| Source: 0.7.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://cotceur.com/?cf-turnstile-response=0.ZfVzj... This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be attempting to redirect the user to an unknown or suspicious domain, which further increases the risk. Overall, this script demonstrates a clear pattern of malicious activity and should be considered a high-risk threat. |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: Invalid link: Terms of use |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: Invalid link: Privacy & cookies |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: Invalid link: Terms of use |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: Invalid link: Privacy & cookies |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: Invalid link: Terms of use |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: Invalid link: Privacy & cookies |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: No <meta name="author".. found |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: No <meta name="author".. found |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: No <meta name="author".. found |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: No <meta name="copyright".. found |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: No <meta name="copyright".. found |
| Source: https://cotceur.com/PKH0leFk62dn7ocoAEWPKB2q51ANzgkT2TdkuLhfYaONedl4QOXiZxKSFhEwDiu16VnYGXRwcoIA31MSQoNg9inrRoyBU0sWLGzUgMjpUtTfXZm4bIzswPI9qpZyBjE8orts8C4afHRSmWQmrvqVvO/verify | HTTP Parser: No <meta name="copyright".. found |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49716 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49719 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49720 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49722 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49767 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49815 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49840 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49932 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49980 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50064 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50071 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50076 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50079 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50081 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50082 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50084 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50085 version: TLS 1.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 199.232.214.172 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 199.232.214.172 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 199.232.214.172 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.68 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 199.232.214.172 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.115.3.253 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /I0/0100019461ad944d-c9eeadd2-7ffa-4af3-9eb8-8f47d8f15f06-000000/OIE-HzahAv0UrzRacEoqVr38Q5M=408 HTTP/1.1Host: f6p4fxqv.r.us-east-1.awstrack.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /js/fNCszfNCsz/dan.mooney@cooper-electric.com HTTP/1.1Host: 243dev.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 243dev.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://243dev.com/js/fNCszfNCsz/dan.mooney@cooper-electric.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /I0/0100019461ad944d-c9eeadd2-7ffa-4af3-9eb8-8f47d8f15f06-000000/OIE-HzahAv0UrzRacEoqVr38Q5M=408 HTTP/1.1Host: f6p4fxqv.r.us-east-1.awstrack.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: cotceur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://243dev.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: cotceur.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cotceur.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=bp1mhrqk0ba8kks09qut5orq89 |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cotceur.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cotceur.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/0djad/0x4AAAAAAA5PPHovzxZm0JsM/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cotceur.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901ea6f9ff01c47a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/0djad/0x4AAAAAAA5PPHovzxZm0JsM/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/0djad/0x4AAAAAAA5PPHovzxZm0JsM/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901ea6f9ff01c47a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/430128811:1736863999:P2gXepeD26YYj2OGCd8thf-kT9F6F6OxXwtPfrlNV68/901ea6f9ff01c47a/2TqmqFSVjhP9YReWGFr69puUKtAcxjEOr6E9S8Zm6Dw-1736868468-1.1.1.1-kO.seKdlBYnyTfUKbmS6QVo.zps1OcPejM5VeCeolqxNPUlyLCRehvijaPnCpEaj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/901ea6f9ff01c47a/1736868471005/BozM0CYDdLUKXAd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/0djad/0x4AAAAAAA5PPHovzxZm0JsM/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/901ea6f9ff01c47a/1736868471005/BozM0CYDdLUKXAd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/901ea6f9ff01c47a/1736868471006/afc0af1633d4f6db367b108f7c3eb14bc6427f588a0fb61b77cf0f936c71003f/EzVaLs7d23Hux3_ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/0djad/0x4AAAAAAA5PPHovzxZm0JsM/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/430128811:1736863999:P2gXepeD26YYj2OGCd8thf-kT9F6F6OxXwtPfrlNV68/901ea6f9ff01c47a/2TqmqFSVjhP9YReWGFr69puUKtAcxjEOr6E9S8Zm6Dw-1736868468-1.1.1.1-kO.seKdlBYnyTfUKbmS6QVo.zps1OcPejM5VeCeolqxNPUlyLCRehvijaPnCpEaj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/430128811:1736863999:P2gXepeD26YYj2OGCd8thf-kT9F6F6OxXwtPfrlNV68/901ea6f9ff01c47a/2TqmqFSVjhP9YReWGFr69puUKtAcxjEOr6E9S8Zm6Dw-1736868468-1.1.1.1-kO.seKdlBYnyTfUKbmS6QVo.zps1OcPejM5VeCeolqxNPUlyLCRehvijaPnCpEaj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?cf-turnstile-response=0.ZfVzjehZ5A4dhhrPKx7l1E513uLiatxd32rG45oWp4aHWhM6S8kxiw1PHGSfw9y-CIVavE0ZOHcu_ogYZk-yI2fdmgFjBrfNFFMIT04SQVy18giL7UAZxcccFsiaMZWNhK14hall_z970L1eAfDefxgNziS-37f4mQ-OLY-oXHPzz9DnQcIo239nWmDUzbo1Zl4tszp_nsNntnvYCA6GzT7RGHe7zTDpwB7P__q_2FquiUSTzS7TBnVjIqtJYroO7jdrOAfQByhYQ9dMWlf-U6kYI7B-oEvfPpRGk4HEeRbQWoUK6EyECqEexwofb-GSF85qk3q_RmNBXMuYB2ARz_pdMGg_q_1T613OYCnIfFm_3kDdUDTn0mkQPof6D6Jckgdb-_wAVAwjGej1QPyVlPDaJ1QDdj78Wq18FP60H1BBsJqaarX_FoPOg4eMyvbfeYto9O8fW-mt1_UqPNwxeVOKeBLC_AmXcHvhs_XSB3rtyEeBQq1oSWXGJin4fO9jRskxVw8s_kn5RnNdnumBME4iDuiZLI8Xvqw3kTZ6Lvsye3XHSw1z8KER9PoggFuba0sg4PeK7GNllOvBgE0o0ddF9tg0hd4vb8xvH7LmITWbRPA4N_tx-QhV2sSbrA6kKkbGOnLB1_ao1YaOy2IzOxFTkwQK3qMIxe06--0z0nGukTvXdgO8TlP-_0MdL9tWSiWXrG8dbsDQ_sxp0nB-SDd_rfY1yEKG_bsaDEdn2h5YE1phHypWtSF7lhuIsUgl.0jNnkMO8GHsv_kaBgZZOlQ.5c1cb70fa7949b1f07f9751bcdb7ff2460051979886ea7514c488657d7207253&cf-turnstile-response=0.ZfVzjehZ5A4dhhrPKx7l1E513uLiatxd32rG45oWp4aHWhM6S8kxiw1PHGSfw9y-CIVavE0ZOHcu_ogYZk-yI2fdmgFjBrfNFFMIT04SQVy18giL7UAZxcccFsiaMZWNhK14hall_z970L1eAfDefxgNziS-37f4mQ-OLY-oXHPzz9DnQcIo239nWmDUzbo1Zl4tszp_nsNntnvYCA6GzT7RGHe7zTDpwB7P__q_2FquiUSTzS7TBnVjIqtJYroO7jdrOAfQByhYQ9dMWlf-U6kYI7B-oEvfPpRGk4HEeRbQWoUK6EyECqEexwofb-GSF85qk3q_RmNBXMuYB2ARz_pdMGg_q_1T613OYCnIfFm_3kDdUDTn0mkQPof6D6Jckgdb-_wAVAwjGej1QPyVlPDaJ1QDdj78Wq18FP60H1BBsJqaarX_FoPOg4eMyvbfeYto9O8fW-mt1_UqPNwxeVOKeBLC_AmXcHvhs_XSB3rtyEeBQq1oSWXGJin4fO9jRskxVw8s_kn5RnNdnumBME4iDuiZLI8Xvqw3kTZ6Lvsye3XHSw1z8KER9PoggFuba0sg4PeK7GNllOvBgE0o0ddF9tg0hd4vb8xvH7LmITWbRPA4N_tx-QhV2sSbrA6kKkbGOnLB1_ao1YaOy2IzOxFTkwQK3qMIxe06--0z0nGukTvXdgO8TlP-_0MdL9tWSiWXrG8dbsDQ_sxp0nB-SDd_rfY1yEKG_bsaDEdn2h5YE1phHypWtSF7lhuIsUgl.0jNnkMO8GHsv_kaBgZZOlQ.5c1cb70fa7949b1f07f9751bcdb7ff2460051979886ea7514c488657d7207253 HTTP/1.1Host: cotceur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://cotceur.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=bp1mhrqk0ba8kks09qut5o |
Edit tour
chrome.exe (PID: 7044 cmdline: 
