e 2d 73 76 67 2d 77 69 64 74 68 3a 20 32 32 70 78 3b 2d 2d 66 2d 62 75 74 74 6f 6e 2d 73 76 67 2d 68 65 69 67 68 74 3a 20 32 32 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 33 38 70 78 3b 72 69 67 68 74 3a 30 3b 6f 70 61 63 69 74 79 3a 2e 37 35 7d 2e 69 73 2d 6c 6f 61 64 69 6e 67 20 2e 66 61 6e 63 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 3e 2e 66 2d 62 75 74 74 6f 6e 2e 69 73 2d 63 6c 6f 73 65 2d 62 74 6e 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 69 73 2d 7a 6f 6f 6d 69 6e 67 2d 6f 75 74 20 2e 66 61 6e 63 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 3e 2e 66 2d 62 75 74 74 6f 6e 2e 69 73 Data Ascii: -f-button-active-bg: transparent;--f-button-svg-width: 22px;--f-button-svg-height: 22px;position:absolute;top:-38px;right:0;opacity:.75}.is-loading .fancybox__content>.f-button.is-close-btn{visibility:hidden}.is-zooming-out .fancybox__content>.f-button.is

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:19 UTC	548	OUT	GET /css/media.min.css?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:23 UTC	235	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:22 GMT Content-Type: text/css Content-Length: 11966 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-2ebe" Accept-Ranges: bytes
2025-01-13 16:18:23 UTC	11966	IN	Data Raw: 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 37 31 70 78 29 7b 2e 61 62 6f 75 74 5f 5f 69 6d 67 7b 77 69 64 74 68 3a 32 36 38 70 78 3b 68 65 69 67 68 74 3a 32 36 38 70 78 7d 2e 61 62 6f 75 74 5f 5f 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 37 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 2e 61 62 6f 75 74 5f 5f 6c 65 66 74 20 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 7d 2e 61 62 6f 75 74 5f 5f 70 61 79 6d 65 6e 74 73 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 7d 2e 61 62 6f 75 74 5f 5f 70 61 79 6d 65 6e 74 73 2d 6c 69 73 74 7b 67 61 70 3a 31 35 70 78 7d 2e 61 62 6f 75 74 5f 5f 70 61 79 6d 65 6e 74 73 2d 6c 69 73 74 20 6c 69 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 Data Ascii: @media (min-width:971px){.about__img{width:268px;height:268px}.about__title{font-size:78px;font-weight:700;line-height:1}.about__left p{font-size:22px}.about__payments h2{font-size:22px}.about__payments-list{gap:15px}.about__payments-list li{font-size:24p

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:19 UTC	409	OUT	GET /npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js?_v=20240927012657 HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:20 UTC	758	IN	HTTP/1.1 200 OK Connection: close Content-Length: 142361 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 5.0.36 X-JSD-Version-Type: version ETag: W/"22c19-Lb7o6RbJf9zqsolGKfoiQM/wVzs" Accept-Ranges: bytes Age: 373 Date: Mon, 13 Jan 2025 16:18:20 GMT X-Served-By: cache-fra-etou8220130-FRA, cache-ewr-kewr1740047-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 65 28 65 78 70 6f 72 74 73 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 5d 2c 65 29 3a 65 28 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 77 69 6e 64 6f 77 3d 74 2e 77 69 6e 64 6f 77 7c 7c 7b 7d 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 63 6f 6e 73 74 20 65 Data Ascii: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).window=t.window\|\|{})}(this,(function(t){"use strict";const e
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 74 79 28 74 68 69 73 2c 22 69 64 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 68 69 73 2c 22 74 69 6d 65 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 68 69 73 2c 22 6e 61 74 69 76 65 50 6f 69 6e 74 65 72 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a Data Ascii: ty(this,"id",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"time",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"nativePointer",{enumerable:!0,configurable:!0,writable:!0,value:
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 73 2e 6f 6e 50 6f 69 6e 74 65 72 53 74 61 72 74 2c 6c 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 73 74 61 72 74 22 2c 74 68 69 73 2e 6f 6e 54 6f 75 63 68 53 74 61 72 74 2c 6c 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 6d 6f 76 65 22 2c 74 68 69 73 2e 6f 6e 4d 6f 76 65 2c 6c 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 65 6e 64 22 2c 74 68 69 73 2e 6f 6e 54 6f 75 63 68 45 6e 64 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 63 61 6e 63 65 6c 22 2c 74 68 69 73 2e 6f 6e 54 6f 75 63 68 Data Ascii: s.onPointerStart,l),this.element.addEventListener("touchstart",this.onTouchStart,l),this.element.addEventListener("touchmove",this.onMove,l),this.element.addEventListener("touchend",this.onTouchEnd),this.element.addEventListener("touchcancel",this.onTouch
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 74 65 72 53 74 61 72 74 28 74 2c 65 29 7b 72 65 74 75 72 6e 21 21 74 68 69 73 2e 73 74 61 72 74 43 61 6c 6c 62 61 63 6b 28 65 2c 74 2c 74 68 69 73 2e 63 75 72 72 65 6e 74 50 6f 69 6e 74 65 72 73 2e 73 6c 69 63 65 28 29 29 26 26 28 74 68 69 73 2e 63 75 72 72 65 6e 74 50 6f 69 6e 74 65 72 73 2e 70 75 73 68 28 74 29 2c 74 68 69 73 2e 73 74 61 72 74 50 6f 69 6e 74 65 72 73 2e 70 75 73 68 28 74 29 2c 21 30 29 7d 74 72 69 67 67 65 72 50 6f 69 6e 74 65 72 45 6e 64 28 74 2c 65 29 7b 63 6f 6e 73 74 20 69 3d 74 68 69 73 2e 63 75 72 72 65 6e 74 50 6f 69 6e 74 65 72 73 2e 66 69 6e 64 49 6e 64 65 78 28 28 74 3d 3e 74 2e 69 64 3d 3d 3d 65 2e 69 64 29 29 3b 69 3c 30 7c 7c 28 74 68 69 73 2e 63 75 72 72 65 6e 74 50 6f 69 6e 74 65 72 73 2e 73 70 6c 69 63 65 28 69 2c 31 29 Data Ascii: terStart(t,e){return!!this.startCallback(e,t,this.currentPointers.slice())&&(this.currentPointers.push(t),this.startPointers.push(t),!0)}triggerPointerEnd(t,e){const i=this.currentPointers.findIndex((t=>t.id===e.id));i<0\|\|(this.currentPointers.splice(i,1)
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 6e 74 59 3a 28 74 2e 63 6c 69 65 6e 74 59 2b 65 2e 63 6c 69 65 6e 74 59 29 2f 32 7d 3a 74 7d 63 6f 6e 73 74 20 75 3d 74 3d 3e 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 6e 75 6c 6c 21 3d 3d 74 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 4f 62 6a 65 63 74 26 26 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3d 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 74 29 2c 70 3d 28 74 2c 2e 2e 2e 65 29 3d 3e 7b 63 6f 6e 73 74 20 69 3d 65 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 6c 65 74 20 6e 3d 30 3b 6e 3c 69 3b 6e 2b 2b 29 7b 63 6f 6e 73 74 20 69 3d 65 5b 6e 5d 7c 7c 7b 7d 3b 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 69 29 2e 66 6f 72 45 61 63 68 28 28 28 5b 65 2c 69 5d 29 3d 3e 7b Data Ascii: ntY:(t.clientY+e.clientY)/2}:t}const u=t=>"object"==typeof t&&null!==t&&t.constructor===Object&&"[object Object]"===Object.prototype.toString.call(t),p=(t,...e)=>{const i=e.length;for(let n=0;n<i;n++){const i=e[n]\|\|{};Object.entries(i).forEach((([e,i])=>{
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 3f 73 3d 61 2e 63 61 6c 6c 28 74 68 69 73 2c 74 68 69 73 2c 74 2c 2e 2e 2e 6e 2c 73 29 3a 76 6f 69 64 20 30 3d 3d 3d 73 26 26 28 73 3d 61 29 2c 76 6f 69 64 20 30 3d 3d 3d 73 3f 69 3a 73 7d 63 6e 28 74 29 7b 63 6f 6e 73 74 20 65 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 63 6c 61 73 73 65 73 3b 72 65 74 75 72 6e 20 65 26 26 65 5b 74 5d 7c 7c 22 22 7d 6c 6f 63 61 6c 69 7a 65 28 74 2c 65 3d 5b 5d 29 7b 74 3d 53 74 72 69 6e 67 28 74 29 2e 72 65 70 6c 61 63 65 28 2f 5c 7b 5c 7b 28 5c 77 2b 29 2e 3f 28 5c 77 2b 29 3f 5c 7d 5c 7d 2f 67 2c 28 28 74 2c 65 2c 69 29 3d 3e 7b 6c 65 74 20 6e 3d 22 22 3b 72 65 74 75 72 6e 20 69 3f 6e 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 28 60 24 7b 65 5b 30 5d 2b 65 2e 74 6f 4c 6f 77 65 72 Data Ascii: ction"==typeof a?s=a.call(this,this,t,...n,s):void 0===s&&(s=a),void 0===s?i:s}cn(t){const e=this.options.classes;return e&&e[t]\|\|""}localize(t,e=[]){t=String(t).replace(/\{\{(\w+).?(\w+)?\}\}/g,((t,e,i)=>{let n="";return i?n=this.option(`${e[0]+e.toLower
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 70 6c 75 67 69 6e 73 5b 69 5d 3b 73 7c 7c 21 31 3d 3d 3d 74 3f 73 26 26 21 31 3d 3d 3d 74 26 26 28 73 2e 64 65 74 61 63 68 28 29 2c 64 65 6c 65 74 65 20 74 68 69 73 2e 70 6c 75 67 69 6e 73 5b 69 5d 29 3a 65 2e 73 65 74 28 69 2c 6e 65 77 20 6e 28 74 68 69 73 2c 74 7c 7c 7b 7d 29 29 7d 66 6f 72 28 63 6f 6e 73 74 5b 74 2c 69 5d 6f 66 20 65 29 74 68 69 73 2e 70 6c 75 67 69 6e 73 5b 74 5d 3d 69 2c 69 2e 61 74 74 61 63 68 28 29 7d 64 65 74 61 63 68 50 6c 75 67 69 6e 73 28 74 29 7b 74 3d 74 7c 7c 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 68 69 73 2e 70 6c 75 67 69 6e 73 29 3b 66 6f 72 28 63 6f 6e 73 74 20 65 20 6f 66 20 74 29 7b 63 6f 6e 73 74 20 74 3d 74 68 69 73 2e 70 6c 75 67 69 6e 73 5b 65 5d 3b 74 26 26 74 2e 64 65 74 61 63 68 28 29 2c 64 65 6c 65 74 65 20 74 Data Ascii: plugins[i];s\|\|!1===t?s&&!1===t&&(s.detach(),delete this.plugins[i]):e.set(i,new n(this,t\|\|{}))}for(const[t,i]of e)this.plugins[t]=i,i.attach()}detachPlugins(t){t=t\|\|Object.keys(this.plugins);for(const e of t){const t=this.plugins[e];t&&t.detach(),delete t
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 69 6e 67 3a 22 69 73 2d 6c 6f 61 64 69 6e 67 22 2c 63 61 6e 5a 6f 6f 6d 49 6e 3a 22 63 61 6e 2d 7a 6f 6f 6d 5f 69 6e 22 2c 63 61 6e 5a 6f 6f 6d 4f 75 74 3a 22 63 61 6e 2d 7a 6f 6f 6d 5f 6f 75 74 22 2c 69 73 44 72 61 67 67 61 62 6c 65 3a 22 69 73 2d 64 72 61 67 67 61 62 6c 65 22 2c 69 73 44 72 61 67 67 69 6e 67 3a 22 69 73 2d 64 72 61 67 67 69 6e 67 22 2c 69 6e 46 75 6c 6c 73 63 72 65 65 6e 3a 22 69 6e 2d 66 75 6c 6c 73 63 72 65 65 6e 22 2c 68 74 6d 6c 48 61 73 46 75 6c 6c 73 63 72 65 65 6e 3a 22 77 69 74 68 2d 70 61 6e 7a 6f 6f 6d 2d 69 6e 2d 66 75 6c 6c 73 63 72 65 65 6e 22 7d 2c 6c 31 30 6e 3a 79 7d 2c 78 3d 27 3c 63 69 72 63 6c 65 20 63 78 3d 22 32 35 22 20 63 79 3d 22 32 35 22 20 72 3d 22 32 30 22 3e 3c 2f 63 69 72 63 6c 65 3e 27 2c 45 3d 27 3c 64 69 Data Ascii: ing:"is-loading",canZoomIn:"can-zoom_in",canZoomOut:"can-zoom_out",isDraggable:"is-draggable",isDragging:"is-dragging",inFullscreen:"in-fullscreen",htmlHasFullscreen:"with-panzoom-in-fullscreen"},l10n:y},x='<circle cx="25" cy="25" r="20"></circle>',E='<di
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 74 61 72 67 65 74 3b 72 65 74 75 72 6e 20 4d 61 74 68 2e 73 71 72 74 28 74 2a 74 2b 65 2a 65 29 7c 7c 31 7d 67 65 74 20 6d 69 6e 53 63 61 6c 65 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6f 70 74 69 6f 6e 28 22 6d 69 6e 53 63 61 6c 65 22 29 7c 7c 31 7d 67 65 74 20 66 75 6c 6c 53 63 61 6c 65 28 29 7b 63 6f 6e 73 74 7b 63 6f 6e 74 65 6e 74 52 65 63 74 3a 74 7d 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 74 2e 66 75 6c 6c 57 69 64 74 68 2f 74 2e 66 69 74 57 69 64 74 68 7c 7c 31 7d 67 65 74 20 6d 61 78 53 63 61 6c 65 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 66 75 6c 6c 53 63 61 6c 65 2a 28 74 68 69 73 2e 6f 70 74 69 6f 6e 28 22 6d 61 78 53 63 61 6c 65 22 29 7c 7c 31 29 7c 7c 31 7d 67 65 74 20 63 6f 76 65 72 53 63 61 6c 65 28 29 7b 63 6f 6e 73 74 7b 63 6f 6e Data Ascii: target;return Math.sqrt(tt+ee)\|\|1}get minScale(){return this.option("minScale")\|\|1}get fullScale(){const{contentRect:t}=this;return t.fullWidth/t.fitWidth\|\|1}get maxScale(){return this.fullScale*(this.option("maxScale")\|\|1)\|\|1}get coverScale(){const{con
2025-01-13 16:18:20 UTC	1378	IN	Data Raw: 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 21 31 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 68 69 73 2c 22 69 67 6e 6f 72 65 42 6f 75 6e 64 73 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 21 31 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 68 69 73 2c 22 69 73 42 6f 75 6e 63 69 6e 67 58 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 21 31 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 68 69 73 2c 22 69 73 42 6f 75 6e 63 69 Data Ascii: e:!0,writable:!0,value:!1}),Object.defineProperty(this,"ignoreBounds",{enumerable:!0,configurable:!0,writable:!0,value:!1}),Object.defineProperty(this,"isBouncingX",{enumerable:!0,configurable:!0,writable:!0,value:!1}),Object.defineProperty(this,"isBounci

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:20 UTC	548	OUT	GET /css/reset.min.css?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:20 UTC	232	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:20 GMT Content-Type: text/css Content-Length: 826 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-33a" Accept-Ranges: bytes
2025-01-13 16:18:20 UTC	826	IN	Data Raw: 2a 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 61 2c 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 73 69 64 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 6d 61 69 6e 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 75 6c Data Ascii: {padding:0;margin:0;border:none},::after,::before{-webkit-box-sizing:border-box;box-sizing:border-box}a,a:link,a:visited{text-decoration:none}aside,footer,header,main,nav,section{display:block}h1,h2,h3,h4,h5,h6,p{font-size:inherit;font-weight:inherit}ul

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:21 UTC	530	OUT	GET /js/app.min.js?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:24 UTC	246	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:24 GMT Content-Type: application/javascript Content-Length: 296 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-128" Accept-Ranges: bytes
2025-01-13 16:18:24 UTC	296	IN	Data Raw: 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 41 2c 65 3b 41 3d 66 75 6e 63 74 69 6f 6e 28 41 29 7b 6c 65 74 20 65 3d 21 30 3d 3d 3d 41 3f 22 77 65 62 70 22 3a 22 6e 6f 2d 77 65 62 70 22 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 65 29 7d 2c 28 65 3d 6e 65 77 20 49 6d 61 67 65 29 2e 6f 6e 6c 6f 61 64 3d 65 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 32 3d 3d 65 2e 68 65 69 67 68 74 29 7d 2c 65 2e 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 77 65 62 70 3b 62 61 73 65 36 34 2c 55 6b 6c 47 52 6a 6f 41 41 41 42 58 52 55 4a 51 56 6c 41 34 49 43 34 41 41 41 43 79 41 67 43 64 41 53 6f 43 41 41 49 41 4c 6d 6b 30 6d 6b 30 69 49 69 49 69 49 Data Ascii: (()=>{"use strict";var A,e;A=function(A){let e=!0===A?"webp":"no-webp";document.documentElement.classList.add(e)},(e=new Image).onload=e.onerror=function(){A(2==e.height)},e.src="data:image/webp;base64,UklGRjoAAABXRUJQVlA4IC4AAACyAgCdASoCAAIALmk0mk0iIiIiI

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:22 UTC	527	OUT	GET /js/main.js?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:22 UTC	247	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:22 GMT Content-Type: application/javascript Content-Length: 1602 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-642" Accept-Ranges: bytes
2025-01-13 16:18:22 UTC	1602	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 28 29 20 3d 3e 20 7b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 74 6f 67 67 6c 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 68 65 61 64 65 72 5f 5f 74 6f 67 67 6c 65 2e 6f 70 65 6e 22 29 3b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 74 6f 67 67 6c 65 43 6c 6f 73 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 68 65 61 64 65 72 5f 5f 74 6f 67 67 6c 65 2e 63 6c 6f 73 65 22 29 3b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 68 65 61 64 65 72 4d 6f 62 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 68 65 61 64 65 72 5f 5f 6d 6f 62 Data Ascii: document.addEventListener('DOMContentLoaded', () => { const toggle = document.querySelector(".header__toggle.open"); const toggleClose = document.querySelector(".header__toggle.close"); const headerMob = document.querySelector(".header__mob

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:25 UTC	359	OUT	GET /js/main.js?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:30 UTC	247	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:30 GMT Content-Type: application/javascript Content-Length: 1602 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-642" Accept-Ranges: bytes
2025-01-13 16:18:30 UTC	1602	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 28 29 20 3d 3e 20 7b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 74 6f 67 67 6c 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 68 65 61 64 65 72 5f 5f 74 6f 67 67 6c 65 2e 6f 70 65 6e 22 29 3b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 74 6f 67 67 6c 65 43 6c 6f 73 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 68 65 61 64 65 72 5f 5f 74 6f 67 67 6c 65 2e 63 6c 6f 73 65 22 29 3b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 68 65 61 64 65 72 4d 6f 62 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 68 65 61 64 65 72 5f 5f 6d 6f 62 Data Ascii: document.addEventListener('DOMContentLoaded', () => { const toggle = document.querySelector(".header__toggle.open"); const toggleClose = document.querySelector(".header__toggle.close"); const headerMob = document.querySelector(".header__mob

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mega.fo

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Windows Analysis Report
https://mega.fo

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:26 UTC	362	OUT	GET /js/app.min.js?_v=20240927012657 HTTP/1.1 Host: mega.fo Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:26 UTC	246	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:26 GMT Content-Type: application/javascript Content-Length: 296 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-128" Accept-Ranges: bytes
2025-01-13 16:18:26 UTC	296	IN	Data Raw: 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 41 2c 65 3b 41 3d 66 75 6e 63 74 69 6f 6e 28 41 29 7b 6c 65 74 20 65 3d 21 30 3d 3d 3d 41 3f 22 77 65 62 70 22 3a 22 6e 6f 2d 77 65 62 70 22 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 65 29 7d 2c 28 65 3d 6e 65 77 20 49 6d 61 67 65 29 2e 6f 6e 6c 6f 61 64 3d 65 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 32 3d 3d 65 2e 68 65 69 67 68 74 29 7d 2c 65 2e 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 77 65 62 70 3b 62 61 73 65 36 34 2c 55 6b 6c 47 52 6a 6f 41 41 41 42 58 52 55 4a 51 56 6c 41 34 49 43 34 41 41 41 43 79 41 67 43 64 41 53 6f 43 41 41 49 41 4c 6d 6b 30 6d 6b 30 69 49 69 49 69 49 Data Ascii: (()=>{"use strict";var A,e;A=function(A){let e=!0===A?"webp":"no-webp";document.documentElement.classList.add(e)},(e=new Image).onload=e.onerror=function(){A(2==e.height)},e.src="data:image/webp;base64,UklGRjoAAABXRUJQVlA4IC4AAACyAgCdASoCAAIALmk0mk0iIiIiI

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:39 UTC	617	OUT	GET /img/icons/long-arrow.svg HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mega.fo/css/main.min.css?_v=20240927012657 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:40 UTC	236	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:40 GMT Content-Type: image/svg+xml Content-Length: 183 Last-Modified: Thu, 26 Sep 2024 22:29:36 GMT Connection: close ETag: "66f5e050-b7" Accept-Ranges: bytes
2025-01-13 16:18:40 UTC	183	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 37 22 20 68 65 69 67 68 74 3d 22 31 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 37 20 31 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 37 36 2e 35 20 36 4c 36 36 2e 35 20 30 2e 32 32 36 34 39 37 56 31 31 2e 37 37 33 35 4c 37 36 2e 35 20 36 5a 4d 30 20 37 48 36 37 2e 35 56 35 48 30 56 37 5a 22 20 66 69 6c 6c 3d 22 23 45 42 35 45 30 30 22 2f 3e 0a 3c 2f 73 76 67 3e Data Ascii: <svg width="77" height="12" viewBox="0 0 77 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M76.5 6L66.5 0.226497V11.7735L76.5 6ZM0 7H67.5V5H0V7Z" fill="#EB5E00"/></svg>

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:39 UTC	612	OUT	GET /img/icons/arrow.svg HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mega.fo/css/main.min.css?_v=20240927012657 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:41 UTC	238	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:41 GMT Content-Type: image/svg+xml Content-Length: 1249 Last-Modified: Thu, 26 Sep 2024 22:29:36 GMT Connection: close ETag: "66f5e050-4e1" Accept-Ranges: bytes
2025-01-13 16:18:41 UTC	1249	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 38 30 30 70 78 22 20 68 65 69 67 68 74 3d 22 38 30 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 2d 34 2e 35 20 30 20 32 30 20 32 30 22 20 66 69 6c 6c 3d 22 23 66 66 66 66 66 66 22 3e 0d 0a 20 20 3c 67 20 69 64 3d 22 53 56 47 52 65 70 6f 5f 62 67 43 61 72 72 69 65 72 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 30 22 2f 3e 0d 0a 20 20 20 20 3c 67 20 69 64 3d 22 53 56 47 52 65 70 6f 5f 74 72 61 63 65 72 43 61 72 72 69 65 72 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="800px" height="800px" viewBox="-4.5 0 20 20" fill="#ffffff"> <g id="SVGRepo_bgCarrier" stroke-width="0"/> <g id="SVGRepo_tracerCarrier" stroke-linecap="round

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:44 UTC	610	OUT	GET /img/icons/mw.webp HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mega.fo/css/main.min.css?_v=20240927012657 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:45 UTC	237	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:45 GMT Content-Type: image/webp Content-Length: 12962 Last-Modified: Thu, 26 Sep 2024 22:27:02 GMT Connection: close ETag: "66f5dfb6-32a2" Accept-Ranges: bytes
2025-01-13 16:18:45 UTC	12962	IN	Data Raw: 52 49 46 46 9a 32 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 d8 02 00 56 03 00 41 4c 50 48 dd 24 00 00 09 f0 70 db b6 6a b5 da b6 2d db ee b8 85 10 85 90 9c c8 71 3f bf dd dd e2 21 c1 75 b3 95 ed cb 57 29 81 e7 7e 8e f4 d2 e7 58 fb 11 22 c2 16 63 db 61 1b 49 87 d0 1c 5c 90 34 10 8d d6 cb 91 f4 2c 7d 6b e3 eb 76 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f ff 1f 13 3e fc e4 93 8f 2f b4 8f ce db 87 17 da 07 17 da fb 17 da 7b e7 ed dd 0b ed d1 85 f6 f0 bc 3d b8 d0 ee 9f b7 77 2e b4 7b 17 da dd f3 b6 7e a1 dd 39 6f 6b e7 6d f5 42 bb 7d de 6e 5d 68 37 cf db 8d f3 76 fd 42 bb 76 de 56 de b6 ab 90 94 ce 5b f1 bc 15 ce 5b fe bc e5 ce 5b f6 bc 65 ce 5b fa bc a5 ce 5b f2 bc 25 ce 9b 75 de Data Ascii: RIFF2WEBPVP8XVALPH$pj-q?!uW)~X"caI\4,}kv?s?s?s?s?s?s?s?>/{=w.{~9okmB}n]h7vBvV[[[e[[%u

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:45 UTC	350	OUT	GET /img/icons/arrow.svg HTTP/1.1 Host: mega.fo Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:46 UTC	238	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:45 GMT Content-Type: image/svg+xml Content-Length: 1249 Last-Modified: Thu, 26 Sep 2024 22:29:36 GMT Connection: close ETag: "66f5e050-4e1" Accept-Ranges: bytes
2025-01-13 16:18:46 UTC	1249	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 38 30 30 70 78 22 20 68 65 69 67 68 74 3d 22 38 30 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 2d 34 2e 35 20 30 20 32 30 20 32 30 22 20 66 69 6c 6c 3d 22 23 66 66 66 66 66 66 22 3e 0d 0a 20 20 3c 67 20 69 64 3d 22 53 56 47 52 65 70 6f 5f 62 67 43 61 72 72 69 65 72 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 30 22 2f 3e 0d 0a 20 20 20 20 3c 67 20 69 64 3d 22 53 56 47 52 65 70 6f 5f 74 72 61 63 65 72 43 61 72 72 69 65 72 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="800px" height="800px" viewBox="-4.5 0 20 20" fill="#ffffff"> <g id="SVGRepo_bgCarrier" stroke-width="0"/> <g id="SVGRepo_tracerCarrier" stroke-linecap="round

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:45 UTC	592	OUT	GET /fonts/montserrat/Montserrat-Black.woff2 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://mega.fo sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://mega.fo/css/main.min.css?_v=20240927012657 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:46 UTC	238	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:45 GMT Content-Type: font/woff2 Content-Length: 91264 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-16480" Accept-Ranges: bytes
2025-01-13 16:18:46 UTC	16146	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 01 64 80 00 12 00 00 00 05 16 80 00 01 64 11 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 82 0c 1b 88 9d 30 1c 81 82 72 06 60 00 8c 1e 08 81 64 09 9a 6d 11 08 0a 88 a5 60 87 bf 53 0b bc 64 00 01 36 02 24 03 bc 60 04 20 05 8d 67 07 81 ae 4c 0c 81 55 5b d5 c3 d4 93 7d b1 df de 3e e0 00 af b0 13 2c 3c 73 2c 13 50 53 08 95 fc 21 e9 0c a9 d3 fc 27 e2 df 31 b6 2d 0b 38 fe 43 55 6b dd 00 29 90 6b 08 7e 02 15 b9 d1 cd 3a 27 32 54 80 a4 a9 a6 ce b9 fe 28 07 ac 8d 6d f7 99 d2 83 60 91 9e 5b d6 64 07 a2 e4 b3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 97 25 ff 79 be dc bc f7 fc 37 e7 bd ff ee fb 93 49 32 13 93 cc fc 99 2c 43 56 b6 45 20 a0 08 2d 10 02 14 21 60 a0 52 6a 8d Data Ascii: wOF2dd?FFTM0r`dm`Sd6$` gLU[}>,<s,PS!'1-8CUk)k~:'2T(m`[d%y7I2,CVE -!`Rj
2025-01-13 16:18:46 UTC	16384	IN	Data Raw: 7a 6f ac 0d 58 8f 03 2a c9 f1 3c f3 ab 95 d4 97 0b a6 9b c7 95 c0 cb 36 c4 e3 62 14 03 61 7a 35 b4 d3 10 7f 03 7c 8e 7d 05 2d 84 41 83 d1 95 60 63 10 91 e6 19 2d e6 7b 53 f0 2d 2a 7f f5 39 fe 2f f8 1e f0 9b 63 04 a8 2a c6 ef 83 e0 bf 41 a3 db 54 e3 0c 28 cb 98 65 8a 1e 8e 66 5b 30 86 74 66 ca 86 c1 7a 9b 0d 00 2b b2 f4 02 00 00 77 71 90 e3 d9 1e 58 f9 df 71 f2 84 7f 5e d4 bd 88 16 ad c6 69 13 68 d7 a1 53 97 bc 82 6e 45 3d 42 25 bd 22 7d ca fa 55 0c 18 54 35 5e 4d 03 16 1a 2d b1 b2 6b ff 1b ed 68 37 fb da cf 11 8e 74 94 a3 1d e3 58 c7 39 de 09 4e 74 92 93 9d e2 54 a7 39 dd 19 ce 74 96 b3 9d e3 5c e7 b9 c0 85 2e 72 b1 4b 5c ea 32 1b 6d b2 d9 16 77 bb c7 bd ee f3 90 47 3c e6 09 4f 79 c6 73 5e f0 92 57 f0 61 dd 72 db 1d f7 3c f0 d0 23 8f 3d f1 d4 33 cf bd f0 Data Ascii: zoX<6baz5\|}-A`c-{S-9/c*AT(ef[0tfz+wqXq^ihSnE=B%"}UT5^M-kh7tX9NtT9t\.rK\2mwG<Oys^War<#=3
2025-01-13 16:18:46 UTC	16384	IN	Data Raw: 7e e9 cf 91 ad 83 5c 79 bc 4d b2 8c 8f 15 2a 45 aa b1 4d 8c 1d f6 ca b2 3f 24 f4 6d 2b fa d9 96 41 e4 54 e1 3f fe 2a 72 9d 3f ff 7f 99 a1 bc bf dc 7a db ef ff cc fd 5b 7a 5a d7 bf b3 7b 15 bb b2 c6 d7 ba 66 a0 d4 6f 9b 40 85 cb 15 dc 26 fe f2 05 97 78 c1 21 64 fd 25 c9 b1 ef ef 99 fd aa ff e2 fc 4a 0e 56 99 42 c0 bd 11 8e 89 b5 a0 38 15 8e 98 b3 da 59 aa af 6d 8e 75 44 9f 5b 63 a5 2e a2 f4 b2 17 55 6e b3 8b 6f be 8d 0d 7a dd 16 77 d4 df cf ec 55 47 7c 6a 7f 52 77 99 09 fc 1c c0 4a 95 6d 7b a9 3a 44 9f df 1d fd bd bc a9 4b c3 e1 77 29 b0 23 57 28 55 6a 8d 56 a7 b7 b6 66 5e cc 0e 9f e2 b8 84 0b cf 57 9f 9a 70 72 f5 9a 4e bd b0 1d d4 dc 53 3c c2 6a 48 d9 6f 67 51 e1 d5 4f a4 88 96 c5 c4 79 13 4a 68 94 40 8a 97 e6 c3 30 a5 53 4b d5 69 f9 23 29 26 49 95 d4 91 Data Ascii: ~\yMEM?$m+AT?r?z[zZ{fo@&x!d%JVB8YmuD[c.UnozwUG\|jRwJm{:DKw)#W(UjVf^WprNS<jHogQOyJh@0SKi#)&I
2025-01-13 16:18:47 UTC	16384	IN	Data Raw: c5 bc 1a 69 ad fa 5b 15 94 43 37 57 9f 26 00 b5 81 9e 52 63 8a c0 0a db c9 e2 3a 95 a0 ee 37 d3 a4 e9 4b a0 c1 0f 0b f6 c5 d1 13 02 be 0a fd b4 f7 cd 51 bb fc c0 b0 34 47 dc 9c ca 2d 64 51 c8 56 47 32 4d 9b b7 56 90 fa 9b 14 a4 ee 47 17 79 50 8c 7e a3 42 2f de 58 2e 5b 0b 04 a9 41 77 be 65 00 00 e7 81 c0 f3 00 c0 39 e0 8e 0d 4d ef 92 92 fe bf 23 cb de af 86 ac 4e ac 5e 9b ff d6 b0 15 68 c5 34 3d f7 9a 46 38 1d ae 37 09 6e ae e1 e9 55 60 59 99 92 47 8e f9 26 22 e0 9b 90 d0 fb 21 da e0 15 00 57 42 49 09 1f 2b d9 40 59 c5 1c d7 7d 9c 2c 08 d0 22 78 31 e6 f9 d6 68 58 b9 7c 7c 35 0f 00 27 a7 50 d8 2d 2b e5 f9 8a 3d 23 82 5c bf 2b 2b 6f 56 e4 81 67 43 f0 e2 01 96 5c ab 4b 6e 4f e6 14 23 bd 83 db 2b 78 48 db 08 0e 08 10 a5 ff ea c5 b7 98 8a 6c ee 88 30 5b 5d 8d Data Ascii: i[C7W&Rc:7KQ4G-dQVG2MVGyP~B/X.[Awe9M#N^h4=F87nU`YG&"!WBI+@Y},"x1hX\|\|5'P-+=#\++oVgC\KnO#+xHl0[]
2025-01-13 16:18:47 UTC	16384	IN	Data Raw: 1c b0 09 41 a9 cb c1 a5 5a 81 4a b1 24 c2 1e 4d 0c 4a e7 73 59 fb 77 72 54 21 a5 be ff 99 e0 e5 d3 2f 55 c6 5d 89 8c c2 16 43 ed 52 56 8b 63 f4 1c 0c 46 69 39 90 e0 53 5f 82 20 66 3a c6 43 61 44 84 0d d0 e4 4d 79 00 01 c0 3a 79 cf 64 b9 b1 be 3d 54 43 3c b9 5b b6 d3 51 92 e1 1a f8 e4 17 64 22 3a 45 52 94 d3 4f 1c d0 fd 51 a1 31 af 57 23 75 dc a3 22 f6 33 e6 9d d0 41 11 38 50 ea 3d dd ad a8 a5 b5 d0 96 30 24 35 65 09 02 42 35 3b c5 b5 3a 14 e4 ba 9e ea 87 d6 be 6c 62 a0 52 17 2e 3c f3 14 9a 92 ed d7 ea d0 eb e0 3b a0 50 85 9e 63 f6 ac 35 8f 91 a6 ac 85 a8 79 86 ed 85 23 f8 68 b9 1a c2 04 1d c0 e4 5a 0c 95 5c 76 3d ca 9e ad e3 31 d2 94 c2 47 e4 4e 28 72 03 2a 3a 48 06 3c 34 5c 73 b5 65 7a fb 9a 92 9c 1a 3e 3e 59 ef 55 ae b5 79 02 6d 8b e9 38 73 5a 0e 13 1f Data Ascii: AZJ$MJsYwrT!/U]CRVcFi9S_ f:CaDMy:yd=TC<[Qd":EROQ1W#u"3A8P=0$5eB5;:lbR.<;Pc5y#hZ\v=1GN(r*:H<4\sez>>YUym8sZ
2025-01-13 16:18:47 UTC	9582	IN	Data Raw: 3d 18 a4 17 1a 36 b7 2d 34 2c 6e a4 56 df 2b 07 a3 8e 4d 70 74 53 8a 0d f8 61 7c 8e 25 09 ba 1f 30 26 eb 4b 1d 9f a7 93 dd 5c 39 fb 58 e7 b9 e3 f7 5a 5b 33 e9 0e 6d 67 d8 d3 18 fe 47 5d 80 26 48 d7 33 07 ea ae 6b 33 45 81 11 19 6d f3 27 07 af e6 2d 32 de c7 b8 41 04 3b db b6 53 23 39 7c 4e 84 e2 91 cd 8a 9b 66 5a dd 03 55 5b f4 8e f8 6d 3c 10 2d da 72 ff dc 19 a2 65 e9 13 49 e8 46 0a e4 6c b1 68 90 f8 48 af b7 40 56 51 f9 ac f7 a8 29 f9 6e 6c 08 d9 a9 91 9f 53 b6 2a 23 1f 0c 53 e9 b1 57 b2 06 a3 ed 45 68 32 56 70 18 bd e2 cb d4 0e 1b cd 68 69 1f c4 fe e1 28 77 c9 6a 70 5b b8 2d 35 7e 50 a7 ec 7c 67 fd 37 66 a3 c9 06 fc c3 25 6a 68 7b b1 43 9d f1 69 ab 8e 45 e7 e4 92 6a 33 ae 18 5c e2 e2 7a d8 4c d7 e9 56 49 b7 3c 7c da f6 de 99 48 8a 1f d8 64 9f 93 dd 4c Data Ascii: =6-4,nV+MptSa\|%0&K\9XZ[3mgG]&H3k3Em'-2A;S#9\|NfZU[m<-reIFlhH@VQ)nlS*#SWEh2Vphi(wjp[-5~P\|g7f%jh{CiEj3\zLVI<\|HdL

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:49 UTC	348	OUT	GET /img/icons/mw.webp HTTP/1.1 Host: mega.fo Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:51 UTC	237	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:49 GMT Content-Type: image/webp Content-Length: 12962 Last-Modified: Thu, 26 Sep 2024 22:27:02 GMT Connection: close ETag: "66f5dfb6-32a2" Accept-Ranges: bytes
2025-01-13 16:18:51 UTC	12962	IN	Data Raw: 52 49 46 46 9a 32 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 d8 02 00 56 03 00 41 4c 50 48 dd 24 00 00 09 f0 70 db b6 6a b5 da b6 2d db ee b8 85 10 85 90 9c c8 71 3f bf dd dd e2 21 c1 75 b3 95 ed cb 57 29 81 e7 7e 8e f4 d2 e7 58 fb 11 22 c2 16 63 db 61 1b 49 87 d0 1c 5c 90 34 10 8d d6 cb 91 f4 2c 7d 6b e3 eb 76 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f 97 fe 73 e9 3f ff 1f 13 3e fc e4 93 8f 2f b4 8f ce db 87 17 da 07 17 da fb 17 da 7b e7 ed dd 0b ed d1 85 f6 f0 bc 3d b8 d0 ee 9f b7 77 2e b4 7b 17 da dd f3 b6 7e a1 dd 39 6f 6b e7 6d f5 42 bb 7d de 6e 5d 68 37 cf db 8d f3 76 fd 42 bb 76 de 56 de b6 ab 90 94 ce 5b f1 bc 15 ce 5b fe bc e5 ce 5b f6 bc 65 ce 5b fa bc a5 ce 5b f2 bc 25 ce 9b 75 de Data Ascii: RIFF2WEBPVP8XVALPH$pj-q?!uW)~X"caI\4,}kv?s?s?s?s?s?s?s?>/{=w.{~9okmB}n]h7vBvV[[[e[[%u

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:51 UTC	592	OUT	GET /fonts/avenir/AvenirNextCyr-Medium.woff2 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://mega.fo sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://mega.fo/css/main.min.css?_v=20240927012657 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:52 UTC	237	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:51 GMT Content-Type: font/woff2 Content-Length: 28108 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-6dcc" Accept-Ranges: bytes
2025-01-13 16:18:52 UTC	16147	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 6d cc 00 0f 00 00 00 01 5b 64 00 00 6d 6a 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 5a 1b b2 52 1c a3 04 06 60 00 87 66 11 08 0a 83 b8 78 82 cb 31 0b 8b 38 00 01 36 02 24 03 96 6c 04 20 05 c9 3a 07 af 73 5b dd 1d 71 04 bd ed 22 08 a0 3b 40 1d a9 7c d2 ea 25 6c 63 60 d6 eb b9 05 0f 4d b3 57 66 09 3b f6 94 b8 1d 08 f9 77 f5 9b c9 fe ff ff cf 4c 2a 32 66 9a b9 b6 81 01 14 54 f5 1e e1 08 9b 19 4c e1 4a e3 93 94 b3 19 58 a4 c4 30 92 b0 6e d8 05 99 42 e6 38 fc ac d8 71 a7 e7 83 fa b3 55 4e 77 38 f3 96 93 cf 2f 56 6f ba 90 69 2b ac f6 13 03 69 33 13 29 8c 19 32 91 6e 06 d4 92 3c 51 4d f5 d7 61 25 fb 76 37 77 f3 f5 56 91 b1 a0 9a f2 2d 7c ec d2 e1 78 48 d4 6d 75 f8 4f 65 0e e6 46 a4 Data Ascii: wOF2m[dmj?FFTMZR`fx186$l :s[q";@\|%lc`MWf;wL*2fTLJX0nB8qUNw8/Voi+i3)2n<QMa%v7wV-\|xHmuOeF
2025-01-13 16:19:04 UTC	11961	IN	Data Raw: 32 41 cd 16 a0 f6 ca 5a b9 11 59 78 56 ee 22 b4 b2 31 ed 4d d1 ed aa 89 c4 0f a3 ab db 61 58 6b 3f e4 1f 3f 87 f1 cb e1 84 2d 8e df 55 5b f3 f7 22 c4 cd 3d eb 68 61 72 68 8b 34 2f 88 2d 9f 94 53 78 48 46 3d 64 7b c7 86 92 e4 81 b9 fc 34 db 3a 0a b3 1b 88 d7 f7 cb 75 f1 15 92 9b 79 c0 c4 2b 98 b8 2e b0 e3 f3 1c 06 53 ce 60 cc cf 48 ea fa a5 57 9b a9 45 e1 07 9b 87 15 d8 85 c1 b1 d1 ca 42 bc a8 f1 d8 40 38 3c 48 57 06 d6 8d 33 f3 22 3a af 5d e1 08 33 8d aa 38 d2 b1 8a f0 c1 b8 ae 82 2d 66 1e ae d8 58 ec 06 75 d7 42 f6 f4 bb 81 d0 f8 04 3e 4f 0a 8d ac 58 4b 40 d5 c0 44 15 65 d3 05 b5 31 88 98 e2 0c 62 09 ce e1 75 0c 85 43 e7 f4 6d 04 a3 96 bd ea c4 ba b6 d1 aa 43 98 6a 94 65 d5 08 b1 7a c7 e8 1f fd e3 bd 41 bd 95 a7 cd a2 b4 44 16 08 88 1d 52 39 b1 b3 90 df Data Ascii: 2AZYxV"1MaXk??-U["=harh4/-SxHF=d{4:uy+.S`HWEB@8<HW3":]38-fXuB>OXK@De1buCmCjezADR9

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:52 UTC	590	OUT	GET /fonts/avenir/AvenirNextCyr-Bold.woff2 HTTP/1.1 Host: mega.fo Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://mega.fo sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://mega.fo/css/main.min.css?_v=20240927012657 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:52 UTC	237	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 13 Jan 2025 16:18:52 GMT Content-Type: font/woff2 Content-Length: 28636 Last-Modified: Thu, 26 Sep 2024 22:26:58 GMT Connection: close ETag: "66f5dfb2-6fdc" Accept-Ranges: bytes
2025-01-13 16:18:52 UTC	16147	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 6f dc 00 0f 00 00 00 01 59 dc 00 00 6f 7b 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 5a 1b b4 1a 1c a3 04 06 60 00 87 66 11 08 0a 83 b4 70 82 c9 54 0b 8b 38 00 01 36 02 24 03 96 6c 04 20 05 c8 72 07 af 73 5b 80 1d 71 42 dc b6 ab 12 95 db 01 c6 fd ed de 90 05 ec d8 38 3a 6f b3 ba f6 8e c4 bb 2d 61 b7 b2 b9 1d 3c f9 ac 2e f0 d9 ff ff 9f 96 54 c6 d0 34 48 5a 00 44 86 db e6 0f c1 6d 84 33 a1 94 b0 1e 8a 8a d6 07 6a 35 a5 44 51 37 05 de d5 ca 39 51 71 2d 5b 43 a9 0d a2 52 06 2f ad b1 ed fd 16 99 b6 5b 7d 52 bf a2 17 c4 94 b2 b8 7e 0b d3 ec e7 2e e5 83 89 4a 87 92 a5 e3 1a 5a 6b 27 ba 0d ab 0c 77 ca c9 64 82 cc 84 7d f4 fd 08 7f 4e 5c 4c 54 90 91 51 ca 12 89 74 ad 2f bb 9c 0a ce 24 Data Ascii: wOF2oYo{?FFTMZ`fpT86$l rs[qB8:o-a<.T4HZDm3j5DQ79Qq-[CR/[}R~.JZk'wd}N\LTQt/$
2025-01-13 16:18:53 UTC	12489	IN	Data Raw: c4 68 98 6c 12 9e 6b c2 26 ab e7 dd 50 34 c6 5f 44 04 5b 4a ce bf 23 83 5b 86 05 45 3c 22 48 91 78 f6 57 ed 71 cb 32 8d 12 49 05 ca b4 12 6a 85 95 ef d5 8f b2 c0 81 c2 2e b0 6c 62 a6 4a 7b 5b 01 bf a8 90 dc 3a 8a 9e 64 14 45 f4 a0 0d af 1f a9 9a 6c 9b 09 f3 af 3e b9 63 13 52 4c cb 7f 78 8f 23 44 d3 c2 f0 80 28 ee 3d cd ca 5f 55 ca 98 17 3a 34 bc 46 8b 1a a6 4e f9 ab c6 3f de 32 9d e1 75 62 78 00 2b 7f 55 68 75 63 64 19 5e 0d 2a 3f cd 46 9e ae 08 59 9e 09 4b 20 5a f0 3c 26 f0 71 cd bd c4 a8 64 e9 b4 a6 51 88 11 fd 9a 30 08 11 22 69 3a 69 a7 68 e7 8e 44 f1 7e ad 53 ce a0 0f 80 d0 ac a5 37 b3 01 87 c6 e2 8d 55 40 a0 45 a7 ff 03 1e 53 47 5f 32 32 28 b4 8a 79 a0 37 41 73 1c f9 49 97 f0 9a e6 f8 11 fe c9 dc 34 68 6b 7a 4b b7 3a a4 cf f4 78 5d a9 09 c3 f6 1b 45 Data Ascii: hlk&P4_D[J#[E<"HxWq2Ij.lbJ{[:dEl>cRLx#D(=_U:4FN?2ubx+Uhucd^*?FYK Z<&qdQ0"i:ihD~S7U@ESG_22(y7AsI4hkzK:x]E

Timestamp	Bytes transferred	Direction	Data
2025-01-13 16:18:58 UTC	683	OUT	GET / HTTP/1.1 Host: mg11.at Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://mega.fo/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 16:18:58 UTC	536	IN	HTTP/1.1 403 Forbidden Date: Mon, 13 Jan 2025 16:18:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVUzSe3J6aBtiw9awXWvEuaLzrOWQkLIQAhTSTaRocHafO9ZNPMNsiAy0VyZGeYyjwLAcV%2Bzl7OwdNMmxZxvZSwAwQ2TIFdLeeEfupQzAV61CM8XuwsaZLOT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9016b4893e488cda-EWR
2025-01-13 16:18:58 UTC	833	IN	Data Raw: 31 31 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 11c1<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2025-01-13 16:18:58 UTC	1369	IN	Data Raw: 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 20 Data Ascii: s" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2025-01-13 16:18:58 UTC	1369	IN	Data Raw: 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 Data Ascii: href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-byp
2025-01-13 16:18:58 UTC	982	IN	Data Raw: 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c Data Ascii: n">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by<
2025-01-13 16:18:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0