Edit tour

Windows Analysis Report
Invoice PSI-3101.msg

Overview

General Information

Sample name:	Invoice PSI-3101.msg
Analysis ID:	1653720
MD5:	3536b4e8a81a8b0360570cebfee561cf
SHA1:	922dec2abb38489b1cdb9929565be89d296650bc
SHA256:	f5f9378dd4f77fabbd11ae6cba7a424ddfc4c5d085add7808db87c5960f42f93
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish10

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

AI detected suspicious elements in Email content

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores large binary data to the registry

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 304 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Invoice PSI-3101.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 1964 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "643AB39A-A4E4-4758-A594-930BC2D63792" "56F205E5-1FF2-4C68-818E-FEEDCC33C8C1" "304" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

Acrobat.exe (PID: 2920 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4WVQT9B6\Invoice PSI-3101.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 4388 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1584,i,1292238551228575683,14951593506944596080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 6660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://relaxationstudio.co.uk/pad2.pdf MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4677847063298128573,9518573577152018583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_174	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security

HTML

Source	Rule	Description	Author
0.0.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.0.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.1.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.5..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.11..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.11..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.9.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.16.d.script.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
1.12..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.12..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.19..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.3.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.3.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.2.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.2.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 16 entries

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 304, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4WVQT9B6\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 304, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/	Joe Sandbox AI: Score: 7 Reasons: The brand name 'd' is not sufficient to identify a specific brand or its associated domain., The URL '0cp.zlgbgfnebrnn.com' does not match any known legitimate domain associated with a recognizable brand., The domain name appears to be randomly generated and does not correspond to any known brand., The presence of a CAPTCHA input field is common in phishing sites to create a false sense of security., The URL contains a subdomain '0cp' which does not provide any recognizable brand association., The main domain 'zlgbgfnebrnn.com' is not associated with any known or well-known brand. DOM: 0.0.pages.csv
Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '0cp.zlgbgfnebrnn.com' does not match the legitimate domain for Microsoft., The URL contains a random string 'zlgbgfnebrnn' which is not associated with Microsoft., The subdomain '0cp' and the main domain 'zlgbgfnebrnn.com' are suspicious and do not relate to Microsoft., The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft services. DOM: 1.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

Yara detected Invisible JS

Source: Yara match	File source: 0.1.d.script.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 0.1.d.script.csv, type: HTML
Source: Yara match	File source: 0.5..script.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 1.19..script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_174, type: DROPPED

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 1.16.d.script.csv, type: HTML
Source: Yara match	File source: 0.0.d.script.csv, type: HTML
Source: Yara match	File source: 0.4.d.script.csv, type: HTML
Source: Yara match	File source: 1.11..script.csv, type: HTML
Source: Yara match	File source: 0.9.d.script.csv, type: HTML
Source: Yara match	File source: 1.12..script.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.5..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/... This script demonstrates high-risk behavior, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.
Source: 0.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and potentially collect sensitive information. These behaviors are highly indicative of malicious intent, warranting a high-risk score.
Source: 1.12..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdB... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It attempts to detect the presence of web automation tools, redirects to a suspicious domain, and implements various keyboard and context menu event handlers to prevent user interaction. These behaviors are highly indicative of malicious intent, warranting a high-risk score.
Source: 1.11..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdB... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, redirects to a blank page, and intercepts various keyboard and clipboard events to prevent common debugging and security analysis techniques. Additionally, it includes an interval-based debugger trap that attempts to redirect the user to an external domain. These behaviors are highly suspicious and indicative of malicious intent, warranting a high-risk score.
Source: 0.8..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of the `Function` constructor to execute a base64-encoded string, along with the presence of code that checks for the existence of web driver or headless browser environments, suggests malicious intent. Additionally, the script sets up an interval that triggers a redirect to Google.com after a certain time threshold, which is highly suspicious. Overall, this script exhibits a clear pattern of malicious behavior and poses a significant security risk.

AI detected suspicious elements in Email content

Source: Email

Joe Sandbox AI: Detected potential phishing email: Suspicious identical 'from' and 'to' addresses both using 'Postmaster'. Generic invoice subject with PDF attachment is a common phishing tactic. Multiple embedded images could be used to bypass security filters

Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE

HTTP Parser: Number of links: 0

Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/

HTTP Parser: Base64 decoded: if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) { window.location = "about:blank";}document.addEventListener("keydown", function (event) { function KXqiGfITbQ(event) { co...

Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE

HTTP Parser: Title: Secure Your Account Access does not match URL

Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/	HTTP Parser: function ppiskllgrc(){nqbmsvbbvm = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagpg1ldgegy2hhcnnldd0ivvrgltgipgogidxtzxrhig5hbwu9inzpzxdwb3j0iibjb250zw50psj3awr0ad1kzxzpy2utd2lkdggsigluaxrpywwtc2nhbgu9ms4wij4kica8dgl0bgu+rwr1vmlzaw9uic0gvhjhbnnmb3jtaw5nievkdwnhdglvbjwvdgl0bgu+ciagphn0ewxlpgogicagym9kesb7ciagicagigzvbnqtzmftawx5oianu2vnb2ugvuknlcbuywhvbwesiedlbmv2yswgvmvyzgfuyswgc2fucy1zzxjpzjskicagicagbwfyz2luoiawowogicagicbwywrkaw5noiawowogicagicbiywnrz3jvdw5klwnvbg9yoiajzjlmowy5owogicagicbjb2xvcjogizmzmzskicagih0kicagighlywrlcib7ciagicagigjhy2tncm91bmq6igxpbmvhci1ncmfkawvudcgxmzvkzwcsicm2ytexy2isicmyntc1zmmpowogicagicbjb2xvcjogi2zmzjskicagicagcgfkzgluzzognjbwecaymhb4owogicagicb0zxh0lwfsawduoibjzw50zxi7ciagicb9ciagicbozwfkzxigadegewogicagicbtyxjnaw46ida7ciagicagigzvbnqtc2l6ztogm3jlbtskicagicagzm9udc13zwlnahq6igjvbgq7ciagicb9ciagicbozwfkzxigccb7ciagicagigzvbnqtc2l6ztogms4ycmvtowogicagicbtyxjnaw4tdg9woiaxmhb4owogicagfqogicagbmf2ihskicagicagymfja2dyb3vuzdogcmdiysgyntusidi1nswgmju1lcawljkpowogi...
Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE	HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "askq";var emailcheck = "0";var webname = "rtrim(/web8/, '/')";var urlo = "/nzdcmubpqq63g39vaxb1giwxvl8puoooavztansxhy5zudz";var gdf = "/ijkxd7w1aga2txi1ivql3uvldrxsptgiltgtufpycd120";var odf = "/ijv2phboanp4y99u4xxfriyucv7nuvnjtieumwggcd647";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "https://login.microsoftonline.com/common/sas/processauth";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeex...

Source: Email

Classification: Invoice Scam

Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE

HTTP Parser: <input type="password" .../> found

Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/	HTTP Parser: No favicon
Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE	HTTP Parser: No favicon

Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE

HTTP Parser: No <meta name="author".. found

Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.17:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.31.186:443 -> 192.168.2.17:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.44:443 -> 192.168.2.17:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.17:50008 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.4:443 -> 192.168.2.17:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.17:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.17:50027 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 36MB

Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.199.220.71
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /pad2.pdf HTTP/1.1Host: relaxationstudio.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4woeJ3F2/ HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjBLYjNqZEtxVHNHeVJjanpORnd1aEE9PSIsInZhbHVlIjoiUm8wdUloLzN0Q0RPTTl5ZHc1bUNFN1NIbExNVk1JYlZ5Z1ZqVHJTNG4xUHE3QVpjdHNXa3E1dWRnS2xka3JWV3ZCSnVCeXNQMGc0KzVGNmxJUGxBTVErcm9CU1k3WnRoY0dEalo0S0NSdjhLK2JIUnZpVENjVzhPeFlJeitFZm4iLCJtYWMiOiJiMDA2ZWQ1MjJiNjc5YjZhNzFlOWFiMDMyMzUyZDc5YmFkMmIwM2QyOTgzM2VmNGIxYTE0NjBmNmQ3N2Y0NzJmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxUVndjNHNUdnFSUHlnWkNVN3VYRVE9PSIsInZhbHVlIjoibk9RRjdnZTdCQmljWjZtVlJ4RHlDVGN4QWdjSmJtb214aGFRN0RWdkc5YmczVkpwRzZpZHp1TzhtMlo2TUtpRXB2YVJvTWxPL0J1OEd1YUV3dFlzQ3drRHNjcVM3YjlnNCtjUUdsRnVnbEZvd3pQZkd4WUV2d0h1cE1ZT1VSM2ciLCJtYWMiOiI5ODU0YjI4MDkyY2I3MGE1ZDcxZjUxMTcyMWMwMTA4YTUxODZiY2JlZTM5MjEwYTY3ZTAyOGQ4NDA1NDc2N2U4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /chai@6bdrysu HTTP/1.1Host: nzt0.kqnsgn.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://0cp.zlgbgfnebrnn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chai@6bdrysu HTTP/1.1Host: nzt0.kqnsgn.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4woeJ3F2/ HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik56T3lRRmFIa2dETjVrM1dQNWY1V3c9PSIsInZhbHVlIjoiamxnSVBzclVwbjM1cG1ZNDh0Ni9WK0lCQnh4VmxPMmlEdmV5YWhFQXowR1Rva1FocGtLNVRtd2ZMY1FRZUlRY2F2YnJSWWZQZXVOaTFFTjhySXJPN0ZEVitkekV5cXdMTnd0Z3hSUEFIeW1jajNqU2ZaU29ENVpIQ01VdXBUbGciLCJtYWMiOiIyY2I0NjM3MjY5NTYwNThmMGU5ZTJhNGYwYTNlYjlkMDViYTIyOTQ3NTg3NDY2NTE2ZGM1M2FhOTYxYjkzY2Y2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9qVnVSMGdnUE1MYWZRZEdxa3dZV2c9PSIsInZhbHVlIjoicXM4YkFucnVhR3preGxBRGQzQUQxajJidnZiazNDWVpFc1laWjBiNlRTWmJuRVpidkw1OHNIMzd1K1F4RzBRUXJ2cllRTXhKaDBYRnNwZHVJcmliNGdja0NSakM3cVNEU3RQLzVDNE5ucHFCVnU2SlVIdG1JM1FKVFZrd3RESk4iLCJtYWMiOiIzZmRiNmM1NGE4OWM4YTIwYmU1ODM3ZDNkNTllMjU3OGMyYmI4ZDQ2ZGRjNTZiM2E3Y2ZhZDk2NTlkM2ZlMzY2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cl8ulBsJBaxoP9RbS4pqa4Es72Hmt9sFqVDaMcAJkj HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik56T3lRRmFIa2dETjVrM1dQNWY1V3c9PSIsInZhbHVlIjoiamxnSVBzclVwbjM1cG1ZNDh0Ni9WK0lCQnh4VmxPMmlEdmV5YWhFQXowR1Rva1FocGtLNVRtd2ZMY1FRZUlRY2F2YnJSWWZQZXVOaTFFTjhySXJPN0ZEVitkekV5cXdMTnd0Z3hSUEFIeW1jajNqU2ZaU29ENVpIQ01VdXBUbGciLCJtYWMiOiIyY2I0NjM3MjY5NTYwNThmMGU5ZTJhNGYwYTNlYjlkMDViYTIyOTQ3NTg3NDY2NTE2ZGM1M2FhOTYxYjkzY2Y2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9qVnVSMGdnUE1MYWZRZEdxa3dZV2c9PSIsInZhbHVlIjoicXM4YkFucnVhR3preGxBRGQzQUQxajJidnZiazNDWVpFc1laWjBiNlRTWmJuRVpidkw1OHNIMzd1K1F4RzBRUXJ2cllRTXhKaDBYRnNwZHVJcmliNGdja0NSakM3cVNEU3RQLzVDNE5ucHFCVnU2SlVIdG1JM1FKVFZrd3RESk4iLCJtYWMiOiIzZmRiNmM1NGE4OWM4YTIwYmU1ODM3ZDNkNTllMjU3OGMyYmI4ZDQ2ZGRjNTZiM2E3Y2ZhZDk2NTlkM2ZlMzY2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rqDbrE3LTvLD4EVdVx6QeXK8dwgPPYB7EypCZ1XJcbfq HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVkV05JZTEyYlZZL2xCekY1WFNkdGc9PSIsInZhbHVlIjoiV2U4aGRuTGtha2UzV1YvcVVwZ29PYVBiVU5ZSzZONjEwRmlPN2lvQWl1Qm1Kb0Vqdm9DZmpFblVMcTFwUXN4YzdUV2ttZHc2NmFPVzZVOTZkYW1EMHdpbHlISGpEbThER2o4Z1UvZzJOS2lYaDcxeDdKQ2REaFRKOUhwdGR3clgiLCJtYWMiOiIzM2I1MmE0ZmNmNTg4MWRiZDdjODFiMDNhZjYxYTVhZWRmZTFiNjBlZDE1YTUxMWNmNmI3YTA1NDU2YzI0ZWQ5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImJGK1kwakNVWjhvR1RXcVhtejR2Snc9PSIsInZhbHVlIjoidzA3SVNwNzloWDUyc2xhUEYyM0lWZGx2OHhjK3BsbkVnZEYzSE5xN2pTdnZEZUpoU2k2aFBwMmR4YjNFZC9uaWc2eHZISG4vM2ZjWDczUGYxejd1ckRrUlIwdUZRNVBwQTRrRlJWMXJESW43T2swYW1RemhaRnJTdVBUMytmSG4iLCJtYWMiOiJkMzA2OTA4MTBjMDE2NTA5MmU4OWE2OGNhMDMxY2FmM2Q2MWRmNGFkYzQwZjg4MmVkNGJjZWE2YzkwOGUyM2NhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVkV05JZTEyYlZZL2xCekY1WFNkdGc9PSIsInZhbHVlIjoiV2U4aGRuTGtha2UzV1YvcVVwZ29PYVBiVU5ZSzZONjEwRmlPN2lvQWl1Qm1Kb0Vqdm9DZmpFblVMcTFwUXN4YzdUV2ttZHc2NmFPVzZVOTZkYW1EMHdpbHlISGpEbThER2o4Z1UvZzJOS2lYaDcxeDdKQ2REaFRKOUhwdGR3clgiLCJtYWMiOiIzM2I1MmE0ZmNmNTg4MWRiZDdjODFiMDNhZjYxYTVhZWRmZTFiNjBlZDE1YTUxMWNmNmI3YTA1NDU2YzI0ZWQ5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImJGK1kwakNVWjhvR1RXcVhtejR2Snc9PSIsInZhbHVlIjoidzA3SVNwNzloWDUyc2xhUEYyM0lWZGx2OHhjK3BsbkVnZEYzSE5xN2pTdnZEZUpoU2k2aFBwMmR4YjNFZC9uaWc2eHZISG4vM2ZjWDczUGYxejd1ckRrUlIwdUZRNVBwQTRrRlJWMXJESW43T2swYW1RemhaRnJTdVBUMytmSG4iLCJtYWMiOiJkMzA2OTA4MTBjMDE2NTA5MmU4OWE2OGNhMDMxY2FmM2Q2MWRmNGFkYzQwZjg4MmVkNGJjZWE2YzkwOGUyM2NhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34bG0JveS9mxycv86h6716 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /xyuOFnzMCnJTeNrsDMagh26 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /56naWlpDT6aZ2fnGq6UY5UVbghg6djvvXoCdzxf89109 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250401%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250401T131821Z&X-Amz-Expires=300&X-Amz-Signature=e0f1ce3176fbaf78c0d47fa674aa1f0a5a9d69335e5f0b940abb3fe3e655df04&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j12122 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /op4TEEKrolYX7BpNfzzXbRT45ghbLnyhycPa1T8KnqC45131 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /kludZieQRPg97oN9fbIB511hD89SrD2HIxGmuUHrK1oJvc2ITPe7oIMvtsVfab230 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnpD7x7dx86mlUuPsacoZXPovnPUylHB4a3F4b56z1zt8Os4iQd3ha1L2wx220 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j12122 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /op4TEEKrolYX7BpNfzzXbRT45ghbLnyhycPa1T8KnqC45131 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnEAwRV8LurwKDnoqzC7tbr6QBNGuv7SezVu3ywnnBk8rAW90141 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s56170 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /kludZieQRPg97oN9fbIB511hD89SrD2HIxGmuUHrK1oJvc2ITPe7oIMvtsVfab230 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab180 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnpD7x7dx86mlUuPsacoZXPovnPUylHB4a3F4b56z1zt8Os4iQd3ha1L2wx220 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd193 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijgaYhnWUbVeOTmOpVDJTIXGh6Gy6z3kklsgKKUNsFxX4HupdpQJDsYmTgNfA76ef203 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opndtg8BsoD2DAlVS5p1xXKAfrATbUENUmswIUJEY471dstND65HtZdXwilCWmZOojFMWcd240 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnEAwRV8LurwKDnoqzC7tbr6QBNGuv7SezVu3ywnnBk8rAW90141 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s56170 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /stQ7ya0zp2BTKt6FoeeP0Tdgw5L45w5SHIAfuB7BwQZNW0XV2dfD2qgLbweegh260 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab180 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd193 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opndtg8BsoD2DAlVS5p1xXKAfrATbUENUmswIUJEY471dstND65HtZdXwilCWmZOojFMWcd240 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijgaYhnWUbVeOTmOpVDJTIXGh6Gy6z3kklsgKKUNsFxX4HupdpQJDsYmTgNfA76ef203 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /stQ7ya0zp2BTKt6FoeeP0Tdgw5L45w5SHIAfuB7BwQZNW0XV2dfD2qgLbweegh260 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 0cp.zlgbgfnebrnn.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: nzt0.kqnsgn.ru
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=ChywVu%2Bh2WSFK70Xiw%2BE4KHICVe%2FsF3bExmhb5uysuABItdiPxmIhRldqaWSoWhMAomcwTWlJT58qBw6rK0WpGTDPK0zWhbT3Dt2COaS5B8LeJOm5HdjWS2Sf013 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 438Content-Type: application/reports+jsonOrigin: https://0cp.zlgbgfnebrnn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 13:18:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: MISSAge: 19Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ChywVu%2Bh2WSFK70Xiw%2BE4KHICVe%2FsF3bExmhb5uysuABItdiPxmIhRldqaWSoWhMAomcwTWlJT58qBw6rK0WpGTDPK0zWhbT3Dt2COaS5B8LeJOm5HdjWS2Sf013"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=10025&min_rtt=9994&rtt_var=3770&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2242&delivery_rate=284970&cwnd=235&unsent_bytes=0&cid=39a1265883f1eefe&ts=34&x=0"Cache-Control: max-age=14400Server: cloudflareCF-RAY: 92985f899dd98c6c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=108325&min_rtt=103035&rtt_var=29688&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1907&delivery_rate=31285&cwnd=242&unsent_bytes=0&cid=4c7430ce4414dd3b&ts=358&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 13:18:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sC4B5UymJp2EsPdxT0sqqHHfloVdhSs5qExDGQUWQyVS%2FjshrdeAn7J4rij7mDDzh2tBhE5bqmf4Xcgo39BrHlNUdvux6mQhGqdaS0b65LJdxvgeJysSl2CW36Ja"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=9984&min_rtt=9963&rtt_var=2820&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2056&delivery_rate=284373&cwnd=105&unsent_bytes=0&cid=f84da04930cf8d9d&ts=339&x=0"Server: cloudflareCF-RAY: 92985fdf4b1d334e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=136505&min_rtt=134671&rtt_var=31167&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1721&delivery_rate=26567&cwnd=248&unsent_bytes=0&cid=d7e1621394d5475e&ts=757&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 13:18:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vOZwWm9QgAF%2FrYI%2FPOtm5E2n68fhwGkx6Q7TTJYphm%2Fori1YwidGZfcbEwcK%2Fg4x9bz94HQ54uIYap2pY0%2BCkdFdnwcIFUJnu8tZFr7pQwrDQnArA8RZ7LXRmu%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=9963&min_rtt=9960&rtt_var=3741&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2059&delivery_rate=285227&cwnd=47&unsent_bytes=0&cid=e4b908c5922b559e&ts=334&x=0"Server: cloudflareCF-RAY: 92985fed7897da06-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114918&min_rtt=114749&rtt_var=24301&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1723&delivery_rate=32401&cwnd=251&unsent_bytes=0&cid=cd645335577f6c1f&ts=665&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.17:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.31.186:443 -> 192.168.2.17:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.44:443 -> 192.168.2.17:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.17:50008 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.4:443 -> 192.168.2.17:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.17:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.17:50027 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.evad.winMSG@42/54@24/82

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries