Play interactive tourCreate Interactive Tour

Windows Analysis Report
https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf

Overview

General Information

Sample URL:	https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf
Analysis ID:	1640111
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish10

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

×

Joe Sandbox Signatures

• • Phishing
• • Compliance
• • Software Vulnerabilities
• • Networking
• • System Summary
• • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://sharingsecuredocs.com/index.html

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'sharingsecuredocs.com' does not match the legitimate domain for Microsoft., The URL does not contain any direct reference to Microsoft, which is suspicious., The domain 'sharingsecuredocs.com' could be attempting to mimic a legitimate service by using a generic and trustworthy-sounding name., The presence of input fields for 'Email, phone, or Skype' aligns with common phishing tactics targeting Microsoft account credentials. DOM: 2.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 2.7.pages.csv, type: HTML

Yara detected Invisible JS

Source: Yara match	File source: 2.5.d.script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 2.5.d.script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.22..script.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 2.19.d.script.csv, type: HTML
Source: Yara match	File source: 2.3.d.script.csv, type: HTML
Source: Yara match	File source: 2.9..script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.14..script.csv, type: HTML
Source: Yara match	File source: 2.12.d.script.csv, type: HTML
Source: Yara match	File source: 2.15..script.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 2.7.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdf	Joe Sandbox AI: Page contains button: 'Open' Source: '0.0.pages.csv'
Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdf	Joe Sandbox AI: Page contains button: 'Open' Source: '0.1.pages.csv'

AI detected suspicious Javascript

Source: 2.4..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to execute a malicious payload by decoding and evaluating a heavily encoded string. This is a clear indication of malicious intent and poses a significant security risk.
Source: 2.3.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting browser automation tools, blocking keyboard shortcuts and right-click functionality, and using a setInterval loop to trigger a redirect to an external website after a certain time delay. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing user interaction and redirecting to a potentially malicious site.
Source: 2.2.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. It creates an iframe with a sandboxed environment that allows for a wide range of potentially malicious actions, including navigation, modals, scripts, and form access. The script also clears the entire document body and replaces it with the malicious iframe, indicating a strong intent to take over the user's session. Overall, this script exhibits a high level of suspicion and poses a significant risk to the user's security and privacy.
Source: 2.5.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution via `eval()` and potential data exfiltration. The obfuscated code and use of proxy objects further increase the risk. Overall, this script exhibits a high level of suspicious activity and should be thoroughly investigated.
Source: 2.10..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/... This script exhibits several high-risk behaviors, including dynamic code execution through the use of `atob()` and string manipulation to obfuscate the code. It also appears to be sending data to an external domain, which could potentially be used for data exfiltration. The heavily obfuscated nature of the script and the lack of transparency around its purpose and functionality suggest a high likelihood of malicious intent.

HTML body contains low number of good links

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AI UI Template</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva,...

HTML title does not match URL

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: Title: Profile Security Sign-In does not match URL

Invalid T&C link found

Source: https://sharingsecuredocs.com/index.html	HTTP Parser: Invalid link: Terms of use
Source: https://sharingsecuredocs.com/index.html	HTTP Parser: Invalid link: Privacy & cookies

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/

HTTP Parser: function uloajzaiqa(){koxvhjpvwr = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+qukgvukgvgvtcgxhdgu8l3rpdgxlpgogicagphn0ewxlpgogicagicagigjvzhkgewogicagicagicagicbmb250lwzhbwlsetogj1nlz29lifvjjywgvgfob21hlcbhzw5ldmesifzlcmrhbmesihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmwe7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmwzdq3yte7ciagicagicagicagihbhzgrpbmc6idiwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogmnb4ihnvbglkicm2ngi1zjy7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploiazmnb4owogicagicagicagicbjb2xvcjogi2zmzmzmzjskicagicagicb9ciagicagicagbmf2ihskicagicagicagi...

Source: anonymous function

HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "jtmgcv";var emailcheck = "0";var webname = "rtrim(/web9/, '/')";var urlo = "/tnre0se58ewlcbc3ejwcekyykb16ehdpq3ouepilztdm4ngnpe";var gdf = "/ije7bs3fhpp1tlow0dwya245jyzfmpmfjaytdcomskab120";var odf = "/ijxsmgrr19jepaawxujp9bxyamibdboyab650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(useragent.match(/edg/i)){ browse...

HTML body contains password input

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: <input type="password" .../> found

HTML page is missing a favicon

Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdf	HTTP Parser: No favicon
Source: https://sharingsecuredocs.com/index.html	HTTP Parser: No favicon
Source: https://sharingsecuredocs.com/index.html	HTTP Parser: No favicon

META author tag missing

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://sharingsecuredocs.com/index.html

HTTP Parser: No <meta name="copyright".. found

Compliance

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49792 version: TLS 1.2

Software Vulnerabilities

Allocates a big amount of memory (probably used for heap spraying)

Source: chrome.exe

Memory has grown: Private usage: 6MB later: 38MB

Networking

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf HTTP/1.1Host: apply.atu.ieConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web HTTP/1.1Host: sharing-doc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/ HTTP/1.1Host: sharing-doc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: sharingsecuredocs.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharing-doc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /MlpoRIIJ/ HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://sharingsecuredocs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sharingsecuredocs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharingsecuredocs.com/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tarboz$nrocpvfb HTTP/1.1Host: 67os5y.szsnqp.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://lm3w2e.dsqhfznmzlq.esSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tarboz$nrocpvfb HTTP/1.1Host: 67os5y.szsnqp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /MlpoRIIJ/ HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImRSeVBLV1FFRFV4bko2ZGUrUm5lTnc9PSIsInZhbHVlIjoicnV1NjdkblJQSTkzOWNLamtJd0V4bTJYazUySXoyL1FNUFdITkJ2b2hxbDJvSmNxQ1d1STExSU5NT3NUSGdiNDFPc3JEdHhuV1BXL2FoNUVHWS83QkNQZnd3dnd2WGdTVnl1RFR3V25sL05tdkpKOXY1TkJqMDhZODdIUDZTZTkiLCJtYWMiOiJhNTQzYTA4N2E3YWMzZTMyMTk1NzM3NDc1ODIwN2M3MWM4ZDdkMjg0YTI0MGM5YzYyMTFiMDZmMDA2MGJlMzFlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im1FamYwVEhLSU4vN1IrdVpGWnI4TXc9PSIsInZhbHVlIjoiZUpmSFlQUUZ5UGk1dEZZM2M5Qko1eWhxZERINHltbGcwaXgwODFGckI1Q3FnQmQzcGxuZ2xydE1pd25aK3UxNVRrMFdlSE95Z3BPUVlNMW1yeUZ0bjFyUEFOTEhLUG5IRXJDcW5XbHdLeW11a090dmJqV0NDUGpBbitQWkRnSVgiLCJtYWMiOiJkNzJiZWU1MDQ4MmFhYzMzMDEwYTExNDBmNGIwYzA5YjdhN2E3N2FmNzVhYjgwZWQyM2U1MTY3ODE0YmE0NDE0IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /vbVUo3l2BlrtTiLDwfcO60D0vQde HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImRSeVBLV1FFRFV4bko2ZGUrUm5lTnc9PSIsInZhbHVlIjoicnV1NjdkblJQSTkzOWNLamtJd0V4bTJYazUySXoyL1FNUFdITkJ2b2hxbDJvSmNxQ1d1STExSU5NT3NUSGdiNDFPc3JEdHhuV1BXL2FoNUVHWS83QkNQZnd3dnd2WGdTVnl1RFR3V25sL05tdkpKOXY1TkJqMDhZODdIUDZTZTkiLCJtYWMiOiJhNTQzYTA4N2E3YWMzZTMyMTk1NzM3NDc1ODIwN2M3MWM4ZDdkMjg0YTI0MGM5YzYyMTFiMDZmMDA2MGJlMzFlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im1FamYwVEhLSU4vN1IrdVpGWnI4TXc9PSIsInZhbHVlIjoiZUpmSFlQUUZ5UGk1dEZZM2M5Qko1eWhxZERINHltbGcwaXgwODFGckI1Q3FnQmQzcGxuZ2xydE1pd25aK3UxNVRrMFdlSE95Z3BPUVlNMW1yeUZ0bjFyUEFOTEhLUG5IRXJDcW5XbHdLeW11a090dmJqV0NDUGpBbitQWkRnSVgiLCJtYWMiOiJkNzJiZWU1MDQ4MmFhYzMzMDEwYTExNDBmNGIwYzA5YjdhN2E3N2FmNzVhYjgwZWQyM2U1MTY3ODE0YmE0NDE0IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /zcsyeCiK7VGCnyxIlv2uLTtawgwF7KBZM5GAe7kIgy HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkVXNEt4MWdkNE5QN2JpOTIxMzVNNlE9PSIsInZhbHVlIjoiRUdjYUhyd1gwbS9yUWtDLzJVM1huQng4YlorK0lsbXk2Rk5tS2VTVFpMMndoeDlrYVhFb2xvZXdBWGdXUzJscEFXaEk4dVlYZlhmSldaRktoSDV1UzY2bVBiOGgxTUdCWWdFam1jR2RXTjhiZFNaTkM3NHUwblUwT0xKdEZJUk0iLCJtYWMiOiIwMmM3Yzk2MGJmODJlNDY3ZTRlMGJiOWQ1N2FiZjRiYzlmYmU0NzUwZTM3YWU2YTA1Zjk1NjQ1YmQ3NjliOTRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InpaYlhWZmFWeXgyUG1SbldTRXZJMGc9PSIsInZhbHVlIjoiRTdkMnFRY2QxWktqZVpFT0JVL21HMmxIckxla0Zyb1ZZM2ZwYWVlN25UckFCSjB4dWg2dkZ2eFNqdVVmOTE2dXVVcnVMTG85YlRoTGwxV3pER1ZhdVNENHE3YWZLOWZKSnZOZnR1YTFQelU5RDIyeEFoM01jT2FucWVZdWJCVWQiLCJtYWMiOiJmMDQ4ZGMxYTY5Yzg4NDBhOWRiZjBmZTJmMTM1ODJjMmExNDM3MjEwZjA3ODQ1NmY1YjYxZjNkNGM2OWJkMzllIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGR HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkVXNEt4MWdkNE5QN2JpOTIxMzVNNlE9PSIsInZhbHVlIjoiRUdjYUhyd1gwbS9yUWtDLzJVM1huQng4YlorK0lsbXk2Rk5tS2VTVFpMMndoeDlrYVhFb2xvZXdBWGdXUzJscEFXaEk4dVlYZlhmSldaRktoSDV1UzY2bVBiOGgxTUdCWWdFam1jR2RXTjhiZFNaTkM3NHUwblUwT0xKdEZJUk0iLCJtYWMiOiIwMmM3Yzk2MGJmODJlNDY3ZTRlMGJiOWQ1N2FiZjRiYzlmYmU0NzUwZTM3YWU2YTA1Zjk1NjQ1YmQ3NjliOTRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InpaYlhWZmFWeXgyUG1SbldTRXZJMGc9PSIsInZhbHVlIjoiRTdkMnFRY2QxWktqZVpFT0JVL21HMmxIckxla0Zyb1ZZM2ZwYWVlN25UckFCSjB4dWg2dkZ2eFNqdVVmOTE2dXVVcnVMTG85YlRoTGwxV3pER1ZhdVNENHE3YWZLOWZKSnZOZnR1YTFQelU5RDIyeEFoM01jT2FucWVZdWJCVWQiLCJtYWMiOiJmMDQ4ZGMxYTY5Yzg4NDBhOWRiZjBmZTJmMTM1ODJjMmExNDM3MjEwZjA3ODQ1NmY1YjYxZjNkNGM2OWJkMzllIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /349jehgmvGDfJbncd8oyT6720 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /abqSlkYCvJpqugh28 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34dg3giizS1pL1r8BMYijkJmj8H29GTNH289106 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250316%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250316T230007Z&X-Amz-Expires=300&X-Amz-Signature=caaec47887f222b9452363789f75995d835e74b324333811d0bd56923e766eb3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mnQd1MsWLge7a8iyjD9U1jjN9J7UE3pijASdCoux0dvMH2YPjAaoTqhbwx215 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijeyf4M4qkLC6N79HlPA2Lj3xqrlLhb2MR5V7XE1fNHuAoaNID0yz221 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /tnRE0Se58eWLCBC3ejWCEkYYkb16eHdpq3OuePIlztdm4ngNpe HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxApmqCHdhI9WCbZVohst6HQMGFgMH6hKKFlLOt12127 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opHErn7mX1u8KdxEHMaywN3odcqJkYf8R7mn8OzEGwDSEr945134 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnQd1MsWLge7a8iyjD9U1jjN9J7UE3pijASdCoux0dvMH2YPjAaoTqhbwx215 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijeyf4M4qkLC6N79HlPA2Lj3xqrlLhb2MR5V7XE1fNHuAoaNID0yz221 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnP7EwkRNtEkVn1sTCJOBYWNyoAZDuvp8Z1VLUw76wMZeldU87F4M78150 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijFMnyUutKWXvsd0Ggp1irWn51kcdJaDiEvbY2ESzJaXrOgKBB78170 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxVzaQwkwsgLRKfwqdcJ3mHBmYBGrs95hlABdiuGPgkxjgWgb90175 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opHErn7mX1u8KdxEHMaywN3odcqJkYf8R7mn8OzEGwDSEr945134 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsoydHV5BZKENgEhT3EXjEalK8CRL8ZZeG9ijS6JUF3KhjXfJkNjvKqkef200 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxApmqCHdhI9WCbZVohst6HQMGFgMH6hKKFlLOt12127 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ghYlMOFHzsxVrsIYyNytBdbZMPaW5MCSzUF9TyITmnkLZFgkPT8h2RUFtfSl1NXFQk53HtC12209 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrP6RmVW07q5q2IzmAMROCmNGikm8kh7E6A12tTtG2NFT6CgR3ONMp9GAgZxcd240 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /st8gN2jgKQnIPchyGa56fu47cepUYZEe08I1sl45Qgj1XKn2ehvi2t0bL4cwqoaVfmXef260 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijFMnyUutKWXvsd0Ggp1irWn51kcdJaDiEvbY2ESzJaXrOgKBB78170 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnP7EwkRNtEkVn1sTCJOBYWNyoAZDuvp8Z1VLUw76wMZeldU87F4M78150 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxVzaQwkwsgLRKfwqdcJ3mHBmYBGrs95hlABdiuGPgkxjgWgb90175 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsoydHV5BZKENgEhT3EXjEalK8CRL8ZZeG9ijS6JUF3KhjXfJkNjvKqkef200 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrP6RmVW07q5q2IzmAMROCmNGikm8kh7E6A12tTtG2NFT6CgR3ONMp9GAgZxcd240 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ghYlMOFHzsxVrsIYyNytBdbZMPaW5MCSzUF9TyITmnkLZFgkPT8h2RUFtfSl1NXFQk53HtC12209 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /st8gN2jgKQnIPchyGa56fu47cepUYZEe08I1sl45Qgj1XKn2ehvi2t0bL4cwqoaVfmXef260 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: apply.atu.ie
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sharing-doc.com
Source: global traffic	DNS traffic detected: DNS query: sharingsecuredocs.com
Source: global traffic	DNS traffic detected: DNS query: lm3w2e.dsqhfznmzlq.es
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 67os5y.szsnqp.ru
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /report/v4?s=emo65dp1%2FiFMvflblQh%2B%2Fns59YjWdhZ%2Fdkd4fikCVLGJwn4OOtAwyK7X3D5me89dNpmhFNREVSVjy%2FXDX%2BR%2FWlYSVg436KZ67N%2BkTIFzDHJ%2Bal1SAsof2WopE8IvYax1OtHRmoIns7A%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 441Content-Type: application/reports+jsonOrigin: https://sharingsecuredocs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 22:59:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=14400CF-Cache-Status: HITReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=emo65dp1%2FiFMvflblQh%2B%2Fns59YjWdhZ%2Fdkd4fikCVLGJwn4OOtAwyK7X3D5me89dNpmhFNREVSVjy%2FXDX%2BR%2FWlYSVg436KZ67N%2BkTIFzDHJ%2Bal1SAsof2WopE8IvYax1OtHRmoIns7A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9217dd23dec98c3b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1790&min_rtt=1783&rtt_var=684&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2871&recv_bytes=1187&delivery_rate=1583514&cwnd=236&unsent_bytes=0&cid=f58f1c5b2b60459c&ts=4187&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 23:00:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gqoshaUD5svT4KWSWYeEuVxUPwFXVBIjDWYchP11LythjVoc7dxobInZWyQkzYqDxW1zDZ69n4mmZWWzz1TE%2BbR8k745i8%2B2kW6xtldXeCyjJ5DKsmGtS7yFENLJa%2BA7ye32"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=981&min_rtt=950&rtt_var=378&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2052&delivery_rate=2997894&cwnd=251&unsent_bytes=0&cid=64a1b2fa2680b09a&ts=214&x=0"Server: cloudflareCF-RAY: 9217dd535dc94294-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2288&min_rtt=2279&rtt_var=874&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1708&delivery_rate=1239388&cwnd=205&unsent_bytes=0&cid=a2062c099a019158&ts=500&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 23:00:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i94xZC3HKoxz744RyFlMkq%2BgeUnAcO86V3qV79%2BO5FbbSi7%2BtBCkmuxAYMZMuubriQltkq5Tav%2Bb3kGLTx%2Fmx84%2FvSbYAEbI%2FK5ZnxzG641P1MBNyDqYLi2UxPht7x0h%2FD%2Fg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1057&min_rtt=1048&rtt_var=304&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2066&delivery_rate=2641929&cwnd=247&unsent_bytes=0&cid=fd90759aee1a5a87&ts=248&x=0"Server: cloudflareCF-RAY: 9217dd5feb8d43af-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1566&rtt_var=602&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1722&delivery_rate=1794714&cwnd=148&unsent_bytes=0&cid=a8760c7b7aed4c82&ts=538&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 23:00:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XtpEiYERUGiv1T4mAKQGww%2B%2FlxxptS11qSF1w%2FD%2BdFw0AtWL3Yiaci89Ezy5%2B5pM1W%2FtvLooB9LKkO56zFhkH89m6Q0xbVI0CRp%2FJzek%2BpsUgtt8aOmiwKkYFlykI9UF6M17"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1004&min_rtt=998&rtt_var=378&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2075&delivery_rate=2853707&cwnd=244&unsent_bytes=0&cid=8025f23ff935c9b1&ts=245&x=0"Server: cloudflareCF-RAY: 9217dd7b7b7a4269-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1679&rtt_var=637&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2833&recv_bytes=1730&delivery_rate=1706604&cwnd=251&unsent_bytes=0&cid=01b59e46afdbab4b&ts=516&x=0"

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49792 version: TLS 1.2

System Summary

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6300_2012682271

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6300_2012682271

Classification label

Source: classification engine

Classification label: mal100.phis.evad.win@32/1@34/230

Creates files inside the program directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\fedb6690-802a-453e-baba-eb1fa15c823c.tmp

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9704534767936909127,18304782859894759364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9704534767936909127,18304782859894759364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match	File source: 2.3.d.script.csv, type: HTML
Source: Yara match	File source: 2.14..script.csv, type: HTML
Source: Yara match	File source: 2.15..script.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 2.7.pages.csv, type: HTML